1. Improvements in IIS 8
Several key enhancements and structural
changes have been made to the new IIS 8 web and application platform.
These enhancements are designed not only to build upon the latest
version of .NET, but also to improve overall scalability, performance,
security, and administration. Some of the major IIS 8 improvements that
IT professionals, web admins, and developers will take pleasure in
having include the following:
• Dynamic IP restrictions—IIS
8 supports automatic blacklisting of IP addresses based on the number
of requests. This feature is supported for both the website and FTP
site functions of IIS. The FTP feature behaves somewhat differently in
that IP addresses are blacklisted as a result of failed authentication
attempts rather than a number of requests.
• SSL host header support—IIS
8 expands the support for host headers to Secure Sockets Layer
(SSL)-protected sites using Server Name Indication (SNI). The addition
of this feature now allows administrators to protect multiple websites
with a single SSL certificate and improves security and scalability of
the platform.
• Central certificate store (CCS)—A
welcome addition for administrators who support large farms with
multiple SSL protected websites is the introduction of a central
certificate store. The CCS resides on a file share accessible to all
farm members and can contain all the certificates required for the
operation of the web server. Certificate binding is performed
automatically based on the name of the certificate (PFX) file in the
CCS. The naming convention of the files supports wildcard and Unified
Communication Certificates (UCC). Certificate upgrades become a simple
matter of replacing the PFX file in the CCS and restarting each web
server.
• CPU throttling—A
much-desired and requested feature was to have a usable mechanism to
control CPU load for each website. With earlier versions of IIS,
throttled sites were disabled entirely, which was frequently
unacceptable. With IIS 8, sites can be throttled to reduce performance
but still provide service. Throttling control is even provided as a
full-time configuration or only when the server load requires it.
• Application Initialization Module—IIS
8 provides administrator control over the initialization of a web
application. Web applications can now be initialized in advance so that
the first end user to access the application doesn’t experience a delay
as the application is initialized. The new module can support a server
wide setting or integration with URL Rewrite rules for more granular
control. The module’s configuration also supports integration with
load-balancer health pages to ensure that a node isn’t considered
available for requests until the application is fully initialized.
• Scalability—In
addition to the features listed already, the SSL and configuration
file-handling components of IIS have been revised to handle much higher
scale and support thousands of website and certificates, if not more.
• WebSocket support—Now,
it is possible to configure web socket support directly within IIS and
establish two way, real-time communication between a client and server
using HTTP.
2. Understanding the New IIS Manager Tools
The centerpiece of IIS 8 is the now familiar
IIS Manager user interface. The updated user interface, which was
introduced with IIS 7 and Windows Server 2008, is the primary tool used
to manage IIS and ASP.NET, health and diagnostics, and security.
In addition to the GUI management console,
IIS 8 can also be managed using a variety of command-line tools. First
and foremost, the PowerShell provider included with IIS is a powerful
tool for common management tasks as well as for automation
requirements. Although other command-line tools, such as iisreset, are still available, many other tools have been deprecated, especially VBS scripts such as iiscnfg, iisback, and others. The functionality of those tools is available with PowerShell.
Because understanding the console is
a must to successfully administer IIS and know where to conduct each
task, the next sections examine the layout of the new user interface.
