Functioning as a typical web server, IIS can take requests from client computers located remotely and respond by rendering the requested web page. It includes basic functionality which can let web servers deliver information across a number of different types of networks, ranging from local networks ( LANs ) in the case of intranets through to serving websites on the internet.
Of course, web servers work in different ways: a web server can send information to users in HTML, to be decoded by a web browser client or as a file which can be downloaded – these files can be images, text documents or anything else.
Portals and IIS
The IIS web server is a great way to deliver portals which businesses can use for many different needs. Yes, other web servers can operate as portals too and offer web applications that operate in the enterprise but it can be argued that IIS is an enterprise-ready platform for serving web applications.
Another way of delivering web applications would include Amazon Web Services or AWS, a platform operating in the public cloud and which users can easily administer using a portal located on a website.
For consumer use, streaming media is a typical example of the use of a web portal for delivering services as companies like Netflix (films) and Spotify (music) deliver content by making use of web servers.
How does IIS work?
Like most web servers, IIS utilises a range of standard protocols and programming languages to execute its server duties. On the one hand, IIS handles standard HTML to render text and images as well as interface elements such as buttons alongside interactions and behaviours and, of course, hyperlinks.
Needless to say, IIS also supports HTTP, HTTPS and FTP protocols. HTTP (hypertext transfer protocol) is the basic protocol which allows browsers and web servers to exchange content, and HTTPS or HTTP over SSL (secure sockets layer) is the secure version of HTTP which uses TLS, or Transfer Layer Security (or indeed SSL, secure sockets layer) to ensure that data is transmitted over an encrypted channel. FTP, of course, is the protocol that is commonly used for file transfers and IIS support FTP while also supporting the secure variant of FTP, FTPS.
ASP.NET Core is central to IIS
Active Server Pages (ASP) is the cornerstone of IIS and ASP.NET Core is the latest framework for ASP. In effect, ASP is a script engine that runs server-side to build interactive webpages, just like PHP. So, a browser would send a request to an IIS server across the internet. IIS in turn sends the request to ASP.NET Core. The request is then processed, and the result is sent back via the IIS server to the browser client that originally created the request.
All kinds of web applications can be written using ASP.NET. This includes popular uses like blog platforms alongside more advanced CMS-driven sites. There are numerous tools which enable developers to build IIS website, WebDAV is one of the most popular which helps developers create and publish content. More integrated development tools are also available, including Microsoft’s Visual Studio package.
The different versions of IIS
IIS has been around a long time so needless to say there is a long version history, and it’s worth noting that IIS has evolved alongside Microsoft’s popular operating system – Windows. The first edition of IIS, version 1.0, was included with Windows NT version 3.51. Version 4.0 of IIS was released with Windows NT 4.0, while IIS 5.0 came with Windows 2000 and indeed IIS 6.0 shipped with Windows Server 2003.
Windows Server 2008 included a major revision to IIS, version 7.0 with version 7.5 of IIS included with R2 of Windows Server 2008. As Windows 10 and Windows Server 2016 arrived Microsoft released IIS version 10.
Every release of IIS has, of course, included additional functionality and improved versions of existing functions. IIS 3.0 included the ability for ASP to execute dynamics scripts while IIS 6.0 included support for IPv4’s replacement, IPv6 plus important improvements in reliability and security. Furthermore, IIS 8.0 added the ability to adopt non-uniform memory access, as well as multicore scaling plus centralised support for SSL certificates as well as Server Name Indication.
What’s in IIS version 10?
Looking at IIS 10, we can confirm that it includes even more in terms of additional features and further security boosts. For example, IIS 10 supports the new edition of the HTTP protocol: HTTP/2 which offers reduced latency and lower resource usage compared to the commonly deployed HTTP 1.1.
IIS10 is compatible with Nano Server mode in Windows Server 2016, a minimal deployment model for Windows Server. It runs ASP.NET Core and can also deal with PHP and Apache Tomcat web applications – all in Nano Server mode.
Furthermore, IIS 10 can also operate both in a virtual machine and in a container which gives more flexibility to developers and administrators that choose to build apps with IIS 10. As a result, IIS 10 also accommodates a much broader range of web application types.
Using IIS in Express mode for testing
Testing websites is essential for a smooth launch and that’s why Microsoft offers an edition of IIS that is self-contained. It’s called IIS Express and developers can use IIS Express as a testing tool before they launch a website. Though IIS Express has the essential capabilities of the complete IIS edition, it does offer the unique ability to do a lot of things without the need for administrator-level privileges.
Security in IIS
Web servers are very vulnerable to security breaches and sysadmins need to make sure their web servers are protected by sufficient security measures. IIS has a range of features that can be activated to bolster its defences.
Administrators can make sure IIS is protected against attacks by taking some essential steps. For example, installing the necessary security patches for the Windows OS is a key start, and admins should also ensure that they disable any IIS features which are not necessary for running their sites, as disabling features renders the feature immune from attacks.
Consistent use of firewalls can help ensure the server is only sent valid packets while controlling the IP addresses and domains that can access a server also helps to lock matters down. URL authorization can help admins to set up rules for certain requests – including specifying how to deal with set URLs. For example, a sysadmin can set a URL authorization rule which means that only some users can see a page.
Logging also helps sysadmins because the can see who has accessed the server and vet these visitors. Finally, administrators should configure error pages so that only essential information is displayed about the error – error pages should never reveal usernames, the IP address of the server or any other data which can help hackers.
Comparing IIS and Apache
There are a number of core differences between IIS and Apache, starting with the fact that IIS comes with Windows which is a commercial product. Apache on the other hand is open source and can be used free of charge. Of course, IIS can only run on Windows – it does not run on Linux. Apache runs on a range of OS platforms, including OS X and UNIX variants, but it is best suited to Linux.
Developers who use .NET and ASPX will prefer IIS as the IIS platform integrates with these Microsoft technologies. IIS also offers commercial support from Microsoft’s help desk, while Apache administrators and developers are reliant on the user community for support.
Arguably the security options that is included in IIS makes IIS a safer choice when compared to Apache. Finally, the underlying tech used by IIS is widely compatible with all the usual web interfaces in use around the world.