|Introducing Windows Server 2008
By Mitch Tulloch
Get a jump on evaluating Window Server 2008 -- with technical insights from Windows Server team. This practical introduction delivers real-world implementation scenarios and pragmatic advice for administering Windows Server in the enterprise.
Step 2 of 2:
One thing I really like about IIS 7.0 is its new modular architecture. What this means is that instead of IIS being a monolithic entity installed by default with only a few features available for optional installation, IIS 7.0 now has more than 40 separate setup components you can choose from and only a small set of these are installed by default. You can now install only IIS features you actually need on your Web server and leave the remaining features uninstalled. The benefits of doing this are fivefold:
- First, your system is more secure. Why? Because the only IIS binaries installed on your system are those you actually need. And the fewer binaries, the less attack surface there is on your machine.
- Second, your system is easier to service. Why? Because maintaining a server involves keeping it patched with the latest critical updates from Microsoft. But if you have only a subset of the available IIS modules installed on your machine, you have to patch only those modules -- you don't have to patch modules that aren't installed.
- Third, your system is easier to manage. For example, as we'll see in a moment, if the component supporting Basic authentication is not installed on your system, the configuration setting for this feature won't be present. And the fewer configuration settings that are surfaced, the less clutter the admin UI has and the easier it is to manage your server.
- Fourth, you can customize your Web server to function in a specific role in your environment.
- And fifth, you can reduce the memory footprint of your Web server by removing unnecessary modules. As a result, the amount of memory used by worker processes on your machine will be reduced, which can allow you to host more Web sites and Web applications on your machine -- something especially valuable in large hosting environments. Reducing the number of installed modules also means that fewer intra-process events are occurring, so this also frees up CPU cycles as well -- something that, again, is important in hosting environments.
In addition, you can even create your own custom modules and use these to replace existing modules or add new features to your Web server. We'll talk about this later when we discuss the extensibility of the IIS 7.0 platform.
The following graphic shows the IIS 7.0 components available for you to install when you add the Web Server (IIS) role to your Windows Server 2008 machine. These components are called modules, and you can add or remove them from the Web server engine, depending on what you need.
Table 11-1 lists the different modules available in each category and provides a short description of what they do.
|Table 11-1 IIS 7.0 modules and their functionality|
|CustomErrorModule||Sends default and configured HTTP error messages when an error status code is set on a response|
|HttpRedirectionModule||Supports configurable redirection for HTTP requests|
|OptionsVerbModule||Provides information about allowed verbs in response to OPTIONS verb requests|
|ProtocolSupportModule||Performs protocol-related actions, such as setting response headers and redirecting headers based on configuration|
|RequestForwarderModule||Forwards requests to external HTTP servers and captures responses|
|TraceVerbModule||Returns request headers in response to TRACE verb requests|
|AnonymousAuthModule||Performs Anonymous authentication when no other authentication method succeeds|
|BasicAuthModule||Performs Basic authentication|
|CertificateMappingAuthenticationModule||Performs Certificate Mapping authentication using Active Directory|
|DigestAuthModule||Performs Digest authentication|
|IISCertificateMappingAuthenticationModule||Performs Certificate Mapping authentication using IIS certificate configuration|
|RequestFilteringModule||Performs URLScan tasks, such as configuring allowed verbs and file extensions, setting limits, and scanning for bad character sequences|
|UrlAuthorizationModule||Performs URL authorization|
|WindowsAuthModule||Performs NTLM integrated authentication|
|CgiModule||Executes CGI processes to build response output. There's also a FastCGI handler that's installed as part of the CGI install.|
|DavFSModule||Sets the handler for Distributed Authoring and Versioning (DAV) requests to the DAV handler|
|DefaultDocumentModule||Attempts to return the default document for requests made to the parent directory|
|DirectoryListingModule||Lists the contents of a directory|
|IsapiModule||Hosts ISAPI DLLs|
|IsapiFilterModule||Supports ISAPI filter DLLs|
|ServerSideIncludeModule||Processes server-side includes code|
|StaticFileModule||Serves static files|
|DynamicCompressionModule||Compresses responses, and applies Gzip compression transfer coding to responses|
|StaticCompressionModule||Performs precompression of static content|
|FileCacheModule||Provides user-mode caching for files and file handles (required)|
|HTTPCacheModule||Provides kernel-mode and user-mode caching in HTTP.sys (required)|
|SiteCacheModule||Provides user-mode caching of site information|
|TokenCacheModule||Provides user-mode caching of user name and token pairs for modules that produce Windows user principals (required)|
|UriCacheModule||Provides user mode caching of URL information (required)|
|Logging and diagnostics modules|
|CustomLoggingModule||Loads custom logging modules|
|FailedRequestsTracingModule||Supports the Failed Request Tracing feature|
|HttpLoggingModule||Passes information and processing status to HTTP.sys for logging|
|RequestMonitorModule||Tracks requests currently executing in worker processes, and reports information with Runtime Status and Control Application (RSCA) Programming Interface|
|TracingModule||Reports events to Microsoft Event Tracing for Windows (ETW)|
You can install these modules by adding role services and features to the Web Server (IIS) role using Server Manager. (Note that some of these modules cannot be selectively installed or uninstalled unless you uninstall the entire w3svc.) When you add the Web Server (IIS) role to your Windows Server 2008 server, a subset of available role services and features is installed by default (though you can also choose to add role services and features at this time or later).
Excerpted from "Introducing Windows Server 2008" by Mitch Tulloch with the Microsoft Windows Server Team . Reprinted by permission of Microsoft Press. All rights reserved. For more information, go to http://www.microsoft.com/MSPress/books/11163.aspx