An IIS web server accepts requests from remote client computers and returns the appropriate response. This basic functionality allows web servers to share and deliver information across local area networks (LAN), such as corporate intranets, and wide area networks (WAN), such as the Internet.
A web server can deliver information to users in several forms, such as static webpages coded in HTML; through file exchanges as downloads and uploads; and text documents, image files and more.
Web servers provide portals
Modern web servers can provide far more functionality for a business and its users. Web servers are often used as portals for sophisticated, highly interactive, web-based applications that tie enterprise middleware and back-end applications together to create enterprise-class systems. For example, Amazon Web Services allows users to administer public cloud resources through a web-based portal. Meanwhile, streaming media services, such as Spotify for music and Netflix for movies, deliver real-time streaming content through web servers.
How IIS works
IIS works through a variety of standard languages and protocols. HTML is used to create elements such as text, buttons, image placements, direct interactions/behaviors and hyperlinks. The Hypertext Transfer Protocol (HTTP) is the basic communication protocol used to exchange information between web servers and users. HTTPS -- HTTP over Secure Sockets Layer (SSL) -- uses Transport Layer Security or SSL to encrypt the communication for added data security. The File Transfer Protocol (FTP), or its secure variant, FTPS, can transfer files.
IIS works with ASP.NET Core
The ASP.NET Core framework is the latest generation of Active Server Page (ASP), a server-side script engine that produces interactive webpages. A request comes in to the IIS server from the web, which sends the request to the ASP.NET Core application, which processes the request and sends its response back to the IIS server and the client who originated the request. Examples of applications written on ASP.NET Core include blog platforms and content management systems (CMS).
Developers can produce IIS websites with a number of tools, including WebDav, which can create and publish web content. Developers can also use integrated development tools, such as Microsoft Visual Studio.
Versions of IIS
IIS has evolved along with Microsoft Windows. Early versions of IIS arrived with Windows NT. IIS 1.0 appeared with Windows NT 3.51, and evolved through IIS 4.0 with Windows NT 4.0. IIS 5.0 shipped with Windows 2000. Microsoft added IIS 6.0 to Windows Server 2003. IIS 7.0 offered a major redesign with Windows Server 2008 (IIS 7.5 is in Windows Server 2008 R2). IIS 8.0 came with Windows Server 2012 (Windows Server 2012 R2 uses IIS 8.5). And IIS 10 arrived with Windows Server 2016 and Windows 10.
With each iteration of IIS, Microsoft has added new features and updated existing functionality. For example, IIS 3.0 added ASP for dynamic scripting; IIS 6.0 added support for IPv6 and improved security and reliability; and IIS 8.0 brought multicore scaling on non-uniform memory access hardware, centralized SSL certificate support and Server Name Indication.
Features in IIS 10
IIS 10 also adds a number of new features and functionality.
IIS 10 adds support for the HTTP/2 protocol, to offer more efficient resource use and lower latency compared to HTTP 1.1. IIS 10 works on the minimal server deployment model Nano Server under Windows Server 2016, and can run ASP.NET Core, Apache Tomcat and PHP workloads on IIS on the Nano Server.
IIS 10 works in a container and virtual machine, so developers and administrators have more flexibility in deployment choices, as well as the density to accommodate a broad range of web applications.
IIS Express for testing
Microsoft provides a self-contained version of IIS, called IIS Express, for developers to test websites. IIS Express offers all the major capabilities of the full IIS web server, but allows many tasks to be performed without administrative privileges.
To ensure a website is secure, organizations need to take security measures to protect the web server from security breaches. Companies can use features built into IIS to harden the IIS.
Some of the ways to harden Windows IIS include:
- Ensure the Windows operating system is updated with all security patches.
- Disable any features of IIS not in use to reduce potential attacks.
- Use firewalls to ensure the server is only receiving valid packets.
- Control which IP addresses and domains can access the web server.
- Use URL authorization to apply rules for specific requests, such as dealing with particular URLs. A company can use URL authorization to only authorize certain users to view the requested pages.
- Use logging to view the visitors accessing the web server.
- Configure the error page to display only relevant information about an issue. Make certain that error pages don’t display too much information, such as usernames, passwords, the IP address of the server or any information that hackers could use to exploit the web server.
Steps to install and configure IIS
The following is how to install IIS on a server running Microsoft Windows Server 2012 R2, Microsoft Windows Server 2016 and Microsoft Windows Server 2019.
These are the steps for how to install IIS using the Server Manager:
- Press the [Windows] key and select Server Manager.
- In the Server Manager dashboard, click manage > add roles and features.
- Click installation type.
- Select the role-based or feature-based installation option and click Next.
- Select the server on which IIS will be installed and click Next.
- Activate the Web Server (IIS) Role.
- Click Add Features to add the IIS Management Console.
- Click Next: the SelectFeatures window will open.
- Click Next: the Web Server Role (IIS) window will open.
- Click Next: the Select Role Services window will open.
- Select the required role services and click Next.
- Click Install to install the selected roles, role services and features.
- Click Close to complete the installation.
The following are the steps for how to install IIS in the PowerShell:
- In the search, type PowerShell, and then click Windows PowerShell
- In Windows PowerShell, type the following command: Install-WindowsFeature -name Web Server -IncludeManagementTools
- Press [ENTER].
The following are steps for how to configure IIS using the Server Manager:
- Go back to the Server Manager and select Internet Information Services (IIS) Manager from the Tools menu.
- Click Add Website
- Specify at least the site name and path. Click OK.
- The first site is ready to be accessed.
When IIS is installed, it’s preconfigured to serve as a default website. However, to change the basic settings for the website:
- Log on to the Web server computer as an administrator.
- Click Start, point to settings, and then click Control Panel.
- Double-click Administrative Tools, and then double-click Internet Services Manager.
- Right-click the website to be configured in the left pane, and then click Properties.
- Click the website tab.
- Type a description for the website in the Description box.
- Type the Internet Protocol (IP) address to use for the website or leave the All (Unassigned) default setting.
- Modify the Transmission Control Protocol port as appropriate.
- Click the Home Directory tab.
- To use a folder on the local computer, click A directory on this computer, and then click Browse to locate the folder that you want to use.
- To use a folder that has been shared from another computer on the network, click A share located on another computer, and then either type the network path or click Browse to select the shared folder.
- Click Read to grant read access to the folder (required).
- Click OK to accept the website properties.
Follow these steps to create a new website in IIS:
- Log on to the web server computer as an administrator.
- Click Start, point to Settings, and then click Control Panel.
- Double-click Administrative Tools, and then double-click Internet Services Manager.
- Click Action, point to New, and then click website.
- After the website Creation Wizard starts, click Next.
- Type a description for the website. (This description is used internally to identify the website in Internet Services Manager only.)
- Select the IP address to use for the site. Selecting All (unassigned) will make the website accessible on all interfaces and all configured IP addresses.
- Type the TCP port number to publish the site on.
- Type the Host Header name (the real name that is used to access this site).
- Click Next.
- Either type the path to the folder that’s holding the website documents or click Browse to select the folder, and then click Next.
- Select the access permissions for the website, and then click Next.
- Click Finish.
IIS vs. Apache
Differences between IIS and Apache include:
- IIS is packaged with Windows while Apache is free and open source.
- While IIS only runs on Windows, Apache can run on almost any operating system, including macOS, UNIX and Linux (it’s best suited for Linux).
- IIS integrates with other Microsoft offerings, such as .NET and the ASPX scripting language.
- IIS has a help desk to handle most issues while support for Apache comes from the user community.
- The security features of IIS make it a safer option than Apache.
- IIS’ underlying technology is compatible with standard web interfaces worldwide.