IIS 7.5 and Windows Server Core
There is so much stuff on Windows7 & 2008 R2 features out there, but not so much on IIS 7.5. The other reason it slipped off my radar was that reporting services in SQL Server 2008 directly uses http.sys for its portal and there is no longer a need to install IIS at all. Anyway it’s now time for me to look at this in more detail as part of my series on server core.
Firstly IIS 7.5 like every other new bit of the Microsoft platform has embedded PowerShell support, meaning you can now directly manage IIS 7.5. Also you turn on IIS7.5 features using DISM rather than the complexity of the setup in the original server core..
where a basic install would have been
start /w pkgmgr /iu:IIS-WebServerRole;WAS-WindowsActivationService;WAS-ProcessModel
using DISM the equivalent command is
DISM –online /enable-feature /featurename:IIS-WebServerRole
From there you can then add the extra individual features you need, as from IIS 7 it is a very modular solution. For example to turn on asp.net you would use to turn on three features..
DISM –online /enable-feature /featurename:IIS-ISAPI Filter
DISM –online /enable-feature /featurename:IIS-NetFxExtensibility
DISM –online /enable-feature /featurename:IIS-ASPNET
Having done all of this the best approach would then be to remotely manage it from another machine. Form there you can start use some of the new stuff in IIS 7.5
My top feature would be the best practices analyser. This is primarily concerned with making sure your configuration is as secure as possible, e.g.
- Hiding custom errors from displaying remotely, the more the attacker knows about your site the quickest and easier it is to attack, for example one of mates always rubs his hands with glee when he says the site is talking to Oracle as opposed to SQL (he wouldn’t tell me why though).
- Ensuring ssl certificates are up to date
- Ensuring you are using ssl if you have basic authentication set.
For more on this refer to this article in the Windows Server TechCenter
Other new stuff includes
- Application pre-load, so your application is already running when the user access it. To do this you need to add the following to the applicationHost.config file:
<application path="/myapp" preloadEnabled="true">
<virtualDirectory path="/" physicalPath="c:\inetpub\myapp"/>
and this to the web.config file
There’s an article here to get you started with this
- Configuration Log Tracking. This pulls in all the changes you make and logs them. BTW this is off by default and you need to turn it by going to “Application and Service Logs->Microsoft->Windows->IIS-Configuration” in event viewer and enable tracing. BTW IIS generates 4 kinds of events. These are administrative, operational, analytic and debug. Right click on areas in event viewer and select “enable log” for categories you want to enable tracing.
- The ability to work with multiple versions of the .net framework. While one application might need .net 2 another might need 3.5
- Built in FTP and WebDAV support.
I could go on and on here, but I would suggest you might want to check up on all the new stuff in IIS 7.5 here, and hopefully try it out by installing the role on a full or server core installation of windows server 2088 R2. It’s also an opportunity to confuse the web developers you might be working with by understanding their world a little better, and offering to help them deploy their applications more quickly.