What's in IIS 7.0 for me?

While having a seemingly-innocuous chat with a colleague, I was asked to "throw together a few points" on what IIS 7.0 would do for a web application I've worked with in the past. Serves me right for talking to people, really.

In this application's case, authoring, publishing and content creation weren't as important as eventual scale-out and actual application performance (otherwise the just-released FTP7 would have been top of the list).

Here's what I came up with, off the cuff:

  • Reduced attack surface/patching requirements: IIS7 is now modular, and only the parts of the server actually needed by the application are required to be installed. This can also enable performance increases due to reduced memory footprint.
  • Vastly (imho) improved compression capabilities and compression performance (with automatic compression back-off when CPU use is high! How cool is that!?)
  • Simplified web farm management - if the application is able to work reliably in a web farm scenario, the IIS configuration store can be centralized and shared across all machines in the farm. (also see MSDeploy)
  • XCOPYable configuration - easily ensure settings are consistent between dev, qa and prod environments.
  • Failed Request Tracing (aka FREB) - if failures occur, request traces can be captured that include detailed diagnostic information.
  • Windows Server 2008 security, performance and scalability improvements - the most secure Windows yet (I expect); support for the latest hardware and 64-bit computing; and optimized TCP/IP performance.
  • SSL performance greatly increased - Kernel-mode SSL (not the best link for admin types) reduces context switching and ring transitions, and improves performance
  • Better UI! After a short time working out how the new model worked, I'm sold.