Security Features
Maintaining
security for Web sites, Web applications, and Web services is an
important concern with all Web servers. Depending on the specific
deployment and usage configuration, organizations can enable a wide
variety of security mechanisms. The Security role services that are
available for IIS include:
Basic Authentication
Windows Authentication
Digest Authentication
Client Certificate Mapping Authentication
IIS Client Certificate Mapping Authentication
URL Authorization
Request Filtering
IP and Domain Restrictions
Performance Features
Organizations
often find that they receive a large volume of activity on their
production Web servers, so it is fundamental for all types of Web
servers to be able to service a large number of requests in a given
amount of time. IIS includes numerous architectural features that help
make the servicing of Web requests as efficient as possible. In
addition, the Performance role services section includes two additional
options:
Static Content Compression The
HTTP protocol provides a method by which static Web pages (such as HTML
files) can be compressed before they are sent to clients’ Web browsers.
The Web browser uncompresses the information and renders the Web page.
This method can save significant bandwidth with a minimal cost to CPU
performance on the client and the server. In addition, IIS has the
ability to store frequently accessed static content in memory, further
increasing performance and scalability. This feature is enabled by
default and will work automatically as long as users’ Web browsers
support HTTP compression.
Dynamic Content Compression
Dynamic content usually results in different information being sent to
different users. Because dynamic content often changes for each request
that is made to the Web server, the amount of processing overhead for
compressing the data can be significant. Dynamic content compression is
disabled by default, but it can be added to help reduce bandwidth
consumption for Web applications.
In
general, bandwidth is more limited than is processing power on modern
servers. Therefore, unless an organization has a specific reason to
disable it, it is recommended that static content compression remain
enabled.
Management Tools
The
Management Tools section provides administrators with the ability to
determine which programs will be available for working with IIS. By
default, only the primary administration tool, the IIS Management
Console, is installed along with the Web Server (IIS) role. This tool
provides a graphical method of configuring and managing IIS Web
services. You can choose to remove the IIS Management Console if you
will be managing the server remotely or if your corporate security
policy requires it.
The
other available Management Tools options include IIS Management Scripts
and Tools, which allows for command-line administration of IIS, and the
Management Service, which enables you to administer IIS remotely using
the IIS Management Console.
An
important design goal for IIS 7.0 was to provide support for IIS
6.0–based Web applications. Although many applications can be moved
directly to IIS 7.0, several backward-compatibility features are
included as role services: