IIS 7: First Looks

Note: As a Microsoft MVP I'm entitled to some confidential information. All the information contained in this post is public knowledge and does not reflect the final product nor my experience with the beta. Legal stuff out the way: WOW IIS 7 is going to rock. While this will not be very exciting for the Apache faithful its going a long way to help out us IIS admins (hey, its no secret that Microsoft has been copying ncsa httpd / apache since day one – not only is it in the license but one of my close friends dropped out of college to work on IIS ISAPI in the long long ago). Like SQL server, the IIS 7 brings a very friendly XML interface and a 3 panel control panel. It also empowers the web site admin without granting system administrator priviledges (unix folk: read .htaccess). So here are some notes from a recent webcast: Metabase is gone! No more metabase hacks, all the configuration for IIS will be handled by XML files. If you've had a misfortune of dealing with DNN 4 or .NET development you know too well how much must be tweaked with web.config — well its getting bigger. Not only will you be able to manage your web site (and more) with a web.config but all the configuration for IIS will be in the ApplicationHost.config XML file. Reduced Attack Surface & Enhanced Performance This makes IIS admins mouth water. For the longest time IIS (4/5/6) security involved loading various plugins, application firewalls, checkboxes, metabase hacks and one hotfix after another. Well, thats going away. Because capabilities of IIS7 will be controlled by different DLL's (instead of one major one) you'll be able to selectively turn features on/off (via XML!) and only open up what you need. This is awesome and way overdue. You know how you can restrict IIS from running .NET, FrontPage, WebDav, etc? Well, imagine being able to turn off things the same way you do in Apache with the backing of .NET. It's coming in IIS7. Think about the performance that a stripped down IIS can deliver – specifically if you're using IIS for image or video content serving farms. Tweaks and Wizards, oh my! With the additional functionality and options its going to get a lot more difficult to manage these servers. Do you really want to spend 20 minutes configuring each server to your liking or tweaking around XML files and keeping track of them? Well, IIS 7 will come with a lot more wizards to precisely tune your configuration without XML editing or reinventing the wheel. Of course you can tweak that through XML directly afterwards but the time savings will be significant. We were recently setting up a SQL cluster and Albert literally clicked through maybe 50 screens just to setup cluster aware COM+ properly. The bad news? Still not ready for performance testing. You will still be able to run ASP.NET 1.1 on IIS 7 which means you will still have to support yet another piece of old code which means it can be further ignored and obsoleted by your developers (until they have all found new jobs) and you'll be the one answering questions about why you're constantly being hacked because someone else hired incompetent developers. IIS 7 will only run on Longhorn / Vista so you will have to upgrade/migrate if you want the new feature sets. All in all, I am really looking forward to IIS 7. We manage a ton (well, many many tons in terms of steel alone) of IIS 6 and I would really love the ability to massively roll out and manage my IIS networks the same way we do for our Apache ones. It appears as if that is just around the corner!