Jostling for Share in the Web Server Market Page 2
Internet Information Services
Like Apache, IIS suffers from severe versioning lag. To its advantage, it has far fewer iterations than its open source counterpart. While 5.1 percent of Fortune 1000 sites remain on IIS 4, most (43.3 percent) are using IIS 5. That appears to be changing rapidly. During the past few months, IIS 6 has gone from having a negligible user base to being the Web server of choice for 5.5 percent of deployments. This is largely attributable to an increase in Windows Server 2003 adoption as enterprises migrate off of Windows NT and 2000. But IIS still has a long way to go to in Fortune 1000 updates. In the interim, organizations still on IIS 5 are vulnerable to password-stealing and other Trojans.
IIS 6, which ships with Windows Server 2003, has undergone architectural changes and improvements in performance, reliability, and security. In previous versions of IIS, for example, the failure of a single Web application could cause a failure of other Web sites and apps hosted on the same server. IIS 6 fixes this by separating the core logic from user apps, enabling a greater number of sites to be hosted on a single server. Essentially, IIS 6 separates Web sites into units called application pools. A failure in one unit does not affect other units. Predictably, it also provides SSL improvements, better ASP caching, and integration for .NET passports.
The IIS 6 and Windows Server 2003 combination is so appealing that some claim it is stealing business from Linux/Apache. Some 8,000 sites, according to Netcraft, have moved from Apache to IIS/Windows Server 2003. On the other side of the coin, it is equally likely that as many or more sites moved from older Microsoft versions to Linux-based Web servers. In addition, according to Port80, Apache has seen some gains at the expense of NES, which as of June had lost 4.0 percent for the year.
Netscape Enterprise Server
Once the undisputed heavyweight champion of Web servers with 66.8 percent of large enterprises running NES in 1998, it now has a presence in only 14.6 percent of large enterprises and is the power behind a mere 3 percent of total Web sites.
These days, Netcraft and others tend to lump NES with SunONE, iPlanet Enterprise, and Netsite as a general Web server grouping. At this time, NES and SunONE have the most activity.
NES is now up to Version 6.1 Service Pack (SP) 6. This version fixes backward compatibility issues in recent versions and SPs. It also offers improved SSL support. SunONE has gone through a series of name changes, the latest of which is the Java System Web Server 6.1. Its strengths lie with JavaServer Pages (JSP) and Java Servlet technologies. Apart from the name change, Sun's Web server underwent some security upgrades, including the addition of header masking, which hides Web server information from probes and scripts. Other improvements address bandwidth conservation and performance.
According to recent tests by KeyLabs, SunONE outperformed Apache in terms of CPU utilization and speed in serving pages. SunONE appears to be a lot faster, particularly when SSL is being employed. It should be noted, however, that these tests were sponsored by Sun.
With so many massive security flaps hitting the IT world in recent years, and vendors bringing out new versions with improved security features, you might reasonably expect that everyone would be desperate to deploy them. But that is far from the case. A paltry 300,000 Web servers currently deploy Secure Sockets Layer (SSL), for example, according to Netcraft. While this is more than 50 percent more than last year, it still demonstrate the large amount gaping holes waiting to be exploited in the Web server ranks. And with many users holding on to old versions of the leading Web servers, old security holes will likely remain exploitable for quite some time.