Web servers don’t compete in the same sense as most other software offerings do. For one thing, the most widely used server, Apache, is open source and essentially free. It has no advertising budget or any other promotion aside than downloads, user experience, and word of mouth. Even the second most widely used server, Microsoft Internet Information Server (IIS) doesn’t compete in the open market as it’s typically picked up in conjunction with a Windows operating system (i.e., it’s bundled).
Although sometimes described as the heartbeat of the Internet, Web servers don’t often command the attention and glamour that other server types and software offerings receive. Nelson King explains why this is so, as well as overviews current trends and what’s on the horizon for the Big Four Web servers — Apache, IIS, Sun ONE, and Zeus.
Yet this is a fiercely competitive category of software, partly because it’s one of the most important pieces of all software (Web servers are often described as the heartbeat of the Internet), and the total number of servers in use is approaching an astronomical 12 million. There are many commercial Web servers (a large selection of which are reviewed on ServerWatch); many ways to supplement and enhance Web servers that can make money; and besides, there’s always bragging rights.
Later in this ServerWatch tutorial, we’ll detail what the “Big Four” Web servers (Apache, IIS, SunONE, and Zeus) are up to, but it’s important to bear in mind that there are literally dozens of Web servers. Many are embedded within other products (such as application servers), and you might be using them without even knowing about it. Other Web servers are developed for specific purposes, such as e-commerce or streaming media.
If there is one across-the-board issue in Web servers in 2003, it remains the same one it has been for (at least) two years — security. A lot of negative publicity has been generated by Web server security holes and their exploitation. During 2000 and 2001 Microsoft IIS seemed to take the brunt of attack, but during 2002 Apache and other servers also came under fire. Statistically speaking, we may be talking about an almost infinitesimal number of breaches relative to the total number of Web server connections and transactions, but like airline disasters, only the memory of bad news seems to endure. The impression of flawed software now clings to many Web server products.
To counteract this impression, most Web server developers have shifted their attention to not only fixing security problems, but also re-focusing the software around security issues. In some cases this has resulted in heavily redesigned products; in other cases, features designed to implement and monitor server security have been added.
Update and Maintenance
Closely related to the need for vigilance in security is the need to pay attention to updates. This is much more than deciding whether or not to implement new versions of the server software. It includes the onerous task of frequently patching installed software to update security fixes. It also includes more sophisticated monitoring of server activity, not only to manage loads, but also to deal with attacks and illegitimate use of the server. The problems are particularly acute for organizations running hundreds (or thousands) of servers, but the same problems — especially because they often go unattended — exist in much smaller installations.
Consequently, another major trend in Web servers has become the addition of tools and features that make updating easier and timelier.