IIS 6.0: Lessons in Trustworthy Computing

In the past couple of years, Microsoft's security programming practices have come under attack, due largely in part to IIS 4/5 exploits. Last January Microsoft Chief Software Architect Bill Gates delivered a company wide e-mail that outlined a concept known as Trustworthy Computing. This resulted in significant changes in the way Microsoft builds and designs software. Internet Information Server 6.0 is the first version of IIS with security in mind. I will explain some of the features and architectural changes in this article. Microsoft's Trustworthy Computing initiative significantly changed the way in which Microsoft builds and designs software. Jeff Gonzalez explores some of the new options and architecture in Internet Information Services 6.0.

Application Server Role Overview

The server role is a new feature with Windows Server 2003. To configure a server role, you can install the server role using the Configure Your Server Wizard ( fig. 1 ) and manage your server roles by using Manage Your Server Wizard ( fig. 2 ). There are several built in roles to choose from such as File server, Print server, Mail server, Terminal server, and the Application Server role which I explain further. An application server is a technology that provides core infrastructure services to applications hosted on the server.

Figure 1.

Figure 2.

Some typical application servers include the following:

  • Resource pooling (COM+)
  • Distributed transaction management (DTC)
  • Asynchronous communication (Message Queuing Services)
  • Automatic Web Service interfaces for accessing business objects (UDDI)
  • Failover and server health monitoring (Network Load Balancing)
  • Integrated Security (Active Directory)
  • Web Server (IIS and ASP.NET)
By configuring your server as an application server, you will be installing Internet Information Services and optional technologies such as ASP.NET and COM+.

Application Platform Improvements IIS 6.0 includes several new platform development features such as:

  • New COM+ Services for ASP
  • Worker Process Recycling
  • Dynamic Cache support via VectorSend
  • Improved ISAPI Unicode support
  • ISAPI Support for custom errors
  • Internal Redirection via ExecuteURL Method
  • Native ASP.NET Integration

This article was originally published on Apr 23, 2003
Page 1 of 3

Thanks for your registration, follow us on our social networks to keep up-to-date