REVIEW: Microsoft IIS 7.5 Improves Management, Deployment Options

By Jim Rapoza  |  Posted 2009-09-01 Print this article Print

With the release of Windows Server 2008 R2 comes an update to the company's Web platform, Internet Information Services. Like R2, IIS 7.5 isn't a massive upgrade, but it does provide some welcome administration improvements. In addition, the new version seems to acknowledge that Microsoft may have made IIS a little too Apache-like in previous iterations.

Few products in the Microsoft portfolio have seen as positive a turnaround as the Internet Information Services Web server.

Nine years ago, IIS was a security nightmare that was regularly exploited by dangerous worms and viruses. But, beginning with IIS 6, Microsoft made significant improvements in the security profile of the Web server-improvements that have erased IIS' bad security reputation. With IIS 7, Microsoft took many cues from open-source rival Apache, making IIS more modular in its deployment options and even relying on good old configuration files for much of the server's setup and administration.

For a look at IIS 7.5 in action, check out this eWEEK Labs gallery.

Now, with the release of Windows Server 2008 R2, we are seeing an update to Microsoft's Web platform in the form of IIS 7.5. Like much of R2 itself, IIS 7.5 isn't a massive upgrade from previous versions; in fact, many of the new features were already available as add-ons to IIS 7.

But, all in all, IIS 7.5 is a welcome update, improving the management and deployment options for the Microsoft Web server.

Interestingly, it also seems like an acknowledgment that, for some Microsoft customers, IIS might have gone too far down the Apache road of (mainly) GUI-free configuration.

This new focus was clear once I fired up the IIS Management Console on Windows Server 2008 R2 and started to configure request filtering for the server. Request filtering makes it possible to build a more secure server configuration that is resistant to common attack techniques such as cross site scripting.

Request filtering was built into IIS in previous versions of the server, but setting it up required editing configuration files. This wasn't exactly difficult, but IIS 7.5 makes it easier with the option to set up filtering using a standard GUI interface. I found this process to be relatively simple, and I liked that changes made here took effect immediately, without the need to restart the service.

Also new in IIS 7.5 is the graphical Configuration Editor, which is sort of like a regedit for IIS configuration. Using this tool, I could edit and view IIS configuration settings without the need to open up the web.config file.

Another welcome change in IIS 7.5 is the elevation of FTP as a full-fledged part of the server. In previous versions, setup and management of an FTP server in IIS were done pretty much separately from Web server management. In IIS 7.5, FTP administration is fully integrated into the IIS Management Console.

I found this to be a very good implementation of FTP, making it possible to quickly set up secure FTP servers and tie them to my Websites. Especially nice was the ability to easily use virtual host names for the FTP sites. All in all, the FTP implementation in IIS 7.5 is one of the best I've seen, even when compared with dedicated FTP server products.

While much of IIS 7.5 is dedicated to improved GUI management, that isn't the only focus. Admins comfortable in the command line will like the option to manage the IIS server through Microsoft's PowerShell interface. Using the PowerShell snap-in for IIS 7.5, I was able to use commands to control and view nearly any aspect of the server. This also made it easier to use management scripts, build scheduled tasks and handle remote management.

IIS 7.5 also includes some under-the-hood enhancements, such as hardened application pool security through lowered privileges. In addition, IIS benefits from a large library of extensions and add-on modules that make it possible for businesses to add capabilities to their server implementations.

Chief Technology Analyst Jim Rapoza can be reached at

Jim Rapoza, Chief Technology Analyst, eWEEK.For nearly fifteen years, Jim Rapoza has evaluated products and technologies in almost every technology category for eWEEK. Mr Rapoza's current technology focus is on all categories of emerging information technology though he continues to focus on core technology areas that include: content management systems, portal applications, Web publishing tools and security. Mr. Rapoza has coordinated several evaluations at enterprise organizations, including USA Today and The Prudential, to measure the capability of products and services under real-world conditions and against real-world criteria. Jim Rapoza's award-winning weekly column, Tech Directions, delves into all areas of technologies and the challenges of managing and deploying technology today.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel