Windows Server 2008 for Web Hosting

Windows Server 2008 is a complete revolution for the Windows Server family of operating system. There are huge changes when comparing it to previous generation versions of Windows such as server 2003 or 2000.

At Anchor we're now deploying all new dedicated servers and Virtual Private Servers with Windows 2008.

In this article we are going to discuss the changes that affect the hosting environment when using this new version of Windows including IIS7 and FTP7 as well as changes to core services like the firewall and DNS server.

IIS7

IIS7 brings a whole new raft of features to the windows operating system, specifically for web hosting.

Some of these features are useful to the website developer as well as the web host themselves:

  • Remote administration
    • IIS7 brings in a new remote administration function for IIS7, it's very handy in a shared hosting situation as users or developers can manage their individual site remotely via "Remote Manager".

    • For system administrators this is a good thing, as it is now possible to give customer more granular control over the server meaning they can make changes to the configuration without require intervention from the server administrator.
  • Modular design
    • IIS 7 modularity offers the capability for all features within IIS based on user selection, in other words they can be loaded in any combination without dependencies.
    • You can enable only the modules you need for server operation, keeping the remainder of the features unloaded
    • This is a big leap in terms of security because fewer modules equates to a lower level of vulnerabilities could be exploited. The performance benefit here is IIS will operate using much less system resources as features that are not required are not running.
  • Fast CGI
    • FastCGI is now installed as part of the "CGI" setup component which allows for both traditional CGI applications, as well as FastCGI applications to run. This is going to make it simple to get very fast performance with PHP on Windows, without all the manual configuration that has been needed in previous versions of IIS.

  • Management interface enhancements
    • The IIS7 management interface has barley changed since IIS4 so its been due for a refresh, thankfully they took it to the extreme in IIS7 totally doing away with the II6 style interface replacing it with a modular type interface reveling a lot more of the hidden features within IIS.
    • The Tasks panel gives quick access to the common functions used IIS Manager. You can navigate around the normal tree interface in the left pane, as you do so, you will notice that the center pane has been completely new look reveling a lot more of the hidden features within IIS, in IIS6 you had to click around a array of tabs to find a the setting you wanted to change or disable.
    • IIS7 now also supports full text based administration of the site via a web.config file.
      • Useful for users editing their own IIS configs or duplicating standard configs between sites.
  • An array of command line tools and new API's for integration into IIS7
    • One of the handy command line API's is an API to get a listing of all "active" requests being processed by the server and their current state.'
  • Better request auditing and error debugging.
    • Including a System.Diagnostics class library and a the ability to trace errors in .NET applications.
  • Automatic application pools
    • Application pools are a critical part of keeping websites secure on shared systems, using different application pools to isolate applications helps prevent one customer from accessing, changing, or using confidential information from another customers site.
    • They also help distribute the load on shared systems.
    • With IIS7 for each website that is created a new named Application Pool is also created along with it to ensure security and reliability.
    • In IIS6 only a single shared application pool was used unless your system administrator has created individual application pools on site creation.
  • New security features
    • Most customers who need websites hosted on IIS have some type of .NET application that they need to run.
      • IIS7 directly integrates .NET 2.0 into the core of IIS7 rather then the old API interface of IIS6 talking to .NET

FTP7

FTP7 is a new FTP server that integrates into IIS7 however its a separate download (if you ask me it should have been included) Anyway, the links to download this are x86 x64 Microsoft also has a handy guide on installing and debugging any installation errors: Installing and Troubleshooting FTP7

FTP7 why is it good?

  • Integration with IIS7
    • Within this article I have gone over the new IIS7 interface, this new FTP7 integrates into the IIS7 interface seamlessly allowing for easy management
    • Like IIS7 it also uses the new *.config format and also support remote administration via both console and editing the XML.
  • Better logging
    • FTP7 logs detailed information using Event Tracing for Windows (ETW) that allows easy trouble shooting and diagnostics.
  • Better support for "Shared" hosting
    • FTP7 add virtual host support for FTP servers allowing hosting of multiple virtual FTP servers on a single IP-Address.
    • Per user isolation based on virtual directories.
    • The ability to add FTP hosting to any existing website within IIS without having to create account, simplifying management and allowing for a cleaner interface.

Firewall

The Windows Server 2008 firewall has been revamped, now called Windows Firewall with Advanced Security (WFAS). It has been given a lot of new features, I'll details some of the significant ones.

  • Support for both incoming and outgoing rules
    • In server 2003 the firewall only supported inbound rules
    • The firewall in server 2008 now supports both incoming and outgoing rules; a good example is blocking outbound destination port 80 to disable web browsing from the server (be careful, some applications use this for updates!)
    • By default all outbound connections are allowed
  • Command line editing of the firewall
    • Server 2003 also had this feature but it was archaic and a mess to try and work with...
    • It supports remote editing via command line from Vista/2008 systems
      • In a command prompt run "netsh advfirewall set allprofiles settings remotemanagement enable "
    • MMC Snap in for firewall management.
  • Ability to create detailed exceptions.
    • IPv6 and IPv4.
    • Based on IP-Address source and destination TCP and UDP ports.
    • ICMP and ICMPv6 traffic by type.
    • Exceptions based on Service.
    • DMZ exceptions based on source and destination address.

There are many hundreds more features within server 2008 that are far beyond the scope of this article, a good place to start looking is the Microsoft site for Windows Server 2008


See also:

References/External Links

Other pages in similar categories