ORLANDO, Fla., June 4, 2007 – Today marks the beginning of Tech•Ed 2007, Microsoft’s premier annual conference for IT professionals and developers. During the opening keynote, Bob Muglia, senior vice president, Server and Tools Business, detailed Microsoft’s vision for “Dynamic IT” and discussed the company’s holistic approach to helping customers lower costs and increase the strategic value of IT within their organizations. As part of this, he explored how business applications are evolving to blend the best of the Web and consumer world – such as rich, personalized experiences available across multiple devices and platforms – with the characteristics of more traditional corporate applications.
Muglia emphasized the need for infrastructure that allows organizations to accommodate this trend and highlighted how Microsoft Internet Information Services 7.0 (IIS7), Microsoft’s platform for developing and hosting Web applications and services, has now been added to the Server Core installation option of Microsoft Windows Server 2008. Since this decision was based on extensive feedback from customers and partners, PressPass spoke with Microsoft’s Bill Laing, general manager, Windows Server Division, to find out why the industry is so eager to see IIS7 added to the Server Core installation and to learn more about what IIS7 means to the IT community in general.
Press Pass: What exactly did Microsoft announce today about IIS7?Bill Laing: We announced that the Server Core installation option of Microsoft Windows Server 2008 will now include IIS7. This is a direct result of feedback we received from customers and partners. In fact, it was pretty much the No. 1 request. IIS7 already represents a great leap forward, since it gives customers a completely modular, extensible Web server with expanded application hosting that also offers excellent compatibility and streamlined Web infrastructure management. Now, with IIS7 available in the Server Core installation option, customers get this modular, low-footprint Web hosting platform on top of all of the other great benefits that Server Core’s low-profile installation provides.
One of the other great things we are highlighting today is that customers have been able to take advantage of IIS7 right away by downloading Windows Server 2008 Beta 3 and deploying under our Go Live license, which is offered at no charge and lets them put beta releases of Windows Server 2008 into production before the official release.
Press Pass: Why is the Server Core installation option so important?Laing: With the Server Core installation option, IT professionals can install Windows Server 2008 with minimal server functionality for select roles – including DHCP, DNS, file server, virtualization, domain controller and now IIS7 – without any non-essential services and applications. By only including what is required for the designated roles, a Server Core installation will generally require less maintenance and fewer updates since there are fewer features to manage. And, since there are fewer programs and features installed and running on the server, there are fewer attack vectors exposed to the network, resulting in a reduced attack surface. Server Core is already a great option for IT professionals, so when you add IIS7 into the mix, it becomes even more compelling.
Press Pass: What is new in IIS7?
Laing: IIS7 delivers a lot of enhancements across the board so it might take me a while to completely explain what’s new. One thing I definitely want to emphasize is that all of the improvements are in the areas that we believe matter most to customers. We can group them into three different categories. First, we wanted to make IIS7 even easier to manage. By switching to a distributed, file-based configuration model, we’ve made it possible for administrators to xcopy and deploy sites and applications to their servers, and now administrators can delegate management tasks to site owners. IIS7 also has a more intuitive GUI interface that can connect to IIS over HTTP as well as a .NET management API that leverages Windows PowerShell – both of which help automate and simplify Web management.
The second area we’ve focused on is making IIS7 a more productive environment for developing and deploying Web applications and services. With the new implementation of FastCGI, IIS7 offers scalable hosting to a broader set of applications, including the popular PHP scripting language – in fact, PHP now runs 10-20 times faster on IIS7. Developers will also love that IIS7 processing deeply integrates the .NET Framework and that they can use the .NET Framework to extend or customize any part of IIS7’s modular architecture.
Finally, IIS7 is fundamentally a lower cost Web server thanks to significant gains in security, reliability and scalability. IIS6 was the most secure Web server we ever shipped, but IIS7 takes that to an entirely new level. Its modular architecture of over 40 separately installable components can be streamlined to optimally reduce attack surface, memory overhead and patching footprint. IIS7 also automatically sandboxes applications, which keeps any application failures strictly isolated and also protects them from attacks. And if you do run into issues, they can be diagnosed much more quickly on IIS7 with its advanced tracing capabilities and fully exposed runtime information.
PressPass: How would you describe the industry’s response to IIS7 so far? Laing: Customer and partner response has been outstanding. At WinHEC 2007 in May, we talked a lot about the great traction we’ve been getting with Windows Server 2008 — in fact, we announced that we had in excess of 100,000 downloads of Beta 3 in less than three weeks. We’ve already seen that number grow to more than 150,000, so the numbers really speak for themselves. In terms of IIS7, we are particularly pleased with the response we’ve seen from the Web-hosting community, which is a testament to the value IIS7 offers to that audience, particularly when it comes to security. There are already eight major hosting companies, including RackSpace and MaximumASP, offering their customers IIS7 beta Hosting. These offers started nearly a year ago and have seen large customer participation of more than 4,000 developers trying out IIS7 before the release.
Press Pass: Why is IIS7 particularly valuable for Web hosters?
Laing: IIS7 is definitely good news for Web hosters. From their feedback to us, we know how concerned hosters are about QoS issues, performance problems and perhaps most importantly, security. IIS7 makes big strides in all of these areas and provide a top notch experience for hosting customers and hosters alike. Simply put, IIS7 gives hosters a cost-effective, more scalable Web server for delivering reliable Web hosting to a broader set of customers. IIS7 lowers costs by providing a new, scalable shared hosting architecture that can host thousands of Web sites on a single IIS7 server without sacrificing isolation or reliability. It also helps Web hosters reach more customers by including a new FastCGI module, capable of providing fast and reliable hosted PHP and other Web frameworks. Finally, IIS7’s FTP server provides Web hosters with a fully integrated Web/ FTP server that includes modern publishing capabilities, including FTP/SSL and membership-based authentication.
Press Pass: From a security perspective, how is IIS7 different from what else is out there?
Laing: IIS6 was already rock-solid on security. You can look at the Secunia Web site where they list security bulletins and see that IIS6 hasn’t suffered a single critical security vulnerability. Even after that great success, we are still looking for ways to raise the Web server security bar. With IIS7, we’re able to do this in two key areas: reduced surface area and simplified security management. Many people are probably already familiar with the “lockdown by default” approach we introduced with IIS6. This was a shift from earlier versions that installed and enabled most features out of the box. With IIS6, several features were removed from the default install and others, although they were installed, were disabled by default. Now with IIS7, we are introducing “minimum install by default.” IIS7 features a completely modular Web server where only the bare minimum number of components are installed and enabled. This has a lot of benefits since administrators can choose exactly what they want to install. With fewer components installed, there is a much smaller surface area available to attackers and there are fewer things to manage and maintain.
In terms of the second key area, security management, IIS7 introduces several significant improvements that make it easier than ever to become and stay secure. This includes rich delegated administration support, which means scoped configuration and management tasks can be easily delegated to non-administrators, and unified authentication and authorization management, which allows all types of authentication and authorization to be managed in a single place. IIS7 also has built-in user and group accounts dedicated to the Web server so that a common security identifier can be used across computers. This simplifies a number of things including NTFS ACL management, Application Pool sandboxing and identity management. There is quite a bit of information on IIS7’s security capabilities available online, so I’d encourage people to visit the security section on www.IIS.net.
Press Pass: What’s next for IIS?
Laing: The Web server is certainly an area where we are continually innovating. With this space, there are just so many interesting challenges to address and new opportunities to explore. As for specific areas the IIS team is working on, we can’t disclose much because we’re still in the planning phases.
However, I will say that one area the IIS team is very focused on is providing customers with world-class solutions for Web publishing to Windows Server 2008. There are new IIS7 modules already in development that will address challenges customers have faced around FTP and WebDAV. These new modules will be part of a Web publishing “pack” for IIS7 that will be made available in the future. .