Go back to the Delta Guide Home Page. Download this article as a PDF file.

IIS Overview and History

Version 1 of IIS was not especially memorable: It was a very basic Web server with no frills. It included a minimum of security features and was designed to run on Windows NT. IIS version 3 wasn't much different from an administrative standpoint, but it did introduce an incredibly important new feature: Active Server Pages (ASP). ASP enables Web developers to create dynamic Web pages that use the VBScript (or Jscript) languages. Prior to ASP, most Web development required C programming and compiled executables, rather than more simplistic scripts.

Version 4 of IIS was a major rewrite. It still included ASP but was otherwise indistinguishable from earlier versions. Version 4 was introduced in the Windows NT 4.0 Option Pack and quickly became one of the most popular commercial Web server products ever created. IIS 4 introduced new ways for developers to protect their applications against crashes, offered the capability to run multiple distinct Web sites on a single server, and much more.

IIS 5 built on the success of IIS 4 by adding new capabilities, such as the built-in NNTP service for hosting Internet newsgroups. IIS 5 also included some new security options and a raft of bug fixes. IIS 5 was designed solely for Windows 2000 and shipped with Windows 2000 Server. A minor upgrade, IIS 5.1, shipped in Windows XP Professional and was designed for single-person use, such as developers creating a Web application.

IIS: An HTTP Engine

At their heart, every version of IIS has been built to do one thing: accept HTTP requests and respond to them. Simple requests might be for a static HTML page, which IIS reads from disk and compiles into an HTTP response packet for transmission to the requesting use.

IIS extends its basic functionality through the Internet Services Application Programming Interface (ISAPI). IIS can be extended in two ways, in fact: ISAPI extensions and ISAPI filters. ISAPI extensions allow specific file types, such as ASP files, to be passed to an external DLL for processing. After the DLL finishes with the page, it passes the result to IIS for transmission to the end user. Both ASP and ASP.NET, ASP's newer cousin, are implemented as ISAPI extensions. ISAPI filters work similarly but get to work on data after IIS (and any extensions) has already had it. Filters might be used, for example, to filter out objectionable words or phrases in Web content.

The Down Side of Extensibility

IIS's extensibility has in many ways been its biggest enemy, as well as its biggest strength. Creative hackers have found ways to exploit IIS's extensibility, uploading executable files and scripts to Web servers and then tricking IIS into running the unauthorized code. Each successive version of IIS has contained additional features to combat this vulnerability.

Each version has also included new features to make IIS more stable. Poorly written extensions, filters, and even scripts can cause IIS to crash or become unresponsive. Past attempts at separating IIS's core code from Web applications' code sometimes resulted in negative performance hits; IIS 6's new request processing architecture promises the fastest performance yet from any version of IIS, while providing unprecedented application isolation and overall IIS stability.

In addition to its basic task as a Web server, each version of IIS provides additional Web-related functionality. Since the beginning, for example, IIS has provided an FTP server in addition to its basic Web server. Newer versions of IIS have added support for SMTP, NNTP, and more. The earliest versions of IIS included Gopher support (a precursor to the Web), but version 4 removed that support to focus on more modern and commonly used protocols.

© Copyright Pearson Education. All rights reserved.

Go back to the Delta Guide Home Page. Download this article as a PDF file.