To be honest, I didn’t think I would ever write something praising IIS. I use Apache, though I know alternatives like lighttpd and nginx exist. But Apache is tried, tested, and proven to work. It certainly has its flaws (all software do), but it works well and to my liking.
Upon seeing what IIS 8 is capable of, I must say I’m a bit surprised. Microsoft appears to finally be taking the web seriously, and IIS 8 comes out swinging.
Server Name Indication is a new feature that makes hosting multiple secure (https://) websites on the same server far simpler than I have ever experienced. Traditionally, if you want to secure your website with an SSL certificate for any reason (e.g. you’re running an online store, you want user logins to be secured, etc.), then it was imperative that you also had a dedicated IP address for your website.
For the average small business this introduces additional cost, because the majority of web hosting providers will charge extra for a dedicated IP address. Even if you’re hosting your own website, you will still need to pull an IP address out of your pool for a seemingly trifle reason.
Server Name Indication changes the way IIS responds to a request for your secure website, making it possible to host multiple secure websites on the same IP address. I don’t know if nginx or lighttpd have Server Name Indication support yet, but as far as I know this is one area that would be a boon to any Windows Server 2012/IIS 8-based web hosting provider now.
In IIS 7, CPU throttling was really just an on/off switch. If the CPU limit was reached, IIS would simply stop accepting requests. That’s not really “throttling” now, is it? It’s a kill switch until the average CPU resources being used is below the limit set. Certainly not an ideal “solution.”
Now IIS can be set to use a specific amount of CPU resources, and Windows ensures that the affected application pool doesn’t go over that limit set. You can also set IIS to throttle itself when the system as a whole is under a heavy load, ensuring that IIS doesn’t add to the problem.
One last area I would like to highlight about IIS is Dynamic IP Address Restrictions. This feature can be configured to begin blocking traffic from a specific IP address based on the number of concurrent requests received, or the number of requests received within a certain amount of time. It’s not terrific, but it’s far better than having to watch your logs and trying to identify potentially malicious traffic manually. Similar protection now exists for FTP as well, which is nice to see.
That concludes the information I wanted to pass along about IIS 8. Keep checking back for more information on how Windows Server 2012 can benefit your small business.