New Features in IIS 8

  • Article

I am lucky to start blogging and lucky more to start it with the new features in IIS 8. There are great improvements and new very useful features like Server Name Indication (SNI), Centralized Certificates Store (CCS), CPU Throttling, Application Initialization, Dynamic IP Restriction, WebSockets, and finally FTP 8.

In this post I would quickly mention the usage or value of each feature then will address each one separately in later posts.

Server Name Indication (SNI): Using SNI we can configure thousands of secure websites on the web server, thus it allows many SSL sites to share the same Web Server IP. But we have to consider that not all browsers support SNI, for example it doesn't work on Windows XP, even IE 8.

Centralized Certificates Store (CCS): Using CCS we can configure all certificate to be stored and accessed centrally on a file share. So in web server farm, Each IIS on separate server just go and pick up the certificate from the share but it must be certificate name like website name exactly. But we need to enable it in each web server (following concept of shared configuration). Thus Certificate Renewal and syncing tasks of certificates in the farm now is a piece of cake :)

 

CPU Throttling: Using CPU Throttling we can control and limit how much CPU each application pool can consume as a percentage of CPU. It is not a new feature, it was there in IIS 7.x; it was just killing w3wp when reach limit. But now it have a new additional actions like Throttle and ThrottleUnderLoad that will limit the CPU consumption for the worker processes in the application pool to the configured value. It is important to know that CPU Throttling doesn't reserve CPU but it is just limiting CPU usage.

 

Application Initialization: Using Application Initialization Module, we can configure initialization page as initialization or warm up tasks to run before serving 1st HTTP request; it was there in IIS 7.x before as warm-up module. But now it is built in IIS 8. 

Dynamic IP Restriction (DIPR): Using DIPR we can Customize IIS reply like: Unauthorized (HTTP 401), Forbidden (HTTP 403), Not Found (HTTP 404), or Abort (IIS terminates the HTTP connection). Moreover we can allow or deny specific IP address or a range of IP addresses, even if they violate a dynamic restriction
setting. We can block dynamic IPs based on the number of concurrent requests or the number of requests over a period of time. Finally it is a very useful feature for web servers behind firewall or load balancer, because of the proxy mode property that enables IIS to cross checks the values in the X-Forwarded-For HTTP header. So it can verify the IP address of the client initially made request.

 

Finally I won’t forget to mention Web Sockets and FTP 8 but will explain in details about them in later posts. 

Reference https://www.iis.net/learn/get-started/whats-new-in-iis-8