IIS closes gap on Apache as it boosts .net integration

Hot skills: Microsoft web server shrugs off problems of the past

What is it?

Microsoft Internet Information Services (IIS) is a set of internet-based services for servers using the Windows operating system.

It is the world's second most popular web server in terms of overall websites, behind Apache. But the millions of new websites that appear every month are diminishing the dominance of Apache. In the three months between March and June, Apache's lead over IIS shrank from 48.2% to 31.5%, according to internet monitoring company Netcraft.

Netcraft says this reflects a decrease in the use of Linux at host companies. But it is also a sign of growing faith in the security of IIS since the dark days of 2001, when Gartner recommended switching to an alternative.

Apache can be flattered that the up-and-coming IIS 7.0 has imitated features such as modularity and the ability to manage a site from its text-based web.config file.

Where did it originate?

IIS was released with Windows NT 3.51. Active Server Pages (ASP) came out with IIS 3.0. But early versions of IIS were plagued with vulnerabilities. Even Microsoft-friendly bloggers described IIS 4.0 as a disaster, and IIS 5.0 as "an open door".

Microsoft did not help itself by keeping quiet about flaws until it had developed patches for them, then going over the top in admitting them. Meanwhile, applying patches to IIS became a full-time job.

With IIS 6.0, Microsoft reduced the "attack surface" of IIS, and introduced a fault-tolerant architecture which enabled vulnerabilities to be isolated, and affected websites and applications taken out of production without affecting the rest.

What is it for?

IIS provides a platform for applications written in ASP, and together with Windows 2003, forms what Microsoft describes as "an integrated application hosting environment".

IIS 6.0's fault-tolerant process architecture separates websites and applications into self-contained units called application pools. In addition to reducing downtime and the extent to which sites can be compromised by a successful attack, pooling applications in this way makes them easier to manage.

When IIS 7.0 is delivered, with its modular architecture, users will be able to pick and choose between modules. This will enable them to reduce vulnerabilities by getting rid of services they do not use, and also to customise the server by adding their own or third-party modules.

What makes it special?

IIS 7.0 will be completely integrated with ASP.net and the rest of the .net Framework, and developers will be able to use their skills in any .net language to write modules. Third-party suppliers will be able to build their own modules using public application programming interfaces.

How difficult is it to master?

Experienced Windows 2003 systems administrators can learn to implement and administer IIS in three days.

What systems does it run on?

IIS 6.0 runs on Windows 2003. IIS 5.1 runs on Windows XP.

What is coming up?

IIS will be shipped with the forthcoming Windows Vista and Longhorn operating systems. You can find out more on Microsoft's Longhorn and Vista homepages.


IIS training from Microsoft and its partners costs about £1,050 for three days. There are online and disc-based alternatives and books from Microsoft and other sources.

There are plenty of IIS community sites, some of them mouthpieces for Microsoft, while others seem truly independent.



Rates of pay

Web administrators with IIS skills earn between £25,000 and £35,000.

Read more on Business applications