Details emerge of Microsoft's next-gen Web server

Builder: Key details about the next version of Microsoft's Internet Information Services Web server are starting to emerge

Version 7 of Microsoft's Internet Information Services Web server (IIS7) will integrate the ASP.NET development technologies and turn many core features into optional modules.

In addition, the software's admin tool has been completely revamped, allowing more secure and complete Web-based remote administration.

Details of the upgrade are gradually emerging as Microsoft gives key industry partners access to sneak previews of IIS7, which is due to be released with Longhorn late in 2006.

One of those who publicly wrote about his experience on his blog was Robert McLaws, president and chief software architect at Interscape Technologies, a .NET development firm. McLaws claimed he saw IIS7 last year at a Microsoft summit, but the company's IIS group program manager Bill Staples had only just allowed him to publicly talk about it.

The software architect said the unification process meant many ASP.NET concepts such as HTTP pipelines, modules and XML config files would be built into IIS7.

In addition, he said, creating modules out of IIS features would reduce the amount of code running live on a system, minimising the available footprint for hackers to attack. "From a security standpoint, this is a whole new realm for IIS," he said.

Another software professional to detail the new software was Cory Isakson, who posted an account of several days' worth of Microsoft presentations on the subject at recent Visual Studio Developers' Conference in San Francisco. Isakson is a core developer of the Rainbow Portal open source project — which aims to build a content management system based on ASP.NET — in addition to managing a large Web server farm for the US State of Idaho.

Isakson confirmed the features mentioned by McLaws and added several of his own.

He firstly pointed out the ASP.NET integration would solve some configuration headaches, saying: "Gone will be the need to configure both IIS and ASP.NET for duplicate settings like Windows authentication."

In addition, he highlighted improvements in configuration options to give admins more control, as well as an option to simply encrypt files detailing all config options.

Isakson was enthusiastic about a new option that will allow IIS extensions to be written in the 'managed code' the .NET programming framework prefers, as opposed to 'unsafe' code that does not follow .NET safety rules.

The modular approach to IIS, according to Isakson, would not only improve security but also performance and ease of patch management.

The professional welcomed a new approach that would fine-tune administrative privileges in IIS7.

"Developers are simply going to love IIS 7 because they finally will have the ability to configure the settings they need without having to request them from an administrator," he said.

Isakson concluded his list of new features by making it clear IIS7 will provide administrators with increased information about their systems.

"IIS 7.0 is going to allow us to get information on the state of all running sites, application pools, worker processes, and application domains," he said, in addition to pointing out another feature that would "finally enable us to easily see which applications are hogging the CPU and memory".

A Microsoft spokesperson was not available to confirm the new features.