Feeds

Cut to the Web Server Core: Windows Server 2008

Apache not served

Mobile application security vulnerability report

Failed Request Tracing is another new feature worth mentioning. You can define what constitutes a failed request, by status code, time taken, or event severity, and have IIS log those requests in detail to a failed request log. The big advantage is the detail available. For example, Windows is prone to permission issues that can be hard to pin down.

Unfortunately, some administrators take the easy option and relax security generally instead of solving the specific issue. Failed Request Tracing makes it easier to identify and fix the exact problem.

PHP support is much improved. The key to this is built-in support for FastCGI, which keeps a CGI service loaded between requests with great speed benefits. A complication with PHP on Windows is that differences between Windows multi-threading and Unix multiple processes required either the use of a thread safe build, which is detrimental to compatibility with some extensions, or using a normal build but under CGI, which is slow.

Now you can use the non-thread safe build with FastCGI, which is great for both performance and compatibility. Setting up PHP on our test server was trivial, using manual configuration and the standard binary download from php.net.

IIS 7 v Apache

How does IIS now compare to Apache? Apache is the most popular web server by some margin, with more than 50 per cent market share according to Netcraft. Nevertheless, IIS has actually increased its share during the last couple of years, though meaningful figures are hard to track down because of domain parking and huge shared hosting providers. Security has also improved since IIS 6.0.

For most users, the choice between Apache and IIS makes itself. If you need ASP.NET and Windows integration, or to run SharePoint services, then IIS is the only choice. Otherwise, Apache has had all the advantages of cross-platform support, and great stability and extensibility thanks to its wide adoption and community. This balance will not change fundamentally with IIS 7.0, though some of the reasons for favoring Apache are now less compelling.

Per-directory configuration files in IIS should perform better then .htaccess files in Apache, and the most annoying characteristics of IIS for shared hosting have been resolved. We have not tested performance or scalability, though Microsoft's developer division general manager Scott Guthrie claims substantial gains over IIS 6.0. It has been tested for up to 20,000 sites on a single box, with "acceptable performance for shutdown and startup".

For those who do choose Server 2008, there are a bewildering range of editions, running from Web Server to DataCenter. Note that Server Core is an installation option, not an edition in itself. Significantly, the DataCenter edition comes with unlimited virtual image rights, making it best value for serious virtualization. Note, too, that the new Hyper-V virtualization technology remains in beta, even in the final Server 2008 release.

Other interesting features for developers include new Terminal Services features, including RemoteApp that lets you remote an individual application, rather than a complete desktop, and TS Web Access, which lets users start applications from a web link. In combination with TS Gateway, you can run Terminal Services over HTTPS making this a powerful option for firewall-friendly remote working.

Solid improvements

Whereas Vista has been a PR disaster, it is unlikely that its cousin Server 2008 will meet the same fate. There are solid improvements over the predecessor Server 2003, including IIS 7.0, granular installation, improved terminal services, the Server Core, command-line control, and changes to Active Directory. Hyper-V is nicely done, and although it is nothing special in relation to competing products from VMWare and others, its integration and neat tools will win users when it comes out of beta.

Don't get me wrong - there are frustrations. I banged my head on the desk when I saw that Server 2008 still sets “Hide extensions for known file types” and other such nonsense in IE. In other words, it’s still Windows; but a welcome upgrade nonetheless.®

The Essential Guide to IT Transformation

More from The Register

next story
NO MORE ALL CAPS and other pleasures of Visual Studio 14
Unpicking a packed preview that breaks down ASP.NET
DARPA-derived secure microkernel goes open source tomorrow
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
Cheer up, Nokia fans. It can start making mobes again in 18 months
The real winner of the Nokia sale is *drumroll* ... Nokia
Put down that Oracle database patch: It could cost $23,000 per CPU
On-by-default INMEMORY tech a boon for developers ... as long as they can afford it
Google shows off new Chrome OS look
Athena springs full-grown from Chromium project's head
Apple: We'll unleash OS X Yosemite beta on the MASSES on 24 July
Starting today, regular fanbois will be guinea pigs, it tells Reg
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.