Feeds

Cut to the Web Server Core: Windows Server 2008

Apache not served

Protecting users from Firesheep and other Sidejacking attacks with SSL

Failed Request Tracing is another new feature worth mentioning. You can define what constitutes a failed request, by status code, time taken, or event severity, and have IIS log those requests in detail to a failed request log. The big advantage is the detail available. For example, Windows is prone to permission issues that can be hard to pin down.

Unfortunately, some administrators take the easy option and relax security generally instead of solving the specific issue. Failed Request Tracing makes it easier to identify and fix the exact problem.

PHP support is much improved. The key to this is built-in support for FastCGI, which keeps a CGI service loaded between requests with great speed benefits. A complication with PHP on Windows is that differences between Windows multi-threading and Unix multiple processes required either the use of a thread safe build, which is detrimental to compatibility with some extensions, or using a normal build but under CGI, which is slow.

Now you can use the non-thread safe build with FastCGI, which is great for both performance and compatibility. Setting up PHP on our test server was trivial, using manual configuration and the standard binary download from php.net.

IIS 7 v Apache

How does IIS now compare to Apache? Apache is the most popular web server by some margin, with more than 50 per cent market share according to Netcraft. Nevertheless, IIS has actually increased its share during the last couple of years, though meaningful figures are hard to track down because of domain parking and huge shared hosting providers. Security has also improved since IIS 6.0.

For most users, the choice between Apache and IIS makes itself. If you need ASP.NET and Windows integration, or to run SharePoint services, then IIS is the only choice. Otherwise, Apache has had all the advantages of cross-platform support, and great stability and extensibility thanks to its wide adoption and community. This balance will not change fundamentally with IIS 7.0, though some of the reasons for favoring Apache are now less compelling.

Per-directory configuration files in IIS should perform better then .htaccess files in Apache, and the most annoying characteristics of IIS for shared hosting have been resolved. We have not tested performance or scalability, though Microsoft's developer division general manager Scott Guthrie claims substantial gains over IIS 6.0. It has been tested for up to 20,000 sites on a single box, with "acceptable performance for shutdown and startup".

For those who do choose Server 2008, there are a bewildering range of editions, running from Web Server to DataCenter. Note that Server Core is an installation option, not an edition in itself. Significantly, the DataCenter edition comes with unlimited virtual image rights, making it best value for serious virtualization. Note, too, that the new Hyper-V virtualization technology remains in beta, even in the final Server 2008 release.

Other interesting features for developers include new Terminal Services features, including RemoteApp that lets you remote an individual application, rather than a complete desktop, and TS Web Access, which lets users start applications from a web link. In combination with TS Gateway, you can run Terminal Services over HTTPS making this a powerful option for firewall-friendly remote working.

Solid improvements

Whereas Vista has been a PR disaster, it is unlikely that its cousin Server 2008 will meet the same fate. There are solid improvements over the predecessor Server 2003, including IIS 7.0, granular installation, improved terminal services, the Server Core, command-line control, and changes to Active Directory. Hyper-V is nicely done, and although it is nothing special in relation to competing products from VMWare and others, its integration and neat tools will win users when it comes out of beta.

Don't get me wrong - there are frustrations. I banged my head on the desk when I saw that Server 2008 still sets “Hide extensions for known file types” and other such nonsense in IE. In other words, it’s still Windows; but a welcome upgrade nonetheless.®

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
'Windows 9' LEAK: Microsoft's playing catchup with Linux
Multiple desktops and live tiles in restored Start button star in new vids
Not appy with your Chromebook? Well now it can run Android apps
Google offers beta of tricky OS-inside-OS tech
New 'Cosmos' browser surfs the net by TXT alone
No data plan? No WiFi? No worries ... except sluggish download speed
iOS 8 release: WebGL now runs everywhere. Hurrah for 3D graphics!
HTML 5's pretty neat ... when your browser supports it
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
NHS grows a NoSQL backbone and rips out its Oracle Spine
Open source? In the government? Ha ha! What, wait ...?
Google extends app refund window to two hours
You now have 120 minutes to finish that game instead of 15
Intel: Hey, enterprises, drop everything and DO HADOOP
Big Data analytics projected to run on more servers than any other app
SUSE Linux owner Attachmate gobbled by Micro Focus for $2.3bn
Merger will lead to mainframe and COBOL powerhouse
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.