IIS 7 Components for Shared Hosting

by Walter Oliver

Introduction

IIS 7 and above makes it easier for system administrators to help secure and manage shared hosting environments. To deploy a Web server and host thousands of Web sites on it, server administrators need to configure and isolate sites from each other. This article provides recommendations for server administrators running in such environments.

IIS provides a modular architecture that lets you customize the components that you want to install on the Web server. IIS contains more than 40 components that you can independently install on the server. Installing only the modules that you need dramatically reduces the potential attack surface, and lowers the footprint requirements on the server.

For more information about the new modular architecture, see IIS Modules Overview.

Table

The following table lists the components that were installed on the Web server as part of the shared hosting architecture mentioned in the Shared Hosting Setup article in "Planning the Web Hosting Architecture". Based on the shared hosting environment that you use, define your own set of components to install that meet your business needs.

Component Installed? Reason
Web Server Yes This is the core Web server.
Common HTTP Features Includes commonly used features such as enabling static content (HTML, jpeg, etc.) or default documents.
Static Content Yes The Web server can serve static content, such as .html, .css, and .jpeg files, if you enable this option.
Default Document Yes When a visitor enters www.site.com but does not provide a specific document name, such as default.aspx, this feature allows the visitor to be seamlessly directed to the default document defined for the Web site.
Directory Browsing Yes Allows users browse the contents of a directory.
HTTP Errors Yes Allows error messages sent to a visitor's browser to be customized and for the server administrator to see the new detailed errors on the local Web server.
HTTP Redirection Yes Allows hosted customers to redirect requests for one URL to be redirected to another.
Application Development Allows applications to be developed and run on the server, such as ASP.NET.
ASP.NET Yes ASP.NET ISAPI and modules for managed code applications (.aspx pages).
.NET Extensibility Yes Infrastructure required for ASP.NET. Allows developers to change and extend Web server functionality in the new request pipeline.
ASP Yes Required if customers use classic ASP applications.
CGI Yes Required for CGI applications, such as for PHP so that it can use the new FastCGI component.
ISAPI Extensions Yes Required for ASP.NET and other ISAPI extensions.
ISAPI Filters Yes Required for ASP.NET 1.1 ISAPI filter.
Server Side Includes No Not recommended unless customers are using Service Side Include files.
Health and Diagnostics Provides infrastructure to monitor and troubleshoot the health of the Web server and sites.
HTTP Logging Yes Allows logging of Web site activity or traffic.
Logging Tools No Infrastructure for managing Web server logs.
Request Monitor Yes Allows requests to be monitored in-flight. Can be used to determine why a worker process is unresponsive or slow.
Tracing Yes Infrastructure to diagnose problems using Event Tracing in Windows and Failed Request Tracing.
Custom Logging No Support for logging activity in a different format from IIS generated log files. Not needed unless a custom format is used.
ODBC Logging No Infrastructure for logging activity to an ODBC compliant database. Not needed unless ODBC logging is used.
Security Infrastructure for securing requests and filtering incoming requests based on security rules.
Basic Authentication No Clear-text authentication method that can be secured with SSL. Not needed if only anonymous authentication is used.
Windows Authentication No Hash-based authentication method. Not needed if only anonymous authentication is used.
Digest Authentication No Hash-based authentication method. Not needed if only anonymous authentication is used.
Client Certificate Mapping Authentication No Allows client certificates to be used to authenticate users. This type of client certificate mapping uses Active Directory.
IIS Client Cert Mapping Authentication No Allows client certificates to be used to authenticate users. This type of client certificate mapping uses IIS natively.
URL Authorization Yes Allows users to create rules that restrict access to content.
Request Filtering Yes Recommended security feature. Screens incoming requests based on rules sets.
IP and Domain Restrictions No Content can be allowed or denied to users based on the originating IP address or domain name of the request.
Performance
Static Content Compression Yes Allows static content to be compressed and unlike dynamic responses, compressed static responses can be cached without degrading CPU resources.
Dynamic Content Compression Yes Allows dynamic compression, utilizing bandwidth more efficiently, but may add a CPU load.
Management Tools
IIS Management Console Yes Needed to manage IIS locally, provides a user interface (UI) for server management.
IIS Management Scripts and Tools Yes Needed to script tasks, allows programmatic management of the server using scripts.
Management Service Yes Needed to allow remote management of IIS and to allow delegated users to administer their sites using a remote manager tool.
IIS 6 Management Compatibility Yes (if needed) Do not install unless compatibility with features, services, scripts and management tools for IIS 6.0 is required.
IIS Metabase Compatibility Yes (if needed) Required for SharePoint v3, ASP.NET 1.1, SMTP service and other features requiring backwards compatibility with the metabase. Provides compatibility for scripts based on IIS 6.0 interfaces for ADSI (Active Directory Service Interface) and ABO (Admin Base Object).
IIS 6 WMI Compatibility No Provides compatibility for scripts based on the IIS 6.0 WMI (Windows Management Instrumentation) provider.
IIS 6 Scripting Tools No Provides compatibility for scripts based on IIS 6.0 interfaces for ADO (ActiveX Data Objects) or ADSI APIs.
IIS 6 Management Console No Provides the IIS 6.0 based management tool.
FTP Publishing Service No
FTP Server No Only needed if users upload using FTP. Note: This table refers to the built-in, legacy FTP server. It is highly recommended that you download and install the new FTP7 server if you need to offer FTP publishing to your users. It is available at Installing and Troubleshooting FTP7.
FTP Management Console No Only needed if users upload using FTP.

Note

Install only the components required for the shared hosting environment. For example, if Digest Authentication is not needed, do not enable it.