IIS 5.0 new Features

Source: Internet
Author: User
Tags contains ftp ftp connection iis include new features object model password protection
What are the new features that Windows 2000 's IIS (Internet information Services) 5.0 offers?

The new IIS 5.0 features are as follows:

• Security: Includes digest verification, Integrated Windows validation, SGC (server-gated cryptography), Microsoft Certificate Services 2.0, program protection for the set of programs, and so on.

Admin: Includes IIS restart, limit on platform CPU usage, CPU Resource usage, remote management of IIS, custom error messages, etc. using the end Server service.

Internet standard: Includes WebDAV (Web Distributed Authoring and Versioning), FTP reboot, HTTP compression, and so on.

L Active Server Pages: Includes new rotation methods (Server.Transfer and Server.Execute methods), new error-processing functions (Server.GetLastError methods), no directives. ASP's performance is increasing faster, The performance of the installation components, Scriptlet support, use of cookies to obtain browser information, automatic subtraction of executing threads, SRC server-side contains features, Script encoder password protection, etc.

What do IIS 5.0 add to the security features?
IIS 5.0 adds new features to security, including digest verification, consolidated Windows validation, SGC (server-gated cryptography), Microsoft Certificate Services 2.0, The program protection of the collection processing procedure is as follows:
Digest-type verification

When users log in to IIS, if you use the basic test provided by IIS 4.0 to enter the user name and password to establish the connection, the user's name and password are passed through the Internet in an unencrypted format, using the Web surveillance tool to intercept and crack the user name and password in the network transport.
IIS 5.0 provides a new digest test, where users enter the user name and password to establish a connection when they log in to IIS, sending a "compact value" rather than a password through the Internet.
[Digest verification] can span proxy servers or other fire walls.
[Digest verification], there are some limitations to the server and user browsers:
Server side: Only in the domain of the network Master station with Windows 2000, can I use the digest verification method.
• Using the client's browser aspect: as a new HTTP 1.1 feature is used in [Digest verification], only IE 5.0 's browser can now use [Digest verification].
Consolidated Windows Experience

When users log in to IIS, they do not have to enter the user name and password to create the integrated Windows experience. The previous "windows NT Challenge and Response" verification (or NTLM), plus a new Kerberos V5 verification message (Kerberos V5 Authentication Protocol) way.

With a consolidated Windows experience, the user's browser uses a cryptographic device to verify the password, and since the user name and password are not sent through the Web, the Integrated Windows experience is a safe form of verification. "

[Consolidated Windows Verification] is limited in terms of server and user browsers:

L Server aspect: Can not cross proxy server or other fire walls.

L Use the client browser aspect: only IE 2.0 versions support the Integrated Windows validation.

So [Integrated Windows experience] is best suited for intranet environments.

SGC (server-gated cryptography)

The U.S. foreign sales law rules that the United States and Canada can only use the 40-bit length for encryption and decryption in the field. As a result, SSL (Secure Sockets Layer) in the United States and Canada can use 128-bit, but SSL in the field can only use 40 bits.

SGC (server-gated cryptography) is an extension of SSL using 128-bit, limited to use on bank or other approved applications. SGC is the 128-bit SSL that can be used in the United States and Canada in the field.

In order to protect the security of the information that is transferred on the Internet, the Web Bank (internet banking) should be recommended for 128-bit encryption and decryption.

The use of SGC requires that a special SGC thin certification be required for the CA (thin certification unit), and only VeriSign is currently SGC thin.

IIS server side, IIS 5.0 support for the 128-bit Sgc,iis 3.0/4.0 also support SGC but also install SGC add-on and modify the password. Detailed information can be connected to WWW.MICROSOFT.COM/SECURITY/TECH/SGC.

With the client's browser aspect, IE 4.0/5.0 supports 128-bit SGC.

Microsoft Certificate Services 2.0

Microsoft Certificate Services 2.0, Microsoft 2000, allows you to act as a CA (thin certification unit), and you can launch a server thin certification, client thin certification.

The CA has thin certification for digital signatures, SSL security transfer, TLS transport security, S/MIME protection, and so on.

Microsoft Certificate Services is not included in the standard Windows 2000 installation and must be installed.

Using Microsoft Certificate Services 2.0 thin, you must first add the thin certificate, thin certificate to the MMC.

Program protection for the cluster processing program

To avoid an unstable application that affects the whole of IIS, IIS 4.0 can put an application in a separate program that is completely isolated from the rest of the program.
IIS 5.0, one more choice, can be performed with all applications in a shared set processing program, separated from the IIS processor.
When you create a new application, IIS assumes that the application is executed in the same processing program as the other application, separated from the IIS Core processing program (CPU).
For important applications, you can set it up in a stand-alone processing program.

What do IIS 5.0 add to the manageability features?
IIS 5.0 new additions to management, including IIS restart, limitations on platform CPU usage, CPU Resource usage, remote management of IIS with Terminal Server, custom error messages, and so on, are as follows:

IIS reboot

In the previous version of IIS, it was often necessary to reactivate the computer when the application was executed incorrectly.

IIS 5.0 can stop and activate all Internet services directly from [Internet service administrators] without restarting the computer.

Alternatively, you can use Iisreset.exe to reactivate IIS.

Limitations of platform CPU usage time

When you perform multiple web platforms on a Web server computer, some platforms may consume most CPU resources to cause other platforms to not be able to share CPU processing resources. Now in IIS 5.0, you can limit how much CPU time each Web site can use.

CPU Resource Use Recording

The Web site for IIS 5.0 has been added to the [processing account] log in to record information about how the server CPU resources are used by the website.

You can use this information to determine whether the platform uses a high CPU resource or to detect errors in the command or CGI processor.

Each platform can be used to set up the account options for the full-Time magazine archive, which is only added to the archive when the format is selected.

Managing IIS remotely using end-server services

The Microsoft Terminal Services (Terminal Service) feature provided by Windows 2000 allows you to manage IIS remotely from a LAN, PPTP, or flick network connection.

Terminal Services provides similar PC anywhere functionality, to allow users to use a personal computer on the remote, execute the application on the server, the user's computer is only responsible for the keyboard mouse and screen display, such as input output function, only as a terminal machine.

Using a non-Windows user's computer, such as a UNIX workstation, can also be used for remote management with a terminal service, as long as the external client software of the vendor is installed.

customizing error messages

When an HTTP error occurs on a Web site, the user will receive the error message that IIS sends in the browser, and IIS 5.0 can make its own error messages.

Through the 500-100.asp program, you can customize error messages.

What do IIS 5.0 add to the Internet standard?
The new additions to IIS 5.0 on Internet standards include WebDAV (Web Distributed Authoring and Versioning), FTP restart, HTTP compression, and so on, as follows:
WebDAV (Web Distributed Authoring and Versioning)

WebDAV (Web Distributed Authoring and Versioning) is an extension of the http/1.1 communication protocol RFC-2518, so that users can use the Internet to access the Web content of the editing work. WebDAV provides easy file input/output (Simple file I/O) functionality through the HTTP/1.1 Communication protocol standard.

Install Windows 2000, IE 5, or Office 2000 's client computer, users with the right to do so, you can launch, lock, and manage Web resources for IIS virtualization, file files to a Web server, and document them in Web archives, including:

Moving, copying files: Users who have the right to move and copy files in the WebDAV catalogue.
Modify file: Users with the rights to access can read and modify the contents of the file.
Lock file: Multiple users can read the same file at the same time, the file will be locked when reading, so only one person can modify the same file.
· Search file: After the link to the WebDAV catalogue, you can search for the files and contents in the WebDAV catalogue, such as searching all the files created by Jack, or searching all the files containing the IIS keywords.

FTP reboot

In the previous version of IIS, when FTP downloaded a file, it was necessary to download the file once it was disconnected from the network. IIS 5.0 provides the FTP reboot feature, and the FTP download file was interrupted by the Chengjo network, using the rest instructions to support FTP restart, the FTP connection can be built again, and the file transfer will continue to be transferred from the middle, without beginning to download it again.

The FTP reboot function is only valid for the download file, when downloaded to the server (put), use the mget, or download more than 4 GB of files, IIS 5.0 does not perform FTP restart function. \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \ \

HTTP Compressor

To increase the speed at which Web servers are being used with the user, you can use HTTP compression to squeeze a quiet file.

An active content file can also be compressed, but it will cost extra CPU processing time, and if% Processor time is 80% or more, the recommendations should not be compressed.

Depending on the test, the meditation and motion are compressed to a minimum of 20% of the throughput.

HTTP compression functions are enabled or closed, and are set for the entire Web server.

HTTP compression is available by using the Internet Explorer 5.0 browser link to the Web server that has already been enabled with HTTP compressor IIS 5.0.

To activate the HTTP compression feature, in [Internet Service Manager], select [contents] of the computer and select [WWW service] under [main content]. Then click the [Edit] button.

On the [Service] page, select [the compression file] to be able to shrink the case; Select [the compression file] and [the compression application file] to shrink the application file. "

The save compression file can be set in the [Temporary Data folder], which must not be shared on the NTFS disk of this machine. The size of the storage compression file can be limited to [limit] the number of input numbers.

What do ASP add to those features?
The instruction file for the IIS server side, ASP (Active Server Pages), can be used to create an online content of the web.

IIS 5.0 has added several new features to the ASP, including a new approach (Server.Transfer and Server.Execute), new error processing (Server.GetLastError method), and no instructions. ASP's faster performance , the efficiency of the installation components, Scriptlet support, use of cookies to obtain browser information, automatic subtraction executing threads, SRC server-side contains features, Script encoder password protection, etc., are as follows:

A new approach to rotation

The new approach to Server.Transfer and Server.Execute is directly transferred from IIS 5.0 to the Web server side to another Web site, It doesn't have to be like Response.Redirect to the browser before requesting the Web server to turn, so that it reduces the time between the user and the Web server.

New Bug-processing features

Use the new Server.GetLastError method to display useful error information.

No instructions. ASP's faster to execute

IIS 5.0 Processing "No instructions" in the. asp file, the speed is faster than the old version of the more quickly, the so-called "no instructions" that does not contain ASP directives, refers to the server-side program. asp files.

Because the processing file name. ASP has a lot more slowness than the processing of fixed data, such as file name. htm, in server-side dynamic capacity. In the old version of IIS, even if a file name. asp file contains only some HTML code and does not include any one line of ASP instructions, the speed is also faster than the file name. htm slow, so generally do not rename the name. htm.

IIS 5.0 can be assured that the name. htm is renamed. asp.

Performance adjustment of an installation element

The new version of IIS 5.0 upgrades the performance of some installable components.

Scriptlet Support

The ASP supports the new instruction technology scriptlet (instruction component), which can be called from the. asp file in a way that scriptlet is a COM component.

You can use the language of VBScript or JScript (no need to use visual Basic, C + +, or Java language to edit the program) to write Scriptlet, Save as a. SCT name, registered as a COM component (Component Object Model) to call use.

Use cookies to access browser information

Now in IIS 5.0, there's a new way to find out about the browser functionality by using cookies to store information that is detected by the browser DHTML method, and then through the browser Capabilities component to learn about the browser information for the cookie back.

Self-subtraction (executing threads)

The new version of the ASP can automatically subtract the executing threads, when the Scout is unable to perform a request, such as being locked by the outside world, the ASP will automatically increase the number of rows in order to perform more user requirements at the same time, and when it is detected that the CPU's negative load is heavy, The ASP automatically shrinks the number of rows that are executed. How to reduce the frequency at which the system can be used to back-switch the line.

You can set the metabase of aspthreadgateenabled if you need to not activate the function of this automatic subtraction.

SRC Server side contains features

With a file on the server side, in addition to the #include instructions, the new ASP allows you to achieve the server-side inclusion functionality in the HTML <SCRIPT></SCRIPT> tag's src. The language is as follows, the SRC can set the virtual path or relative path, with the runat=server of the server side to perform:

<script language= "VBScript" Runat=server src= "Xxx.inc" ></SCRIPT>
To add a code to the <SCRIPT> tag, you need to add a group of <SCRIPT> tags.

Script Encoder Password Protect

The script encoder can encode the script code (such as VBScript, script) into a password to protect the ASP or HTML source code from being stolen by others glimpse. Script Encoder Code tool that allows you to code the browser-side and server-side instructions so that the original program becomes a bunch of read-only codes, and the command engine automatically performs the decryption.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.