There are
great improvements and new very useful features like Server Name
Indication (SNI), Centralized Certificates Store (CCS), CPU Throttling,
Application Initialization, Dynamic IP Restriction, WebSockets, and
finally FTP 8.
Version Notes IIS 8.0 IIS 8.0 is only available in Windows Server 2012 and Windows 8. IIS 7.5 IIS 7.0
Server Name Indication (SNI): Using
SNI we can configure thousands of secure websites on the web server,
thus it allows many SSL sites to share the same Web Server IP. But we
have to consider that not all browsers support SNI, for example it doesn't work on Windows XP, even IE 8.
Centralized Certificates Store (CCS): Using CCS we can configure all certificate to be stored and accessed centrally on a file share.
So in web server farm, Each IIS on separate server just go and pick up
the certificate from the share but it must be certificate name like
website name exactly. But we need to enable it in each web
server (following concept of shared configuration). Thus Certificate
Renewal and syncing tasks of certificates in the farm now is a piece of
cake :)
CPU Throttling: Using
CPU Throttling we can control and limit how much CPU each application
pool can consume as a percentage of CPU. It is not a new feature, it was
there in IIS 7.x; it was just killing w3wp when reach limit. But now it
have a new additional actions like Throttle and ThrottleUnderLoad that will limit the CPU consumption for the worker processes in the application pool to the configured value. It is important to know that CPU Throttling doesn't reserve CPU but it is just limiting CPU usage.
Application Initialization: Using
Application Initialization Module, we can configure initialization page
as initialization or warm up tasks to run before serving 1st HTTP request; it was there in IIS 7.x before as warm-up module. But now it is built in IIS 8.
Dynamic IP Restriction (DIPR):
Using DIPR we can Customize IIS reply like: Unauthorized (HTTP 401),
Forbidden (HTTP 403), Not Found (HTTP 404), or Abort (IIS terminates the
HTTP connection). Moreover we can allow or deny specific IP address or a
range of IP addresses, even if they violate a dynamic restriction
setting. We can block dynamic IPs based on the number of concurrent requests or the number of requests over a period of time. Finally it is a very useful feature for web servers behind firewall or load balancer, because of the proxy mode property that enables IIS to cross checks the values in the X-Forwarded-For HTTP header. So it can verify the IP address of the client initially made request.
setting. We can block dynamic IPs based on the number of concurrent requests or the number of requests over a period of time. Finally it is a very useful feature for web servers behind firewall or load balancer, because of the proxy mode property that enables IIS to cross checks the values in the X-Forwarded-For HTTP header. So it can verify the IP address of the client initially made request.
