Internet Information Services (IIS) is a Windows feature that implements an extensible web server. IIS was first introduced as an add-on for Windows NT 4.0 and has been the focus of substantial development ever since. IIS version 10 is built into both Windows Server 2016 and Windows 10.

With IIS in Windows Server, you can host both internet facing public websites as well as sites on your internal intranet. You can integrate IIS with enterprise applications that include SharePoint, Exchange, and System Center. You can also use IIS on client operating systems including Windows 10.

IIS provides a platform for a variety of web-based applications. With IIS you can provide a simple HTML based static website as well as rich multi-tiered applications. You can combine the applications running on IIS with back end databases including Microsoft SQL Server.

Like other Windows Server features, you have PowerShell cmdlet coverage for IIS. The WebAdministration module, introduced in earlier versions...

Before you can use IIS, you must install it onto your host. Like other roles/features of Windows Server 2016 covered in this book, you install IIS by using the Install-WindowsFeature cmdlet. Once you have installed the web server, you take a look at the host after the installation is complete.

Install-WindowsFeature -Name Web-Server `                         -IncludeAllSubFeature `                         -IncludeManagementTools

Get-WindowsFeature -Name Web* | Where-Object Installed

Get-Module -Name WebAdministration -ListAvailable
      Get-Command -Module webadministration |      Measure-Object |      Select-Object count...

Traffic between a web browser and a web server on the internet or even within a corporate intranet is open and can be intercepted. To avoid the data being compromised, you can make use of protocols built into your web browser and IIS to provide encryption as well as authentication.

In the 1990's, Netscape Communications developed a protocol that provided the necessary security, the Secure Socket Layer (SSL) protocol. SSL V1 was never commercially released, but SSL V2 and SSL V3 were developed, released, but are now deprecated as unsafe.

Transport Layer Security (TLS) was developed openly as the next version of SSL. TLS V1 is essentially SSL V3.1. In 2014, Google identified a serious vulnerability in both SSL V3 and TLS V1. That leaves TLS 2 as the best protocol to deploy and it is the only one installed by default with IIS in Windows Server 2013.

These days, SSL as a protocol is being deprecated in favour of TLS. Most major web sites no longer actually use the SSL protocol...

With TLS, you are able to specify which cipher suite or suites your web server should support. A cipher suite is a specific set of methods or algorithms that provide functions including key exchange, bulk encryption, hashing and message digests, and authentication.

Once the browser connects to the server, the two parties negotiate and choose the best cipher suite that both sides can support. If the browser only asks for cipher suites that the web server does not support, then the server terminates the communication.

By default, Windows Server 2016 supports 31 cipher suites providing different algorithms and different key lengths. In this recipe, you retrieve the cipher suites on Windows Server 2016, and both enable and disable a specific cipher suite.

If you are hosting numerous secure servers on a variety of hosts (physical or virtual), you may find that certificate management can be challenging. Each time you add a new IIS host into your infrastructure, you need to ensure all the correct certificates are in place and the correct web binding (binding the certificates to IIS) is in place for each secure site. Additionally, you need to deal with certificate expiry and renewing certificates that expire across each IIS server that utilizes those certificates.

Windows Server 2012 added a new feature known as the Central Certificate Store (CCS). This feature allows certificates to be stored in a central location such as on an SMB file share. You then configure IIS to make use of the central store, rather than using the local certificate stores as you did in the Configure IIS for SSL recipe.

In this recipe, you are going to setup SRV1 to use a new share on DC1 to hold the central certificate share. You...

In IIS, a binding specifies how incoming connections to a web server should be handled.

A binding is a combination of a protocol (HTTP, HTTPS, and so on), an IP address, TCP/IP port, and host name. The binding thus tells Windows and IIS how to route requests inbound to your system.

Bindings allow you to run more than one website on a single host. There are a few ways to do this:

If you use the multiple IP address option, you need to configure multiple IP addresses on the system and ensure that the DNS entries for each website point to the correct IP address. This approach requires extra overhead and uses more IP addresses.

Using a single IP address and multiple ports saves on IP addresses...

Each time IIS receives a request from a client, it logs that request to a log file. This is the default behavior. With PowerShell, it's simple to modify this behavior, such as turning off logging, changing the logging frequency, or changing the folder where IIS stores its log files.

Log files are therefore great places to look when troubleshooting or to analyze the website's traffic. The logs can also be used for things such as capacity planning and can analyze the behavior of the traffic. Finding out where traffic is coming from can be invaluable.

By default, IIS creates a separate log file every day. This has advantages, but on a busy web server with many sites, managing log files can become a challenge. A web server that has been up and running for a month could have 30 separate log files. Changing the location of log files as well as how often to create a new log file can be appropriate.

You should also be aware that IIS has no built-in mechanism.

In...

In earlier versions of IIS, all the web pages/sites on a given system ran in a single process. This meant that one application, if not written well could cause issues with other applications. An application could, for example, have a memory leak which would ultimately require a restart of IIS or even a reboot of the server.

In later versions of IIS, Microsoft adds the concept of web applications and application pools to IIS. With IIS, a web application is a set of one or more URLs (web pages) which you configure IIS to run inside independent worker processes. An application pool is a set of worker processes which IIS uses to run an application. You can run one or more applications within a given application pool. Technically a website and a web application are not the same, but in many cases, different websites end up being distinct applications.

The application pool feature provides application isolation, enabling you to run possibly badly-behaved...

Network Load Balancing (NLB) is a feature of Windows and IIS that allows multiple hosts to host the same website. The NLB cluster distributes all traffic to the cluster to the individual hosts.

NLB provides both scalability and fault tolerance. If you add additional nodes, the cluster is able to handle more traffic. And if a node should fail, the other remaining nodes take the traffic, albeit at a potentially lower performance level.

NLB is a versatile feature. You can use NLB to load balance web, FTP, firewall, proxy, and VPN traffic. Performance is acceptable although many users prefer to use hardware load balancers.

In this recipe, you create a new NLB cluster (ReskitNLB) which loads balances between two hosts (NLB1, NLB2). The recipe creates a simple single page site on each system and load balances the site.

In this recipe, the single document site differs on each server, which is useful to show which server accepted and processed any given...