The IIS7 team chatted about why IIS doesn’t suck anymore. They started out talking about how IIS7 is no longer a big monolithic codebase; its code a pluggable architecture, and their standard service plug-ins use standard public APIs that other plug-in creators can consume. They have a legacy ISAPI plug-in model as well.
Carlos did a live coding session to demonstrate their extensibility model, which supports managed code:
The extensibility model looks a lot like the servlet API at first blush but is quite different. They have an IHttpModule interface that gives you the ability to register event handlers on IIS startup. The event handlers are passed a context object that includes a large number of event types to which you can add custom behavior.
Bill also showed how easy it is to configure IIS7 with XML files. These config files can be global or on a per-server instance basis. They have an XSD for it too, so its quite toolable. They are going to come back and talk about that more in a bit.
They’ve also improved the error messages presented to the user; he configured the server via XML to forbid directory listings, and the error page shown was fairly comprehensive and not as ugly as I’ve seen in the past.
He also showed how easy it is to remove all the configuration modules from a specific server instance and build it up from scratch using just those modules you want. For example, here’s a snippet from the config file:
<modules> <clear /> <add name="DefaultDocumentModule" lockItem="true" /> </modules>
(The “lockItem” attribute is a general attribute that prevents child XML files from overriding the configuration item — e.g., for virtual subhosts).
Bill also talked about how you can configure IIS7 to log rich information under custom conditions. So you can say for every request that takes more than 30 seconds, send some admin somewhere the HTTP request responsible, etc. (or any custom action).
They’ve also done a lot of work to optimize the performance of PHP on IIS7 in cooperation with Zend. Zend is working on a fast PHP engine, and MSFT is working on a fast API that allows Zend to work very closely with IIS by implementing the FastCGI standard.
Bill gave a demo of configuring IIS7 to integrate with PHP demoing a photo slideshow app (qdig). By switching from CGI to FastCGI, they doubled the throughput (would have gone higher he said if the photo app weren’t so disk-bound). He then demoed “dynamic response caching”, which of course dramatically increases perf; in this case, from 50 req/sec to 7000 req/sec.
The next demo was integrating ASP.NET authentication into a PHP application. As part of the demo, he chatted about how you can use all kinds of different stores for users/credentials, and of course you can easily create your own store. The demo failed, but was neat.
Carlos chatted about how the configuration system is based on the XML mechanism, and the GUI is simply “the world’s prettiest XML editor.” One of the impressive bits was that when you goof up the config file, it gives you rich error messages telling you exactly what was broken. Brought back bad, bad, NCSA HTTPd and Apache configuration memories. He also highlighted the problem of plaintext passwords in the config file and showed how you can paste an encrypted string into the config file in place of the password.
Changes to the config values are applied automatically without server restarting.
They showed off a few times how easy it is to add your own management modules to IIS and generally tweak the crap out of the system.
I walked away fairly impressed with this one. Who doesn’t love Apache, but IIS7 seems to trump it pretty handily in both configurability, manageability, and extensibility. I’d love to see some realistic perf numbers, especially in a Java environment. I asked about any perf comparisons between IIS7 front-ending Java web apps versus Apache on Windows, but they have no data on that.