What is an Internet Information Server?

Internet Information Server (IIS) is web server software from Microsoft®. Since its initial release, IIS has evolved from a very basic web server application to a complex platform capable of performing many different functions. Some earlier versions of the program have been criticized for having weak security, but Microsoft® has attempted to counter this perception in more recent releases. The most recent versions of IIS are highly modularized, splitting functionality into different components.

When running, the Internet Information Server listens for requests from web browsers and responds with appropriate content. All versions of IIS support the standard Hypertext Transfer Protocol (HTTP), and many have support for additional protocols like the File Transfer Protocol (FTP). Some versions of the software provide support for email services, and the most recent versions have a different architecture that can support additional protocols. Except for the first few revisions, IIS generally supports more advanced features natively or through the use of additional software components.

Microsoft® released the first version of its Internet Information Server on February 12, 1996 as a free download for Windows® NT 3.51. Releasing IIS at no cost was a tactic aimed at rival Netscape® Communications, which was selling its own server software. The feature set of the Internet Information Server expanded rapidly, and two more versions were released by the end of 1996. IIS 3.0 was a major release, including support for a new technology called Active Server Pages (ASP) that allowed code embedded in a web page to be run directly in the server.

By the turn of the century, Microsoft® had vanquished Netscape® and IIS had secured the number two spot in the web server market, behind open source competitor Apache™. Some began to question the security of the Internet Information Server software, however. Two prominent worms, nicknamed Code Red and Nimda, infected hundreds of thousands of web servers running IIS and remained a nuisance for years. There were calls for large corporations using IIS to examine alternatives to protect their computer infrastructure.

In response to these concerns, Microsoft® acted to enhance security in versions 6 and 7 of IIS, which was rebranded as Internet Information Services. These versions split the server’s functionality into different components, allowing only needed portions of the server to be running at any given time and reducing the potential number of vulnerabilities. IIS 7 and 7.5 are highly modularized, with even core portions of the server split into different services. In addition to increasing security, this design choice allowed add-ons to be created and installed, offering a high level of customization to network administrators.