IIS 101

Editor’s Note: Each month, this Web-exclusive column provides resources and answers for new IIS administrators. For more information about beginning IIS administration, be sure to check out Brett Hill’s IIS Answers (http://www.IISAnswers.com).

One key feature of IIS is its ability to host multiple virtual Web sites. This article provides quick answers to questions new administrators have regarding this capability of IIS 5.0 and IIS 4.0.

Can I use the default Web site for my main site?

You can use the default Web site for your main site, but I recommend not using the default Web site as one of your Web servers. On my Web servers, I turn the default site off most of the time. I turn it on when I need to access the IIS documentation, which is installed on the default Web site during IIS installation. Create your working Web site apart from the default site, and turn off the default site when it’s not in use.

How many virtual Web sites can I have?

The answer depends on your Web site, network load, hardware, and OS requirements. Microsoft recently stated that IIS 4.0 has a "perceived" limit of 250 Web sites. Microsoft designed IIS 5.0 to support thousands of virtual Web sites on the same server. That means most businesses can rely on IIS 4.0 to support 250 "typical" sites. I know some installations with three to four times that number. However, if you want stability and reliability, I urge you not to press that far. (You won’t receive a message saying that you’ve reached your maximum number of Web sites.) The Microsoft article "Performance of Internet Information Services 5.0: The Internet Service Provider Scenario" (http://www.microsoft.com/technet/iis/technote/ispscen.asp) provides valuable information about IIS scalability.

Do I need a unique IP address for each Web site?

Using unique IP addresses is one of three ways to create virtual Web sites. The other two ways are to use Host Headers or unique TCP port numbers. (You can find a tutorial on creating Host Header-based Web sites at http://www.iisanswers.com. Also, see Marnie Hutcheson, "Using Host Headers to Set Up a Multihomed Server," October 1999, and "How to Build a Web Development Environment," November 1999.) Using TCP ports is a good method for Web sites you don’t want to make publicly accessible. By default, Web servers listen on TCP port 80. If you change ports, users won’t be able to locate the Web site by name unless they know the port number, which is a useful tactic in the case of Web sites that you want to be more secure (e.g., the built-in administrative site). If you look at the properties of the Administration Web Site, which is installed by default in IIS, you’ll notice that it has a nonstandard port number. To access that site, use http://localhost:<port number>. So, to answer the question, no—you don’t need a unique IP address, but if you have enough addresses to go around, I recommend using one.

Can I use Secure Sockets Layer (SSL) with Host Headers?

If you want to use SSL with Host Headers, unique IP addresses have an advantage. Because the HTTP request is encrypted when you use secure communications with SSL, IIS can’t decode the communication to see which Web site should receive the packet. As a result, SSL and Host Headers aren’t a good mix. This problem disappears if you use unique IP addresses because the IP addresses aren’t encrypted in an SSL exchange. If a Web hosting service is using the Host Header technique and wants to provide SSL, the provider commonly creates a Web site with a unique IP and enables SSL for it. Within that site, the provider can create virtual directories for each Host Header site. In this way, you can place documents from the non-SSL-enabled Host Header site in the SSL-enabled virtual directory and link to them from your pages. This scenario isn’t ideal because the URL changes to a different Web site whenever you want to initiate an HTTP over Secure Sockets Layer (HTTPS) session, but many ISPs use this technique to provide SSL to Web sites they host. (See the Microsoft article "IIS: HTTP 1.1 Host Headers Not Supported When Using SSL," http://support.microsoft.com/support/kb/articles/q187/5/04.asp.)

Should I use unique IP addresses to avoid a performance penalty when using Host Headers?

No significant performance penalty exists for using Host Headers.