The time has come to move away from Windows 2003 IIS 6

Martin OrtegaThe time has come to move away from our Windows 2003/IIS 6 Servers, people. 🙁

Why?

Well, aside from the fact that it’s already 10 years old, Microsoft will stop releasing security patches for Windows 2003 soon. This will make the Windows 2003 O/S vulnerable. We don’t like that and I’m sure you wouldn’t want to host your site on a vulnerable operating system. So we decided it would be a good time to let you know about some of the benefits of moving to a Windows 2008/IIS 7 or Windows 2012/IIS 8 servers.

Okay, so what are the benefits of moving my site to Windows 2008 or Windows 2012?

More control, more memory, tighter security.

With Windows 2008/IIS 7 or Windows 2012/IIS 8 you will have more control over the hosting environment. You will be able to connect to your site using IIS Manager and it will provide you with a lot more options. For instructions on how to connect to your site using IIS Manager please read this Knowledge Base article (you can only connect to your site using IIS Manager if you’re on a Windows 2008/IIS 7 or Windows 2012/IIS 8 server).

When you are connected with IIS Manager you will have access to the following:

  • .NET Error Pages
  • Error Pages
  • Handler Mappings
  • HTTP Redirect
  • IP Address and Domain Restrictions.
  • MIME Types
  • Modules
  • Request Filtering
  • URL Rewrite

Also, if you migrate to Windows 2008/IIS 7 or Windows 2012/IIS 8 your site will have more RAM memory for the application pool. On our Windows 2008 IIS 7 server we provide the application pool with 200MB of RAM memory. On the Windows 2012 IIS 8 server we provide your application pool with 300MB of RAM memory.

Yeah! More memory! What else?

You’ll also have more control over your FTP settings. We provide you with a ability to block IP addresses and only allow your IP to access the site via FTP. This will prevent other people from accessing the site via FTP even if they get your FTP credentials!

And?

Well have you ever heard of web deploy? We also give you the ability to web deploy from your Visual Studio 2010 & Visual Studio 2012 application to your site on our web servers. This allows you to build your site locally and web deploy to our servers.

We also allow our users on IIS 7 and IIS 8 to connect to their site using WebDAV.

What about WebMatrix?

Yes, you can even use WebMatrix to web deploy the applications to our web servers.

Are there any differences between IIS 6, IIS 7 and IIS 8 hosting accounts?

  • Yes, on the IIS 6 servers we allow you to deny the Anonymous user read and write access to any directory you don’t want them to have access to. On our IIS 7 & IIS 8 servers we don’t allow you to change the permissions for this user. So, if you need to protect a directory we provide you with steps on how to password protect a directory on IIS 7 & IIS 8.
  • We also stopped supporting Front Page extensions on both our IIS 7 & IIS 8 servers.
  • If you’re using an ODBC DSN connection, that is not supported on our IIS 7 and IIS 8 servers. It’s recommended that you move it to a OLEDB connection.
  • The ASP.NET framework 1.1 is no longer supported. But, the ASP.NET framework 2.0 should be backwards compatible with ASP.NET 1.1. So in this case you can use the ASP.NET framework 2.0 for your web site if it requires 1.1.

If any of this sounds good to you, contact support to get the migration ball rolling. Migration is voluntary at this time, but eventually we will have to migrate everyone off of Windows 2003/IIS 6. You’ll have the benefit of time to test and iron out potential problems if you do it now, before migration is mandatory.

If you have any questions about migration, just let us know.

2 thoughts on “The time has come to move away from Windows 2003 IIS 6

  1. I received an email today about DASP preemptively moving site off of Windows 2003 due to a serious security issue. If I have some servers running Windows 2003 outside of DASP should I be worried/upgrade immediately?

    1. David, there is a 2003 security flaw that can be exploited pretty easily if someone has access to upload files to the server. Since hosting customers need that access, shared commercial servers are at risk (via compromised customer computers or workstations exposing FTP logins). If you are running your own 2003 servers and they are locked down to prevent uploads (and SQL injection, of course) you are not likely to be affected.

      But for what it’s worth, the exploit does allow for extensive control of the box, so if you can upgrade it would probably be a good idea. And of course ignoring things that are “unlikely” to happen isn’t typically a very good security practice. 😉

Leave a Reply

Your email address will not be published. Required fields are marked *