Internet Information Services (IIS) is Microsoft's web server software that runs on Windows operating systems. It serves web content, handles HTTP requests, and provides a platform for hosting web applications, websites, and web services. IIS is tightly integrated with the Windows ecosystem and supports various web technologies including ASP.NET, PHP, and static content.
IIS Architecture - How It Really Works
The Fundamental Difference: Kernel vs User Mode Architecture
Unlike Apache/nginx which are purely user-mode applications, IIS splits functionality between kernel mode (HTTP.sys) and user mode (worker processes). This is a completely different architectural approach.
Detailed IIS Request Processing Flow
What Makes This Architecture Unique:
Kernel-Mode HTTP Processing: HTTP.sys handles protocol processing, caching, and SSL in kernel space - much faster than user-mode alternatives
URL-Based Routing: Multiple applications can share port 80 because HTTP.sys routes based on URL prefixes registered by each application pool
Request Queuing: Each application pool has its own request queue in kernel space. Worker processes pull requests from their queues
Zero-Copy Caching: Static content and dynamic responses can be cached in kernel space and served without any user-mode involvement
Process Recycling: Worker processes can be recycled (restarted) without dropping connections - HTTP.sys maintains the connection while spinning up new processes
Key Components - Deep Dive
π§ HTTP.sys - The Kernel-Mode Web Server
HTTP.sys is a kernel-mode driver that fundamentally changes how web servers work on Windows. Instead of having a user-mode process listen on port 80/443 like Apache or nginx, HTTP.sys operates at the kernel level.
How HTTP.sys Works:
Port Binding: HTTP.sys owns the network ports (80, 443, etc.) at the kernel level. Multiple applications can register URL prefixes with HTTP.sys without port conflicts
Request Queuing: Incoming requests are queued in kernel space before being delivered to user-mode worker processes. This eliminates context switches for basic request handling
Response Caching: Static responses can be cached entirely in kernel space, allowing HTTP.sys to serve cached content without involving user-mode processes at all
SSL Termination: SSL/TLS processing happens in kernel mode, reducing overhead and improving performance
Bandwidth Throttling: Can limit bandwidth per site/application at the kernel level
Request Filtering: Basic security filtering (like request size limits) happens before requests reach user mode
Why This Matters:
Traditional web servers like Apache create a user-mode process that binds to port 80. Every request requires kernelβuser mode transitions. HTTP.sys eliminates many of these transitions and allows multiple applications to share ports through URL routing at the kernel level. This is why you can have multiple IIS sites on port 80 - HTTP.sys routes based on Host headers.
The Request Flow:
Network packet arrives β Kernel TCP/IP stack
HTTP.sys processes the request in kernel mode
If cached response exists β HTTP.sys serves it directly from kernel
If not cached β HTTP.sys queues request for appropriate application pool
Worker process picks up request from its queue
Response flows back through HTTP.sys
π Application Pools - Process Isolation Architecture
Application pools are NOT just "isolation boundaries" - they're a complete process management and security system.
What an Application Pool Actually Is:
Process Container: Each application pool spawns one or more worker processes (w3wp.exe). These processes are completely isolated from each other at the OS level
Security Context: Each pool runs under a specific Windows identity (ApplicationPoolIdentity, NetworkService, or custom account). This determines file system access, database permissions, etc.
Resource Governor: Pools can have CPU limits, memory limits, and connection limits. When limits are exceeded, IIS can take actions like recycling the process
Fault Isolation: If one application crashes or hangs, it only affects its own worker process - other applications in different pools continue running
Worker Process Lifecycle Management:
Process Recycling: Worker processes are automatically recycled based on:
Memory consumption thresholds
Number of requests processed
Time intervals
Configuration file changes
Manual recycling
Idle Timeout: If no requests come in, worker processes shut down after a configurable timeout (default 20 minutes) to free resources
Process Warm-up: New worker processes can be "warmed up" by making initialization requests before accepting real traffic
Overlapped Recycling: When recycling, IIS starts a new worker process before killing the old one, ensuring zero downtime
Application Pool Models:
Integrated Mode: Managed (.NET) modules run in the same pipeline as native IIS modules. ASP.NET has full access to all request processing stages
Classic Mode: Legacy mode where ASP.NET runs as an ISAPI extension, similar to IIS 6. Less efficient but needed for some legacy applications
Example Scenario:
You have three web applications: a public website, an admin portal, and an API. You create three application pools:
PublicPool: Runs under ApplicationPoolIdentity, limited to 1GB RAM, recycles every 1000 requests
AdminPool: Runs under a custom service account with elevated permissions, no memory limits
APIPool: Runs under NetworkService, configured for high CPU limits and frequent recycling
If the API crashes due to a memory leak, only APIPool's worker process dies - the public site and admin portal continue running unaffected.
βοΈ Worker Processes (w3wp.exe)
Worker processes are the actual execution engines where your application code runs.
What Happens Inside a Worker Process:
Runtime Loading: .NET CLR, PHP runtime, or other execution engines are loaded into the process
Module Pipeline: HTTP requests flow through a pipeline of modules (authentication, authorization, compression, etc.)
Application Domains: Multiple .NET applications can run in the same worker process but in separate AppDomains for isolation
Session State: In-process session state, view state, and application state are maintained here
Process Management:
Health Monitoring: IIS monitors worker processes for hangs, excessive resource usage, and crashes
Rapid Fail Protection: If a worker process crashes repeatedly (default: 5 times in 5 minutes), the application pool is shut down
Process Orphaning: When recycling fails, IIS can "orphan" the old process and start fresh
IIS vs Apache vs Nginx Comparison
Feature
IIS
Apache HTTP Server
Nginx
Operating System
Windows only
Cross-platform (Windows, Linux, macOS)
Cross-platform (Windows, Linux, macOS)
License
Proprietary (Microsoft)
Open Source (Apache 2.0)
Open Source (BSD-like) + Commercial
Configuration
GUI (IIS Manager) + web.config
Text files (.htaccess, httpd.conf)
Text files (nginx.conf)
Market Share
~8-10%
~25-30%
~35-40%
Performance Model
Thread-based with I/O completion ports
Process/thread-based (multiple MPMs)
Event-driven, asynchronous
Memory Usage
Moderate to high
High (especially under load)
Low
Static Content
Good performance
Good performance
Excellent performance
Dynamic Content
Excellent (.NET integration)
Good (many modules)
Good (reverse proxy)
Load Balancing
ARR (Application Request Routing)
mod_proxy_balancer
Built-in (upstream)
SSL/TLS
Built-in, Windows Certificate Store
mod_ssl
Built-in
Modules/Extensions
Managed (.NET) and native modules
Extensive module ecosystem
Core modules + third-party
Ease of Use
High (GUI management)
Moderate (text configuration)
Moderate (simple config syntax)
Detailed Comparison
Performance Characteristics
IIS: Thread Pool + IOCP
vs
Apache: Multi-Process/Thread
vs
Nginx: Event Loop
β IIS Advantages
Seamless Windows/.NET integration
User-friendly GUI management
Strong security with Windows authentication
Excellent ASP.NET performance
Enterprise support from Microsoft
Advanced diagnostics and monitoring
β IIS Limitations
Windows-only platform dependency
Licensing costs for Windows Server
Limited flexibility compared to open-source alternatives
Resource intensive
Less community-driven development
β Apache Advantages
Cross-platform compatibility
Massive module ecosystem
Mature and stable
Excellent documentation
Strong community support
Flexible configuration options
β Apache Limitations
Higher memory usage under load
Process/thread model can be limiting
Configuration complexity
Performance issues with many concurrent connections
β Nginx Advantages
Excellent performance and low memory usage
Superior static content serving
Great reverse proxy and load balancer
Handles high concurrent connections efficiently
Simple configuration syntax
Active development and modern architecture
β Nginx Limitations
Limited dynamic module loading
Smaller module ecosystem than Apache
Configuration requires server reload for changes
Less built-in functionality out of the box
Use Case Recommendations
π’ Choose IIS When
Building .NET applications
Windows-centric environment
Need Active Directory integration
Prefer GUI management
Enterprise Microsoft ecosystem
π§ Choose Apache When
Need maximum flexibility
Complex configurations required
Extensive module requirements
Supporting legacy applications
Cross-platform deployment
β‘ Choose Nginx When
High traffic websites
Static content heavy sites
Microservices architecture
Load balancing requirements
Resource efficiency is critical
Conclusion
Each web server has its strengths and optimal use cases. IIS excels in Windows/.NET environments with its tight integration and management tools. Apache offers maximum flexibility and compatibility across platforms. Nginx leads in performance and efficiency, especially for high-traffic scenarios. The choice depends on your specific requirements, existing infrastructure, and technical constraints.