> So to wrap up this flame, can we get back to the question posed > orginally?. > > "Which is the better web server to use and why?" >
You'll get (and probably have gotten) a lot of different responses on this. For some, the choice of web server platform borders on religious hysteria. For others, it's the one they're most familiar with or have been most successful with. Every web server platform has its pros and cons. In the case of IIS vs. Apache, which is the most common comparison made, each one has a lot to recommend it. I'm not anywhere near as familiar with Apache as I am with IIS, but here's some things to consider: There's nothing you can do on the one platform that you can't do on the other, given enough effort. For example, in the case of IIS, you have ASP/ASPX, with Apache you can use PHP or similar products. The major difference is that with IIS, most of the functionality is built in to the web server and is well documented- IIS is not a difficult platform to operate by any means. With Apache and related tools, you generally end up downloading and compiling your source for whatever modules you want to use. This can be a challenge. Some things are easier to do on one platform or the other, but in general, they can be considered comparable in terms of functionality. Database access is available for both platforms. IIS can talk to any database that can be accessed via ADO and/or ODBC. This includes SQL Server, MySQL, and many others. Apache can do the same thing, although you may have to do some tweaking to get a Unix boxen to talk with an MS-based database. There are generally going to be more security vulnerabilities found in IIS than in Apache- there are a number of reasons for this, but the main one, I believe, is that IIS is the big fat wet target that people are going to shoot for. Apache is popular, but you're not going to get the same bang for your buck if you're a blackhat by writing exploits for Apache. Also, since it's open-source, the code for apache has been seen by many eyes, none of whom have any particular reason to want to hide flaws in the code, which could be argued to be the case for MS types working on the source for IIS. HOWEVER, it should be noted that a properly maintained system can be secured regardless of your platform. As an example, my IIS web servers were not vulnerable to Code Red or Nimda before the original MS patch came out, because I configured them properly, securing them at every possible point, removing unnecessary handlers, changing settings, etc- all the things a good sysadmin is supposed to do and so often doesn't. Of course I test and apply the patches as soon as they are avaailable, but I don't rely on them to secure my system- that's my responsibility. Both Apache and IIS can be properly secured, given the appropriate effort. Reliability of either platform is pretty good. I understand that Apache is a very stable web platform, and I have no reason not to believe that. However, despite what you may hear, IIS is also a very stable web platform, when properly configured (of course, that statement applies to Apache as well). If IIS has a single major flaw in the stability arena, it is that it is too closely bound to the operating system. Speed- here you get into questions. IIS is very fast, but since it runs on Windows boxen, it tends to be something of a resource hog (or maybe it's Windows that's the resource hog). I'd guess that you could probably slightly get more performance out of an Apache box with identical hardware. I've never tested this assertion, however. Price- now this is the major issue. Apache is free. So are a number of the operating systems it can run on (OpenBSD, NetBSD, FreeBSD, Linux, etc etc). IIS is free, but only if you discount that fact that it runs on an operating system that is definitely not free- and can be pretty costly. So if price is a consideration, I can probably tell you where you'll end up. For a medium to large shop that runs mostly Windows systems, IIS is a good way to go, because it fits with existing infrastructure. For SOHO-types or businesses on a shoestring, might be time to start looking at Open Source. Support- Don't get me wrong, Apache support is great from what I can tell. There's a ton of info out there on it, from FAQs and HOWTOs to book-length PDFs on installing, configuring and running Apache. But you generally gotta find it, which can mean a lot of googling or emails to people who don't get paid and therefore may not be as responsive to you as you'd like. With IIS, however, you have a single point of contact and have access to a lot of support resources which are all easy to find and in a central location. If you want to pay some dinero (usually not a major problem if you're working for a company and not yerself), you can get an MS support tech on the horn and help resolve your issues with the software. Apache doesn't really have a similar facility. I'm guessing that some of the *nix VAR resellers (like Red Hat, for example) provide a similar service, so you could probably go that route with a unix-based system. A lot depends on whether you paid for your platform or not. Bottom line is, you need to determine what your requirements are and make a decision based on those requirements. You shouldn't let a platform decision dictate project requirements. Regards, Corey Sno ######################################################### The information contained in this e-mail and subsequent attachments may be privileged, confidential and protected from disclosure. This transmission is intended for the sole use of the individual and entity to whom it is addressed. If you are not the intended recipient, any dissemination, distribution or copying is strictly prohibited. If you think that you have received this message in error, please e-mail the sender at the above e-mail address. #########################################################
