IIS 7 and Above
IIS Best Practices - Machine IP vs. Site IP
Last post Aug 09, 2017 07:16 AM by Yuk Ding
Aug 03, 2017 08:27 PM|webnut|LINK
Is it better to claim an additional IP address on an IIS 8.0 web server and set up your website on it, or just run the site on the IP claimed by the machine itself. I remember reading in a past Microsoft Best Practices document that it was better to have
the second IP, but I can't find any documentation for that anywhere at the moment.
Aug 04, 2017 03:25 AM|Yuk Ding|LINK
What Site IP? These IP address for machine IP and site IP should be the same if you don't use NIC or NAT. Even the external domain should only be able to bound to only one IP address. Also use second IP address will not improve any performance. So I think
you don't have to set multiple IP address. In addition, without DNS resolve, the second IP address should not work.
Aug 04, 2017 01:22 PM|webnut|LINK
The server claims one IP address for internal traffic on the network, and that IP can be behind a firewall, etc. The second IP is claimed on the same machine, and this IP address can be in an "open" range, or "partially open" so it can be exposed to and
handle external traffic.
Of course either IP could be registered for a website / DNS, but the second "claimed" (or external) IP makes more sense. That used to make it harder for external users to "use" the machine against itself, but I am not sure about this over the past 5 years
or so as I can't find a reiteration of this information on Microsoft's site.
Another benefit is hosting the website on the "claimed" (additional) IP makes it more portable. To move that site and keep DNS settings in place, you just move the IP to another machine and you are still in business.
I am aware that you do not *have* to use two IPs, but it was recommended as being a good idea.
I remember reading about this in a Microsoft "Best Practices" document for IIS that was a fairly long document, but I can't find anything like that anywhere. I would assume MS would still have a "list" or doc somewhere on how to harden a machine for web
use. Does anyone know a location for such information?
Aug 07, 2017 08:48 AM|Yuk Ding|LINK
Could you explain how did you set the same machine with 2IP address? NIC or something else. I tryied to find the document about how to use best practices with 2 IP address. But I didn't find anything about this. If you do have scenario to use 2IP address binding
for same site. You could just set these bindings.
Aug 08, 2017 04:51 PM|webnut|LINK
The machine has only one NIC in it. There are two IPs claimed on the machine. One is the machine IP, and that goes into the local static IP settings (General tab under Ver. 4 IP settings). The second IP is "added" via the "Advanced" and "Add" buttons and
is also claimed on the machine, but it is the one bound to the website via IIS. In this manner, one IP is for the machine, and one is for website use.
My original question asked about these IPs, but I think I am most interested in locating "best practices" documents for IIS websites on Microsoft's website. That is really what I am after. If they no longer speak of this, then perhaps it is no longer a best
Aug 09, 2017 07:16 AM|Yuk Ding|LINK
I think it could probably not be the best practise operation anymore while I can't imagine the scenario that the website need the NIC for the same site. Even, unless you need multiple domain name for the same site. Compare with bind 2 IP address with same
time, maybe avoid the IP of IIS site being exposed via reverse proxy or something else could be more necessary.