Application Isolation Mode Functions (IIS 6.0)
Use Table 2.4 to compare how certain IIS 6.0 functions run in worker process isolation mode with how they run in IIS 5.0 isolation mode. Knowing the host component for each application isolation mode can help you decide which application isolation mode to use. For example, if an application must run in DLLhost.exe, and you cannot change the application to remove this requirement, this table shows you the two available options, which are to run the application in Medium or High isolation in IIS 5.0 isolation mode.
HTTP SSL (HTTPFilter)
When HTTP.sys receives requests that are encrypted by using Secure Sockets Layer (SSL), the kernel-mode HTTP service cannot decrypt the requests or encrypt the responses. Instead, HTTP SSL (HTTPFilter), which is a user-mode service, implements SSL for the HTTP service. HTTP SSL runs in the IIS 6.0 isolation modes as follows:
Lsass.exe cannot be stopped except during computer shutdowns — either planned or unexpected.
IIS 6.0 Identity vs. IIS 5.0 Identity
In IIS 6.0, worker processes use a different process identity than in IIS 5.0. Process identity is an operating system term used to denote the account that a process runs under. Every process that is running on a Windows NT operating system has a process identity that is used to control access to resources on the system.
The different process identity used by worker processes in IIS 6.0 can affect applications migrated from IIS 5.0 if the application expects the process identity to run as a specific account, such as IWAM_ComputerName. In addition, for Medium-isolation or High-isolation Web applications created in IIS 5.0 or run on IIS 6.0 in IIS 5.0 isolation mode, identity is configured by Component Services; however, when IIS 6.0 is running in worker process isolation mode, identity is configured in IIS Manager.