I have several asp.net webapplications some are running asp.net 1.1 some run on 2.0 and some on 3.5 in the past this all ran on windows 2003 with iis6 and I made for each site an application pool. after a while I read somewhere online that it was better to use an application pool per version of the .net framework so that all 2.0 apps run on one app pool and all 3.5 run on their own and so on.
Now I am migrating to windows 2008 r2 with iis7.5 and there is no 1.1 or 3.5 so application pools only have the 2.0 option. would it be the best to still seperate the webapplications by framework version? or isn't it that each application pool has their own instance of the framework?
In reality .net 2.0 and .net 3.5 actually ran and used the same version of ASP.NET (and the CLR for that matter), so really whenever you want to run .net 3.0, or 3.5 you should select the 2.0 version.
Now in terms of apppool isolation, the first thing is that you will need to have separate apppools for each version of the CLR/asp.net, that means 4.0 and 2.0 have to be separated, however 2.0, 3.0 and 3.5 can live all happily within the same AppPool.
In terms of best practice it really depends on the load and types of applications you host and many other criterias, but I would really use AppPool Isolation, especially for:
a) measure and monitor them independently in a way that you can easily see CPU, Memory, and other resources that each of them are consuming.
b) be able to unload (recycle) an application/site that is misbehaving.
c) isolate the applications that have different levels of service expectation, for example, you might know that certain application is critical versus not-so-much. Remember a single application that has a bug can bring down the worker process if running in Full Trust affecting all the others running in the same apppool.
d) isolate the applications that have different requirements of security, for example you might need to run some of them with certain privileges (such as accessing SQL Server using Kerberos, or writing files to disk, or other things that you will not want other applications to access. This way you can run each AppPool with different credentials providing a Operating-system level of isolation and protection.
One reason you could decide to host multiple applications inside the same apppool is if all of them share significant pieces of code, so for example if you were hosting a large CMS application and will have 20 different instances running, by using the same process the operating-system can do a much better job at sharing memory and other resources which will make them be a bit more efficient.
However I think that unless you are hosting a large amount of sites (I mean >= 500) then I would recommend isolating every Site in their own application pool, especially if they will not be running in Medium Trust, or other frameworks like PHP, ASP, ISAPI, etc, since those provide too much power to potentially do things that should not be allowed (such as reading other sites configuration, or memory).