Returning Customers — Login
Call 1.866.720.0208 or contact us
Microsoft IIS Application Server Setup
Objective
To launch a Microsoft Internet Information Services (IIS) application server in an Amazon EC2, Rackspace, or Cloud.com CloudStack cloud.
Table of Contents
Prerequisites
- This tutorial only applies to paid edition RightScale accounts. If you have a free edition account and would like to upgrade, contact sales@rightscale.com.
- You must log in under a RightScale account with "actor" and "library" user roles in order to complete the tutorial.
- When adding a server to a Cloud.com CloudStack-based cloud, only the Xen and VMware ESXi hypervisors are supported at this time.
- For Amazon EC2 and CloudStack-based clouds, you must have a security group defined with TCP port 3389 open for Remote Desktop Connections (RDP), and any other ports required by the server (for example, port 80 for HTTP and/or 443 for HTTPS). Also remember that for clouds other than Amazon EC2, Windows Firewall is turned on by default, as described under Setting Up Security below.
- We strongly recommend that you set up credentials for password values and any other sensitive data included as RightScript inputs. Also, a few default input values assume that predefined credentials exist, as discussed in Create Credentials for Common Inputs.
- You must have a running Microsoft SQL Server instance installed on another server in the cloud. (The ServerTemplate does not support connecting to a local SQL Server instance installed on the same server as IIS.) See Launching the Database Manager with Microsoft SQL Server (Windows).
- This tutorial assumes that you have launched one or more load balancers using either the RightScale Load Balancer with Apache/HAProxy or Load Balancer (Chef) - Beta ServerTemplate. See Load Balancer Setups. Alternatively, if using Amazon EC2, you can set up your server to work with an Amazon Elastic Load Balancer (ELB) by specifying the ELB name in the ELB_NAME RightScript input.
Overview
This tutorial describes the steps for launching an IIS web application server in a cloud. It configures an IIS server that connects to a remote Microsoft SQL Server instance.
Steps
Define Credentials
If you are deploying on the Amazon EC2 or Rackspace cloud, then set up a credentials pair like one of the following—depending on which public-cloud remote storage option you select for the REMOTE_FILE_STORAGE input. For more information on setting up credentials, see Create a New Credential.
- AWS_ACCESS_KEY_ID - Amazon access key ID for Amazon S3 authentication.
- AWS_SECRET_ACCESS_KEY - Amazon secret key corresponding to AWS_ACCESS_KEY_ID.
- RACKSPACE_USERNAME - Rackspace username for Rackspace Cloud Files authentication.
- RACKSPACE_AUTH_KEY - Rackspace API key corresponding to RACKSPACE_USERNAME.
We also recommend that you define additional credentials like the ones listed below, to use when setting RightScript inputs:
- WINDOWS_ADMIN_PASSWORD - Password for the local administrator account on the server
- APP_DB_USER - Microsoft SQL Server user name that your application will use to log in to SQL Server and access the database.
- APP_DB_PASSWORD - Microsoft SQL Server password for APP_DB_USER.
- SVN_USERNAME (Optional) - If you are downloading application files from a private SVN repository, create a credential for the repository login user name.
- SVN_PASSWORD (Optional) - SVN repository password for SVN_USERNAME.
Add an IIS Server to a Deployment
Follow these steps to add an IIS web application server to a deployment.
1. Go to Design -> MultiCloud Marketplace -> ServerTemplates. Search for the most recent version of the Microsoft IIS App Server ServerTemplate, and click Import to import it into your RightScale Dashboard account.
Note: You can use the ServerTemplate as is. However, if you need to make changes to it, you must first clone it to create an editable version. You must have the "designer" role assigned to your user account in order to do this.
2. Next, open your desired deployment (or follow the steps in Create a New Deployment to create one), click Add Server, and select the cloud in which you will launch your IIS server.
Select the ServerTemplate that you imported in the previous step, and enter the following information. Not all of the available cloud-specific settings are described here. For more information on these settings, see Add Server Assistant.
- Server Name - Provide a nickname for your new IIS web application server (e.g. IIS-1).
- MultiCloud Image - Choose a MultiCloud Image (MCI) from the list, or leave this set to "Inherit from ServerTemplate" to apply the default RightImage (64-bit Windows 2008 R2 with IIS 7.5). Only images supported for your chosen target cloud will display.
- Instance Type - Specify the instance size to apply, or leave this set to "Inherit from MultiCloud Image" to apply the default type based on the selected RightScale MCI. If deploying on a private cloud, you must select an instance type, since no MCI default applies in this case.
3. Enter the remaining field values and click Confirm, followed by Finish, to save your new server configuration.
Configure Server Properties
The next step is to define your server properties by entering values for inputs. You may do this at the server or deployment level. For a detailed explanation of how inputs are defined and used in RightScripts, see Inputs and their Hierarchy.
Managing Application Code
The IIS Download application code boot script retrieves your application code and installs it in one of the following locations:
- The default drive C partition on the server, if APP_VOLUME_SIZE is "ignore"
- Volume-based storage (Amazon EBS or CloudStack volumes) mapped to drive D or another drive letter of your choice
- A separate drive partition, mapped to drive D or another drive letter of your choice (for Rackspace)
Application files are installed in a wwwroot\release\<YYYYMMDDhhmmss> subdirectory—where <YYYYMMDDhhmmss> represents the current date and time, in GMT—or to a different directory of your choice, based on the specified OPT_DEFAULT_SITE_ROOT_PATH value.
Use either the SVN_APP_PATH (for Subversion) or ZIP_URL (for a full HTTP or HTTPS URL path, e.g., https://publicfilebucket.s3.amazonaws.com/app.zip) input to specify your application code location, and set the other input to "ignore."
Managing Application Logs
- Volume-based storage (Amazon EBS or CloudStack volumes) mapped to drive D or another drive letter of your choice
-
A separate drive partition, mapped to drive E or another drive letter of your choice (for Rackspace)
Setting Up Security
The methods you will use to secure access to your IIS server depend on your specific chosen cloud provider.
- For Amazon EC2 and CloudStack, you must have a security group defined with TCP port 3389 open for Remote Desktop Connections (RDP), and any other ports required by the server (for example, port 80 for HTTP and/or 443 for HTTPS).
- For CloudStack and Rackspace, in order to open any ports other than the default RDP port (TCP port 3389) and the default web ports (80 and 443), opened by the SYS Enable web ports boot script on your server, add the SYS open ports in windows firewall operational script as a boot script. Use the FIREWALL_OPEN_PORTS_TCP and FIREWALL_OPEN_PORTS_UDP RightScript inputs to specify additional ports to open in Windows Firewall, as described in the table under Defining Inputs.
Note: By default, Windows Firewall is turned off for Amazon EC2, and security groups alone govern server access.
Setting Up the Database Connection
When you configure the OPT_CONNECTION_STRING inputs, the IIS Add connection string boot script automatically generates a database connection string in your IIS configuration settings, with the values that your web application will use to connect to a remote SQL Server database.
If you do not have a SQL Server user set up for your application to use to log in to SQL Server and access the database, you can use the DB SQLS Create login operational script and configure the "DB" inputs to create one. For more information, see the the Microsoft IIS Runbook.
For information on configuring a Microsoft SQL Server database server to run in the cloud, refer to Launching the Database Manager with Microsoft SQL Server (Windows).
Setting Up Load Balancing
The Microsoft IIS App Server ServerTemplate provides options for using either an Amazon Elastic Load Balancer (ELB) or one or more HAProxy load balancers with your application server. For information on the HAProxy-specific inputs not discussed in the following section, see What is HAProxy and how does it work?. For information on using the ELB_NAME input to set up an Amazon Elastic Load Balancer (ELB) to work with your server, see Load Balancing and the Microsoft IIS Runbook.
Note: To use the HTTPS (HTTP with SSL/TLS) protocol, the ELB and HAProxy load balancers require a server certificate and private key in X.509/PEM format. IIS server certificates are typically exported in .pfx (PKCS#12) format; however, you can generate PEM-formatted certificate and private key files for load balancer use using the SYS Convert PFX operational script. For more information, see the Microsoft IIS Runbook.
Defining Inputs
To enter inputs, open the appropriate deployment or server's Inputs tab and click Edit, then follow the directions below to configure RightScript input values for your IIS server. We recommend that you set up credentials for password values and any other sensitive data as shown in the following examples.
| Input Name | Description | Example Value |
| ADMIN_PASSWORD | Password for the local administrator account on the server. This must be more than seven characters long and contain at least one uppercase letter, one lowercase letter, and one digit. (If you need to change this password later on a running server, change this input value and run the SYS Set admin password boot script.) | cred:WINDOWS_ADMIN_PASSWORD |
| CONTAINER_NAME | Name of Amazon S3 bucket or Rackspace Cloud Files container (determined by REMOTE_FILE_STORAGE input) used for historical IIS log files (older than 1 day). | text: IIS_Logs |
| FIREWALL_OPEN_PORTS_TCP | For Rackspace and CloudStack servers, a space-delimited list of TCP ports to globally open on Windows Firewall. You do not need to specify web ports 80 or 443, or port 3389 (for RDP) since these are already opened by default. Leave this input blank for Amazon EC2. | text:8080 |
| FIREWALL_OPEN_PORTS_UDP | For Rackspace and CloudStack servers, a space-delimited list of UDP ports to globally open on Windows Firewall. Leave blank for Amazon EC2. | text:1434 |
| OPT_APP_VOLUME_LETTER | Optionally set the drive letter for application file storage (volume-based or local). Default is F if input is not set. | text:E |
| OPT_CONNECTION_STRING_DB_NAME | Name of the target SQL Server Database. | text:App_DB |
| OPT_CONNECTION_STRING_DB_SERVER_NAME | Server name of the SQL Server that hosts your target database. If it uses a TCP communications port other than the default, 1433, specify that port number after the server name, separated by a comma. | text:50.57.165.162 |
| OPT_CONNECTION_STRING_DB_USER_ID | SQL Server user name that the application will use to log in to SQL Server and access the database. | cred:APP_DB_USER |
| OPT_CONNECTION_STRING_DB_USER_PASSWORD | Password for the SQL Server user that the application will use to log in to SQL Server. | cred:APP_DB_PASSWORD |
| OPT_CONNECTION_STRING_NAME | User-defined name for the IIS database connection string. | text:AppDBConnection |
| OPT_CONNECTION_STRING_PROV_NAME | Specify the provider to use to connect to SQL Server. Generally, this is System.Data.SqlClient. | text:System.Data.SqlClient |
| OPT_LOG_VOLUME_LETTER | Optionally set the drive letter for log file storage (volume-based or local). Default is G if input is not set. | text:F |
| REMOTE_FILE_STORAGE | The remote file storage type used for historical IIS log files (older than 1 day)—either "CloudFiles" (Rackspace) or "S3bucket" (Amazon). | text:S3bucket |
| SVN_PASSWORD | Login password for the SVN repository, if required. Leave set to "ignore" if using a public repository that does not require login credentials. | cred:SVN_PASSWORD |
| SVN_APP_PATH | The full URL to access the application code in your SVN repository. Supports SVN, HTTP, and HTTPS protocols. When specifying this input, set ZIP-URL to "ignore." | text:https://svn.site.com/svn/trunk/app/ |
| SVN_USERNAME | Login user name for the SVN repository, if required. Leave set to "ignore" if using a public repository that does not require login credentials. | cred:SVN_USERNAME |
| ZIP_URL | The full URL to access the application code in a non-SVN location. Supports HTTP and HTTPS protocols. When specifying this input, set SVN_APP_PATH to "ignore." | text:https://publicfilebucket.s3.amazonaws.com/app.zip |
Launch the Server
After configuring your inputs, launch your newly configured IIS web application server. Refer to the instructions in Launch a Server if you are not already familiar with this process.
Note: It typically takes 20 minutes or longer for a Windows server to become operational in the cloud.
If you would like to use Remote Desktop Connection to log in to your running domain controller, see RDP into a Server.
Verify Web Application Access
Assuming that you configured your application and security group or firewall settings correctly, you should be able to view your IIS application in a web browser. To verify this, either open your server's Info tab and click the Public DNS link or use a URI like the following:
http://<PublicDNSName>
http://<PublicIPAddress>
Note: Specify "https" instead of "http" if your IIS web site has SSL enabled.