Microsoft IIS App Server (v14 Infinity) - Tutorial
Table of Contents
- Objective
- Prerequisites
- Overview
- Create Credentials
- Steps
- Post Tutorial Steps
- See also
| Table of Contents | |||
|
Infinity
Leading edge features |
|
Objective
To set up a Microsoft Internet Information Services (IIS) web application server that connects to a Microsoft SQL database server that was launched using RightScale's Database Manager for Microsoft SQL Server (v14 Infinity) ServerTemplate. The server can also connect to either an HAProxy load balancer (such as the Load Balancer with HAProxy (v14 Infinity) ServerTemplate) or a cloud load balancing service such as Amazon's Elastic Load Balancers or Rackspace Cloud Load Balancers.
Note: The ServerTemplate can be used to launch an IIS application server in one of the supported public or private cloud infrastructures.
Prerequisites
The following are prerequisites for completing this tutorial:
- Required user roles: actor, designer, security_manager, and library
- For clouds that support security groups (Amazon EC2, Cloudstack and Openstack based clouds), you must have a security group defined with TCP port 3389 open for Remote Desktop Connection (RDC), and any other ports required by the server for the required security groups and IP addresses.
Note: All images > v13.5 have Windows Firewall enabled, but allow ports 80 and 443 by default.
- We strongly recommend that you set up credentials for password values and any other sensitive data included as inputs. See the "Create Credentials" section below.
- This tutorial assumes that you are connecting the Microsoft SQL database server that was launched with RightScale's Database Manager for Microsoft SQL Server (v14 Infinity) ServerTemplate.
- If you are going to connect the application server to an Amazon Elastic Load Balancer (ELB) or Rackspace Cloud Load Balancer (CLB), you should create it before starting this tutorial. Note: Both the ELB/CLB and application servers must be launched into the same cloud/region.
Overview
This tutorial describes the steps for launching a single Microsoft IIS application server. If you are launching multiple IIS application servers, you should launch them in different data centers / availability zones for high availability purposes. To launch an IIS application server in the context of a multi-tier deployment, please see the 3 Tier Deployment Setup (HAProxy-IIS-SQL) tutorial.
Create Credentials
Prerequisite: Requires 'actor' user role privileges in the RightScale account.
In order to securely pass sensitive information to a script at runtime, you can use Credentials as a means of variable substitution. Later in this tutorial you will select these credentials when you define your inputs. Create the following credentials. See Create a New Credential for more information.
General
- WINDOWS_ADMIN_PASSWORD - Password for the Windows 'Administrator' user (default) or specified user with administrative privileges. You must specify a value that satisfies the minimum password requirements, otherwise the initial Windows password will be used instead. For example, a valid password should contain at least 7 characters and include at least one uppercase letter, one lowercase letter, and one digit. See Password Policy for details.
- DB_CONNECTION_STRING - Use this input to specify the database connection string, which is assigned to 'Database Connection String' parameter of the package file. (e.g. Server=mydb.example.com;Database=mydb;User ID=myuser;Password=MyPassword123;)
- SQL_APPLICATION_USER - A SQL database user with login privileges for the specified database.
- SQL_APPLICATION_PASSWORD - The password for the SQL database user with login privileges for the specified database.
- PACKAGE_ENCRYPTION_PASSWORD - (Optional) Password to encrypt secure elements of WebDeploy package, for example passwords of domain accounts. This input should only be set if encrypted elements are present in the application package.
Application Code Retrieval
Create the appropriate credentials depending where the application code will be retrieved.
Load Balancing
If you are going to use a cloud load balancing service such as Amazon Elastic Load Balancers (ELB) or Rackspace Cloud Load Balancers (CLB), you will should create the required cloud credentials.
- AWS ELB (Note: You do not have to create these credentials because they are automatically created for your use when you add AWS to a RightScale account.)
- AWS_ACCESS_KEY_ID
- AWS_SECRET_ACCESS_KEY
- Rackspace CLB
- If you did not create Rackspace credentials in an earlier step, see Create Rackspace Cloud Credentials.
Steps
Upload the Application
The ServerTemplate contains scripts that can retrieve application code from either an SVN or Git repository, or from an ROS container. If you do not have an application, you can upload the example below to an ROS container. If you used the 'DotNetNuke.bak' example to launch the Microsoft SQL database server, use the matching sample application below.
- Upload Files to an Amazon S3 Bucket
- Upload Files to a Rackspace Cloud Files Container
- Upload Files to an OpenStack (Swift) Container
- Upload Files to a Google Cloud Storage Bucket
- Upload Files to a Windows Azure Blob Container
- Upload Files to a SoftLayer Object Storage Container
Upload the sample application to the ROS container you created above.
Import the ServerTemplate
- Go to the MultiCloud Marketplace (Design > MultiCloud Marketplace > ServerTemplates) and import the most recently published revision of the Microsoft IIS App Server (v14.x) Server ServerTemplate into your RightScale account.
Customize the ServerTemplate
By default, the application ServerTemplate is configured to connect to an HAProxy load balancer server launched with the Load Balancer with HAProxy ServerTemplate. The ServerTemplate contains scripts that will connect to the load balancers at boot time and disconnect from the load balancers at decommission time when the server is terminated. If you are going to connect to an HAProxy load balancer or launch a standalone application server, no customizations are required. Please proceed to the next step.
If you are going to connect the IIS application server to either an Amazon Elastic Load Balancer (ELB) or a Rackspace Cloud Load Balancer (CLB), you must customize the ServerTemplate's scripts accordingly. Follow the instructions below.
For ELB
- Clone and rename the ServerTemplate.
- Go the Scripts tab of the cloned ServerTemplate.
- Replace the LB Register with HAProxy script in the Boot Script list with the AWS Register with ELB script.
- Replace the LB Deregister from HAProxy script in the Decommission Script list with the AWS Deregister from ELB script.
For CLB
- Clone and rename the ServerTemplate.
- Go the Scripts tab of the cloned ServerTemplate.
- Replace the LB Register with HAProxy script in the Boot Script list with the LB Register with CLB script.
- Replace the LB Deregister from HAProxy script in the Decommission Script list with the LB Deregister from CLB script.
Add a Server
When you create a server, you will first need to select a deployment and the cloud where the server will eventually be launched into (e.g. AWS us-east). Based on the chosen cloud provider, you will need to complete the configuration process that's specific for that cloud. For example, some cloud providers support features that are unique to their specific cloud.
- Go to the imported or cloned ServerTemplate's show page.
- To create a server, click the Add Server button and complete the steps in the wizard. See Add Server Assistant for details. If you are setting up a multi-tier deployment, it's strongly recommended that you create at least two application servers for high availability purposes.
- The easiest way to create the second server is to clone the first one. Be sure to change the name of the server accordingly (e.g. app2) and its availability zone (if available) under the Info tab.
Configure Inputs
The next step is to define the properties of your IIS server or servers by entering values for inputs. It is simplest and best to do this at the deployment level. For a detailed explanation of how inputs are defined and used in Chef recipes and RightScripts, see Understanding Inputs.
The inputs that you need to provide values for will depend on which options you're going to use. The ServerTemplate is very flexible and supports a variety of different configurations. You will need to provide the necessary values as inputs based on which options you want to use.
Set Inputs at the Deployment Level
Go to the deployment's Inputs tab (Manage > Deployments > your deployment) and click Edit.
Although you can enter text values for all missing inputs, it's strongly recommended that you set up credentials for passing sensitive information to scripts such as passwords or any other sensitive data.
APPLICATION
The application code can be retrieved from several different location. You must specify the appropriate inputs depending on the option.
- ROS Container (e.g. S3 bucket or Cloud Files container) - A zip file of the application code is retrieved from an ROS container. Cloud credentials may be required for authentication purposes.
| Input Name | Description | Example Value |
| APPLICATION_LISTENER_IP_ADDRESS | The IP protocol that the application service listens on for accepting inbound connections.
| text: private |
| APPLICATION_LISTENER_PORT | The TCP port that the application service will listen on to receive requests from the load balancing servers/service. Ex: 8000 | text: 8000 |
| PACKAGE_FILE_NAME | File name of WebDeploy package to download from Remote Storage and sync with IIS instance on the server. Ex: mypackage.zip | For the provided sample file use: text: DotNetNuke_msdeploy.zip |
| REMOTE_STORAGE_ACCOUNT_ID_APP | In order to retrieve a tarball of the application code that's a "private" object within the specified Remote Object Storage (ROS) location, you must provide proper cloud authentication credentials. For security reasons, it's recommended that you create and use credentials for these values instead of entering the text value. Specify the Account ID or name of the Remote Storage account.
| cred: AWS_ACCESS_KEY_ID |
| REMOTE_STORAGE_ACCOUNT_PROVIDER_APP | Name of Remote Storage provider. Amazon S3, Rackspace Cloud Files, Windows Azure Storage, Softlayer Object Storage and OpenStack Swift are currently supported. Please select appropriate value from the dropdown.
| text: Amazon_S3 |
| REMOTE_STORAGE_ACCOUNT_SECRET_APP | The Secret Key or Password of the Remote Storage account which is used to authenticate your requests to Remote Storage services. For security reasons, it's recommended that you create and use credentials for these values instead of entering the text value. Specify the Secret Key or password of the Remote Storage account.
| cred: AWS_SECRET_ACCESS_KEY |
| WEB_SITE_NAME | Name of the web site for the application. Default value is 'Default web site'. Ex: MyWebsite | For the provided sample file use: text: Default web site |
| REMOTE_STORAGE_CONTAINER_APP | Name of Remote Storage container (S3 bucket name, Rackspace Cloud Files, Windows Azure Storage or SoftLayer Storage container to be used as storage web application code. Ex: mycontainer | text: my_app |
| REMOTE_STORAGE_BLOCK_SIZE_APP (For Amazon S3 and Windows Azure Storage only) | Size of upload block in megabytes (currently supported by Amazon S3 and Windows Azure Storage only). Default and recommended value is 10 (10MB). Supported ranges are 1..5024 for S3 and 1..64 for Windows Azure Storage. | text: 10 |
| REMOTE_STORAGE_ENDPOINT_URL_APP (For Swift storage only) | The endpoint URL for the Remote Storage provider. Currently this is used to specify an endpoint for OpenStack Swift. | text: http://myswift.com:5000/v2.0/tokens |
| REMOTE_STORAGE_THREAD_COUNT_APP (For Windows Azure Storage only) | Number of parallel threads to be used for file downloads and uploads. | text: 2 |
| REMOTE_STORAGE_USE_INTERNAL_NETWORK_APP (For Swift storage only) | Set this input to True to force network connection to remote storage service using private interface (if the server is located in the same cloud/datacenter as remote storage service). This input is supported for Rackspace Open cloud, SoftLayer and OpenStack. Default is False (uses public network interface). | text: False |
CLOUD
(For ELB or CLB only)
If the application server is going to connect to one of the supported cloud load balancing services such as Amazon Elastic Load Balancers (ELB) or Rackspace Cloud Load Balancers (CLB), you must specify the following cloud credentials so that the application servers has the necessary credentials (for authentication purposes) to interact with the cloud services.
| Input Name | Description | Example Value |
| AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY (For ELB only) | Specify the following Amazon EC2 cloud credentials to interact with an ELB. | cred: AWS_ACCESS_KEY_ID cred: AWS_SECRET_ACCESS_KEY |
| RACKSPACE_USERNAME | Specify the following Rackspace cloud credentials to interact with a CLB. | cred: RACKSPACE_USERNAME |
| RACKSPACE_REGION (For CLB only) | The location of the Cloud Load Balancer (CLB) that the IIS application server will connect to for load balancing purposes. If you are not using a CLB, this input is ignored.
| text: us |
DATABASE
| Input Name | Description | Example Value |
| DB_CONNECTION_STRING | Use this input to specify database connection string which is assigned to 'Database Connection String' parameter of the package file. It's recommended that you create a credential for this value because it contains sensitive data that you may not want to disclose to your end users.
Example: Server=184.106.99.159;Database=mydb;User ID=myuser;Password=MyPassword123; | cred: DB_CONNECTION_STRING |
LOAD BALANCER
If you are launching a standalone application server that will not connect to any load balancing tier, ignore the inputs below.
| Input Name | Description | Example Value |
| ELB_NAME (For ELB only) | The name of the Amazon Elastic Load Balancer (ELB) that the IIS application server will connect to for load balancing purposes. Important! You must launch the IIS application server into the same EC2 region as the ELB. If you are not using an ELB, set this input to 'ignore'. | text: my-elb |
| LB_POOLS (For HAProxy only) | The name of the load balancing pool that the application server will connect to. If you are connecting to a load balancer launched with RightScale's 'Load Balancer with HAProxy' ServerTemplate, this value should match one or more values in the 'Load Balance Pools' input for the load balancer servers. You can specify an application listener name (e.g. default) or hostname of the load balancer servers (e.g. my-www.example.com) Machine tags are used to establish a connection between an application server and the HAProxy load balancer servers. For example, if you are using the 'default' pool name, the tag on the application server would be 'loadbalancer:default=app'. If you are not using HAProxy for load balancing, set this input to 'ignore'. | text: default |
| RACKSPACE_CLB_NAME (For CLB only) | The name of the Rackspace Cloud Load Balancer (CLB) that the IIS application server will connect to for load balancing purposes. If you are not using a CLB, set this input to 'ignore'. | text: my-clb |
| RACKSPACE_CLB_REGION (For CLB only) | The location of the Rackspace Cloud Load Balancer (CLB). If you are not using a CLB, set this input to 'ignore'. Important! You must launch the IIS application server into the same datacenter as the CLB.
| text: ord |
REMOTE STORAGE
The SYS Configure IIS logs rotation policy boot script configures a scheduled task (that runs once per day) on the server, which creates a .zip of IIS application server logs (older than one day) and uploads it to a container in a supported ROS service (e.g., Amazon S3, Windows Azure Storage). If you do not want to upload IIS logs to an ROS container, leave the following inputs set to 'no value' (default).
| Input Name | Description | Example Value |
| REMOTE_STORAGE_ACCOUNT_ID | In order to upload IIS log files to an ROS location, you must provide proper cloud authentication credentials. For security reasons, it's recommended that you create and use credentials for these values instead of entering the text value. This input is also used for specifying the ROS container for database initialization and ROS-based backups. Specify the Account ID or name of the Remote Storage account.
| cred: AWS_ACCESS_KEY_ID |
| REMOTE_STORAGE_ACCOUNT_PROVIDER | Name of Remote Storage provider. Amazon S3, Rackspace Cloud Files, Windows Azure Storage, Softlayer Object Storage and OpenStack Swift are currently supported. Please select appropriate value from the dropdown.
| text: Amazon_S3 |
| REMOTE_STORAGE_ACCOUNT_SECRET | The Secret Key or Password of the Remote Storage account which is used to authenticate your requests to Remote Storage services. For security reasons, it's recommended that you create and use credentials for these values instead of entering the text value. Specify the Secret Key or password of the Remote Storage account.
| cred: AWS_SECRET_ACCESS_KEY |
| REMOTE_STORAGE_CONTAINER | The name of the container in the specified Remote Storage provider where the IIS log files will be stored. This input is also used for specifying the ROS container for database initialization and ROS-based backups. | text: my_iis_logs |
| REMOTE_STORAGE_BLOCK_SIZE (For Amazon S3 and Windows Azure Storage only) | Size of upload block in megabytes (currently supported by Amazon S3 and Windows Azure Storage only). Default and recommended value is 10 (10MB). Supported ranges are 1..5024 for S3 and 1..64 for Azure. | text: 10 |
| REMOTE_STORAGE_ENDPOINT_URL (For Swift storage only) | The endpoint URL for the Remote Storage provider. Currently this is used to specify an endpoint for OpenStack Swift. | text: http://myswift.com:5000/v2.0/tokens |
| REMOTE_STORAGE_THREAD_COUNT (For Windows Azure Storage only) | Number of parallel threads to be used for file downloads and uploads. | text: 2 |
| REMOTE_STORAGE_USE_INTERNAL_NETWORK (For Swift storage only) | Set this input to True to force network connection to remote storage service using private interface (if the server is located in the same cloud/datacenter as remote storage service). This input is supported for Rackspace Open cloud, SoftLayer and OpenStack. Default is False (uses public network interface). | text: False |
Launch the Application Server
After configuring your inputs, launch the application server.
- Go to the deployment's Servers tab and launch the server.
- When you view the input confirmation page, there should not be any required inputs with missing values. If there are any required inputs that are missing values (highlighted in red), cancel the launch and add the missing values at the deployment level before launching the server again. Refer to the instructions in Launch a Server if you are not familiar with this process. Because there are no required inputs that are missing values for any boot scripts, you can click the Launch button at the bottom of the input confirmation page.
Update the Website Bindings
Once the package has been loaded you may need to run the following script if the package (being deployed) was built on a different server. If you find that it's necessary to run this operational script for deploying your application you should modify the ServerTemplate and add the script to the end of the Boot Scripts phase.
- Go to the Scripts tab of the running application server.
- Run the IIS Configure website bindings (v14.x) operational script.
Launch Additional Application Servers (Optional)
- Clone the current application server to launch another application server. As a best practice, you should launch application servers into different availability zones for high-availability purposes. Repeat the process to launch additional application servers or configure a server array for autoscaling purposes.
Post Tutorial Steps
Launch Load Balancer Servers
If you are connecting the IIS application servers to an HAProxy load balancer, see the 3 Tier Deployment Setup (HAProxy-IIS-SQL) tutorial.
Create a Server Array
If you want to create a server array for the application tier, see Add a Scalable Application Server Array to a Deployment.
- © Copyright 2015 RightScale Technical Support