Note: Please go to to access the current RightScale documentation set. Also, feel free to Chat with us!
Home > ServerTemplates > v12.11 LTS > ST > Microsoft IIS App Server (v12.11.2-LTS)

Microsoft IIS App Server (v12.11.2-LTS)




Table of Contents    

Long Term Support


Stable, tested ServerTemplate assets

    ►  Overview



Configures an IIS (Internet Information Services) web application server.


  • Multi-cloud Support - Launch a server into one several supported cloud infrastructures. Check the ServerTemplate's Images tab to see which MultiCloud Images (MCIs) are included by default. However, additional MCIs can be added to the ServerTemplate, if desired.
  • Support for retrieving application code from external repositories (e.g. SVN or GitHub) or from an object storage location (e.g. S3 bucket or Cloud Files container).
  • Built-in support for connecting to an HAProxy load balancer, Amazon Elastic Load Balancer, or Rackspace Cloud Load Balancers.
  • Pre-configured alerts for monitoring common system metrics.
  • Utilizes RightScale tag-based routing for connecting to HAProxy load balancer servers.


Software Application Versions

  • .Net 4.0
  • IIS 7.0 (available on Windows 2008 image)
  • IIS 7.5 (on Windows 2008R2 image)

Application Code

Application code can be retrieved from one of the following locations:

  • SVN Repository
  • GitHub Repository
  • Remote Object Storage location (S3 bucket or Cloud Files container*)
  • URL to a publicly-readable .zip file (e.g.

Currently, you can only retrieve application code from a Cloud Files US container. Use the v13 version of the ServerTemplate to retrieve application code from Cloud Files UK containers.

The IIS Download application code boot script retrieves your application code from one of the supported locations above, unpacks it (if necessary), and places it into the following directory by default: C:\inetpub\wwwroot\release\<GMT-timestamp>

Application Logs

In Amazon and Rackspace environments, the SYS Configure IIS logs rotation policy boot script sets up a Windows scheduled task that runs daily and archives any log entries older than one day to an object storage container (e.g. Amazon S3 bucket, Cloud Files (US) container, etc.).

Windows Firewall and Security

The methods you will use to secure access to your IIS server depend on the cloud provider.

  • For Amazon EC2 and CloudStack, you must have a security group defined with TCP port 3389 open for Remote Desktop Connections (RDP), and any other ports required by the server (for example, port 80 for HTTP and/or 443 for HTTPS). By default, Windows Firewall is turned off for Amazon EC2 because security groups are used to control server access. 
  • For Rackspace, the SYS Enable web ports boot script opens up ports 80 and 443 to allow HTTP and HTTPS access.
  • By default, TCP Port 3389 is automatically opened to allow RDP access. The permission is defined in the image and is not set by a script in the ServerTemplate like ports 80 and 443.
  • Use the SYS open ports in Windows firewall operational script and FIREWALL_OPEN_PORTS_TCP and FIREWALL_OPEN_PORTS_UDP inputs to open up additional TCP/UDP ports for ingress communication.
  • Windows Firewall is turned on by default. However, you can use the SYS Disable Windows Firewall and SYS Enable Windows Firewall scripts to control this setting.
  • SSL is supported if you want to use the application server as a standalone server without any load balancing tier. It's recommended that you use credentials for the CERT_FILE_NAME and CERT_PASSWORD inputs.

Network Level

Before an application (e.g. IIS) can perform an action on a database (e.g. create a new record), the application server(s) must first be granted access at the network-level before it can successfully make an application-level request. IIS communicates with the SQL database over TCP port 1433.

Note: If you set up a SQL mirrored setup with a Principal and Mirror database servers, the mirroring of data will occur over TCP port 5022.


Application Level

Once the database server has updated its permissions to allow access between the application and database tiers, the application will be able to connect the database using the required information. For example, the application will locate the "principal" database server using the 'DNS_DOMAIN_NAME' input (e.g. The application will access the database, which is defined by the 'DB_NAME' input by using the database connection strings, which are specified by the 'OPT_CONNECTION_STRING_DB_USER_ID' and 'OPT_CONNECTION_STRING_DB_USER_PASSWORD' inputs.


Database Connection

A connection string is used by the IIS application to connect to a SQL database. The IIS Add connection string boot script generates a database connection string in your IIS configuration settings (web.config file) with the values that your web application can use to connect to a remote SQL Server database. 

If the database does not have a SQL Server user that can be used by the application to access the database, you should use the DB SQLS Create login operational script on the running database server to create the SQL user before you launch the application server.

It's recommended that you use credentials to hide the username and password for the DB_NEW_LOGIN_NAME and DB_NEW_LOGIN_PASSWORD inputs.

Load Balancing Support

The ServerTemplate contains scripts and inputs that support the following load balancing solutions.

  • HAProxy
  • Amazon Elastic Load Balancers (ELB)
  • Rackspace Cloud Load Balancers (CLB)


By default, the ServerTemplate is designed to connect to an HAProxy load balancer launched with RightScale's Load Balancer with HAProxy ServerTemplate via the LB Register with HAProxy (Chef-based) boot script, which uses machine tags to establish the appropriate connections between the HAProxy load balancer and application servers.

If you want to use an ELB or CLB instead of HAProxy, you should clone and customize the script by replacing the HAProxy connect/disconnect scripts with the appropriate ELB/CLB connect/disconnect scripts. See the Microsoft IIS App Server (v12.11 LTS) - Tutorial for detailed instructions on how to modify the ServerTemplate.


A server certificate and private key in X.509/PEM format is required to support HTTPS (HTTP with SSL/TLS) protocol with the ELB and HAProxy load balancers. IIS server certificates are typically exported in .pfx (PKCS#12) format. However, you can generate PEM-formatted certificate and private key files for the load balancers using the SYS Convert PFX operational script. For more information, see the Microsoft IIS App Server (v12.11 LTS) - Runbook.

Custom IIS Monitoring

The SYS IIS monitoring install boot script configures the server for custom monitoring graphs that are specific to IIS applications. View graphs for the following metrics under the Monitoring tab and create custom alerts based on these metrics. Several alerts are preconfigured for the ServerTemplate including a few that are specific to IIS applications. However, you can also create your additional alerts based on any of the other monitored metrics. See Create a Custom Alert Specification.

Below is a list of the monitored metrics that are unique to the IIS ServerTemplate.

  • ASP.NET Application Restarts 
  • ASP.NET Request Wait Time
  • ASP.NET Requests Rejected
  • ASP.NET Worker Processes Restarts
  • ASP.NET Worker Processes Running
  • IIS Anonymous Users per Second
  • IIS Connection Attempts per Second
  • IIS Current Connections
  • IIS Get Requests per Second
  • IIS Logon Attempts per Second
  • IIS Non-Anonymous Users per Second
  • IIS Not Found Errors per Second
  • IIS Post Requests per Second
  • IIS Total Bytes Received
  • IIS Total Bytes Sent
  • IIS Inetinfo Handle Count
  • IIS Inetinfo Percent Processor Time


You must to post a comment.
Last modified
12:25, 31 Jul 2013



This page has no classifications.



© 2006-2014 RightScale, Inc. All rights reserved.
RightScale is a registered trademark of RightScale, Inc. All other products and services may be trademarks or servicemarks of their respective owners.