Tagged: IIS 7.5

MCTS 70-646 Provision applications

Provisioning Applications

Application deployment

Installation methods range from manual installation through to using something like (SCCM) System Center Configuration Manager. Manual installations are impractical in large environments but may be suitable for installation of software in a small or branch office with no servers or domain. Scripted deployments can be used for zero or lite touch installations but requires good scripting skills and can be potentially time consuming to maintain.

Other automated deployment methods are (GPSI) Group Policy Software Installation and SCCM; group policy can be used to assign msi packages to AD DS user and computer accounts or publish msi packages to AD DS user accounts. GPSI doesn’t have any deployment scheduling or bandwidth throttling functionality.

SCCM can be used to deploy zero touch installations, upgrade Windows Server 2003 to Windows Server 2008, schedule application deployment using Wake On Lan (WOL) if required. SCCM can also deploy traditional executables.

Plan App-V deployment

App-V creates an separate partition space for each application; this allows conflicting and non-RD compatible applications to be deployed on the same RD session host.

App-V is part of the Microsoft Desktop Optimisation Pack. App-V applications can be deployed as msi installers thus making them compatible with GPSI.

App-V only streams the active part of the application to maximise the responsiveness.

Plan virtual application deployment

Remote App allows for applications to be accessed remotely but with the look and feel of a local installation. Remote App applications can be deployed to users and configured to trigger when a user opens a particular file e.g. Word would open when a user opened a .doc file; this functionality does require the Remote App to be deployed via a msi installer.

The Remote App applications are deployed on a RD session host so users will require ‘allow logon through RDS’ or be a member of the Remote Desktop Users group. Remote App applications can also be presented to the user as rdp shortcuts or via the RD Web Access website.

Plan web application deployment

Web Application deployment methods are WebDAV using HTTP or HTTPS and FTP (FTP in IIS 7.5 can utilise SSL).

WebDAV is a per site configuration and can be installed as a role in Windows Server 2008 R2.

FTP is a role service of the Web Server role; FTP can be configured on a per site basis or per server.

Microsoft Web Deploy 3.0  can be used to package visual studio applications for deployment as well as keep web farm in sync.

More Web Infrastructure information here

Creating websites in IIS 7 / 7.5 using PowerShell

Script available in GitHub here – https://github.com/heathen1878/InteractiveWebsiteCreation

The main reason I created this script was to speed up the time it took to create a website; from creating the folder structure, anonymous user account, assigning NTFS permissions and finally creating the IIS configuration.

The script end to end will:

  • Check whether IIS is installed
  • Check whether the web administration module is available
  • Prompt for a website / domain name, IP address, anonymous user account name and password and web root i.e. the drive letter where website folder structure should be created
  • Set the anonymous authentication mechanism of IIS to use the application pool identity
  • Create a anonymous user account for the site and application pool (there is the option to specify a pre-existing user account)
  • Create a folder structure
    • [drive letter]:\[domains]\
    • [drive letter]:\[domains]\[website name]
    • [drive letter]:\[domains]\[website name]\[wwwroot]
    • [drive letter]:\[domains]\[website name]\[logs]
  • Assign NTFS permissions to the folder structure created above
    • Set List contents on [drive letter]:\[domains]\[website name] for the anonymous user account
    • Set Read and Execute on [drive letter]:\[domains]\[website name]\wwwroot for the anonymous user account
  • Create an application pool within IIS
    • Configure the application pool process model identity
  • Create a website within IIS
    • Configure the website to use the application pool created above
    • Configure the website bindings (IP, Port and host header(s)
    • Confgure the website logging location

All the above steps are validated in some form by using

  • Regex
  • Web Administration snapin / module functionality
  • PowerShell cmdlets
  • Custom PowerShell functions

The following improvements are required: (In my opinion)

  • Resetting the root drive permissions (one time run) to remove all NTFS permissions except for Administrators and SYSTEM. Standalone PowerShell script here
  • Configure the W3C logging fields; i generally select date, time, client IP, Server IP, URI stem, URI query, protocol status, bytes sent, bytes received, user agent, cookie and referrer.

An alternative way to set the logging would be to execute this command from a command prompt:

appcmd.exe set config  -section:system.applicationHost/log /centralW3CLogFile.logExtFileFlags:”Date, Time, ClientIP, ServerIP, UriStem, UriQuery, HttpStatus, BytesSent, BytesRecv, UserAgent, Cookie, Referer”  /commit:apphost