1. Run following command on ARR server and all Web/Application servers to register and enable ASP.NET and WCF.
"%WINDIR%\Microsoft.Net\Framework\v4.0.30319\aspnet_regiis" -i -enable
"%WINDIR%\Microsoft.Net\Framework\v4.0.30319\ServiceModelReg.exe" -r
2. Create Self-Signed certificate on ARR server, specify friendly name as *.ARR_Host_Name, where ARR_Host_Name is the host name of the ARR server. "*." prefix is a must for https binding with specific host name which will be explained later.
3. Export created Self-Signed certificate
4. Import created Self-Signed certificate on ARR server and all Web/Application servers to Trusted Root Certification Authorities -> Local Computer
5. Verify certificate imported successfully by checking the IE Internet Options -> Content -> Certificate -> Trusted Root Certification Authorities.
6. Import Self-Signed certificate on all Web/Application servers to IIS Server Certificate store
7. Add https binding to default website in ARR server with Self-Signed certificate.
8. Run following Dos command to get Self-Signed certificate hash, e.g., 3fd08f1b81befae5007a7a02e535d17dfd0943a3
NetSH Http Show SSLCert IPPort=0.0.0.0:443
NetSH Http Show SSLCert IPPort=0.0.0.0:443
9. Install Microsoft Web Farm Framework 2.2 on ARR server
http://go.microsoft.com/?linkid=9739157
http://go.microsoft.com/?linkid=9739157
10. Install Application Request Routing 2.5 on ARR server
11. Verify the above installation by opening IIS Manager on ARR server. Server Farms empty node is shown on the left side Connection panel, and URL Rewrite is shown on the center Feature View panel.
12. Create a "No Managed Code" and "Classic" application pool. The website to be created is only used for routing purpose, so no need to run any managed code.
13. Create a website with above application pool, http binding with host name specified as ARR server host name.
14. Add https binding with host name and Self-Signed certificate.
15. Create a ".NET Framework v4.0.30319" and "Integrated" application pool on all Web/Application Servers.
16. Optionally, change the Application Pool Identity to custom credential that have access to all resources including SQL Server.
17. Create a website with above application pool, http binding with host name specified as ARR server host name, NOT the Web/Application server host name, it is required for WCF service routing.
18. Add https binding with ARR server host name, NOT the Web/Application server host name, and Self-Signed certificate.
19. Create Firewall rule for http and https port on ARR server and all Web/Application servers. Do the following for both http and https ports.
20. Create a web farm. Click Yes at the end of the wizard to create a default URL Rewrite rule
21. Change web farm application and platform provision schedules to turn off automatic application and platform provision.
22. Change URL Rewrite rule to use https routing and binding.
23. Configure health check monitoring. Create a html page HealthCheck.html with following content. Put HealthCheck.html in root folder of all Web/Application servers.
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Health Check</title>
</head>
<body>
<h1>Healthy</h1>
</body>
</html>
24. Configure machine key for primary Web/Application servers at Website level NOT Webserver level. Synchronize all Web/Application server with application provision. Use following Dos command to validate machine key
C:\Windows\System32\InetSrv\AppCmd List Config "WebsiteName" /Section:machinekey
C:\Windows\System32\InetSrv\AppCmd List Config "WebsiteName" /Section:machinekey
25. Use following Dos command to review the web farm and URL Rewrite rule:
C:\Windows\System32\inetsrv\AppCmd List Config /Section:webFarms
C:\Windows\System32\inetsrv\AppCmd List Config /Section:system.webServer/rewrite/globalRules
C:\Windows\System32\inetsrv\AppCmd List Config /Section:webFarms
C:\Windows\System32\inetsrv\AppCmd List Config /Section:system.webServer/rewrite/globalRules
26. Recommend to change the WCF binding to Basic HTTP Binding, according to the following MSDN documentation.
WCF Guidelines and Best Practices - Load Balancinghttp://msdn.microsoft.com/en-us/library/ms730128.aspx
WCF Guidelines and Best Practices - Load Balancinghttp://msdn.microsoft.com/en-us/library/ms730128.aspx
27. Optionally change load balance algorithm.
28. Optionally, enable SQL Server TCP/IP connection, if website hosted by web farm needs to connect to the SQL Server.
29. Optionally, enable Firewall port for SQL Server TCP Protocol 1433, if website hosted by web farm needs to connect to the SQL Server.
Excellent post!..
ReplyDeleteI have a couple of questions:
- Have you experimented with WCF WebAPI and WFF 2.2?
- Is the SSL configuration absolutely necessary to make WCF work with WFF 2.2?
I'm having trouble making the combination of WCF/WebAPI/MVC4 and WFF 2.2 work. see: http://forums.iis.net/t/1187730.aspx
Any advice would be greatly appreciated.
Thanks!
Hector