Difference between revisions of "Creating a WebServer in VMWare"
From MohidWiki
Davidbrito (talk | contribs) (Created page with "==Create VM in VMWare vSphere== 2GB RAM 80GB thin provision and no partitions to be easier migration Windows 2008 Server R2 64 bit 1 CPU To Install guest OS, edit VM settin...") |
Davidbrito (talk | contribs) (→Add WebSites in IIS) |
||
Line 32: | Line 32: | ||
===Add WebSites in IIS=== | ===Add WebSites in IIS=== | ||
+ | #Copied the content of the sites from the old machine FTPServer to VM-WebServer (datacenter.mohid.com, forecast.maretec.org and InternalSites) | ||
+ | #Added the sites in IIS (hostname, path and in bindings selected the VM ip and in host filled with the site name) | ||
+ | #Edit the permissions to the root folder websites to the user IUSR (default anonymous user) to read and list folder contents. In case of folders that are restricted it will be described later. | ||
+ | #Remove the authenticated users from the root folder permissions (security) if exist. | ||
+ | #Add a power user outside IIS in computer management so that the folders can be accessed for management. In IIS give this added user the root folder permissions for all permissions except full control and special permissions. | ||
+ | #Share the websites root folder and allow authenticated users to have full control (from LAN). | ||
+ | |||
+ | ====Virtual Directories==== | ||
+ | #Added Virtual Directories for datacenter.mohid.com and forecast.maretec.org for NAS folder web. | ||
+ | #NAS needs acess by user web. Add user outside IIS in Computer Management. | ||
+ | #NAS needs acess by user web. Right click the virtual directory->"Manage Virtual Directory"->"Advanced Settings"->"Physical Path Credentials"->Insert web user | ||
+ | #NAS needs acess by user web. Select the virtual directory -> select basic settings -> test connection settings to be sure that it is working | ||
+ | |||
+ | ====Restricted Folders and Permissions==== | ||
+ | #Add users "user", "guadiana", "mondego", "ucoimbra" in Computer Management | ||
+ | #In IIS in folders guadiana, mondego, disable anonymous authentication and enable basic authentication | ||
+ | #Add to this folders the permission for the users created (mondego and ucoimbra for folder Mondego) for reading and list folder content. | ||
+ | #Add also to this folders the user IIS_IUSRS with read, list folder and execute. | ||
+ | #Remove user IUSR if exists. | ||
+ | |||
+ | ====WebServices==== | ||
+ | The site datacenter.mohid.com has webservices and needs .net 4.0 | ||
+ | |||
+ | #In each webservice folder right click -> "Manage Application" -> "Advanced Settings" -> "Convert to Application" to ASP.NET 4.0 | ||
+ | #In the case of datacenter it was needed to add the user IIS_USRS to the root folder with read permissions and list folder contents so that the webservices would work | ||
+ | #Do not add the user "everyone" with read permissions because it should not be needed. | ||
+ | #The paths ins the config files had to be changed and since it uses paths from FTPServer the disk W was mapped from the old server. '''The connection has to be linked to the new FTPserver when it is ready.''' | ||
+ | |||
+ | ====ASP==== | ||
+ | The site forecast.maretec.org has ASP and needed to get the anonymous user as "web" the same as NAS access. Because in the root does asp commands as FSO.FileSystemExists or Server.MapPath that are executed inside ASP, trough user "IUSR" (anonymous) but need to have "web" user access. | ||
+ | |||
+ | #In IIS in root folder of forecast.maretec.org in "Authentication" the anonymous authenticatios was changed from "IUSR" to "web". | ||
+ | |||
+ | |||
+ | Users Added in Computer Management have to compile with this options: | ||
+ | -Password never expires | ||
+ | -User cannot change password | ||
+ | -Disconnect "Remote Control" | ||
+ | -"Remote Desktop Services Profile" deny user. | ||
==Links== | ==Links== | ||
[[VMWare | Go Back to VMWare]] | [[VMWare | Go Back to VMWare]] |
Revision as of 12:22, 4 April 2012
Create VM in VMWare vSphere
2GB RAM 80GB thin provision and no partitions to be easier migration Windows 2008 Server R2 64 bit 1 CPU
To Install guest OS, edit VM settings, add the Windows ISO to DVD drive and select "connect at power on" so that the drive launches the installation disk. And Start the VM.
Configure VM in Windows Server 2008 R2 in console
Installed Windows Server 2008 R2 64 bit in the 80GB disk
Installed VMTools from vSphere: Inventory->Virtual Machine->Guest->Install/Upgrade VM Tools
Change Computer Name
Change computer name to VM-WebServer
Update Windows
Run Windows Updates untill there are no more updates.
Activate Windows
Under Computer->Right.click->Properties->Activate and give windows key.
Install Antivirus
Install Antivirus from \\davinci\Software and schedule scans and automatic updates. In server needs F-Secure for servers.
Enabled Remote Connections
Add server roles
Server Management->Add Roles->IIS-> Select Common HTTP features (all), Application Development (ASP) Security (Simple and Digest) and Management Tools (IIS6 metabase compatibility) as FTPServer machine
Add WebSites in IIS
- Copied the content of the sites from the old machine FTPServer to VM-WebServer (datacenter.mohid.com, forecast.maretec.org and InternalSites)
- Added the sites in IIS (hostname, path and in bindings selected the VM ip and in host filled with the site name)
- Edit the permissions to the root folder websites to the user IUSR (default anonymous user) to read and list folder contents. In case of folders that are restricted it will be described later.
- Remove the authenticated users from the root folder permissions (security) if exist.
- Add a power user outside IIS in computer management so that the folders can be accessed for management. In IIS give this added user the root folder permissions for all permissions except full control and special permissions.
- Share the websites root folder and allow authenticated users to have full control (from LAN).
Virtual Directories
- Added Virtual Directories for datacenter.mohid.com and forecast.maretec.org for NAS folder web.
- NAS needs acess by user web. Add user outside IIS in Computer Management.
- NAS needs acess by user web. Right click the virtual directory->"Manage Virtual Directory"->"Advanced Settings"->"Physical Path Credentials"->Insert web user
- NAS needs acess by user web. Select the virtual directory -> select basic settings -> test connection settings to be sure that it is working
Restricted Folders and Permissions
- Add users "user", "guadiana", "mondego", "ucoimbra" in Computer Management
- In IIS in folders guadiana, mondego, disable anonymous authentication and enable basic authentication
- Add to this folders the permission for the users created (mondego and ucoimbra for folder Mondego) for reading and list folder content.
- Add also to this folders the user IIS_IUSRS with read, list folder and execute.
- Remove user IUSR if exists.
WebServices
The site datacenter.mohid.com has webservices and needs .net 4.0
- In each webservice folder right click -> "Manage Application" -> "Advanced Settings" -> "Convert to Application" to ASP.NET 4.0
- In the case of datacenter it was needed to add the user IIS_USRS to the root folder with read permissions and list folder contents so that the webservices would work
- Do not add the user "everyone" with read permissions because it should not be needed.
- The paths ins the config files had to be changed and since it uses paths from FTPServer the disk W was mapped from the old server. The connection has to be linked to the new FTPserver when it is ready.
ASP
The site forecast.maretec.org has ASP and needed to get the anonymous user as "web" the same as NAS access. Because in the root does asp commands as FSO.FileSystemExists or Server.MapPath that are executed inside ASP, trough user "IUSR" (anonymous) but need to have "web" user access.
- In IIS in root folder of forecast.maretec.org in "Authentication" the anonymous authenticatios was changed from "IUSR" to "web".
Users Added in Computer Management have to compile with this options:
-Password never expires
-User cannot change password
-Disconnect "Remote Control"
-"Remote Desktop Services Profile" deny user.