IIS Installation Guide

Description

A guide to installing the Alpha Anywhere Appication Server for IIS.

Alpha Anywhere Application Server for IIS Installation Guide

Preface 

This document is one of a group of documents on using the Alpha Anywhere Application Server for IIS. The documents are:

The server names and IP address have been blurred in accompanying images.

Minimum Requirements

For a production environment the minimum IIS server version is 10.0 and Windows Server 2016.

For a development environment, Windows 10 is the minimum desktop version.

These instructions require that you are logged in as a local administrator.

Install Alpha Anywhere Application Server for IIS

Download and run the Universal Installer. On the Available tab, locate the Application Server for IIS and run the installer. The components are installed by default in the folder:

C:\Program Files (x86)\Alpha Anywhere Application Server for IIS

The installer will install and configure IIS with the necessary components. If the Application Server for IIS fails to install, send the Installer Logs to [email protected]

See details about the components that are installed in the appendix. Of note, Alpha Anywhere Application Server for IIS uses the ASP.NET State Service for session state. This service is started if it isn't running already and it is set to startup automatically by the installer.

Silent Install 

If you need to install the Application Server for IIS silently (or unattended), contact us at [email protected]

Licensing Alpha Anywhere Application Server for IIS

Once the Alpha Anywhere Application Server for IIS is installed, it will run in unlicensed mode. 5 users can be active on an unlicensed mode server, allowing development and testing to be done without needing a license. If more users are needed, or the server is running in production, a license is required.

To set the license, open IIS Manager, select the server node, and open the License Information feature.

images/image10.png

Enter your license key into the "License key" prompt and then click the apply link.

images/image39.png

Required Open Ports for Licensing 

In order to properly license Alpha Anywhere Application Server for IIS the machine must have outbound port 443 open. The product will contact https://activation.alphasoftware.com to validate licensing and create and refresh a license lease. Additionally, time servers may be contacted for checking if the system clock is in sync. The time servers are:

  • time.nist.gov outbound port 13
  • pool.ntp.org outbound port 123

Store key with shared configuration 

The checkbox for "Store key with shared configuration" will only be enabled if you have first enabled "Shared Configuration" for your server. See Enabling Shared Configuration in the appendix for more information.

License Information Data 

The license information data is stored in the registry under the key

HKEY_LOCAL_MACHINE\Software\Alpha Software\Alpha Anywhere Application Server for IIS 12.0

in the 32-bit hive. When running on a 64-bit server or development machine the key path is

HKEY_LOCAL_MACHINE\Software\WoW6432Node\Alpha Software\Alpha Anywhere Application Server for IIS 12.0

Publish Directly to IIS

To allow direct publishing from Alpha Anywhere Developer Edition to IIS you will need to make some configuration changes on the IIS server machine. Select the tab below for the type of operating system that IIS is installed on: Server OS for Windows Server 2016 or newer; or Client OS for Windows 10 or 11.

In order to publish using integrated Windows authentication you must run Alpha Anywhere Developer Edition as administrator. Running it under a local administrator account is not enough. You must either right-click on the program icon and choose "Run as administrator" or go into the program icon's properties and set it to be Run as administrator.
  • Server OS (Windows Server 2016 and newer) 

    You will need to enable remote connections to IIS Management Service which will open up port 8172.

    The following list is a summary of ports that are opened by these instructions.

    • 8172 (This can be configured in the Management Service feature in IIS Manager.)
    1. Check Enable remote connections in IIS Manager Management Service at the server level. This will open up port 8172 in the server's firewall. This is listed as Web Management Service (HTTP Traffic-In) in the Windows firewall inbound rules.

      images/image21.png
      images/image04.png
      Disabling remote connections (unchecking Enable remote connections) does not disable the inbound firewall rule for port 8172 Web Management Service (HTTP Traffic-In). This will have to be done manually to close that port.
    2. To publish from Alpha Anywhere Developer Edition to an IIS server, the user you are publishing under needs to have local administrator access on the IIS server machine. The user or group a user is in also needs to be given privilege to run some utilities during publish. This privilege is the "Replace a process level token" privilege in the Local Security Policy. This is required so that a site and application pool can be created at publish time if needed. This privilege is also required so that server configuration can be validated to ensure that the web application will run as expected. Select the users and/or groups that are allowed to publish to IIS from Alpha Anywhere Developer Edition.

      • To select users and/or group that are allowed to publish go to the "Direct Publishing" feature in the Alpha Anywhere group in IIS Manager.

        images/image26.png
      • In the example image below, the machine's "administrators" group is given the "Replace a process level token" privilege so that the Alpha Anywhere Developer Edition will be able to publish using any user that is in the IIS server machine's local administrators group.

        images/direct-publish-users-groups.png
        When remotely managing an IIS server additional controls will be shown below the "Add User or Group..." and "Remove" buttons. In order to select users or groups on the remote server port 445 must be opened in the firewall. This port is prone to probing attacks and is closed by default. The added button "Enable Remote Active Directory Access" will open port 445 for your local IP address only on the remote server so that the remote server will allow the user and group lookup. When you are done adding users or group, click on the button again(it will be labelled "Disable Remote Active Directory Access") to close the firewall port.
      • images/direct-publish-users-groups-remote.png
  • Client OS (Windows 10, 11) 

    Publishing to IIS on a client operating system is only supported for development purposes. Publishing is done through "localhost". No other configuration is required in IIS for this case.

This completes the configuration for publishing directly from Alpha Anywhere Developer Edition to IIS. Continue to the Alpha Anywhere Application Server for IIS Getting Started Guide to publish a sample application to IIS.

Appendix A

Detailed Steps to install IIS on Windows Server 

This section describes how to install IIS manually. The Universal Installer should install IIS and all the required components.

In the Server Manager select Add roles and features.

images/image33.png

Select Next through the Before You Begin page and then select Role-based or feature-based installation on the Installation Type page.

images/image36.png

Select your server on the Server Selection page.

images/image07.png

Select Web Server (IIS) in the list of roles on the Server Roles page.

images/image14.png
If you already have IIS installed Web Server (IIS) will have (Installed) appended to it.

When you select Web Server (IIS) the wizard will prompt you to add management tools for IIS. As the dialog states, you will need these tools to manage IIS. If you don't have these tools installed anywhere else or if you want to manage IIS locally you will need to add this feature. If you are unsure, add the features. You can remove the features later if you decide you don't want or need IIS management tools local to the server.

images/image42.png

Select ASP.NET 4.5 on the Features page.

images/image19.png

Continue through the wizard until you get to Role Services page for Web Server Role (IIS).

If IIS had already been installed the feature selection nodes of the tree will be listed under the "Web Server (IIS) (Installed)" node rather than as a separate "Web Server Role (IIS)" step in the wizard.

There is 1 default setting that must be selected and 4 default settings that you may want to change.

The default setting that must be selected is:

  1. ASP.NET 4.5

This required setting will also automatically select 3 other settings

  1. .NET Extensibility 4.5

  2. ISAPI Extensions

  3. ISAPI Filters

The 4 default settings that you may want to change are:

  1. Directory Browsing 

    Directory Browsing under Common HTTP Features. Usually allowing directory browser is considered a security risk because it can reveal information about your application that may provide an attacker with clues on how to attempt to breach your security. It is recommended to turn this off.

  2. Tracing 

    Tracing under Health and Diagnostics can be used to help diagnose problems with page requests. Alpha Anywhere Application Server for IIS participates in this feature adding diagnosis information to page requests it handles. You are less likely to need this on a production server, but it may be useful on a testing or development server.

  3. Application Initialization 

    Application Initialization under Application Development. Application Initialization allows IIS to pre-load a web application before the first user visits the application preventing the user from experiencing load delays. Application Initialization also allow IIS to continue to use a running application pool while it pre-loads another instance of an application pool for an application pool recycle. This again prevents any load delays to a user using the application. While this feature isn't required it will give end users a better experience using your web applications.

  4. Management Service 

    Management Service under Management Tools. This is required if you want to remotely manage this IIS instance or if you want to be able to deploy directly to IIS from Alpha Anywhere Developer Edition.

    images/image29.png

Consider enabling dynamic compression, too. This will allow responses from dynamic pages such as an .a5w page to be compressed. For more details see the IIS documentation https://docs.microsoft.com/en-us/iis/configuration/system.webserver/httpcompression/ and this Microsoft blog post https://blogs.msdn.microsoft.com/friis/2017/09/05/iis-dynamic-compression-and-new-dynamic-compression-features-in-iis-10/.

Select Next and then Install on the Confirmation page.

Once the install is complete, verify the IIS install. This can be done by navigating to http://localhost in a web browser on the machine.

IIS welcome screen running in a web browser
IIS welcome screen running in a web browser

Appendix B

Alpha Anywhere Application Server for IIS Installed Component Details 

There are six modules of note installed for the Alpha Anywhere Application Server for IIS.

  • A5IISInstallServer.exe
  • A5IISBootstrap.dll
  • A5IISManagedPlugin.dll
  • A5IISManagerClient.dll
  • A5IISManagerServer.dll
  • A5IISPublish.dll
A5IISInstallServer.exe

This program registers all of the components, updates IIS and .NET framework configuration files, sets file read access permissions on IIS' redirection.confg file, will start IIS' built-in state server service ASP.NET State Service and set that service to automatic startup. The installer runs this program. You should not need to run it again unless you are instructed to do so by support.

A5IISBootstrap.dll

This .NET assembly is used to initialize the configuration of a web application on startup.

A5IISManagedPlugin.dll

This .NET assembly contains the module and handlers that are used by IIS to service web requests. This is the core of the IIS integration logic.

IIS Manager Extensions

The .NET assemblies A5IISManagerClient.dll and A5IISManagerServer.dll are IIS Manager Extensions. The client component (A5IISManagerClient.dll) is automatically downloaded from the server where it is installed when a client running IIS Manager connects to the server. A5IISManagerServer.dll provides access to the web.config file sections that make up the Alpha Anywhere Application Server for IIS configuration.

A5IISPublish.dll

This is technically part of the development environment. A5IISPublish.dll is an assembly that is registered and loaded into the Alpha Anywhere development environment to provide publication services.

Appendix C

Detailed Steps to Install IIS on Windows 10 

This section describes how to install IIS manually. The Universal Installer should install IIS and all the required components.

  • Step 1: Open the Control Panel 

    Open the control panel by selecting the option from the Start menu. The All Control Panel Items dialog will be displayed.

    images/image01.png
  • Step 2: Select Programs and Features 

    Double click on Programs and Features from the list of items on the All Control Panel Items display. The Programs and Features dialog will be displayed.

    images/image38.png
  • Step 3: Turn Windows Features on or off 

    On the left of the Programs and Features dialog you will see a link labeled "Turn Windows Features on or off". Click on this link to open the Windows Features Dialog as shown below.

    images/image24.png
  • Step 4: Turn on World Wide Web Services 

    If it is not already checked, check the box labeled World Wide Web Services to install IIS. Be sure to open the Application Development Features and check ASP.NET as well. You should see some other items automatically become checked.

    Click the button labeled OK to continue installation.

    images/image00.png

Appendix D

Installing Web Deploy 

Alpha Anywhere Developer Edition publishes a web application directly to an IIS server. To publish directly to an IIS Server from Alpha Anywhere Developer Edition, the Web Deploy component must be installed on the IIS Server. The Universal Installer should add Web Deploy for you. If it is missing, you can follow the instructions below to add Web Deploy to IIS.

The server requires Microsoft Web Deploy 3.5 or later:

Start up Internet Information Services (IIS) Manager from the Server Manager "Tools" dropdown.

images/image27.png

Click on the "Get New Web Platform Components" link in IIS Manager when the server node is selected in the Connections pane on the left.

images/image43.png

Search for web deploy

images/image18.png

Click Add and then Install.

images/image11.png
Under some circumstances Web Deploy may not get fully installed which may cause an error during publish. Use the "Workaround" in this known issue to validate and/or fix the Web Deploy installation.

Appendix E

Enabling Shared Configuration 

IIS has the concept of a shared configuration where multiple servers use a single configuration stored in a shared folder. This feature is available when the server node is selected in IIS Manager.

images/image28.png

Read the IIS documentation for more information on this feature. When this feature is enabled and you choose "Store key with shared configuration" in the Alpha Anywhere Application Server for IIS License Information feature, the license key will be written to a file in the shared configuration folder. The name of the file is Alpha Anywhere Application Server for IIS 12.0.lic