Overview
Hosting multiple Web sites or databases on a single computer is challenging. Hosters may struggle with quality of service, site density, security, and performance configuration. This article describes the Shared Hosting Configuration components that are needed to address these requirements. The goal is to provide a high-level picture of the components, how they fit together, and why they are important. For specific feature information or guidance, follow the links in each description.
Contents
Environment Architecture
Network Segments
Core Architecture
Front End Servers
Back End Servers
Remote Administration
Enhanced Architecture (Optional Components)
Optional Front End Servers
Optional Back End Servers
Conclusion
Environment Architecture
Microsoft provides a rich set of technologies that address all aspects of hosting. The following sections describe the recommended architecture configuration and provide individual descriptions of each component.
Network Segments
As shown in the diagrams found later in this topic, Windows Web Platform Shared Hosting environments typically include the following network segments:
- Front end – The front end includes the servers that interface with customers to provide access to hosted services offered in the solution. All internet-specific traffic is isolated to the front end segment.
- Back end – The back end isolates Web farm access, management, database access, monitoring, and security data from the customer accessing the front end segment. This helps enhance network security and performance.
Core Architecture
Often, service providers are interested in the core set of components required for their hosting offering. Their goal is speed to market without sacrificing quality of service, availability, and performance. The following diagram depicts the minimum configuration that you must have to deploy a complete Shared Hosting environment.
Front End Servers
Application Request Routing (ARR) Server
The ARR server runs the Microsoft Application Request Routing for IIS 7.0 module. This is a proxy-based routing module that forwards HTTP requests to content servers based on HTTP headers and server variables, and load balance algorithms. Application Request Routing can be used to:
-
Increase application availability and scalability.
-
Better use of content server resources.
-
Facilitate application deployment, including pilot management and A/B testing.
-
Lower management costs and create opportunities for shared hosters.
The ARR server is deployed and managed by the hoster. Since ARR is a feature of IIS 7.0, you may decide to manage it by using Remote Administration (see the Remote Administration section later in this topic) or Terminal Services. Depending on the scalability and availability requirements, administrators may need a configuration that includes either or both Network Load Balancing <link:http://technet.microsoft.com/en-us/library/cc732855.aspx> and Failover Clusters <link:http://technet.microsoft.com/en-us/library/cc732855.aspx> on the ARR server. Load balance routers for two or more ARR servers could also be examined for such requirements.
See this section for further guidance on ARR.
SSL Offloading
By default, SSL Offloading is enabled on the ARR server. This feature helps maximize the server resources because the Web servers do not have to spend cycles encrypting and decrypting requests and responses. Enabling SSL Offloading implies that all communication between the ARR server and the Web servers is accomplished in clear text, even for HTTPS requests from clients to the ARR server. All of the Web servers are located in the back end network because this is a trusted network that preserves the security of the communication between the ARR server and the Web farm.
Web Management, MS Deploy, and FTP Server
This server runs the services that users need to publish and manage their content and Web applications from the command line, IIS Manager UI, or Visual Studio Development environment. Three IIS 7.0 services run on this server:
-
Web Management Service, also known as WMSVC, makes Remote Administration possible, see corresponding section
below.
-
File Transfer Protocol (FTP) Server provides the infrastructure that is required to create an FTP site where users can upload and download files by using the FTP protocol and appropriate client software. FTP uses TCP/IP to distribute files similarly to how HTTP works to distribute Web pages. An FTP site is especially useful for offering customers the ability to upload files.
-
MS Deploy (currently in beta) simplifies the deployment, management, and migration of Web applications. It lets administrators enable developers to publish their Web applications and databases to the hosted environment.
The Web Management, MS Deploy, FTP server is connected to the Internet through the network. Through a separate NIC interface, it also has access to the NAS server that contains the shared configuration of the Web server farm. Depending on the scalability and availability requirements, administrators may decide to use either or both Network Load Balancing <link: http://technet.microsoft.com/en-us/library/cc732855.aspx> and Failover Clusters <link: http://technet.microsoft.com/en-us/library/cc732855.aspx> on this server.
DNS Server
The DNS Server role in Windows Server 2008 combines support for standard DNS protocols with the benefits of integration with Active Directory Domain Services (AD DS) and other Windows networking and security features, including advanced capabilities such as secure dynamic updating of DNS resource records.
Router Firewall and Port Forwarding
This firewall router forwards FTP and Web Management (port 8172) traffic to the corresponding server. If applications offered by the hoster, such as mail, are available in the front end network, this router will also forward that traffic to the appropriate servers. All other Web application traffic is routed to the ARR server.
Back End Servers
Web Server
The Web server runs the Windows Server 2008 Web server role. Windows Server 2008 delivers IIS 7.0, which is a unified Web platform that integrates IIS, ASP.NET, and Windows Communication Foundation. It provides the functionality to deploy multi-tenant (Shared Hosting) offerings. All Web applications share the Web server resources. The key features and improvements in IIS 7.0 include the following:
-
A unified Web platform that delivers a single, consistent Web solution for both administrators and developers.
-
Enhanced security and the ability to customize the server to reduce the attack surface.
-
Simplified diagnostic and troubleshooting features that aid in the resolution of problems.
-
Improved configuration and support for server farms.
-
Delegated administration for hosting and enterprise workloads.
The ARR server controls all traffic coming to the Web servers. Notice that the ARR server handles all the HTTPS work, effectively offloading it from the Web servers (see SSL Offloading earlier in this topic). Web servers are grouped in a Web farm and should be put in a protected network such as the back end network. This is important because the communication between the ARR server and the Web server is in clear text when ARR’s SSL Offloading is used.
Web Server Farm
The Web Server Farm is a collection of Web servers that share a common configuration and a set of Web sites. In IIS 7.0, Web farms are supported through the Shared Configuration feature, which enables administrators to store the IIS server configuration files on a remote share (NAS File Server). This provides the ability to replicate and synchronize configuration among the Web servers in the farm. In combination with the ARR server, the Web farm provides the configuration that is required to implement Shared Hosting environments. To protect the communication with the ARR server, the Web server farm is located in the back end network.
File Server (NAS)
The file server provides a central location on the network where you can store files and share them with other servers. You may use this server for storing the Web server farm shared configuration and Web sites’ static content. The file server can act as a network-attached storage (NAS) unit. This server is required to set up the Web farm (shared configuration) environment. All of the servers in the Web farm and the Web management server have access to the file server for application content and configuration data. Depending on scalability and availability requirements, administrators may decide to implement either or both Network Load Balancing <link: http://technet.microsoft.com/en-us/library/cc732855.aspx> and Failover Clusters <link: http://technet.microsoft.com/en-us/library/cc732855.aspx> on this server.
SQL Server 2008
SQL Server 2008 provides database services to the Web servers, for example, Web sites’ dynamic content is stored in SQL Server databases. SQL Server 2008 is an ideal database platform for use in shared and dedicated Web hosting environments; it provides features to optimize security, tenant isolation, and improve the performance of the hosted SQL Server 2008 deployment.
Remote Administration
Remote Administration is a key feature of the set of IIS 7.0 Management and Administration capabilities. With IIS 7.0 Remote Administration hosters can empower their customers to manage their Web applications and corresponding database(s) remotely. This is possible because of these key features in IIS 7.0:
-
-
-
-
MS Deploy, currently in beta, allows users to package and deploy Web applications and databases onto hosted environments.
The following diagram depicts the Remote Administration configuration.
Enhanced Architecture (Optional Components)
In some cases, service providers want to achieve the maximum degree of manageability, monitoring, and automation. These requirements can be met by adding a set of optional components to the core architecture described earlier in this article. This environment configuration may be required by hosters managing large datacenter facilities across multiple geographical locations. The following diagram depicts an enhanced architecture for Shared Hosting environments.
Optional Front End Servers
WSS Server (Optional)
The Windows SharePoint Services (WSS) <link: http://learn.iis.net/page.aspx/363/windows-sharepoint-services-for-shared-hosting/> server provides a scalable, manageable platform for collaboration and the development of Web-based business applications. WSS enables teams to share documents, track tasks, use e-mail efficiently and effectively, and share ideas and information. Service providers frequently offer this technology to their customers.
Optional Back End Servers
WDS Purposing Server (Optional)
Windows Deployment Services (WDS) <link: http://learn.iis.net/page.aspx/345/#UsingWDS> assists with the rapid deployment of Microsoft Windows operating systems. WDS is useful for setting up new computers through a network-based installation without having to be physically present at each computer and without having to install directly from CD or DVD media. Hosting companies can use the WDS purposing server to prepare, configure, and deploy multiple servers automatically. The purposing server communicates with all servers on the front end and back end.
Active Directory (Optional)
Active Directory Domain Services (AD DS) <link: http://technet.microsoft.com/en-us/library/cc731053.aspx> stores directory data and manages communication between users and domains, including user logon processes, authentication, and directory searches. An Active Directory domain controller is a server that is running AD DS. It provides a distributed database that stores and manages information about network resources and application-specific data from directory-enabled applications such as Microsoft Exchange. Administrators can use AD DS to organize elements of a network, such as users, computers, and other devices, into a hierarchical containment structure. AD can also be useful when you deploy network resources <link: http://learn.iis.net/page.aspx/324/installing-infrastructure-components/> in a Shared Hosting environment.
System Center Virtual Machine (VMM) and Operations (SCOM) Manager (Optional)
Hosters may decide to deploy System Center VMM and SCOM <link: add link to SC article> when managing large hosting facilities. SCOM provides end-to-end monitoring for the hosting datacenter environment. It can monitor thousands of servers, applications, and client computers, and provides comprehensive views of their health states. These views are needed to facilitate rapid response to events that can affect the availability of services that a hoster provides. VMM provides a complete environment to deploy and manage Virtual Machines.
Microsoft Windows Server Update Services (WSUS) (Optional)
Microsoft Windows Server Update Services (WSUS) <link: http://technet.microsoft.com/en-us/wsus/default.aspx> enables administrators at hosting companies to deploy the latest Microsoft product updates to computers that are running the Windows operating system. By using WSUS <link: http://learn.iis.net/page.aspx/239/deploying-updates-with-wsus-30/>, administrators can fully manage the distribution of updates that are released through Microsoft Update to computers in their network.
System Center Data Protection Manager (DPM) (Optional)
System Center Data Protection Manager (DPM) <link: http://technet.microsoft.com/en-us/dpm/default.aspx> is a complete solution for Windows backup and recovery. It provides continuous data protection for Microsoft application and file servers that use seamlessly integrated disk and tape media. DPM enables rapid and reliable recovery.
Storage Area Network (SAN) (Optional)
Storage Area Network (SAN) lets administrators attach remote computer storage devices (disk, tapes, etc.) to servers located across the network. These storage devices then appear local to these servers. Hosters may decide to deploy SAN to achieve highly scalable and flexible storage resource allocation, high efficiency backup solutions, and better storage utilization.
Conclusion
The Windows Web Platform delivers all the components that service providers require to deploy a highly available, highly scalable, Shared Hosting environment. This article has provided an overview of the core architecture, Remote Administration configuration, and optional components that are needed by service providers to deploy and manage Shared Hosting offerings.
Additional Resources
Additional information about Windows Server 2008 and other information discussed in this overview can be found at the following locations: