If anyone is interested in the steps, I would be happy to share the process. I have N+1 Windows 2016 machines running the following:
- IIS 10
- DFS w/ correct replication AD integrated w/ redundancy
- Central Certificate Store (Shared from master)
- Web files (Shared from Master)
- IIS Config (Shared from Master)
- HAProxy running on failover pair of firewalls w/ shared config across devices
- TLS is not offloaded so secure to end point
- Certs generated by Let’s Encrypt for the Portal
I will be building out a small web “farm” in the same manner. This scenario works well as you can scale simply by adding more hosts and applying the master configuration. There is no need to change anything in regards to the server in the portal once the master is set up. Customers can configure services and if you are using host headers and require TLS, customer sites will come up as soon as DNS is working and files are uploaded. You can run hundreds of sites off the same public IP and at the same time enforce TLS across all sites. The HAProxy redirects post 80 to 443 so customers are forced to activate the TSL certs. IIS 10 also automatically supports HTTP 2.0 and TLS 1.3 so you get some performance benefits.
Hit me up if you want more details.
Sounds like a decent setup.
My main question in web clusters would always be: how is the storage replication handled? (as most common methods require an iis restart or similar till IIS picks up the changed files).
So I use a Shared Web Config, Shared Cert folder and Shared Web site file directory. One server is the master and DFS magic keeps all the others synced.
I’m currently testing (in house) a future deployment of a hosted exchange 2016 system which I’m running behind HAProxy (Well running Exchange behind the HAProxy for failover) and would be interested in reviewing your HAProxy config for the CP
- Views2161 times
- Answers3 answers