IIS 7 and Above
Web Farm Framework
Web Farm Framework, Shared Configuration and Powershell questions
Last post Nov 01, 2014 05:29 PM by awilsonmt
Jun 27, 2014 12:48 AM|rpf_br|LINK
I'm using Web Farm Framework to build an ARR Layer on my IIS 8.5 Webfarms. So i created one "Server Farm" for each website/virtual application that i have. Now it's on Development, so it's 1 ARR/WFF with 2 IIS 8.5 with all websites (actually 80).. i'm planning
on Homologation 3 ARR/WFF with 3 IIS 8.5. So i'm just using on IIS size, DFSR + Shared Configuration to sync settings and files.
1) This is the best option? Or it's better to create an "Master WebFarm", and set it to sync the IIS and servers? And about using Web Deploy? I would Deploy to ARR, and then it Deploy to both IIS? Now i'm deploying directly to IIS 1, and then, DFSR / Shared
Configuration "do the magic".
So i created 80 Server Farms on WFF, each one with both servers, and HealthCheck pointing to each website. And on ARR, i put the rules to send each request to it own farm.s Always using "least response time", so each website will do it's own checks.
So i'm trying to make an Powershell script to create the Web Farms, setting the configs to the new Farm, create the ARR rules and the binding on Default Web SIte... But i can't make it work. WFF has it own cmdlets, including "New-WebFarm". But my question
is about the "credentials". When i create the WebFarms by IIS Console, they not ask me user and password, and when i look at applicationhost.config, it creates an unique "RSA Key", with "adminuser" with "". Creating it with Powershell "New-WebFarm", ask me
for user and password, and then, when i use "Get-WebFarm", shows my user and password in plain text.
2) How can i create a webfarm using Powershell, to make it look the same as when i created by GUI? Now i'm working directly with Powershell editing the "applicationhost.config", adding all the fields i want to create, but i really don't like this approach.
3) All my WebFarms now it's working well, i can view the requests, the time each one takes, the algorytm doind it's work. But when i check the "Servers" menu, it shows both servers "Ready for Load Balance? NO". But it's balancing.
4) My feel is that Web Farm Framework will die soon... I have to make a world to get it installed... uninstall Wep PI, install the old version,and other componentes... If i have a "physical" only one WebFarm, with 2 IIS, and want to balance all websites,
why WFF can't manage it at "website level" instead of "WebFarm" level?
Thanks for help
Jul 11, 2014 10:47 AM|Ravindra_A|LINK
As per my understanding you are using WFF to sync your ARR servers and you already have shared configuration for the back end IIS servers, so that they will be always in sync. Please correct me if I am wrong.
Now are you using WFF only to sync the server Farms i.e. Application Provisioning or you also doing Platform Provisioning. Either case I would suggest not to go with WFF as you have rightly mentioned that WFF is soon going to end. Better to use webdeploy
to sync the servers or you can have shared configuration on the ARR sites as well.
To use script you can to use appcmd as metioned in below article
Hope this helps.
Jul 11, 2014 11:11 AM|rpf_br|LINK
Hi Ravindra_A, thanks for answer!
In my case, i use WFF only to do the load balance between both IIS websites. I have 150 web applications on IIS side, on Development layer, and i'm using now 1 ARR to manage 150 WebFarms.
My use of WFF it's to create a WebFarm for each web application, set the load balance method (least response time), and use the health check to test the web application itself. It's only because it's the way that ARR works (On URL Rewrite menu, when reach
the condiction of the web application, it set the response to "Route to WebFarm xxxxxxx".
I ending at working directly on "applicationhost.config" to manage my 150 webfarms, as they all have the SAME configuration (the only thing that change between it is the "health check URL", because each web farm has it own address).
WFF has it owns cmdlets, but don't work as expected... For example, i create a new Web Farm from IIS management tool without enter any credential. When i try to create one Web Farm from cmdlets, it needs an credential, who after show as plain text the user
and the password. So i create the webfarm without any additional information by the IIS, and then i edit the "applicationhost.config" to put my settings allright (imagine creating 15 webfarms each time, clicking and pointing the SAME thing for all).
For the future, i will see the cmdlet to add lines directly to applicationhost.config, so i can automatate it...
Jul 14, 2014 03:32 PM|Ravindra_A|LINK
So if only Load balancing then you can use ARR without WFF. For the script I would still suggest to use appcmd.
May be a batch script will help.
Jul 14, 2014 07:52 PM|rpf_br|LINK
I can't. WFF it's part of the ARR, as the Rewrite rule sends the request to the WebFarm you choose.
So i have 1 farm for each ARR rule. When i create a new farm, it prompts me to create an Rewrite rule for it.
Jul 15, 2014 07:15 PM|Ravindra_A|LINK
No it is not. WFF is a separate component used for provisioning (Platform and Application). It's actually ARR that allows (WFF also have it but only for provisioning) to add a server farm.
You can follow below link to add the back end server.
Unlike in the link you can have only one server per farm.
Jul 15, 2014 10:16 PM|rpf_br|LINK
Sorry, but i'm confused about this.
The link you sent it's for ARR v1. I'm using ARR v3 (http://www.iis.net/downloads/microsoft/application-request-routing)
It's a pre-requisite for installing ARR, that you install WFF. I can't create a rewrite rule alone...
For example, using ARR with Exchange, they created one WebFarm for each Exchange component:
The process on ARR 3.0 it's the same as aRR 2.5, as you can view on this link. It's the same procedure i used, to create 150 application farms... For what i saw, it's the WFF part that create the "Server Farms".
Jul 16, 2014 08:34 AM|Ravindra_A|LINK
Ok I got it now what you saying. I am sorry about the confusion yes you are right WFF is taking care of creating the server farm.
So did you get the PowerShell script you are looking for?
Jul 16, 2014 11:16 AM|rpf_br|LINK
Because the first cmdlet i should use, according with this:
It's "New-WebFarm". But my problem it's with credential. Using the cmdlet, it ask me a credential, with it's mandatory. Creating using IIS don't ask me this credential. I didn't understand why asking me it.
If i put my credentials to create the WebFarm by cmdlet, after that my username and password show as plain text when using "Get-WebFarm", as shown in the link above. That's unacceptable! If i create by IIS, don't ask me credential, and don't show anything
like this on "Get-WebFarm".
I'm thinking on a script that add lines directly to applicationhost.config, but the WebFarm has an unique ID, that i didn't understand how it's generated, so i think that it wouldn't work.
Thanks for asking :)
Nov 01, 2014 05:29 PM|awilsonmt|LINK
When you are running the IIS Manager its going to use the credentials that you signed into Windows with. Assuming its all on the same domain, its just passing through the authentication. As to why it must ask for user/pass on the script its also quite
obvious; farm security. You have to have some kind of security. I dont see why this is really a problem to script past. You can always execute your script with a dummy deadend service account in AD with the credentials saved. I think that is the dirty
hack method and really not at all recommended. If you are talking about a beta environment behind security then what you do is create a security group, create a user that is a member of that group, set it as the primary and then remove it from Domain Users.
Make the password really complex, make it so it can't expire and can't be changed. Execute your script with that account. You can give that group whatever very specific access it may need to your servers. There are other options too for executing that
script with a service account. If you setup your permissions correctly for the computer account executing the script you could use the Network Service to run your script and use it's built in password (that you never have to type). Using the Network Service
will pass through the AD Computer account credentials, shouldn't need a password at all. Just make sure the executing server's AD Computer Account has permissions to execute your script and has permissions required to run "New-Webfarm" whatever that is.
For whatever that is worth :)