Where Websites Come To Life
Shared Hosting Configuration
Posted: March 26th, 2018
Hosting multiple Web sites or databases on a single computer is challenging. Hosters may struggle with quality of service, site density, security, and performance configuration. This article describes the Shared Hosting Configuration components that are needed to address these requirements. The goal is to provide a high-level picture of the components, how they fit together, and why they are important. For specific feature information or guidance, see the links in each description.
Network Segments
As shown in the diagrams found later in this topic, Windows Web Platform Shared Hosting environments typically include the following network segments:
> Front-end The front-end includes the servers that interface with customers to provide access to hosted services offered in the solution. All internet-specific traffic is isolated to the front end segment.
> Back-end The back-end isolates Web farm access, management, database access, monitoring, and security data from the customer accessing the front end segment. This helps to enhance network security and performance.
Front End Servers
Application Request Routing (ARR) Server
The ARR server runs the Microsoft Application Request Routing for IIS module. This is a proxy-based routing module that forwards HTTP requests to content servers based on HTTP headers, server variables, and load balance algorithms. ARR can be used to:
> Increase application availability and scalability.
> Better use content server resources.
> Facilitate application deployment, including pilot management and A/B testing.
> Lower management costs and create opportunities for shared hosters.
The ARR server is deployed and managed by the hoster. Since ARR 2.0 is a feature of IIS, you may decide to manage it by using Remote Administration (see the Remote Administration section later in this topic) or Terminal Services. Depending on the scalability and availability requirements, administrators may need a configuration that includes either or both Network Load Balancing and Failover Clusters on the ARR server. Load balance routers for two or more ARR servers can also be examined for such requirements.
SSL Offloading
By default, SSL Offloading is enabled on the ARR server. This feature helps to maximize the server resources because the Web servers do not have to spend cycles encrypting and decrypting requests and responses. Enabling SSL Offloading implies that all communication between the ARR server and the Web servers is accomplished in clear text, even for HTTPS requests from the clients to the ARR server. All of the Web servers are located in the back end network because this is a trusted network that preserves the security of the communication between the ARR server and the Web farm.
Web Management Service, MS Deploy, and FTP Server
This server runs the services that users need to publish and manage their content and Web applications from the command line, IIS Manager UI, or Visual Studio Development environment. Three IIS services run on this server:
> Web Management Service, also known as WMSVC, makes Remote Administration possible. See the corresponding section below.
> File Transfer Protocol (FTP) Server provides the infrastructure that is required to create an FTP site where users can upload and download files by using the FTP protocol and appropriate client software. FTP uses TCP/IP to distribute files similarly to how HTTP works to distribute Web pages. An FTP site is especially useful for offering customers the ability to upload files.
> Web Deploy simplifies the deployment, management, and migration of Web applications. It lets administrators enable developers to publish their Web applications and databases to the hosted environment.
The Web Management Service, MS Deploy, and FTP server is connected to the Internet through the network. Through a separate NIC interface, it also has access to the NAS server that contains the shared configuration of the Web server farm. Depending on the scalability and availability requirements, administrators can decide to use either or both Network Load Balancing and Failover Clusters on this server.
DNS Server
The DNS Server role in Windows Server 2008 combines support for standard DNS protocols with the benefits of integration with Active Directory Domain Services (ADDS) and other Windows networking and security features, including advanced capabilities such as secure dynamic updating of DNS resource records.
Router Firewall and Port Forwarding
This firewall router forwards FTP and Web Management (port 8172) traffic to the corresponding server. If applications offered by the hoster, such as mail, are available in the front end network, this router will also forward that traffic to the appropriate servers. All other Web application traffic is routed to the ARR server.
Back End Servers
Web Server
The Web server runs the Windows Server 2008 Web server role. Windows Server 2008 delivers IIS, which is a unified Web platform that integrates IIS, ASP.NET, and Windows Communication Foundation. It provides the functionality to deploy multi-tenant (Shared Hosting) offerings. All Web applications share the Web server resources. The key features and improvements in IIS include the following:
> A unified Web platform that delivers a single, consistent Web solution for both administrators and developers.
> Enhanced security and the ability to customize the server to reduce the attack surface.
> Simplified diagnostic and troubleshooting features that aid in the resolution of problems.
> Improved configuration and support for server farms.
> Delegated administration for hosting and enterprise workloads.
The ARR server controls all traffic coming to the Web servers. The ARR server handles all the HTTPS work, effectively offloading it from the Web servers (see SSL Offloading earlier in this topic). Web servers are grouped in a Web farm and should be put in a protected network, such as the back end network. This is important because the communication between the ARR server and the Web server is in clear text when ARR's SSL Offloading is used.
Web Server Farm
The Web Server Farm is a collection of Web servers that share a common configuration and a set of Web sites. In IIS, Web farms are supported through the Shared Configuration feature, which enables administrators to store the IIS server configuration files on a remote share (NAS File Server). This provides the ability to replicate and synchronize configuration among the Web servers in the farm. In combination with the ARR server, the Web farm provides the configuration that is required to implement Shared Hosting environments. To protect communication with the ARR server, the Web server farm is located in the back end network.
File Server (NAS)
The file server provides a central location on the network where you can store and share files with other servers. You can use this server to store the Web server farm shared configuration and static content for Web sites. The file server can act as a network-attached storage (NAS) unit. This server is required to set up the Web farm (shared configuration) environment. All the servers in the Web farm and the Web management server have access to the file server for application content and configuration data. Depending on scalability and availability requirements, administrators can decide to implement either or both Network Load Balancing and Failover Clusters on this server.
Information source from Microsoft, to read more visit the link listed below.