Sitemap

Cloud Hosting with Multiple IIS Servers

(Versions 7.9.0+)

To setup Password Server in a High-Availability environment with multiple front-end servers, using the following steps.

View an example High-Availability diagram.

  1. Have Questions?  Contact Us!

Prerequisites:

  • Please first follow the instructions for setting up 1 server with IIS:
  • Review the general Server/Database Requirements: 
  • Requires:
    • 1 License Key - will allow activations for 2-3 servers
    • 2 or more Servers - to host the IIS application
    • 1 Database server
    • 1 Load Balancer

Usage Considerations

Here are some considerations for usage in your environment and integrating with your load-balancer:

  • Servers are Interchangeable:
    • Each of the Password Servers will rotate in taking requests and are fully interchangeable. They do not cache / store information between requests. All the information necessary for each request is stored in the request token.
  • Session-Affinity (Load-Balancer):
    • However, load-balancers do have a configuration option called session-affinity (sticky sessions), which is a feature that associates user requests to a particular instance.
  • Network Access:
    • Since it is possible for each server to send notifications, perform a backup, etc., ensure each server has access to the network resources: network fileshare location, email, active directory, etc.
  • Separate Error Log Details:
    • Each server will store it's own file logs and error log details will be separate for each server. When receiving an unusual error, admins should look at each file error log.

Installing in a Multi-Server Environment

Step 1: Create Password Server Database

Setup a database on MS-SQL or PostgreSQL.

Step 2: Generate a Machine Key

A machine key will provide distributed encrypted authentication that is shared across your servers. There are 2 options for generating this key.

  • Option A
    • Generate a Machine Key from within IIS
      1. Ensure the ASP.NET feature is enabled from:
        • IIS -> World Wide Web Services -> Application development features
      2. Follow these simple, detailed steps:
      3. Ensure these are turned off (if applicable):
        • "Automatically generate at runtime"
        • "Generate a unique key for each application"
      4. Close and Re-open IIS

  • Option B
    • Generate a Machine Key using a PowerShell script
      1. Run a PowerShell script.
      2. You can save the script (or run it directly in the console), which will provide a <machineKey> tag 

Step 3: For each Machine, Repeat Steps 4 - 9

Step 4: Install Password Server on the Machine

Step 5: Configure the Service details

Use the Service Config utility (installed with Password Server) on each machine to set these values:

  • Database Connection String
  • Certificate

Step 6: Setup IIS

Step 7: Activate the Server

Step 8: Add Machine to Load Balancer

  • Setup your Load Balance to use this machine
  • Use this address for Server Health Checks:
    • https://<server><.domain>:<port>/Home/Startup
  • If the machine is up and running and ready for requests, the machine returns a Ready! response.
    • Ready!
  • This address does not require authentication.

Step 9: Copy Machine Key to Web.config file

After using one of the above methods to generate a machine key (Step 2), copy and paste the Machine Key into the base directory web.config files.

If there isn't an existing <MachineKey> tag to overwrite, then paste a new tag after the open <system.web> tag and before the closing </system.web> tag.

  1. Have Questions?  Contact Us!