Kirx' Blog - kirxblog.wordpress.com

How to share ports of App-V 5 services | February 4, 2013


IconWhile previous versions of App-V targeted a single instance implementation, the new infrastructure servers for an App-V 5 native deployment are designed to be scaled out and to be diverged across separate machines. The services for Management, Publishing and Reporting are based on IIS, also Streaming can be done from a web site. App-V’s Services uses different ports for all these services – but what if you only want to use a single port, like 80?

When you install several App-V 5 Server components onto a single machine, each component requires a separate IP Port during installation. If IIS’ Default Web Site is bound to port 80, you cannot use that, even when you only want to install a single component on that machine.

So, clients communicating to a ‘co-hosted’ App-V 5 Server initially need to establish a connection to a non-default (‘higher’) port. If more than one component (Publishing, Management, Reporting or Streaming) is used, more of those ‘higher’ ports are required. This is fine in an internal network, but as soon as there are firewalls or proxies involved (network security zones, VPN), you may want to limit the amount of open ports, and you may want to use a ‘default’ http port only.

So what can be done to bind all App-V components to a single port, let’s say 80?

Lucky wise IIS supports the concept of Host Headers that allow to distinguish between web applications based on the URL they are queried at. Unluckily, the App-V setup wizard does not support that, so we need some tweaking here.

Here are some up-front guide lines (It wouldn’t be me if I would not declare some)

  • Operations in this guide may (temporarily) disrupt certain IIS features. Do not perform them during production hours
  • This guide is not directly applicable for secured (https) connections. Using Host Headers with SSL certificates requires additional configuration.
  • Validate that the individual IIS Site have a “started” state after completion. Some operation may have stopped them
  • Validate that all individual services can be contacted. For the App-V specific services, connect to the ‘/help’ subfolder with a browser (described below)
  • Do not remove any of the bindings that were created during the App-V Server installation
  • Do not attempt to ‘adjust’ App-V Server’s registry settings

Initial Configuration and Installation

At the beginning, you prepare your IIS machine as described in the App-V Server’s system requirements. This includes installing the IIS role with some features. Note that you should leave the Default Web Site’s port to 80 and don’t change it.

Then, you install the required App-V Server components at once or one after-the-other. It doesn’t matter if you use the graphical wizard or the command line – just install them, assigning different ports to each component. In the example below, I used 8013 for the Management server, 8016 for Publishing and 8018 for Reporting.

Prepare DNS Aliases for hosts

As indicated, ‘host headers’ will be used to identify individual services. Essentially this means that every service has to get an individual DNS name. You may create three new aliases on your DNS server, like AppvManagement, AppvPublishing and AppVReporting, each pointing to the same IP address of your IIS machine. In my example I added ‘Host01’ just for the sake of demonstration.

DNS_Alias

For the Streaming Server feature, you don’t need to add a dedicated host header/port. If you decide for http streaming from the co-hosted server, this usually is achieved by adding a new Virtual Directory to the Default Web Site. Since the Default Web Site already listens to port 80, no additional preparations have to be made. Later on to all incoming connections on port 80 that are not covered by a host header still will be processed by the Default Web Site.

For a test, try to ping all hosts. Or, if not disabled on IIS, even try to connect to them using a browser. At this time queries should point to the default web site.

IIS8_Welcome

Configure Host Header redirection in IIS

In IIS Manager, configure the “bindings” for each of the App-V services. You may do this using the GUI or command lines. Note that IIS7 (Win2008R2) and IIS8 (Win2012) can use different commands.

  • Do not remove the original binding (to the upper port)
  • For each service, add a binding for the short name and the FQDN

Using IIS Manager’s GUI

Using IIS Manager, navigate to the individual site. A right-click on the site name or the action pane shows you the “Binding” action. Here you can add/modify them.

IIS_Bindings_Summary

IIS_Bindings_perSite

Using IIS 7’s appcmd command

For IIS7, the command appcmd can be used. Appcmd supports two different ways of how to specify parameters. I opted for the ‘user friendly’ one. Note that appcmd set overwrites (and not adds) the new binding to a service. Therefore, you have to specify the original binding to the original ports as well.

(see http://technet.microsoft.com/en-us/library/cc753195(v=ws.10).aspx for more details)

appcmd set site "Microsoft App-V Management Service" /bindings:"http://*:8013,http://AppvManagementHost01.demo.lab:80,http://AppvManagementHost01:80"
appcmd set site "Microsoft App-V Publishing Service" /bindings:"http://*:8016,http://AppvPublishingHost01.demo.lab:80,http://AppvPublishingHost01:80"
appcmd set site "Microsoft App-V Reporting Service" /bindings:"http://*:8019,http://AppvReportingHost01.demo.lab:80,http://AppvReportingHost01:80"

Using Powershell  (IIS8, IIS7)

For IIS8, of course Powershell is used

(Originally found at http://blogs.iis.net/jeonghwan/archive/2012/11/12/examples-of-iis-powershell-cmdlets.aspx, details at http://technet.microsoft.com/en-us/library/ee807834.aspx)

Note that the add-webconfiguration does not replace, but add parameters. Therefor the original ports (8013, 8016, 8019) don’t show up here – and we use two commands for each service, one for the short name, one for the FQDN.

add-webconfiguration '/system.applicationHost/sites/site[@name="Microsoft App-V Management Service"]/bindings'-value @{protocol="http";bindingInformation=":80:AppVManagementHost01.lab.lic"} -pspath iis:\
add-webconfiguration '/system.applicationHost/sites/site[@name="Microsoft App-V Management Service"]/bindings'-value @{protocol="http";bindingInformation=":80:AppVManagementHost01"} -pspath iis:\
add-webconfiguration '/system.applicationHost/sites/site[@name="Microsoft App-V Publishing Service"]/bindings'-value @{protocol="http";bindingInformation=":80:AppVPublishingHost01.lab.lic"} -pspath iis:\
add-webconfiguration '/system.applicationHost/sites/site[@name="Microsoft App-V Publishing Service"]/bindings'-value @{protocol="http";bindingInformation=":80:AppVPublishingHost01"} -pspath iis:\
add-webconfiguration '/system.applicationHost/sites/site[@name="Microsoft App-V Reporting Service"]/bindings'-value @{protocol="http";bindingInformation=":80:AppVReportingHost01.lab.lic"} -pspath iis:\
add-webconfiguration '/system.applicationHost/sites/site[@name="Microsoft App-V Reporting Service"]/bindings'-value @{protocol="http";bindingInformation=":80:AppVReportingHost01"} -pspath iis:\

Ah, yeah, the PoSH of course also work on a IIS7 machine. In fact this Cmdlet was introduced for IIS 7

Validation

At the final step of the Host Header configuration process, you should open a browser and point to the two, three new DNS aliases on port 80. A quite safe method is to establish a browser connection to the new aliases::

http://AppvManagementHost01/help

http://AppvPublishingHost01/help

http://AppvReportingHost01/help

IE_HelpPages

Important

You should not modify the App-V Server component’s individual configurations (in the Registry). They still point to the original server name and ‘high’ IP Port.

Conclusion

Host Headers allow you to offer several App-V Server components from an individual machine sharing the same port, like 80.

This is namely useful for sharing default http port 80 between the Publishing Server component, the Reporting Server component and potentially the Streaming service offered by native IIS. Often you don’t need to configure port sharing for the Management Server, because it isn’t addressed by clients and thus may not require special firewall configurations, but of course you can do it easily as well. Also note that you may want to use a different machine for streaming the .appv files from (file or web server), mainly to separate configuration traffic from data traffic (though we described its co-hosting here as well).

HostHeader_TargetArchitecture

Additions

Remember that configuring a secured connection (using HTTPS) requires more planning (while it is easier for IIS8 than for IIS7), including the requirement for wildcard certificates (*.company.dom).

If you want to use a load balancing service (external or Windows NLB), the virtual hostnames have to be used for the host header entries

Advertisements

2 Comments »

  1. […] Если по какой-то причине необходимо сделать так чтобы все 3 серверные роли App-V использовали один порт, можно попробовать использовать метод изложенный в статье Kirx' Blog — How to share ports of App-V 5 services […]

    Pingback by App-V 5 for RDS — Разворачиваем инфраструктуру повышенной доступности | Блог IT-KB — August 31, 2013 @ 17:57

  2. […] How to share ports of App-V 5 services | Blog […]

    Pingback by App-V 5.0 Ramp up Guide | VirtualVibes — May 1, 2014 @ 11:24


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: