Sunday, 27 April 2014

Configuring IIS 7.5 for File Upload of CDOT System Configuration Backups

At the end of the Cluster Setup Wizard for a Single Node Cluster, it prompts for:

Enter the system config backup destination address (or press enter to skip this step):

If you’ve skipped this step, to configure the system config backup, either re-run “cluster setup” (pressing enter to everything except the ‘enter system config backup destination’) or run the following commands:

::> set -privilege advanced
::*> system configuration backup settings modify -destination URL -username USERNAME

{Where URL is an HTTP/HTTPS/FTP/SFTP address, and USERNAME is a user account with permissions to log into the web server}

First though, we might want a webserver to send the backups to, hence this post. And since most corporate customers aren’t going to accept freeware webservers in their environment, we’ll use IIS 7.5 that’s in Windows Server 2008 R2.

Setting up IIS 7.5 for Uploading Files

Log into your Windows Server 2008 R2 with a domain account that has administrative privileges...

Part 1: Configuring the Web Server (IIS) Role

Start > Administrative Tools > Server Manager > Roles > Add Roles

Add Roles Wizard: Select Server Roles
Select ‘Web Server (IIS)
Click Next >

Image 1: Add Server Roles ‘Web Server (IIS)’
Add Roles Wizard: Web Server (IIS)
Click Next >

Add Roles Wizard: Select Role Services
Leave the default selections checked, additionally tick:
WebDAV Publishing
Basic Authentication
URL Authorization
Click Next >

Image 2: Web Server Role Services section 1
Image 3: Web Server Role Services section 2
Add Roles Wizard: Confirm Installation Selections
Click Install

Add Roles Wizard: Installation Results
Click Close

Part 2) Configuring IIS 7.5 for File Uploads

Start > Administrative Tools > Internet Information Services (IIS) Manager

Right-click Sites and click Add Web Site...

Image 4: IIS 7.5 Add Web Site...
Note: We could instead have reconfigured the ‘Default Web Site’

Add Web Site
Site name = cdotbackup
Physical path = \\lab.priv\NA\backup {coincidentally, this is on a different NetApp CDOT cluster}
Connect as = LAB\netappadmin
Click Test Settings... to verify
Binding: Type = http / IP address = All Unassigned / Port = 80
Host name (optional) = cdotbackup.lab.priv
Leave ‘Start Web site immediately’ ticked
Click OK

Image 5: IIS 7.5 Configure new Web Site
Image 6: IIS 7.5 New Web Site Test Connection
Note: A DNS A-Record for cdotbackup.lab.priv will need to be created pointing to the IP Address of the Web Server.

Select the cdotbackup website and click the Authentication icon

Image 7: IIS 7.5 Web Site Icons
Authentication
Click ‘Anonymous Authentication’ and then click Disable in the right-hand ‘Actions’ pane
Click ‘Basic Authentication’ and then click Enable in the right-hand ‘Actions’ pane

Select the cdotbackup website and click the Authoritzation Rules icon

Authorization Rules
If there is not already an ‘Authorization Rule’ to ‘Allow’ ‘All Users’ -
Click ‘Add Allow Rule...’ in the right-hand ‘Actions’ pane

Authorization Rules: Edit Allow Authorization Rules
Leave ‘All users’ selected
Click OK

Image 8: IIS 7.5 Authorization Rules
Select the cdotbackup website and click the WebDAV Authoring Rules icon

WebDAV Authoring Rules
Click ‘Enable WebDAV’ in the right-hand ‘Actions’ pane
Click ‘Add Authoring Rule’ in the right-hand ‘Actions’ pane

WebDAV Authoring Rules: Add Authoring Rule
Allow access to: All content
Allow access to this content to: All users
Permissions: Read, Source, and Write
Click OK

Image 9: IIS 7.5 WebDAV Authoring Rules
Part 3) Testing System Configuration Backup Upload

From the Clustered ONTAP Single Node Cluster, type:

set -privilege advanced
system configuration backup show

Select a backup file to upload, then run:

system configuration backup upload -node NACLU01N1 -backup NACLU01.8hour.2014-04-27.18_15_00.7z -destination http://cdotbackup.lab.priv

And if all is good, you’ll be rewarded with ‘Configuration backup file uploaded successfully.’

NACLU01::> set -privilege advanced
NACLU01::*> system configuration backup show

Node       Backup Name                               Time               Size
---------  ----------------------------------------- ------------------ -----
NACLU01N1  NACLU01.8hour.2014-04-27.10_15_00.7z      04/27 11:15:00     1.04MB
NACLU01N1  NACLU01.8hour.2014-04-27.18_15_00.7z      04/27 19:15:00     1.24MB
NACLU01N1  NACLU01.daily.2014-04-27.07_23_48.7z      04/27 08:23:48     957.4KB
NACLU01N1  NACLU01.weekly.2014-04-27.07_23_48.7z     04/27 08:23:48     957.5KB

NACLU01::*> system configuration backup upload -node NACLU01N1 -backup NACLU01.8hour.2014-0-27.18_15_00.7z -destination http://cdotbackup.lab.priv

Enter the username: LAB\netappadmin
Enter the password:
Uploading the configuration backup file.
100% uploaded
Configuration backup file uploaded successfully.

Configure the backup settings to automatically use the URL and USERNAME tested previously for scheduled backups of the system configuration:

system configuration backup settings modify -destination URL -username USERNAME
system configuration backup settings set-password

To Do Next

If we were doing this in a production environment:
1) Lock down IIS.
2) Configure SSL on the website.
3) Append the SPNs required for Kerberos to function with the website.

(Possibly) To be continued...

No comments:

Post a Comment