The Micro Instance
I am using a Micro instance, which will give me just over 600MB of memory and hopefully enough processor power to run several small websites. The worry will be whether the memory is enough to run a database server as well.When you select the AMI to build from AWS will make a copy of that template. Using a micro instance uses storage called EBS (Elastic Block Storage). This storage is persistent. Other instances can work differently with disk space that isn't persistent - if the instance dies you loose your data. But I don't need to worry about that. Later on I'll be looking at the backup and other storage options. The database/website I am deploying will only be used for reporting on the data contained within it and quite a bit of data is cached on the website anyway.
Getting the administrator password
Once the instance is setup you need to retrieve the administrator password. This is done from the Management Console by right clicking on the instance and choosing the option "Get Windows Password". You then need to paste in your private key (that you create earlier).It can take up to 10 minutes after you start creating your instance until it is available. Part of the process of creating your image is also to create your security settings (firewall) so that you can login.
Logging in
When you login for the first time you should change your administrator password. I didn't do this - I was trying to be smart and create a new user for myself that has administrator privileges. I did do this but had other issues later when logged in as this user to do with permissions. Something I will come back to later.Best practice would be to use a different username to login and then rename the administrator username to something obscure, then disable it. Partially security by obscurity (by renaming the user and using another username) but an additional layer with disabling. For the moment I am using the administrator user.
You login using Remote Desktop over the internet - hopefully protected by your security settings. There are further settings you can put on using certificates to authenticate yourself.
The initial setup
Disks
The AMI has one 30GByte disk. This is a little bit of a pain. I'm not overly worried (for the stuff that I am running) that all my data will be on one disk. It sort of forces me into thinking carefully about things. However, 30GByte is quite big - the disk has over 20GByte free and since it is pay as you use you are paying for it. I don't really know a way of making the disk size smaller and giving it back to Amazon. Amazon are giving a one year free offer of 10GByte of space - it is probably only a couple of dollars a month, not much when I have just one server.CPU
The CPU reports as Intel Xeon E5430 @ 2.66GHz (with the words 2.96GHz next to it!) and task manager reports one core. With the micro instance you get 1 Elastic Compute Unit that can burst to 2 units - one unit is described 1.2GHz Opteron. The computer name is set and apparently you can change it - can't see any advantage to doing this at the moment, so I'll leave it. The aim is to change as little as possible.Remember, as long as you have got your data you can start up another instance with a new AMI and move the databases/sites over and get that running. It will cost you a few cents per hour, then move the site across using the Elastic IP addresses (see article on setting it all up).
The DotNet framework to version 3.5 is installed.
Getting setup
Once the server is up and running, I always get Task Manager up and running to monitor what is going on.Main initial tasks that needed to be done were:
- Create a directory where you are going to put all your stuff. Something like c:\data is fine.
- Setup a default website and move the default website away from c:\inetpub\wwwroot. I just create a directory
mkdir c:\data\web cd \data\web mkdir default cd default echo "Hello" > index.htm
Then go into IIS and create a site that points to it (I'm not going to give a guide to IIS here) Setup IIS so that the log files are created somewhere other than c:\inetpub\logs, e.g. c:\data\logs. By putting all your stuff in one place makes it easier to move/backup/delete etc.
What also needs to be installed
Chrome
I don't use IE much, just for testing! The default IE installation is fairly hardened so you need to set the security to allow you to download .exe files. This is just a preference, although I do need to check if there are any security reasons for not doing so.DotNet 4
The application I am installing requires the DotNet Framework version 4 as it uses ASP.NET MVC version 2. I generally try to install from the base installers rather than the web installer. This means a 50MB download from Microsoft.SQL Server 2008 Express
Below is a quick overview of manually setting up a database and website. I've not used any deployment here as I want to understand how the server is operating first. Also, not quite time for me to worry about using the release configuration of the website I am going to deploy.My first task was getting SQL running. My application requires a database and I was anxious to use the server, rather than write a little hello world test program using ASP.NET/C#. Anyway the index.htm "Hello" worked.
The first problem I found was that the SQL Server instance for Express was disabled - so start the Service manager (services.msc) and enable it.
Then start Management Studio, right click on the instance name and choose Properties. Goto the Security tabs. I don't like my web applications accessing using Authenticated Security. This is partly as I've always did it using SQL Server authentication. By default Server Authentication is only setup to allow Windows mode. You need to change this.
Then go to Security, Logins and change the sa password. It's up to you whether you enforce the password policy. If I was running Active directory or multiple servers I might think about setting up the security as normal. But again not really worried about it. The other advantage of setting up SQL Server authentication is if you want to access the server remotely.
Now goto the status option and make sure that the user is enabled.
Restore any databases you might have. The add a new login and user to access it. Don't use one you have used before (i.e. on the backup from your development environment). If you do want to use the same user then lookup the stored procedure sp_change_users_login - I'll write a post about this later once I get my deployment tools in place. It is likely that you are using integrated authentication in your development environment anyway (in which case you need to learn about connection strings).
Your website
I zip up the files for the server then create a directory (e.g. c:\data\web\mysite) and unzip it. Check there isn't anything in it you don't think should be there. (I'll be looking at deployment next so that I can make updates to the website quickly - but for the moment I'm just getting it up and running and checking it is all Ok).Then go into IIS and setup the site. Few things to note
- If you are going to use Host Headers for your site (i.e. hosting more than one site on your server) then if the DNS hasn't propagated it will be difficult to test. There is a way (editing the hosts file on your local computer). However, for the moment disable your default site and add a new site pointing to your newly created directory.
- Make sure you setup the site to use the right application pool, in my case the .NET Framework 4.
- Check the settings for log files.
Data Source=.\SQLEXPRESS;Initial Catalog=<DATABASE>; Integrated Security=False;User Id=<SQLUSER>;Password=<SQLPASSWORD>
If you were using SQL Server Express locally you shouldn't need to change the server name. Now test your site - check it locally (http://localhost) or via the IP address or URL (if DNS has propagated).
How to transfer files to your server
You could install FTP on your new server - but I always think that is quite a bit of security hole. What I have done is open up some ports on my broadband firewall that forwards to a site on one of the PC's I have. Then copy files into that directory then from the server browse for them and save them. Once uploaded you can remove them.Windows Update
Lots of Windows Updates need to be done. Do them, just in case. Also by doing them now and then testing your website you make sure that everything is working Ok. If you do them later and something doesn't work it's a bit harder! There is 143MB of updates to do - remember however, that you are paying for the bandwidth! It takes a long time to do.Once you have done the Windows Update I advise going running the Service manager (services.msc) and stop and then disable the Windows Update service and the Module Installer service. If you don't do this then these services will keep running. On a machine with only 600MB of RAM you need to reduce the amount running. But, remember by doing this you need to ensure you do the Windows Update yourself.
The other service to disable is the Print Spooler - I'll get back to you on other services you can safely kill. I also remove SQL Server Compact edition
Others changes
A few other things I did- Set the computer to work better for better performance (My computer->Properties->Advanced Settings->Settings)
- Set the computer to work better with background services (My computer->Properties->Advanced Settings->Advanced)
- Change the page file (My computer->Properties->Advanced->Virtual memory->Change). I set mine to 1.5Gbytes.
Is memory an issue?
At the moment who knows. The server isn't being hit by a lot of traffic yet. I do know that when I install anything (e.g. Windows Update, Subtext or the .NET framework) I know that I have to be patient. As CPU will peak quite quickly at 100% and things go slow. But when nothing is running on the server and I access my test site it all goes quite well (although the site caches all the data that is displayed on the front page and the first few pages (about 4MByte of storage), so I'm not really hammering the site - I think the googlebot has accessed more data on the site than me!Later
This is all a bit rough and ready for me. Some best practice has went out the window and I need to get processes straight for deploying sites and databases. But doing something manually is good for you.I need to look at some server hardening (thinks like security policies, permissions on directories etc) and then using the AWS backup facilities.
Once I work out everything I need to do for the server I intend to create another instance from scratch and do them. It'll cost me a few hours of time, but less than 10 cents of cost. Once this is done the aim will be to create a backup that can be used for future instances (or in case of failure of this instance at some point - remember it is Windows!)
