Migrate IIS-hosted applications to Amazon EC2 by using appcmd.exe
Deepak Kumar, Amazon Web Services
Summary
When you migrate Internet Information Services (IIS)-hosted applications to Amazon Elastic Compute Cloud (Amazon EC2) instances, you need to address several authentication challenges. These challenges include re-entering domain credentials for application pool identities and potentially regenerating machine keys for proper website functionality. This pattern describes a clean migration approach that uses the backup and restore functionality of IIS on Amazon EC2 instances. The approach uses appcmd.exe to uninstall and reinstall IIS on the target Amazon EC2 instances, enabling successful migration of IIS-hosted websites, application pool identities, and machine keys.
Prerequisites and limitations
Prerequisites
An active AWS account for the target server.
A functional source IIS server with websites hosted on it.
Understanding of IIS working principles, such as administration and configuration.
System administrator access on both the source and target servers.
Completed migration of the source IIS server to the target AWS account. You can use migration tools such as AWS Transform MGN, an Amazon Machine Image (AMI) snapshot-based approach, or other migration tools.
Windows Server 2012 R2 or later on both source and target servers.
Microsoft .NET Framework 4.5 or later installed on both servers (required for aspnet_regiis.exe key container operations)
A method to transfer backup files and exported key XML files from the source to target server, such as Amazon Simple Storage Service (Amazon S3), a shared network drive, or secure copy.
The source and target IIS instances must run the same IIS version (8.5 or 10.0).
Limitations
Some AWS services aren’t available in all AWS Regions. For Region availability, see AWS Services by Region
. For specific endpoints, see Service endpoints and quotas, and choose the link for the service.
Product versions
IIS 8.5 or IIS 10.0
Architecture
Source technology stack
Windows Server with IIS 8.5 or IIS 10.0 installed
Target technology stack
Windows Server with IIS 8.5 or IIS 10.0 installed
AWS Transform MGN
Target architecture
The following diagram shows the workflow and architecture components for this pattern.
The solution includes the following steps:
Install and configure the AWS Replication Agent on the source IIS server in your corporate data center. This agent initiates the replication process and manages data transfer to AWS.
The AWS Replication Agent establishes a secure connection to MGN and begins replicating the source server data, including IIS configurations, websites, and application files.
MGN launches Amazon EC2 instances in the application subnet with the replicated data. The target Amazon EC2 instance runs IIS and contains the migrated applications with their associated Amazon Elastic Block Store (Amazon EBS) volumes. After the initial replication, MGN continues to sync changes until you're ready to cut over to the new environment.
Tools
AWS services
AWS Transform MGN helps you rehost (lift and shift) applications to the AWS Cloud without change and with minimal downtime.
Amazon Elastic Block Store (Amazon EBS) provides block-level storage volumes for use with Amazon EC2 instances.
Amazon Elastic Compute Cloud (Amazon EC2) provides scalable computing capacity in the AWS Cloud. You can launch as many virtual servers as you need and quickly scale them up or down.
Other tools
Internet Information Services (IIS)
for Windows Server is a web server with a scalable and open architecture for hosting anything on the Web. IIS provides a set of administration tools, including administration and command line tools (for example, appcmd.exe), managed code and scripting APIs, and Windows PowerShell support.
Best practices
Secure exported key files – The XML files that contain the exported private keys should be transferred securely (encrypted in transit) and deleted from boththe source and target servers after a successful migration.
Test in a non-production environment – Perform the backup and restore procedure on a test server before running it in production.
Document application pool identities – Before migration, record all application pool identity credentials because you must re-enter passwords after the restore.
Back up SSL certificates separately – The appcmd.exe backup does not include SSL or TLS certificates. Export these separately using the Certificates MMC snap-in or PowerShell
Verify web content files – The IIS configuration backup does not include web application files (wwwroot content). Make sure that these are migrated with the server image through AWS Transform MGN.
Epics
| Task | Description | Skills required |
|---|---|---|
Create backups of IIS-hosted websites, configuration key, and | To create backups for IIS-hosted websites, the configuration key (
To export the configuration key and the
| IIS Administrator |
| Task | Description | Skills required |
|---|---|---|
Uninstall IIS on the target server. | To uninstall IIS on the target server, use the following steps:
| IIS Administrator |
Install IIS on the target server. | To install IIS on the target server, use the following steps:
| IIS Administrator |
| Task | Description | Skills required |
|---|---|---|
Restore IIS websites and configuration. | To restore the IIS backups that you created from the source server on the target server, use the following steps:
| IIS Administrator |
Related resources
AWS documentation
Installing the AWS Replication Agent (AWS Transform MGN documentation)
AWS Prescriptive Guidance
Microsoft resources
Additional information
The appcmd.exe backup includes: application pools, sites, global configuration, and IIS schema. It does not include web content files, SSL certificates, or shared configuration files.
For large-scale IIS farm migrations, consider using the PowerShell Web-Administration module for scripted backup and restore operations.
