6 Oct 2013

IIS8 FTP Publishing Service for Server 2012 on AWS EC2

In a previous post I detailed certain nuances of config for the FTP publishing service under IIS 7 for Server 2008 AWS hosted EC2 instances, due to the way AWS EC2 IP addressing & NAT works there were a couple of minor tricks required to get everything hooking up smoothly for passive connections.
In Server 2012, although the principals are the same it's a bit easier to configure and in this updated post I've put together a quick overview covering the stages involved up from from installing IIS itself, hope it's useful.

I'm assuming you have adequate working knowledge of Microsoft server technology (and specifically IIS), as such I'm not going to be detailing every mouse click and the grabs & explanations are more guidelines than granular staged How-To's.

Firstly, install the Web Server (IIS) role and FTP Server (Fig:1 & Fig:2) -

Fig:1 - Install the Web Server (IIS) role.

Fig:2 - Install the FTP Server.

With IIS and the FTP Server installed it's just a few easy steps to create the config. Choose the folder you want to use for uploads, add it as an FTP site in IIS, create the user and/or group and apply permissions, from then you need to attend to the dynamic port + IP details and configure the local firewall and the AWS security group. All good? Ok, let's run through the procedure.

Create a suitable group and/or user in Computer Management > Local Users and Groups (Fig:3) -

Fig:3 - Create FTP user and group (add user to group).

Choose the folder you wish to use and apply permissions (Fig:4). We are just using the default web root under inetpub.

Fig:4 - Apply permissions to the chosen upload folder.

Add the chosen upload folder as an FTP site under IIS (Fig:5, Fig:6 & Fig:7) - 

Fig:5 - Choose the upload folder location.

Fig:6 - Bindings and SSL settings.

Fig:7 - Authentication and Authorization Information.
Under IIS FTP Firewall Support create a suitable Data Channel Port Range along with the assigned Elastic IP (EIP) of your Server 2012 AWS EC2 instance (Fig:8). If you didn't yet assign an EIP do so now, associate it with your Server 2012 instance and add it in here.

Fig:8 - FTP Firewall Support entries.

Using the Inbound Rule Wizard create a Firewall entry to match the chosen port range for the Data Channel (Fig:9 & Fig:10) -

Fig:9 - Create an inbound port rule.

Fig:10 - Specify ports to match the chosen Data Channel range.

Check the AWS security group (SG) for your instance (Fig:11) and make sure relevant ports and port ranges are open. In this example we have enabled ICMP ping for testing and have open FTP IP access. If workable it's best practice to secure the FTP port range(s) to specific IPs (i.e the main external IP of your office).

Fig:11 - AWS Security Group settings.

And that's about it. It's a good idea (if not essential) to restart both the IIS and FTP service before you check for connectivity as it seems that restarting IIS no longer restarts the FTP service also.

Should you have any questions regarding this article or other procedures detailed across the blog, or would like advice or assistance with cloud technology, server management and support, AWS in general or w.h.y please feel free to contact us directly, we would be more than happy to hook up and discuss how we can help you - http://cirronix.com/contact

No comments:

Post a Comment