Menu
I have a remote web server that I have full administrator access over, and I want to deploy a website.
When I use Visual Studio's Publish tool, among other things which seem a bit less convenient (FTP etc), I have the option of using either Windows Management Service or Remote Agent Service. All the documentation says is this:
To publish remotely through Remote Agent Service, use http://RemoteComputerName. This option is typically used to deploy a Web application inside a network (in an intranet scenario). You must have appropriate permissions to perform the deployment on the destination server.
To publish to a hosting site using Windows Management Service, use the value that is specified by the hosting provider. You can typically use just a server name (HostedRemoteServer) or a complete URL that includes a server name, a port number, and the Web Deploy handler name (https://HostedRemoteServer:8172/MsDeploy.axd). The hosting provider can tell you the name of the server and the port number, if applicable.
This isn't enough information for me to decide, though. Yeah, I'm not publishing over a network, but I do have full access over the machine I'm deploying to. At the same time, MsDeploy is the big fancy thing that Scott Hanselman describes in his talk and that I've been convinced as being the awesome way to deploy.
So which should I do? Are there any obscure security considerations or anything?
296
Use the Web Deploy Handler. This approach is a lot more complex and requires more initial effort to set up the web server. However, when you use this approach, you can configure IIS to allow non-administrator users to perform the deployment. The Web Deploy Handler is only available in IIS version 7 or later.
- WDeployAdmin, which is an administrator. This is used by delegation rules for recycleApp. If you prefer to create these rules by hand, uncheck the component in the installer. We also provide a PowreShell script for creating delegation rules (more on this later in the post) if you prefer that route.
In IIS, right-click the Default Web Site, choose Deploy > Configure Web Deploy Publishing. If you don't see the Deploy menu, see the preceding section to verify that Web Deploy is running. In the Configure Web Deploy Publishing dialog box, examine the settings. Click Setup.
In the Publish method drop-down list, select Web Deploy Package. In the Package location box, enter the path to where you want the package to be created, including the . zip file name; for example, c:\temp\<projectname>. zip.
I recommend going the Management Service route. In addition to the msdeploy features, the Management Service feature gives you the ability to remotely administer IIS 7/7.5 from your machine. With all of your IIS servers in one console, you can easily export an application on one machine and import it onto another.
It seems like the most sophisticated msdeploy implementation from a security provisioning perspective and from a configuration perspective. The IIS manager allows you to easily configure details around the endpoint (SSL certificate, port, etc.). Well.. this is true on IIS 7/7.5 on Windows 2008 and R2, but not on Windows Vista or 7. For some strange reason, there is no UI for the Web Management settings on non-server SKU's.
The agent is basically a self contained web server without any of the user-level permissions capabilities. This is why it requires that the person doing the remote deployment has admin privileges on the target machine. It's feels like a simpler, bare metal implementation. Since you've already got IIS serving up HTTP/HTTPS and since IIS' HTTP implementation has kernel-level optimizations, you're not really gaining anything by going the agent route.
If you want to remotely administer Windows 2008 or R2 from Windows Vista/7, install this on your workstation: http://www.microsoft.com/downloads/en/details.aspx?FamilyID=32c54c37-7530-4fc0-bd20-177a3e5330b7 ... this was the icing on the cake for me.
54
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
