Self-Contained Appliance Install or IIS Web Site

Posted by rare_design@reddit | sysadmin | View on Reddit | 13 comments

I wrote an Enterprise application suite and I'm now at a crossroad.

Which do you prefer:

self-contained web service installer that walks you through install (endpoint, port, db, etc), and can received hotfix patches.
commonly uses a dedicated server, but can be multi-purpose. The issue remains it gives less visibility when granular view and control is expected.
IIS web site with manual configuration and upgrades. This requires a more manual process for host header site binding, cert, permissions, etc.
Restores full control to the admin, but as expected, upgrades are not as simple as the aforementioned.

Please consider not only which method you prefer to work with, but also which one management would find more enticing.

Thank you.

[-]

DeadOnToilet@reddit

Container. And nginx or something similarly not shitty like IIS.

[-]

Intriguing. What do you hate about IIS? When properly configured IIS stabily supports 20+ server SharePoint farms serving tens of thousands of people, and I used to manage the web servers for Sirius in their early days and helped with the merger with XM. We ran WebLogic middleware which was a javastack and served it through IIS for 12 million subscribers. No issues.

[-]

Nonaveragemonkey@reddit

It relies on windows, a notoriously weak OS in stability and security.

There's a reason its a minor player in web server world.

[-]

rare_design@reddit (OP)

Partly true, but slightly conflated.

Windows didn't lose web market share due to weakness, but rather functional shift.

A few major shifts happened simultaneously:

Linux became the default automation platform
Cloud hyperscalers normalized ephemeral infrastructure
Containers and orchestration exploded
Open source tooling ecosystems consolidated around Linux

That aligned extremely well with:

Bash/Python ecosystems
package managers
Docker
Kubernetes
Nginx
Apache
CI/CD pipelines
immutable infrastructure concepts

Windows historically evolved from a different philosophy:

long lived servers
GUI administration
enterprise integration
centralized domain management
stateful application hosting

IIS itself is actually very capable:

strong kernel mode HTTP stack (HTTP.sys)
excellent .NET integration
mature security model
good app pool isolation
solid performance
centralized enterprise auth integration
good tooling for Microsoft ecosystems

When it comes to enterprise applications, like my .NET Core app, it's technically platform agnostic, but Microsoft has over a 70% enterprise market share due to Azure.

When it comes to security, that's also a topic greatly misunderstood. *NIX configurations have a lot of benefits, but I have seen many poor implementations simply because they didn't know how to secure it. In fact, most sysadmins don't know how to properly secure LAMP stacks, but could fumble their way through NTFS permissions with a single least privelege service on an App Pool, and ultimately have a more secure web service.

It's less about the technology, and more about the education.

[-]

Jtrickz@reddit

I think you should package with a web server you can maintain or at least control the variables you need to of it.

You can always write a guide or process for IIS.

If you go the route of a web server bundles making a docker image or container is very minimal to install as long as you support Linux, so you can do almost any install type. This is where most big players are going. If it runs on Linux it can become a docker

[-]

rare_design@reddit (OP)

What are you using for auth? Okta?

[-]

Jtrickz@reddit

Entra for web so/saml, on prem AD as well so hybrid syncd no okta

[-]

rare_design@reddit (OP)

Yeah, my application is currently written for MS shops, so I integrate with native logins, AD, and Entra ID for SSO via app reg roles, and ship it with SQLite autoconfigured by can point to an MS SQL db and auto-scaffold the schema.

[-]

justaguyonthebus@reddit

Container would also be my preference.

But considering the options you offer, I want fully automated installs for both. I should be able to do the entire thing over a ssh or remote powershell session. At most, have a config file for custom settings and a single command to install it.

Just imagine I have 1,000 servers to deploy this into. That's probably not likely but if you design for that then my life would be easier.

[-]

rare_design@reddit (OP)

For sure, I've written for rollouts as well, and in that case yes, I would absolutely go for full automation, which I've done many times.

For this solution, it's a standalone suite. One and done and works with either with sql accounts, AD, or Entra ID auth models, so you can easily run on-prem or in Azure.

Perhaps a hybrid model would work well, wherein I would have an installer walk the user through an IIS deployment: set your host header, port, select the cert, path, database choice, etc., and then it would automatically configure it, handle all prerequistes, etc.

[-]

rare_design@reddit (OP)

I understand the push for containers, but last year's docker survey revealed non-IT industries only had 30% adoption of containers. That rules it out as an option. Also, they would need knowledgable staff, and consideration for Azure.

[-]

tankerkiller125real@reddit

Docker container. I won't even think about dealing with IIS these days.

[-]

pneRock@reddit

Container.