2

We're in the process of migrating some websites from one of our older Windows Server 2003 / IIS 6 Servers to a newer Windows Server 2008 / IIS 7 server. We have to migrate these websites without a lot of downtime.

These websites all communicate with SQL Server and/or MySQL databases. They also have SSL certificates assigned to them (they're e-commerce sites).

Our initial plan was to stop the websites on the old server for a few minutes, copy over the websites and databases to the new servers, and redirect the IIS 6 sites on the old server to www2.<domain>.com which points to the new server. This way traffic that still comes to the old server while DNS caches are flushed is redirected to the new server.

The problem with this is that the SSL certificates are for www.<domain>.com and visitors see a security warning if they're on www2.<domain>.com. It's important that all traffic be pointed to the new server immediately as we can't have 2 separate copies of the databases or websites.

slm
  • 7,615
  • 16
  • 56
  • 76

3 Answers3

1

You might consider just using a TCP proxy on the old web server to proxy traffic to the new web server computer while the old DNS records age out of cache. Depending on the amount of traffic you're dealing with, something like rinetd might handle the load fine.

If the load isn't something that a simple tool like rinetd running on the old box could handle, you could put up a dedicated machine running any of the various open source proxies (haproxy, balance, etc) answering for the IP of the old web server and proxying the TCP to the new box.

Evan Anderson
  • 141,881
  • 20
  • 196
  • 331
0

I've used 'stunnel' for Windows to do similar things. In this case you'd bind to the Internet facing IP address on OldServer and configure the tunnel to talk SSL to NewServer:443. You'd then configure it to present the SSL certificate pair (which you'll have to convert into the right formats, but there are tools for this) on that local binding.

This way incoming connections to the old server get the same SSL they're expecting, and their entire session is quietly and securely proxied to NewServer.

sysadmin1138
  • 133,124
  • 18
  • 176
  • 300
0

I would consider using Application Request Routing (http://www.iis.net/download/ApplicationRequestRouting) which is an IIS Extension that basically provides a proxy/router and can act as a load balancer, so you could install it in the IIS 7 machine and start routing all requests through it so that the old IIS 6 server is still running all of them, then use Web Deploy (http://www.iis.net/download/WebDeploy) to sync the live server to the new IIS 7 publishing content and certificates and any other objects like GAC, COM, etc. Once the sync is done, you can just turn off the routing and immediately requests can be served by IIS 7 directly, if something goes wrong you can always just enable ARR to continue to route them at the back end.

Carlos Aguilar Mares
  • 1,886
  • 13
  • 8