This technical note describes how to integrate Reflection for the Web with an existing Microsoft Internet Information Server (IIS) running on Windows Server 2003. This technical note assumes that IIS has already been installed on your server.
A utility is available to integrate specific versions Reflection for the Web with IIS, as follows.
The information in this technical note is organized into the following sections:
By default, Reflection for the Web installs and uses the Jakarta Tomcat web server, so you do not need to integrate Reflection for the Web with IIS to use Reflection. However, you may choose to integrate Reflection and IIS for one or more of the following reasons.
By default, the IIS ports are: HTTP = 80 and HTTPS = 443.
Note the following prerequisites.
If no <Default Web Site> is found, the installation will hang and the following error will display in the IISWizard log:
CreateVirtualRoot: Error - 2147024892 (0x80070003) creating key for virtual root
Attachmate Technical Support recommends that you review this entire technical note before you begin installing or configuring Reflection for the Web. It is also recommended that you review the Installation Guide, which is available within the product and at http://support.attachmate.com/manuals/rweb2008.html
When Reflection for the Web is installed, a Tomcat self-signed certificate is created. When Reflection is integrated with IIS, the IIS certificate will be used.
Reflection for the Web uses a Tomcat or IIS certificate based on the following conditions:
HTTPS must be enabled in IIS in order to encrypt communications (including user names and passwords) sent between client computers and the Reflection management server. It is important to confirm that your IIS web server is configured to support HTTPS connections; follow these steps:
Note: While HTTPS is recommended for security reasons, if you are evaluating Reflection for the Web and don't have a CA signed certificate, use HTTP. If using HTTP, no changes are needed; skip to Installing Reflection for the Web.
If all three buttons in the Secure communications area are enabled, then HTTPS support is enabled in your web server. Skip to the next section, Installing Reflection for the Web.
If the View Certificate or Edit buttons appear dimmed, HTTPS is not yet enabled. You must follow one of the two options below.
Option 1 (Recommended): Enable HTTPS support in IIS.
Follow these steps to request and incorporate a web server certificate from a Certificate Authority (CA) in order to enable HTTPS support in IIS.
When completed, HTTPS support is enabled in IIS. All three buttons in the Secure communications area should appear enabled.
If you want to require HTTPS, follow the steps below to configure Reflection for HTTPS.
In Reflection for the Web 9.x, under "Choose management server access protocol," select HTTPS, and then click Save Settings at the top or bottom of the Reflection Settings page.
Option 2 (Not Recommended): Use HTTP to access sessions on the Reflection management server.
Reflection for the Web defaults to allowing HTTP; however, this option is not recommended because HTTP does not encrypt communications sent between client computers and Reflection management server (including user names and passwords).
If you choose to use HTTP, no changes are necessary.
To integrate Reflection with IIS, you must use the Reflection automated installer to install Reflection onto your Microsoft Windows Server 2003 web server. You will be prompted to integrate with IIS during the installation process. You can choose to integrate during installation or any time after you complete installation by running the IIS Wizard utility, which is installed automatically. See Running the IIS Wizard (if integration was skipped during installation).
Before installing Reflection, you must uninstall any previous version of Reflection for the Web using the Windows Add/Remove Programs utility. For information about upgrading earlier versions of Reflection for the Web, see the Reflection for the Web Installation Guide.
Begin the automated installer and follow the prompts. Use the following information to help you complete the installation and integration.
To integrate Reflection for the Web with your IIS installation, you must install and configure the following Reflection components and port settings.
Note: The installation wizard requires that you enter detailed information pertaining to your environment. See the Reflection for the Web Installation Guide for specific installation instructions and an installation checklist.
While running the installation wizard, you can select which features of Reflection for the Web you would like to install. For this installation, you must install the following features:
You can also choose to install the following optional features:
Note: Reflection for the Web 2008 Standard Edition does not include the server proxy server.
During installation, you must configure port values for the IIS HTTPS port (and beginning in Reflection for the Web 2008, for the HTTP port also) and for the servlet runner (Tomcat) HTTP and HTTPS ports.
For the IIS HTTPS (and HTTP in Reflection for the Web 2008) port value enter the port that your IIS web server uses for HTTPS (and HTTP).
By default, the IIS ports are: HTTP = 80 and HTTPS = 443.
The default Servlet Runner Port values used by the Reflection (Tomcat) servlet runner are:
If necessary, change the default values to an unused port number.
In earlier versions, while running the installation wizard, you must change the servlet runner port settings from their default values in order to avoid conflicts with IIS during configuration.
By default, the Reflection IIS Wizard creates a new virtual directory named Jakarta in the IIS <Default Web Site> location. If you wish to use a web site other than the <Default Web Site>, follow the steps below to create a virtual Jakarta directory. Otherwise, skip to Windows Server 2003 Configuration.
Note: For Reflection integration with IIS, the IIS server must have a site called <Default Web Site> defined, even if you are planning to integrate Reflection with a different site.
Follow the steps below to create and configure a virtual directory for your web site.
Follow the steps below to set the virtual directories authentication methods for both ISAPI filters in the virtual directory.
If you are not using Windows 2003, skip to Starting the Administrative WebStation.
If you are using Windows Server 2003, you must add the Jakarta Filter to Web Service Extensions and set the status for this extension to Allowed. Follow these steps:
Once the management server is restarted, you should be able to launch the Administrative WebStation in a browser using the URL below; where <protocol> represents the protocol (either HTTP or HTTPS) accepted by IIS to connect to Reflection, and <hostname> represents the host name of your web server computer.
For example, if your web server supports HTTPS:
If your web server does not support HTTPS:
To verify the ports used by your IIS web server, right-click your web site in the IIS console, select Properties, and click Advanced on the Web Site tab.
In Reflection for the Web 8.0 9.x, if IIS is configured for HTTPS, the shortcut's target URL is automatically updated when the IIS Wizard is run. However, if you are using HTTP because HTTPS is not available, follow the steps below to modify the URL to use HTTP.
In your IIS console, right-click the icon for Web Sites and select Properties. Click the ISAPI Filters tab.
You should see two ISAPI filters, JakartaFilter and JakartaFilter_Sec. There should be a green up-arrow by each filter name, indicating that the filter is loaded. If the filters are not loaded, select each filter and click Enable.
If you selected to integrate with IIS during the Reflection installation, skip this section.
If you did not select to integrate with IIS during installation, follow the steps below to configure your Reflection installation using the IIS Wizard utility:
Note: For Reflection integration with IIS, the IIS server must have a site called <Default Web Site> defined. For further details, see Prerequisites.
To restart the Reflection server if you installed it as an NT service, go to Control Panel > Services, and then right-click Reflection Server. If you did not install it as a service, go to Start > Programs > (Attachmate) Reflection for the Web, click Stop Servlet Runner, and then Start Servlet Runner.
For information about restarting IIS, see your Microsoft IIS product documentation.
Alternatively, you can reboot your system to restart IIS and the Reflection server.
If you are using Windows Server 2003, follow the steps in Windows Server 2003 Configuration to properly add and configure the Jakarta Filter.
If you wish to use a web site other than the <Default Web Site>, follow the steps in Configuring Your Web Site for Reflection.
You can unintegrate Tomcat servlet runner from IIS by running the IIS Wizard. Follow these steps:
Now, to access Reflection for the Web, use the Tomcat ports assigned during the Reflection for the Web installation.
At this point, the integration of Reflection for the Web's Tomcat servlet runner with IIS is complete. Consult the Reflection for the Web Installation Guide for information about setting up Reflection for the Web's optional security or metering components, or upgrading any existing sessions or settings.
For information about Reflection for the Web's access control options, open the Administrative WebStation. In the left-navigation bar, click Overview, and then click Access Control Overview.
For information about setting up Single Sign-on through IIS authentication with Reflection for the Web, see online help under Access Control setup in the Administrative WebStation.