wsprod.colostate.edu default web site


Division of IT - General web servers upgrade project, 2023

WSNETDEV2 -> WSDEV: WSDEV is running
WSNET2 -> WSPROD: WSPROD is running

Server 2012r2 -> Server 2022

Sections:

  1. access
  2. files
  3. directory structure
  4. shares
  5. shibboleth
  6. file system access
  7. general sites
  8. virtual hosts
  9. Oracle - access is IP-restricted (!!!)
  10. Oracle - Client software version is different
  11. Cipher Suites updated
  12. Other fixes we discovered related to server version upgrade
  13. https for virtual hosts
  14. Need your old files???
  15. Production Parameters - new

1. Access:

- wsprod is accessible from off-campus

2. Files:

- are copied as of ~5pm October 5, 2023; subsequent new changes should be manually file copied or redeployed to new servers

3. Directory structure:

- this is preserved. If your files were on e:\users\cwis987\ that's where they are on the new servers.

4. Shares:

- Mapping network drives is preserved, so if you had \\wsnet2\mycwis mapped, you can map \\wsprod\mycwis
(You may also use the FQDN, so \\wsprod.colostate.edu\mycwis)

5. Shibboleth:

- Since the file system and site definitions are the same, so is the shibboleth protection-map

6. File system access:

- By humans: Preserved. If your colostate account (e.g., camram@colostate.edu) had access, or you were in an AD group (e.g., chhs_web_pros) that had access, that is the same
- By your web code: Double check. If your web code would write files to the web server, we tried to preserve that but please confirm.

7. General sites:

- We recreated the cwis "applications" under the default web site in IIS.
This means if your users accessed your content at https://wsnet2.colostate.edu/cwis555/hello.aspx,
they will now access the same at https://wsprod.colostate.edu/cwis555/hello.aspx

8. Virtual hosts:

- wsnet2 did allow virtual hosts, so we have replicated those on wsprod and once we fully launch, will alter DNS.
-- We already added the bindings, however, so if you edit your hosts file in C:\Windows\System32\drivers\etc\hosts you can point your special domain name to wsprod's IP, which is 129.82.103.115

*there are 278 dns entries with a CNAME to wsnet2.colostate.edu...*

9. Oracle access is IP-restricted !!!

- If you have a web user account which accesses Oracle databases, such as BANPROD or ODSPROD or HRPROD or similar, you must first coordinate with the database team (Mark Britton) to get your account on the allowlist for those servers. WSPROD's IP is 129.82.103.115 and WSDEV's IP is 129.82.103.116
I don't believe the *dev* oracle databases are so restricted, but have not confirmed.

*If you do not do this the systems will automatically shut off your web user account after three unauthorized connection/query attempts*

10. The Oracle client software version is different on these new servers.

Oracle.ManagedDataAccess.dll
The version number of your Oracle.ManagedDataAccess.dll file is critical for success. These servers require version 19.9.0 which Adam/Trey can get to you. Note this is behind, as Oracle is in the 21s already.

Oracle.DataAccess.dll
Your Oracle.DataAccess.dll may throw an error - "could not load file or assembly 'Oracle.DataAccess' or one of its dependencies (or similar)"
A new version of this DLL, matching the Server's client version, is required. Deploy it directly to your bin folder. Adam/Trey can get this to you.
ALSO, remove <add assembly="Oracle.DataAccess; Version=2...; public key token...> from web.config when doing this.

11. Cipher Suites

- These servers are using an advanced template from IISCrypto (on recommendation of the System CISO) and offer only the following cipher suites in addition to TLS 1.2 and 1.3 only:

12. Other fixes some have found to be necessary

13. We will soon be allowing https: for your virtual hosts (on wsprod only)

- This was unavailable with the old software. Once the server transition is complete, we will open requests for https.

 

14. Need your old files???

- Since wsnet2 is a cname to wsprod now, if you map network drives to \\wsnet2.colostate.edu\your-cwis, you will land on the new server.

  The solution is to map to the old server's underlying network name \\wsnt2.colostate.edu\... (no 'e') or you could keep your maps but change your local machine's hosts file to point wsnet2.colostate.edu to the old server's IP of 129.82.103.32.

  (wsnetdev2 is still available for mapping network drives until 11/2/2023 as we did not cname that one.)

15. Production Parameters - reminder that this is a shared resource

- WSPROD serves many sites belonging to many departments on campus. As such, it is imperative that each app/site is not allowed to consume so many resources that the entire service, and the other users, are negatively impacted.

  Therefore any application pools found to be using outsized percentage of system CPU or shared Memory will be throttled/capped as necessary to preserve this important resource.