| title | description | ms.date | ms.topic | author | ms.custom |
|---|---|---|---|---|---|
Deploy the Web Server Components |
Understand the network architecture, users, security, deployment phases for installing and configuring the Business Central Web Server Components. |
10/11/2021 |
overview |
jswymer |
bap-template |
[!INCLUDEwebserver] Overview
[!INCLUDEazure-ad-to-microsoft-entra-id]
Giving users access to data from the [!INCLUDEnav_web], companion app, and Outlook add-in requires a Internet Information Services (IIS) website as part of your deployment. The website, which we refer to as [!INCLUDEwebserver] instance, hosts the files that provide content and services to client users over the Internet. This article highlights several factors to consider to help you set up [!INCLUDEwebserver] instances that suit your deployment requirements.
If you just want to get started installing the [!INCLUDEwebservercomponents], see Install Business Central Using Setup.
[!INCLUDEwebserver] instances run on ASP.NET Core on IIS, which in part dictates the directory structure of the instances. For more information about ASP .NET Core, see Introduction to ASP.NET Core.
The following illustration shows the component infrastructure that supports [!INCLUDEwebserver] instances on your network.
Each [!INCLUDEwebserver] instance must connect to a [!INCLUDEserver], which in turn connects to the database that contains the application and business data. Multiple [!INCLUDEwebserver] instances can connect to the same [!INCLUDEserver]. You can deploy these components on one computer or on separate computers. For example, you can install the [!INCLUDEwebserver] instance on one computer and the [!INCLUDEserver] and SQL Server database on another computer. The topology that you choose depends on the network resources and the infrastructure of the [!INCLUDEprod_short] components. The installation and configuration process is different for each scenario.
For information about the common deployment scenarios, see Deployment Topologies.
Important
[!INCLUDEprod_short] doesn't support Microsoft Entra application Proxy, because Application Proxy doesn't fully support web sockets.
Creating a [!INCLUDEwebserver] instance
There are two ways to create a [!INCLUDEwebserver] instance. You can use the [!INCLUDEprodsetup] Setup or the [!INCLUDEwebserver] PowerShell cmdlets.
Using [!INCLUDEprodsetup] Setup
Setup is the quickest way to get a web server instance up and running, and is typically how you install the first [!INCLUDEwebserver] instance in your deployment.
-
Setup installs the [!INCLUDEwebservercomponents], which does the following:
- Installs and configure IIS with the required prerequisites, including Microsoft .NET Core - Windows Server Hosting
- Installs a web server instance on IIS. This instance has a name that matches name of the [!INCLUDEserver] instance.
- Installs components and files in a WebPublish folder that enables you to add additional web server instances without having to use the [!INCLUDEprod_short] installation media (DVD).
-
You can only use Setup to install a single [!INCLUDEwebserver] instance.
-
Setup does not let you choose the site deployment type for the web server instance. By default, it creates a SubSite instance. For more information, see Site Deployment Types.
For information about how to install the [!INCLUDEwebservercomponents], see Install Business Central Using Setup.
Note
[!INCLUDEupgrade_known_issues]
Using [!INCLUDEwebserver] PowerShell cmdlets
There are several PowerShell cmdlets that enable you to create, configure, and remove [!INCLUDEwebserver] instances from a command line interface. To create a web server instance, you use the New-NAVWebServerInstance cmdlet, which has the following advantages over Setup:
-
You can create multiple web server instances.
-
You have more flexibility regarding the site deployment type of the [!INCLUDEwebserver] instances on IIS. For example, you can create a root-level website instance or a subsite application instance under a container website.
Important
Using New-NAVWebServerInstance cmdlet requires that Microsoft .NET Core Windows Server Hosting is installed and IIS is installed and configured with the prerequisites. So unless you have previously installed the [!INCLUDEwebservercomponents] by using Setup, you will have to install and configure the prerequisites manually. For more information about the prerequisites, see Configure Internet Information Services.
For information about how to create a [!INCLUDEwebserver] instance by using the New-NAVWebServerInstance cmdlet, see [Creating and Managing [!INCLUDEwebserver] Instances Using PowerShell](../deployment/configure-multiple-web-server-instances.md).
Typically, you will deploy the [!INCLUDEnav_web] in phases, which can influence the network topology and security settings that you deploy. For example, in the development phase, you develop, test, and fine-tune the application. In this phase, you might consider deploying the [!INCLUDEnav_web] in a single-computer scenario. When you move to the production phase, you deploy the [!INCLUDEnav_web] in the full network infrastructure.
[!INCLUDEprod_short] supports four methods for authenticating users who try to access the [!INCLUDEnav_web]: Windows, UserName, NavUserPassword, and AccessControlService. Windows authentication is configured by default. For more information, see Users and Credential Types and Authentication and User Credential Type.
Service Account for [!INCLUDEserver] and [!INCLUDEprod_short] Database Access
When you install [!INCLUDEserver] and [!INCLUDEprod_short] database components, you must identify an Active Directory account to provide credentials for the servers. By default, Setup runs [!INCLUDEserver] and the [!INCLUDEprod_short] database under the Network Service account, a predefined local account that is used by the service control manager.
Tip
We recommend that you create and use a domain user account for running [!INCLUDEserver] and accessing the [!INCLUDEprod_short] database. The Network Service account is considered less secure because it is a shared account that can be used by other unrelated network services.
For more information, see Provisioning a Service Account.
You can help secure [!INCLUDEprod_short] data that is transmitted over the Internet by enabling Secure Sockets Layer (SSL) on the connection to the [!INCLUDEnav_web]. You can configure SSL when you install the [!INCLUDEwebservercomponents] or after the installation.
For more information, see Configure SSL to Secure the Web Client Connection.
Configure Internet Information Services
Configuring-the Business Central Web Server