ColdFusion Administrator, IIS, and Deployment
Learn the configuration outside the CFML files that determines whether a legacy application can actually run and be recovered.
ColdFusion Administrator is privileged infrastructure. Restrict it by network, use a strong unique password, remove public mappings, and do not leave RDS or sample applications exposed.
What ColdFusion Administrator Controls
Server Settings
- Request timeouts
- Template caching
- Whitespace management
- Debugging output
- Error handling
Datasources
- JDBC drivers
- Connection details
- Connection pooling
- Validation queries
- Database permissions
Runtime Services
- Mail server
- Scheduled tasks
- Mappings
- Custom-tag paths
- Verity collections
Java and Integration
- JVM heap arguments
- Java class paths
- J2EE sessions
- Web services
- Event gateways in MX 7 Enterprise
Web-Server Connector
IIS or Apache must route ColdFusion file extensions to the application server. A connector problem can make static HTML work while .cfm requests return 404, 500, or hang.
IIS 6 Concepts in a Period Lab
- Web sites and host headers
- Application pools and identities
- ISAPI mappings and extensions
- Virtual directories such as
CFIDE - NTFS permissions for the ColdFusion service and IIS worker
Do not copy a permissive IIS 6 configuration into a current production environment. The purpose is to understand how the legacy deployment was wired.
Datasource Checklist
- Create a dedicated database login for the application.
- Grant only the tables and operations the application requires.
- Configure the datasource in ColdFusion Administrator.
- Test the connection from Administrator.
- Run a small query from a diagnostic template.
- Remove the diagnostic template after testing.
<cfquery name="healthCheck" datasource="support_portal">
SELECT 1 AS database_ok
</cfquery>
<cfoutput>Database result: #healthCheck.database_ok[1]#</cfoutput>
JVM Memory
ColdFusion MX runs on Java, so heap configuration matters. Increasing heap is not a substitute for finding large queries, unbounded application/session data, file-processing spikes, or memory leaks.
Record before changing: Current JVM path, minimum heap, maximum heap, other JVM arguments, ColdFusion edition, updater level, and available physical memory.
Deployment Inventory
| Item | Questions |
|---|---|
| Source | Where is the authoritative copy? Is production different from source control or backup? |
| Configuration | Which DSNs, mappings, mail settings, tasks, and Java classes exist only in Administrator? |
| Files | Which directories need write permission? Which contain uploads or generated documents? |
| Dependencies | Which CFX tags, COM objects, JARs, web services, or network shares are required? |
| Recovery | Can the exact app, config, database, and uploaded files be restored to a clean server? |
Safer Deployment Pattern for a Legacy App
- Place a current reverse proxy or load balancer in front of the legacy server.
- Allow traffic only from the proxy to the legacy web server.
- Block direct access to Administrator, RDS, internal diagnostics, and source backups.
- Terminate current TLS at the proxy while preserving correct host and protocol headers.
- Centralize access logs and health checks.
- Maintain a tested rebuild and rollback procedure.