Security is one of the very important considerations for any website.Today I want to share on how to make sure we keep site’s security in mind while implementing the solution, security is equally important as your build.
Following are few points which contribute in website security:
- Change the administrator password :
- Sitecore recommends that we create a new administrator account, with a unique name, and delete the out-of-the-box administrator account.
- Before you deploy your Sitecore installation, you must change the administrator password to a strong password.
- Changing the password prevents unauthorized users from using the default password to access the admin account.
- Enforce a strong password policy:
- Sitecore leverages the Microsoft ASP.NET Membership Provider as the out-of-the-box user management system.
- Sitecore recommends that you change the password policies to one that works for your organization.
- Separate Content management and Content delivery Servers:
- We should setup Separate content management and delivery servers, and content management server shouldn’t be internet facing.
- If you have to expose your content management environment to the internet, you must:
- Use HTTPS to secure the content management server.
- Consider using IP Filtering to allow only whitelisted clients to connect to the Content Management environment.
- Protect the connectionstrings section in the web.config file:
- Sitecore stores sensitive information in the web.config file in the <connectionStrings> section.
- You should encrypt the <connectionStrings> section to prevent this information from being exposed if the web.config file is accessed without authorization.
- The Microsoft ASP.NET IIS Registration Tool (aspnet_regiis.exe) can be used to encrypt this section.
- Separate Database server:
- The CMS and database should be in two different servers.
- Security rights on content item(s):
- We should make sure that security rights has been configured for users and more specifically on roles, which users will be a part of.
- Setting security rights on the roles level helps administrators to change the configuration, if user moves to a different department, which all together has a different role.
- Anonymous access to /data and /indexes folder:
- We should make sure that data/indexes folder are not accessible to anonymous users(This prevents unwanted access to files), and it should be outside of website folder.
These are few of the things which we should take care while implementing/deploying Sitecore solution, this helps us in dealing with hacks and security breaches to some extent.
Happy learning 🙂
Sitecore site that is easy to use for Editors, developers and users is considered as best Implementation, we should always consider content editors while designing Sitecore, because any change afterwords can results in lot of back and forth and cost as well.
I would like to share my thoughts based on real time experience, and i think we should try to consider these in every project from beginning.
- Experience Editor : Sitecore setup cannot be considered as complete or good, unless all the components are Experience Editor (Page Editor)friendly, this includes:
- Should be able to add components and datasource.
- Making sure components can be moved.
- Should be able to set the personalization.
- Should be able to configure test.
- Proper configuration of placeholders, which takes care of adding relevant components in proper section of the page.
- Edit page metadata.
- Editor should be able to add field values from Experience editor like (background Image, multi-list fields and etc)
A fully functional experience editor page is the first sign which shows your commitment towards client and quality of your delivery, and same time you are also making use of Sitecore at it’s best.
- Insert Rules:
- Insert rules helps establishing information architecture of content tree, which increases consistency, with Insert rules you can restrict what content types can be added under specific location of content tree, which helps in defining scope and helps running queries as well.
- We can go to Configure -> Assign and set the Insert options, we also have a way to dynamically define it by using “Insert Option Rules“.
- Insert rules helps your content author, and guide them how and what can be added into specific location of content tree, this will help reducing any type of content error in the site, assist developers to define scope while writing programs which makes your code more stable.
- Standard Values: The standard values item is an item of the given template type, which will be used to hold the default field values.
- By defining default values we can make sure to pre-populate the standard field values, so that content authors doesn’t have to populate it over and over again.
- We can set the default values explicitly, or use of token is a also a great way to populate the values.
- We can populate following fields every time when new item gets created in Sitecore:
- Date (if exists)
This a great way to help content authors to give them a feel that page doesn’t looks incomplete while adding a new page to content tree, and editors can of course go back and change the default values if required, you can configure default data sources for you renderings in required.
- Help text : How content authors are comfortable with Sitecore, determines if your Implementation is successful, so, as a developer we always have to think about content author experience, and that should be our high priority.
- We should make sure field labels are optimized in such a way they serve the needs of both the developer as well as the content editors, we can achieve this following three ways:
- Short description and
- Help link
- The title field and the short description of a field item enable us to provide the content editor with useful information and have a technical field name for developers to work with.
- If you go to specific field item in Sitecore, you can set these values which helps content authors in understanding what this field is meant for, and what value should be added.
- Clean Sitecore tree:
- A clean Information structure helps in making Site more consistent, and we should always remember that site will be used by content editors and not by developers, so it should be as clean as possible.
- A new content editor, who just joined the team shouldn’t find any difficulty understanding the site, and it’s component structure.
- Good information architecture is a key to successful Sitecore Implementation and maintenance.
- Components/placeholder configuration(s):
- Proper configuration should be done for placeholders, so that content authors can add only those components which are meat for specific placeholder, this way we can make sure to maintain the design, and can prevent any sort of compatibility issues with the page.
- We can use allowed control that exists on the placeholder level, which defines the list of component(s) which can be added.
- Also, on each rendering we should define “datasource location” and “datasource template” which helps content authors to understand that these data items are compatible for specific rendering(s).
- Thumbnail for Renderings:
- We should try to add thumbnails for all renderings, so that content authors can visualize that what rendering is meant for what, if there are no thumbnails added, it can creates a confusion to content editors, in case if no friendly names has been given to renderings.
- If friendly name has been given, it still makes more sense and add value to assign thumbnails.
As a Sitecore consultant and developer, we should keep an eye on every part of your solution from day 1, this helps you in understanding the system as a whole, and also gives you an opportunity to make sure that best practices has been followed while developing the solution,and also that we are using Sitecore features at it’s best.
I hope this helps somebody.
Happy learning 🙂
There are several useful articles and blogs about #Sitecore best practices, but I am trying to put together my learning on this area. Sitecore has different components shipped within it i.e “analytics“, “workflows“,”personalization” and others.
Before starting or working on any application, our main focus should be to understand application as a whole and not just part of it, believe me this is a key for overall success of your implementation, try to get involved and get more and more information about the solution as a whole.Once you have a big picture in mind, it’s easy to work on small features and then for integrations.
There are several categories we can have, when we talk about Sitecore best practices:
- Content structure.
Templates: Templates are the base for any Sitecore implementation, templates are grouping of certain fields that make one entity/table in Sitecore, which can have one or more then one field(s). There are few things which we should consider while designing a template.
- Think about the entity first and all related fields which can be grouped.
- List down all the fields which needs to be added to a particular entity.
- Now identity if there are any set of fields which are common to other entities as well, at least to few, if not all, like “Headline”,”Teaser”, “Main Content” or “Image” fields.
- If you get a list of common fields, then create a new “Base Template” and add all those fields in that template, this is also to make sure we are reusing the template and fields as much as possible.
- You can use the “Display Name” property to provide a user-friendly name for any item.
- Always try to group fields in section, this is logic separation of fields, still all the fields comes under same template only.
- Try to give user friendly name for all sections,fields and templates so that business users/content authors can identify and understand them easily.
- Always set default values in standard values of template, so that we can prepopulate some of the field values.
- If there is predefined structure we have to follow, we should always consider branching template, this really helps content authors and they will love you for this.
- Try to have unique icon added to you template, so that it is easy to recognize.
- Presentation should be configured in standard values, so that it can be applied to all instances of that template.
- Creation of “Base Templates” should always be in your radar, so that you can make use of Sitecore inheritance where required.
Content structure: This is the second step where we create items based on the template created, content structure helps content authors to look for the information or details they are interested, here are some of the things that we should consider while creating/designing content structure.
- As a standard, try not to have more than 100 items under particular node, can be folder or page item, this can impact Sitecore performance.
- If expecting more than 100, then consider using buckets or if not buckets create folders in a way that it doesn’t exceed more then 100 child per folder/item.
- Try to have only page items created under home page, this can change, you can read my blog on different options for configuring content tree https://ankitjoshi2409.wordpress.com/2017/02/07/structuring-and-organizing-sitecore-content-in-content-tree/
- Plan content structure based on site map, place all the items which are accessed using URL as descendants of the website, we should mimic sitemap structure in sitemap as well.
- Make sure we have security added for items which which should not be accessed by specific user role(s).
- Indexes should be configured for automatic updates,for better and faster content editor experience.
- Make sure to consider multi-site environment as well, and create folder accordingly, this also helps in content sharing from one site to another.
- Try to create folder template for structuring page items, should try for it as much as possible so that we have more control on the tree.
- Maintain only a few versions of each item in the implementation- this is to improve the performance.
Presentation : Some of the things to consider while setting up the presentation:
- Page should be Experience editor friendly.
- Make sure to use Experience editor friendly tags like
- Sublayout(s) and Rendering(s) should be configured to be cachable for better browsing experience.
- Rendering should be added to page template standard values,when applied at an item level, any changes to the layouts require a lot of effort to make changes to all items. When applied at standard values, such modifications become easier.
- Any updates to the specific should be done directly on final layouts, please read my blog for more details- https://ankitjoshi2409.wordpress.com/2017/02/06/sitecore-shared-vs-final-layouts/
- Rendering should have data source template and data source location defined, this helps personalizing the site and making sure the application is experience editor friendly, this is important configuration for Experience editor.
- All the components/rendering(s) should have thumbnail image added to it, this helps CAs configuring dealing experience editor nicely.
- Use placeholders settings and allowed control setting, so that CAs can add/create only those modules which are required for that page design to work.
- Don’t allow a single template to contain two fields with the same name.
- Avoid hard-coding as much as possible so that we don’t have to update the code, if any change required.
- Use IDs instead of paths/name whenever possible.
- Avoid using any form of the descendant axix, like GetDescendents
- Try not to modify Sitecore base files and use Sitecore patching for any updates to config files, this helps in upgrade process if required.
- Content Editing should be done on the master database, and then pushed to web database.
- Restrict access to content delivery servers.
- Use the general best practices of developments applicable to C# with tools like Re-sharper.
- Set up continuous integration.
As I mentioned before there are lot of articles that has more details on best practices and guidelines, please make sure to read those as well.
I hope this will give you some degree of information, which can be applied while designing any structuring your Sitecore site.
Please feel free to add feedback and comments, happy to discuss more.
Happy learning 🙂
Most of us might have faced issues with performance and slow Sitecore instance,I would like to share my experience with Sitecore troubleshooting which I have learned over the period of time, these are some of the things which I feel should be checked whenever we see the application has really some performance issues.
This is one of the key factor of healthy business relation, we should make sure that application/business always meets users expectation, a non performing(from performance standpoint) site can’t guarantee a high ROI.
Here are few things i would like to mention to check the slow performing Sitecore site, and what can be done to fix it.
- Logs Reviews:
- This is one of the wonderful feature which is shipped with Sitecore, and we should make use of it to check the performance of the application, regularly checking the logs can help us in fixing the issue well before in time before it becomes critical.
- Logs can give us most of the details which includes:
- Publishing details.
- Schedule task running.
- Any code error issue.
- Indexing or query issue.
- Issue with MongoDB connectivity.
- Issue with SOLR server connectivity.
- Issue with SQL server connectivity
- Above are some of the details which we can review and proceed our investigation, it’s always better to have something in hand to troubleshoot, instead of randomly looking for something.
- Enable JS,CSS Compression:
- This helps in boosting the performance of application, by reducing page request to server or browsing the pages.
- We can make use of static and dynamic content compression in IIS.
- Sitecore Debugging:
- We should make use of Sitecore debugger tool which can be found in Page editor, this gives a very good understanding and statistics around different components being used in the page.
- Helps in understanding which specific component(sublayout/rendering) takes how much time to render on the page.
- One of the early troubleshooting which every developer should start doing right from the time we start experiencing performance issue in local development environment.
- This tools helps in narrowing down the problem with code,and thus helps in putting all our energy and time in right spot.
- Sitecore Schedule tasks:
- Always try to review the Sitecore schedule tasks, and see if there is any task which is running and which is not expected?
- Make sure to review all the agents which is present under <agents> section, in web.config or using custom patch(if used).
- Another thing to note, we should also consider updating the frequency of that task execution by updating the time,if schedule task is not required we should disable it.
- See if the schedule task is triggering site full publish, this can be a serious issue in production environment,as this can clear all cache which can slow down the site.
- Keep close watch on the logs for anything related to schedules tasks.
- Indexing Strategy:
- Revisit the indexing strategy which is being used in the application, see if the full index rebuild is in place for any item publish event.
- Try to update the strategy if it’s not as per the requirement, or if it’s over killing.
- Please review this document for anything related to available indexing strategy- https://doc.sitecore.net/sitecore_experience_platform/setting_up_and_maintaining/search_and_indexing/indexing/index_update_strategies
- Image optimization:
- I have seen this issue with several applications, just because the images are not properly optimized, they end up taking more resource bandwidth and resulting poor user experience.
- Remember, this is the time of mobile, and any poor performing mobile site can be a serious issue to client.
- We should always train and educate our client and content authors to make use of optimized images, and trust me they will listen to you.
- This is one of the critical and important part of any Sitecore application, try to use indexes as much as possible when it comes to fetching details from the repository or searching of the items based on specific condition and filters.
- Try to perform all the operation directly in the query like:
- Avoid fetching all the results and then applying business rules to filter it based on specific condition, as I mentioned try to do most of the processing directly in query level.
- I had seen issues in application which was not performing well, just because of not making true use of indexes,review you index definition and configuration,and see if it has everything which is expected for it.
- Try to use create and use custom indexes for any custom feature, it’s always better to have one.
- Use of computed fields can be considered, this helps in executing any complex business logic while querying the results.
- Site publish:
- We should not trigger complete site publish in production environment,unless and until it’s very much required, this can be a costly operation, as this clears all the cache.
- Try to publish only areas which are required, we can trigger full site publish in development environment, but should be done carefully in production.
- Use Smart or Incremental Publish.
- Configure sublayout(s) and rendering(s) to use caching, this can give a real good browsing experience to site users.
- Clearing cache is something which should be considered in production environment, when trying to publish items this will clear the cache and can slow down the application performance.
- Use of GetDescendants is one of the costliest operation we can think off, we should always try using indexes or fast queries if possible and required.
- Revisit your code and search if there is any reference to GetDescendants, and update it if required.
- No of Items under one node:
- Try not to have more items under single node/item, and break it down using several sub folders or items.
- This helps in giving good content editor experience.
- make use of item buckets wherever applicable.
Few important things to follow:
- Write good code.
- Proper unit testing.
- Get your code reviewed.
- Follow best practices.
This helps in fixing some of the issues before it goes to QA.
Please also refer Sitecore recommendation for performance optimization : https://sdn.sitecore.net/Articles/Administration/Sitecore%20Performance/Optimizing%20Sitecore%206%20and%20later/Optimizing%20Performance%20in%20Sitecore.aspx
I hope this helps someone in troubleshooting Sitecore performance issues, please let me know if you have any questions or comments, happy to discuss.
Happy learning 🙂