This post is a summation of many different points to consider when deploying a Sitecore site to the public. Many of these are .NET tips that apply, but most are specific to Sitecore solutions. The checklist is broken down into two main categories: Security and Performance.
I. Security
1. Protect Admins Pages
Some of the older versions of Sitecore do not protect the admin pages under the /sitecore/admin/
folder. You should block public access to these by implementing security via IIS configuration. You can read how to do this in section 2.3 of the Security Hardening Guide (for 6.0 – 6.4).
2. Turn on Custom Errors
Remember to update your production web.config
to <customErrors mode="RemoteOnly" />
. This will allow to you have a friendly error message to your site visitors should an error occur.
3. Secure the Sitecore Backend
Don’t forget to reset the admin user’s password. It would be quite embarrassing to go live with “b” as your password.
4. Deploy Your Real License File
Ensure a live license file is deployed, not a temporary license or partner development license.
II. Performance
1. Configure Keep-Alive
Update your web.config
to set the UrlAgent
to the public URL of your site’s keep-alive page. By default the URL is not fully qualified and therefore a web request cannot be made to it, so just update it with your hostname. Having this enabled will ensure the application pool’s worker process does not shut down.
[sourcecode]
<agent type="Sitecore.Tasks.UrlAgent" method="Run" interval="01:00:00">
<param desc="url">/sitecore/service/keepalive.aspx</param>
<LogActivity>true</LogActivity>
</agent>
[/sourcecode]
2. Turn Debug Mode Off
Remember to update your production web.config
to <compilation debug="false">
. This will result in higher performance of the application since extra debug info doesn’t need to be processed.
3. Regularly Rebuild Search Indexes
If you’re using Sitecore.Search
, ensure search indexes are set to rebuild on the public database (e.g. web). If you don’t regularly rebuild your search indexes, they can become fragmented and can degrade performance. One way to rebuild them regularly is to create a page that when requested rebuilds the indexes. You can use Wget to automate executing this script.
4. Tune the Cache Sizes (Prefetch, Data, Item, and HTML Caches)
It’s important to tune your cache sizes instead of using the out-of-the-box values. If you’re not sure how the many layers of the Sitecore cache works, read the Caching Overview by Jens Mikkelsen. Sitecore recommends some initial values in Chapter 5 of the CMS Performance Tuning Guide. As the guide mentions, remember to modify the Prefetch cache config as many of the default values are unnecessary and will waste system resources.
5. Define Machine Keys to Load Balanced Servers
If your CD environment contains multiple load balanced servers, make sure you apply the same machine key to all instances. To understand more about what you need to do, refer to section 4.5 of the Scaling Guide.
6. Tweak Your Delivery Environment
If you want more tips, Rick Cabral from ISITE Design has published a good guide on ways to Tweak Your Sitecore Delivery Environment.
Your Tips
What are your tips or checklist items you refer to when you launch a Sitecore site? Leave them in the comments below.
Don’t forget to set the EnableEventQueues property in your web.config to true. If it’s false and you have published something, you will have to clear the cache manually.