Monday, May 11, 2015

How to Make Sitecore Architecture More Powerful !

How to make Sitecore architecture more powerful!

Architecture begins where engineering ends. - Walter Gropius

Architecture is as important in software development as it is in building construction. No one breaks ground on a building without any plans and good architect.

With the non-functional requirements captured, the next step is to start thinking about how you're going to solve the problems set out by the stakeholders and define the architecture.

The architect should be very careful about IA architecture and initial back grounding of the project. He/she should know all the alternative and pros/cons of the technology and of course cost.
Architecture definition is about introducing structure, guidelines, principles and leadership to the technical aspects of a software project. So here I am adding some point that can help the Sitecore architect to build a robust system.

There are total 24 points that every Sitecore Architect Should Know:

1.       Identify the scope of the project: scope of the project must decide at the very begging  of the any project so accordingly we can design/architect the application, below are some few sample questions that needs to be asked for a customer for Sitecore applicable:
·         How will the website use the content?
·         Scope of data migration?
·         Scope of Web Forms?
·         Scope of any third party integration like CRM, Sales-force, Facebook
·         Infrastructure requirement would be on cloud or physical servers?
·         Any specific performance required?
·         Any rapid development requires like campaign etc.
·         Scope of multi-lingual and multi-site?
·         Scope of DMS, what type of reporting they want?
·         What kinds of content items exist?
·         What types of content elements will appear consistently on multiple pages (also known as reusable content)?
·         Where does the aforementioned, reusable content come from?
·         Does the reusable content display different content on different pages?
·         Does the system display content from other systems?
·         How do you integrate the content from the other systems?
·         Is the solution multilingual? If so, does the content on the multilingual versions differ?
·         What kinds of users will have access to the CMS?
·         What website regions or content types will each user have access to?

2.       Choose the Right Sitecore version:
Always choose the right version of Sitecore, before project getting started. It’s not always good to implement the latest version of Sitecore, it should be decided after considering the factors below
·         Team strength
·         Product version maturity and stability
·         Cost
·         Scope and timeline of the Project.
3.       Selection of technology:
Web Forms and MVC are two different approaches for building Sitecore application
Both can be excellent choices, and both can be very bad choices,
Depending the requirements of the application and the knowledge and experience of the team on technology.
4.       Setup Sitecore project and code deployment methodology:
There are two ways to set up the visual studio solution with Sitecore. Your solution is fully coupled with the Sitecore web site. Your solution is outside of Sitecore's website and you use some post build process to deploy. For more information please visit at
And it’s always recommended to keep your project outside the root directory
5.       Identify the build deployment process:
Architect need to be decided which methodology should be used for deployment purpose, obviously the cost can be the most important factor like TDS has license cost over serialization or package creation methodologies.
6.       Use of Sitecore Rocks: its need to be decided that Sitecore rock would be used in the project or not. Sitecore itself recommends using this tool for rapid development.
7.       Responsive design framework:  RWD is very common now’s a day, it need to be decided which framework would use for responsive design like bootstrap, htm5 etc. So, accordingly resource and design would be finalized.
8.       Third party integration: It should be proper planning for any third party integration with Sitecore application like CRM, Sales force, etc., so, accordingly IA architecture and solution can be designed.
9.       Defining IA: Information architecture design can be as significant as the coding of a CMS solution. Below are some important aspect that should be considered 
10.   Scope of DMS: Sitecore layout, template, DB design (Mongo-DB in Sitecore 7.5 or later) must be designed based on the DMS scope like personalization, email campaigning etc.
11.   Search selection: search is the backbone of any ECM system, so need to decide very carefully which search pattern or framework should be implemented like Lucence, Solr, Coveo, custom search pattern. You can find some  information on Coveo search here

12.   Setting multiple site solution: It is possible to have multiple sites in the same solution in Sitecore, but there are a few pitfalls and issues which need to be taken care while developing the solution.
13.   Identify the multi-lingual solution: Architect also needs to consider the factor of multi-lingual solution while creating an IA including template, layouts, presentation and standard value.
14.   Publishing architecture: publishing is very time consuming process in Sitecore application, sometime we required the dedicated Sitecore instance for publishing task to avoid long queue.
So here we need to decide and set up the accordingly
15.   Setup multiple CM and CD: By default, each Sitecore instance provides both content management (CM, for CMS users maintains the managed sites) and content delivery (CD, for visitors to those managed sites). But we can separate the CM and CD facilities into separate environments, typically involving separate servers. It’s always recommended to keep separate the CM and CD environment. Below are some advantage of separating CM and CD:
·         Scalability
·         Performance
·         Security
·         Administration
16.   Handling media library: we can manage a media library within Sitecore by two ways either in
Database or file system. Both have pros and cons so, at the time of designing the project we need to decide the best approach. Also, we need to consider some cloud based approaches like DAM with Sitecore etc.
17.   Caching implementation: Cache plays very important role in website performance. So, an understanding of all Sitecore caches is really important before implemented. If we understand all of them, then it would be easy to do performance tuning using cache settings.
18.   Web form implementation: architect also needs to identify the web form marketer scope and find out how it compatible with MVC.
19.   Logging mechanism: Sitecore uses log4net for its logging purposes, but in some situations we need to build a custom logging mechanism. One of the most common scenarios would be a multi-site solution in which the standard log will become huge and finding the exact trace information becomes painful. so we need to consider this factor at the time of designing the architecture of the application.
20.   Error handling in Sitecore: we need to consider various levels of exception/error handling like Custom Errors, Try... Catch... Finally Blocks, XSL Exception Management, Web Forms Exception Management, MVC Exception Management, Application (Global) Exception Management, Error Pages, Managing Exceptions. So after taking all error handling, need to decide the base architecture where it should be forcefully implemented.
21.   Sitecore customization: architect needs to identify the scope of customization in Sitecore like pipeline and some UI customization so accordingly template and project should be modified from the very beginning of the project.
22.    Consider Sitecore performance: Sitecore IA plays a very important role in performance point of view, below are some points that need to be considered for optimization purpose of the application:
·         Avoid Item which has more than 100 items.
·         Caching tuning
·         Enable CSS, JS Caching, Compression
·         IA architecture (avoid creating items with hundreds of children
·         Optimization in publishing wizard
·         Prevent use of Get Descendants
·         IIS level optimization
23.   Sitecore security:  Sitecore provides a comprehensive security infrastructure that you can use to secure any item in any Sitecore database. An architect should know all the aspect of Sitecore security and should implement at the time of designing the application. Sitecore also provides additional functionality that enables you to use Microsoft Dynamics Customer Relationship Management (CRM) and Active Directory (AD) for authentication.
Below are the some security topics that need to be considered at the time of designing the site.
·         Access rights
·         Users
·         User profile
·         Roles (groups)
·         Domains
·         Security inheritance
24.    Scope of data migration: scope of data migration requirement should be handled from beginning of the project here you can find the complete details on this topic.

I Hope this article will help you.

Happy Sitecore !!

Friday, May 8, 2015

Think before GO-Live - Check Sitecore Security First

All development has been done and planning to GO-Live? Stop thinks about security. Security is the major concern for any web application and it should be well implemented to avoid any vulnerability, security itself is a very big topic and difficult to implement from all aspect but yes we can secure our site as much as possible.

Is your Sitecore application secure? Ask this question again and again, what all are the check-list have followed for better security of the system?

Even if your Sitecore solution does not require authentication for users of the managed websites, you should consider Sitecore security when designing your information architecture.

 Here I am listing some checklist that should be implemented  before GO-LIVE.

1.       Protect your user password policy: enforce user to enter the strong password. Please refer the blog for complete details:

2.       Ensure you changed the default admin password: Changing the password prevents unauthorized users from using the default password to access the admin account
1.        Login with admin user:

2.        Go to security editor >
3.        Go to user manager >

3.       Restrict Anonymous Access to Sitecore Folders from IIS:
We should restrict following folders
·         /App_Config
·         /sitecore/admin
·         /sitecore/debug
·         /sitecore/shell/WebService
Below are the steps to change the permission  level of this folder:
1.        Open the IIS > run> inetmgr
2.        Navigate to the Web Sites\your instance name\folder name.
3.        Double-click Authentication under feature view.
4.        Disable the anonymous user

4.       Ensure your login page on https: you can use If you do need HTTPS on some (but not all) of your website’s pages you might also want to consider the SSL Redirector module on the Sitecore marketplace. It allows serving of content items over HTTPS encryption by adding the template to the templates of the items you wish to be encrypted.
5.       Ensure that Client RSS Feeds is disabled if there is sensitive information: just disable the client rss feed setting from webconfig

6.       Ensure that the only way to upload files is from the Media Library: by disabled the Upload Watcher the  files that are placed in the /upload folder are not automatically uploaded to the Media Library.

7.       Ensure the correct license file on the production server:  Install the correct license in each environment. Most important, do not install a license that allows content management in a content delivery environment. An improper license can increase the solution’s vulnerability to attack.
8.       Ensure to follow best practice if importing users from another system.
9.       Ensure your custom error on: Remember to update your production web.config to <customErrors mode="RemoteOnly" />. This will allow to you have a friendly error message to your site visitors should an error occur.

10.   Ensure your custom administrative pages are fully protected never leave these pages unprotected.
11.   Prevent Cross Site Scripting (XSS) Attacks”: Cross Site Scripting (XSS) attacks are when a user submits HTML, script or SQL code to your site via form fields. Client-side validation should prevent malicious data being entered, but remember that this relies on JavaScript, which is trivial to disable in the browser. Add the following attribute to the <httpRuntime> element in your web.config file to enable request validation:
12.   Ensure that security rights is assigned to roles and not to users.
13.   Ensure that home item permission is Heavily restricted of each managed site, and grant access rights to its children and descendants instead.
14.   Use UserSwitcher wherever required instead of SecurityDisabler when editing programmatically.
15.   All non-implemented membership provider methods should throw non-supported exceptions
16.   Create the roles in Sitecore Domain instead of specific domain
17.   Use locally managed domains in the case of a multiple site implementations in single Sitecore instance.
18.   Turn off Auto Complete of Username in the Login Page
You can specify that Sitecore should not complete the username of users automatically when they log in. This is useful, for example, if you do not want user names to be disclosed when content authors log into Sitecore on a shared or public computer. In addition, you can disable the Remember me checkbox.
·         To disable auto complete of user names, open the web.config file and set the Login.DisableAutoComplete setting to true. This disables autocomplete on the Sitecore login forms on the /sitecore/login/default.aspx and /sitecore/admin/login.aspx pages.
·         To disable the Remember me checkbox on the login page, open the web.config file and set the Login.DisableRememberMe setting to true. This also ignores any existing Remember Me cookies, and all users have to log in again

Hope this will help you.

Happy Sitecore J

Configure Sitecore 9.1 Content Tagging feature with Open Calais

What is Tagging? Tagging refers to the metadata of the content which is assigned to a content by the content creator and the r...