Configuration for Production Environment - version 6.1

From Sense/Net Wiki
Jump to: navigation, search
  •  
  •  
  •  
  •  
  • 100%
  • 6.0
  • Enterprise
  • Community
  • Planned

Overview

Configuration
This page contains production environment configuration for Sense/Net 6.1. The following list contains configuration requirements that serve as guidelines when a Sense/Net 6.1 site is deployed to a live production environment.

Sense/Net 6.1 version

System requirements

Roles

Setup a machine with Microsoft Windows Server 2008 or Microsoft Windows Server 2008R2 and add the following roles:

You can find detailed information about adding roles and features here.

  • Web Server (IIS)
    • Web Server
      • Common HTTP Features
      • Static Content
      • Default Document
      • Directory Browsing
      • HTTP Errors
    • Application Developement
      • ASP.NET
      • .NET Extensibility
      • ISAPI Extensions
      • ISAPI Filters
    • Health and Diagnostcs
      • HTTP Logging
      • Logging Tools
      • Tracing
    • Security
      • Windows Authentication (Only for AD integrated portals)
      • Request Filtering
    • Performance
      • Static Content Compression
      • Dynamic Content Compression
    • Management Tools
      • IIS Management Console

Windows Features

  • Windows Process Activation Service
    • Process Model
    • .NET Environment
    • Configuration APIs
  • .NET Framework 3.5.1 Features
    • .NET Framework 3.5.1
    • WCF Activation
      • HTTP Activation
      • Non-HTTP Activation

Additional components

  • .Net Framework 4.0

You can download or install .Net Framework 4.0 from here.

If NLB or AD sync. or any other tool is in use, you should install and configure the following components

Additional system requirements for Message Queuing:

  • Message Queuing
    • Message Queuing Services
      • Message Queuing Server
      • Directory Service Integration

Message Queuing is a Windows Server Feature so it can be added the same way as the other Windows Features above. Here you can find some information about setting up a message queue.

Settings

Application Pool settings

The following setting must be done on the application pool of the website which runs the Sense/Net ECMS. Here you can find some information about managing application pools.

  • .NET Framework version: 4.0
    • reason: workflow support in Sense/Net is only available with .NET 4
  • Recommended identity is a domain user for all application pools in an NLB environment
  • Process Model Idle Time-Out (minutes): 0
    • reason: some features need the system to be always up (workflow, notification); every request should be served fast, even after long idle times
  • Recycling / Disable Overlapped Recycle: true
    • reason: more processes are not allowed to access the index in file system simultaneously
  • Shutdown time limit (seconds): 180 (*)

(*) recommendation for large repositories and large number of requests

Please note that if you want to use the Performance Counters feature, the application pool user needs to be an administrator because of the necessary privileges for managing performance counters in the system.

Before changing configuration or updating/uploading dll's, the site has to be stopped, and started only after changes have been committed! Updates to configuration or changes in the webfolder bin directory may result in index malfunctioning if the site has not been stopped beforehand!

Website settings

The following setting must be done on the IIS website:

  • Connection String - Here you can find some information about configuring a database connection string.
  • Machine Key (in case of NLB environment) : - Here you can find some information about configuring the machine key.
    • Generate Keys
    • Uncheck all auto generate checkbox
  • Session State : SQL (in case of NLB environment) - Here you can find some information about configuring the session state.

If you configure multiple web servers you should take one additional step. In IIS Manager under the Advanced Settings of the web site you should check that the ID of your site is the same on every IIS server. If not, you should change it to match.

If Anonymous Authentication is enabled on the website it is recommended to select the "Application pool identity" user on the anonymous authentication credentials dialog (select Anonymous Authentication and select the Edit option).

File system settings

  • Grant Modify access to the Application Pool User on the Web folder

If you want to apply more restrictive permission settings you may grant Modify permissions only for the configurable LuceneIndex and LuceneIndex backup folders and grant read permissions for the rest of the web folder. In this case the Lucene folders must be created manually before starting the website.

Here you can find some information about file and folder permissions.

Web.config setting

  • Make sure that nobody can download the content of the LuceneIndex and LuceneIndex_Backup folders. Do one of the following:
    • in IIS Manager add the following two request filtering settings:
      • Deny sequence: /LuceneIndex
      • Deny sequence: /LuceneIndex_backup
    • or insert the following part into the security/requestFiltering section of the web.config (equivalent with the first method):
<denyUrlSequences>
   <add sequence="/LuceneIndex" />
   <add sequence="/LuceneIndex_backup" />
</denyUrlSequences>

To do the following configuration you should open and edit the web.config file located at the root of the web folder.

  • Uncomment the following lines (Optional for NLB and AD snyc.), and provide the appropriate queue paths (see MSMQ#Configuration for details):
<add key="ClusterChannelProvider" value="SenseNet.Communication.Messaging.MsmqChannelProvider, SenseNet.Storage"/>
<add key="MsmqChannelQueueName" value=".\private$\incomingqueue;FormatName:DIRECT=TCP:192.168.x.x\private$\outgoingqueue" />

Configurations required

Configure Logging

  • You can find detailed information in the Logging section of our wiki under EventLog (see Logging#EventLog)

Configure MSMQ

  • For every appdomain create a private queue, on the same machine as the appdomain.
  • Set the security settings of the queues as follows:
    • Grant at least Reveive/Peek/Send message permissions to the users that run the aplication pool of the web sites (all NLB nodes) and all the tools (e.g. Import, Backup).
  • In the web.config specify the names of the servers and queues (more info: MSMQ#Configuration)

Related links

References