EPiServer Operator's Guide - EPiServer World

EPiServer Operator's GuideAbstractThis document is mainly intended for administrators and developers that operate EPiServer or want to learn moreabout EPiServer's operating environment. The document assumes that you have certain knowledge aboutMicrosoft .NET and system administration in the Microsoft environment.Product version: 4.51Document version: 1.0

2 | EPiServer Operator's GuideTable of ContentsINTRODUCTION 3SECURITY CONFIGURATION OF THE WINDOWS ENVIRONMENT 3FILE ACCESS RIGHTS .............................................................................................................................................. 3INTERNET INFORMATION SERVER (IIS) ...................................................................................................................... 4ASP.NET CONFIGURATION 5SESSIONS .............................................................................................................................................................. 5TIMEOUT FOR LOGOUT ............................................................................................................................................ 6RELEASE MODE...................................................................................................................................................... 6EPISERVER CONFIGURATION 6ROLES AND AUTHORITY ........................................................................................................................................... 6ENCRYPT WEB.CONFIG ............................................................................................................................................ 6CACHE................................................................................................................................................................... 7SHARED HOSTING 8ROLES AND USERS ................................................................................................................................................. 8LIMITATIONS IN WINDOWS 2000 ............................................................................................................................... 8EPISERVER CONFIGURATION TOOL 9TEMPLATE SYNTAX ................................................................................................................................................. 9DOWNLOAD .......................................................................................................................................................... 10LOAD BALANCING 10FILES................................................................................................................................................................... 10CACHE................................................................................................................................................................. 10STATE AND SESSIONS ........................................................................................................................................... 11ASP.NET............................................................................................................................................................ 11PERFORMANCE AND LOAD MEASUREMENTS 11SIMULATING WORKLOAD........................................................................................................................................ 11PERFORMANCE MONITOR ...................................................................................................................................... 11SQL PROFILES..................................................................................................................................................... 12TROUBLESHOOTING 12A PAGE HAS SUDDENLY STARTED REQUESTING LOGIN ............................................................................................ 12ERROR MESSAGE: COULD NOT LOAD TYPE 'DEVELOPMENT.GLOBAL'......................................................................... 12LINKS AND REFERENCES 13The contents of this document are protected by copyright. Contents of the document may be freely copied anddistributed, either digitally or in printed format, to all EPiServer users.EPiServer® is a registered trademark of ElektroPost Stockholm AB. Other product and company namesmentioned in this document may be the trademarks for their respective owners.

Introduction | 3IntroductionThe document handles configuration of the main areas that an administrator manages: Microsoft ASP.NET,Microsoft Windows and EPiServer. This includes information about everything from NTFS access rights to howthe cache works in EPiServer.There is a chapter that handles shared hosting environment, i.e. when several totally separate EPiServerinstallations exist on the same server, and a chapter that describes EPiServer Configuration Tool, which is a toolto facilitate configuration of EPiServer installations based on predefined templates.This document also includes introductions to load measurements and load balancing, and also contains areference list, where you can find further information about the different subjects and tools referred to in the text.Microsoft Knowledge Base articles are referred to in the document, e.g. see KB Q815171. These articles areavailable on Internet via Microsoft’s Support Web site. Search for the article number athttp://support.microsoft.com, e.g. Q815171. These references are also listed under Links and References.Security Configuration of the Windows EnvironmentEPiServer requires certain settings in the Windows environment in order to work correctly. This mainly concernsfile and directory access rights and the configuration of Internet Information Server (IIS).File Access RightsASP.NET and EPiServer do not use impersonation, which is a change in how ASP.NET acts compared to ASP(see KB Q815171), as standard. This means that all code on the server will be run under the account thatASP.NET uses. There is, however, one exception that requires higher Windows access rights than the normalASP.NET account has. System settings may also require a Windows account, if you choose not to give theASP.NET account access rights to write to the web.config file.The table below describes the access rights required for a standard EPiServer installation. Note that speciallydeveloped templates may require additional access rights. The .NET files have been installed in the directory, usually C:\WINNT\Microsoft.NET\Framework\. Note that this path canvary and depends on how your system is installed. The EPiServer installation on the Web server is installed in the directory, usually c:\inetpub\EpiServer.Path Access right Description Read Used to run system .dll files./ASP.NETTemporary FilesRead/writeUsed by ASP.NET to compilecode dynamically. Read/write Used by ASP.NET to compilecode dynamically. Read Path to the installation./Upload Read/write Used to be able to upload files./Util/Temp Read/write Used for the generation oftemporary files, e.g.thumbnails.Copyright © ElektroPost Stockholm AB - www.episerver.com

4 | EPiServer Operator's Guide/Web.Config Read/write Used to be able to savesystem settings.Internet Information Server (IIS)AuthenticationThe authentication mechanism you choose in IIS depends on the authentication you use in ASP.NET. If you useforms authentication, as we recommend, you should only allow Anonymous access, as IIS is not responsible forauthentication then.If you use Windows authentication in ASP.NET, you should configure IIS for Basic Authentication or IntegratedAuthentication. Integrated Authentication cannot normally be used over firewalls, which is why it is normally onlyan alternative for intranets.Refer to the white paper, "Security in EPiServer" for a more detailed description, including the advantages anddisadvantages of using certain authentication mechanisms.Directory SettingsEPiServer 4 is a pure ASP.NET application and does not require any settings other than the standard settings. Itis, however, advisable to secure directories so that certain file types are not allowed in certain directories. Theground rule is to only allow Read permission in directories with downloadable files, like images, and only Scriptpermission in directories with script files, e.g. ASP.NET files. This is so that the code can only be executed andnot read. An exception is that IIS 5.0 requires Read permission to be set on a directory in order for a defaultdocument to work, e.g. default.aspx. This mainly applies to the admin, edit and root directories.Our recommendations for directory settings can be found in the table below:Directory Read Write Log accessDirectorybrowsingallowedIndex thisdirectoryPermissions/ X X X ScriptAdmin X X Scriptadmin/Download X NoneEdit X X ScriptHelp X X NoneImages X X NoneLang X NoneStyles X X NoneUtil X ScriptUtil/activex X X NoneUtil/flash X X NoneUtil/help X X NoneUtil/images X X NoneUtil/javascript X X NoneCopyright © ElektroPost Stockholm AB - www.episerver.com

ASP.NET Configuration | 5Util/styles X X NoneUtil/temp x NoneUtil/portalframeworks X Nonetemplates X ScriptUpload X X X NoneMapping of File Types and Error PagesEPiServer uses an adapted error page for "404 Not Found" to handle requests for directories that only exist inEPiServer and not in the file structure. The page stated here is /Util/NotFound.aspx as standard. This is nota requirement and can be directed to any ASP.NET page without disturbing EPiServer's functionality.Document SecurityIt is standard for all uploaded files to be publicly available for visitors, i.e. there is no access check or dependenceon the page's publication status. This is because the files are delivered directly from IIS and not via EPiServer.This is acceptable in most cases, that is to say if you do not work with sensitive information, e.g. on extranet, orinformation that may not be publicly available before the publication date.It is possible to configure uploaded files to be managed by EPiServer instead, where you can set the accessrights on directories directly from file management in Edit mode. You can also configure so that the page'sdirectory inherits the same access rights as the page. This is so that documents will not be available before thepage is. EPiServer's file functions are called Unified File System and the configuration is described in detail in theTechnical note, "Unified File System".When Unified File System is set up, all files are moved to a protected directory, publicly unavailable from Internet,in the operating environment. All links that, for example, point to upload, will continue working as EPiServer takesover all file access to this directory and handles access control. It is possible, for example, to give certain editorsaccess rights to change in certain directories, or only extranet users access to a particular directory.ASP.NET ConfigurationThis chapter focuses on some important points concerning the general operation of the ASP.NET environment,some of which are related to EPiServer.SessionsEPiServer does not use sessions, neither in Edit nor Admin mode. If the templates on the Web site do not usesessions either, you can inactivate them, so as not to unnecessarily use server resources. Do this by setting themode attribute to "off" in web.config under the sessionState part. See Microsoft KB Q306996 for more detailedinstructions.If a Web site saves information that is critical to the company in sessions, e.g. a shopping basket on a shoppingsite, you should consider not saving sessions in the ASP.NET process as is standard. You can choose to isolatethe sessions handling to a state server, or to a database. See Microsoft KB Q311209. The advantage is thatinformation in sessions will not be lost when ASP.NET or the IIS restarts. The disadvantage is that they negativelyaffect performance.Copyright © ElektroPost Stockholm AB - www.episerver.com

6 | EPiServer Operator's GuideTimeout for LogoutIf the Web site uses forms authentication, the users that are logged on will be automatically logged out by .NETafter a certain period of inactive time. This period of time can be changed in web.config by setting the timeoutattribute, which states timeout in minutes, on the forms part under authentication.Release ModeMake sure that the .dll files in the bin directory that belongs to the Web site are compiled in Release mode. A .dllfile that is compiled in Debug mode is larger, uses more memory and is slower than the one compiled in Releasemode.Dynamic pages and user controls also have script-like code, which is compiled when needed by ASP.NET. Inorder for this to be compiled in Release mode, change web.config by changing the value for the debug attributeto "false". If it is a problem that pages compile when required, e.g. loss of performance, you can also state that allthe pages should be compiled at once during compilation. This is done by setting the batch attribute to true.EPiServer ConfigurationEPiServer's installation program automatically applies a configuration template at first time installation. This,among other things, sets file access rights and certain settings in IIS. Refer to the EPiServer Configuration Toolchapter for further information.All settings configured by an administrator are saved in the web.config file. Some of these settings are alsoavailable in Admin mode under System settings and can also be displayed for all installed EPiServer sites inEPiServer Manager.Roles and AuthorityIn web.config, you can define which roles will have access to which parts of EPiServer. There are mainly twoparts that need to be secured: Edit and Admin. These are limited to the roles WebEditors and WebAdmins asstandard, but these settings can be changed as you wish. A role is normally the same as a group, if you log onwith Windows or an EPiServer user.Encrypt web.configEPiServer has built-in support for encryption of sensitive information in web.config. From System Settings inAdmin mode, select the Encrypt the web.config file check box to encrypt the information for the databaseconnection, which also has a database login and password, and the user information to connect to the LDAPserver. These settings will be saved in encrypted format.You can also enforce encryption of approved settings in web.config under the section, byediting web.config in a text editor. To activate encryption for a setting, add the text ENCRYPT in the valueattribute before the value in question, e.g. to encrypt the Upload directory (EPsUploadDir), changetoGo to System Settings and save the settings. If you now look in web.config, you will see that the line haschanged toCopyright © ElektroPost Stockholm AB - www.episerver.com

EPiServer Configuration | 7Note that, for security reasons, EPiServer will never save settings that have been encrypted once as decrypted.That is to say that if you have encrypted settings once, you can only view them in plain text in web.config byediting the file by hand and entering the required values.If you encrypt information in web.config, it will only be available in plain text via EPiServer's configuration objectand not via ASP.NET's built-in configuration object. We recommend that developers always use the built-in objectin EPiServer.CacheEPiServer has several built-in cache functions, some of which are activated as standard and others, which mustbe activated manually. A correctly setup cache is extremely important for good performance.Page CachePages and page listings are cached internally, so that an API call from a dynamic page will not result inunnecessary database calls. If access to a page does not take place during a 12-hour time period, the page willbe removed from the cache. At the next access, it will be read from the database again.The length of this time period can be changed in web.config via the EpnPageCacheTimeout setting. If this valueis changed to "0", the cache will be turned off. This may be useful when searching for errors, but is notrecommended for operation. The performance is considerably affected if this cache is turned off.Locking ManagementIf several users request the same page information at the same time, and this information is not already in thepage cache, there may be several parallel reads from the database whilst the cache is being populated. This cannegatively affect performance, if there are a lot of pages to be read, e.g. listings and tree structures. Parts or all ofthe cache are repopulated when changes occur, or if the application has just started.To avoid this happening, EPiServer uses optimistic locking management. This means that if a page is alreadybeing read to the cache, the next request for the same page will wait for the previous read to be completed. Twoconfigurable parameters in web.config are used for the wait function: EPnCacheSpinlockCount andEPnCacheSpinlockTimeout. If nothing is stated in web.config, SpinlockCount will be 10 andSpinlockTimeout 1000 — timeout is stated in milliseconds — which is optimal in most cases.An indication that these parameters may need trimming is if you listen to the traffic to the database server and seea large amount of calls to stored procedures netPageDataLoad and/or netPageListLoad with exactly thesame ID parameters. Note that this may also be a sign that the cache is turned off. If this is not the case, tryincreasing SpinlockCount and decreasing SpinlockTimeout. Make sure that SpinlockCount *SpinlockTimeout is not more than 10 seconds, as the product of this is the maximum time for reading to thecache to be completed.Output Cache (HTML Cache)A dynamic page can be cached as a static HTML file on the server. These functions in EPiServer are built aroundthe output caching concept in ASP.NET. Output caching is only suitable for Web sites with many anonymousvisitors, and is not standard for this reason. EPiServer has its own functions that ensure that output cache is notactivated for users that are logged on, as different users see different content depending on access rights andpersonalized information. Output cache is only activated by EPiServer for common page requests of type "GET",and not for postings ("POST").A page is normally built up with information from several other pages in EPiServer, e.g. news listings and treestructures. All changes (publications) from Edit mode will, for that reason, delete all the information that EPiServerCopyright © ElektroPost Stockholm AB - www.episerver.com

8 | EPiServer Operator's Guidehas placed in the output cache. That is to say that the cache will be reloaded the next time a page is accessed. Iftemplates contain data that vary over time, e.g. a server-generated clock, you must state how long the page canbe cached as HTML, so that the information, in this case the time, will not be incorrect.Set EPnCachePolicyTimeout in web.config to activate output cache. This states how many seconds a cachingis valid. To achieve the best performance, you should have, on average, more than one hit per unique pageduring the period of time (EPnCachePolicyTimeout). Otherwise it is just an unnecessary load for the server, asthe cached variant will probably never be read. The recommended setting is at least 3600 seconds or 1 hour.The output cache varies based on the Web browser type and the page ID. These values can, however, becustomised in EPsCacheVaryByCustom and EPsCacheVaryByParams. If an installation has, for example, aquery string parameter "print" that controls how the page is adapted for printout, EPsCacheVaryByParams mustbe changed to "id,print".User CacheInformation concerning the roles that a user belongs to, along with personalized information, is read when a userlogs on. This data is cached, so that the information does not need to be re-read for each new page viewing. Userinformation that is not read for 5 minutes is removed from the cache. The length of this period of time can bechanged in web.config via the EPnUserCacheTimeout setting. If this value is changed to "0", the cache will beturned off. This may be useful for troubleshooting, but is not recommended for operation. The main advantage ofthis cache, from a performance point of view, is obtained when the group membership is read from ActiveDirectory, or another external source that requires more resources than a local database lookup.Shared HostingShared hosting is when several EPiServer installations or other ASP.NET applications are operated for severalcustomers on the same server.Roles and UsersIn order to cut down on administration, we recommend that each installation/site only has one superuser accountcreated in Windows, and that the customers themselves set up EPiServer users for editors and administrators.The superuser account can then be used for, e.g. FTP access.The disadvantage of using Windows users, and therefore Windows groups, for role membership is that theseapply to the entire server and all sites. That is to say that if two sites use the same groups or roles by mistake, theusers can access each other's sites. If you use EPiServer users and EPiServer groups, these will only work persite.A simple rule of thumb is that, in a hotel environment, the standard groups WebEditors and WebAdmins shouldnever exist in the Windows account database. If the general groups exist, you cannot add users to them. Onlyoperators, for example, who need to access several sites can add users.It is possible to remove the Write access rights for the ASP.NET account and only allow the superuser account towrite to the web.config file. This will result in only the superuser account being able to save new Systemsettings and not common EPiServer users.Limitations in Windows 2000ASP.NET uses a general account that the ASP.NET processes run under. This cannot be changed per site inWindows 2000. This causes a security problem, as a site could, code-wise, be able to access information fromanother site. Unfortunately there is no good solution for this, as it depends on Windows 2000 architecture.Copyright © ElektroPost Stockholm AB - www.episerver.com

EPiServer Configuration Tool | 9Microsoft Windows 2003 Server, which has a new process model in Internet Information Server 6.0, solves thisproblem. Windows 2003 Server is, therefore, recommended for all types of ASP.NET shared hosting. Make surefirst that your EPiServer version supports this platform.EPiServer Configuration ToolThe installation program automatically applies a configuration template at first time installation. This, among otherthings, sets file access rights and certain settings in IIS. There is a tool that is used to be able to run this templateand other templates manually. A template is defined in XML format, which contains file access rights, IIS settingsand web.config settings. This template can then be run by EPiServer Configuration Tool to apply its access rightsand settings on an EPiServer installation. There is currently a base template, which is used at installation. It is, ofcourse, possible to customize this template or build your own templates according to the organization's wishesand security requirements.Template SyntaxGeneralThe template with settings for a configuration is built up as an XML file containing 3 main parts: file access rights(XML tag acl), Internet Information Server settings (XML tag metabase), and ASP.NET configuration (XML tagweb.config). Each main part is placed under the respective location in the structure, when the settings are to beapplied (XML tag location). This chapter describes these parts in further detail.Test configTest only

10 | EPiServer Operator's GuidemetabaseThis section modifies Internet Information Server's underlying database metabase, which is built up of properties.Four different elements can be stated under this section: add, remove, set and collection. "Add" only addsproperties if they do not already exist. "Set" that always allots the values. See the example with syntax below:The inherit attribute above defines whether settings from the parent in the directory structure should beincluded and write over any existing settings on this level. To learn more about which properties IIS saves, werecommend the MetaEdit program, which is available on Microsoft's support site, (see Microsoft KB Q232068).ConstantsThere are certain constants that are automatically translated to the correct values, depending on language andsettings.Name{RootDir}{Administrators}{IUSR}{IWAM}{Everyone}DescriptionThe application's root directory, e.g. / or /MyDirectory/.The name of the local administrator group.The name of the account used by IIS for the application, if it is run in-process.The name of the account used by IIS for the application, if it is run pooled.The name of the local group for anonymous users.DownloadThe latest version of EPiServer Configuration Tool can be downloaded from EPiServer's home page. See theLinks and References chapter.Load BalancingThis chapter is an introduction to EPiServer load balancing. For further information, refer to the white paper, "LoadBalancing and Clustering in EPiServer".FilesDirectories that editors upload files to should be on a central file server. This requires that the account that anapplication runs under has network access to this server.CacheIn order for all servers to be notified about EPiServer's cache updates, each server must recognize all the otherservers within the respective application. In web.config you configure a comma-separated list of site names underEPsCacheListeners. For further information refer to Technical Note, "Configuring the Cache in Multi-ServerScenarios".Copyright © ElektroPost Stockholm AB - www.episerver.com

Performance and Load Measurements | 11State and SessionsEPiServer does not require sessions, but different applications built on EPiServer may do. ASP.NET can eitheruse a state server or a database to save sessions. These settings are done directly in web.config for theinstallation.ASP.NETIn order for authentication and view state to work in a load-balanced environment, all the servers must have acommon machine key. This is configured in machine.config, which contains the main configuration for .NET on amachine. See Microsoft KB Q323744 for further information.Performance and Load MeasurementsEPiServer has good scalability and performance properties, but it is up to administrators and developers to beable to make full use of these. This chapter describes how you can easily check how much an EPiServerapplication stresses the system, and find any "bottlenecks", which can be fixed in due time. The first step is tosimulate workload.Simulating WorkloadWorkload is simulated, for example, by using tools provided by Microsoft. Use either Application Center Test(ACT), which is included in Microsoft Visual Studio Enterprise Edition, or the free tool Web Application Stress(WAS). See Microsoft KB Q313559 for information on download and configuration.As the results from a stress test differ greatly depending on, e.g. how you configure the test, the differenthardware, complexity in the tree and listings, and personalization, the best solution is trial and error. The aim ofthe test is mainly to get an idea of whether the installation will be able to handle the predefined requirements.It is suitable to start by only loading the first page, as this will take the majority of all the incoming requests, and itis often this page that is most complex.You can then continue and record a more complex scenario, where you simulate a typical user's interaction withthe Web site.The following chapter describes the parts that should be monitored during workload.Performance MonitorThe easiest way to see if the system is being loaded to its maximum is to monitor the CPU workload on both theWeb server and database server. The Web server's CPU will normally increase to 100% before the databaseserver, as there are several cache functions in EPiServer that reduce the amount of database requests.EPiServer has several built-in performance counters. See the table below.NameData Factory Reads/SecData Factory Listings/SecDescriptionThe amount of page data reads per second that EPiServer delivers. Acomplex template can display data from several different pages inEPiServer's structure, which is why this value can vary between differenttemplates.The amount of page data listings per second that EPiServer delivers. Acomplex template can display listings from several different pages inEPiServer's structure, which is why this value can vary between differentCopyright © ElektroPost Stockholm AB - www.episerver.com

Links and References | 13Links and ReferencesEPiServer white papers, detailed information in several different areashttp://www.episerver.com/whitepapersEPiServer FAQ, common questions and error messageshttp://www.episerver.com/faqEPiServer technical notes, short technical documents within specific areashttp://www.episerver.com/technotesAuthentication in ASP.NET: .NET Security Guidancehttp://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnbda/html/authaspdotnet.aspInfo: Process and Request Identity in ASP.NEThttp://support.microsoft.com/default.aspx?scid=kb;en-us;317012How to: Use the ASP.NET Utility to Encrypt Credentials and Session State Connection Stringshttp://support.microsoft.com/default.aspx?scid=kb;en-us;329290Info: ASP.NET State Management Overviewhttp://support.microsoft.com/default.aspx?scid=kb;en-us;307598How to: Install and Use the Web Application Stress (WAS) Toolhttp://support.microsoft.com/default.aspx?scid=kb;en-us;313559Copyright © ElektroPost Stockholm AB - www.episerver.com