EPiServer Operator's Guide - EPiServer World

More documents

Recommendations

Info

6 | EPiServer Operator's GuideTimeout for LogoutIf the Web site uses forms authentication, the users that are logged on will be automatically logged out by .NETafter a certain period of inactive time. This period of time can be changed in web.config by setting the timeoutattribute, which states timeout in minutes, on the forms part under authentication.Release ModeMake sure that the .dll files in the bin directory that belongs to the Web site are compiled in Release mode. A .dllfile that is compiled in Debug mode is larger, uses more memory and is slower than the one compiled in Releasemode.Dynamic pages and user controls also have script-like code, which is compiled when needed by ASP.NET. Inorder for this to be compiled in Release mode, change web.config by changing the value for the debug attributeto "false". If it is a problem that pages compile when required, e.g. loss of performance, you can also state that allthe pages should be compiled at once during compilation. This is done by setting the batch attribute to true.EPiServer ConfigurationEPiServer's installation program automatically applies a configuration template at first time installation. This,among other things, sets file access rights and certain settings in IIS. Refer to the EPiServer Configuration Toolchapter for further information.All settings configured by an administrator are saved in the web.config file. Some of these settings are alsoavailable in Admin mode under System settings and can also be displayed for all installed EPiServer sites inEPiServer Manager.Roles and AuthorityIn web.config, you can define which roles will have access to which parts of EPiServer. There are mainly twoparts that need to be secured: Edit and Admin. These are limited to the roles WebEditors and WebAdmins asstandard, but these settings can be changed as you wish. A role is normally the same as a group, if you log onwith Windows or an EPiServer user.Encrypt web.configEPiServer has built-in support for encryption of sensitive information in web.config. From System Settings inAdmin mode, select the Encrypt the web.config file check box to encrypt the information for the databaseconnection, which also has a database login and password, and the user information to connect to the LDAPserver. These settings will be saved in encrypted format.You can also enforce encryption of approved settings in web.config under the section, byediting web.config in a text editor. To activate encryption for a setting, add the text ENCRYPT in the valueattribute before the value in question, e.g. to encrypt the Upload directory (EPsUploadDir), changetoGo to System Settings and save the settings. If you now look in web.config, you will see that the line haschanged toCopyright © ElektroPost Stockholm AB - www.episerver.com
EPiServer Configuration | 7Note that, for security reasons, EPiServer will never save settings that have been encrypted once as decrypted.That is to say that if you have encrypted settings once, you can only view them in plain text in web.config byediting the file by hand and entering the required values.If you encrypt information in web.config, it will only be available in plain text via EPiServer's configuration objectand not via ASP.NET's built-in configuration object. We recommend that developers always use the built-in objectin EPiServer.CacheEPiServer has several built-in cache functions, some of which are activated as standard and others, which mustbe activated manually. A correctly setup cache is extremely important for good performance.Page CachePages and page listings are cached internally, so that an API call from a dynamic page will not result inunnecessary database calls. If access to a page does not take place during a 12-hour time period, the page willbe removed from the cache. At the next access, it will be read from the database again.The length of this time period can be changed in web.config via the EpnPageCacheTimeout setting. If this valueis changed to "0", the cache will be turned off. This may be useful when searching for errors, but is notrecommended for operation. The performance is considerably affected if this cache is turned off.Locking ManagementIf several users request the same page information at the same time, and this information is not already in thepage cache, there may be several parallel reads from the database whilst the cache is being populated. This cannegatively affect performance, if there are a lot of pages to be read, e.g. listings and tree structures. Parts or all ofthe cache are repopulated when changes occur, or if the application has just started.To avoid this happening, EPiServer uses optimistic locking management. This means that if a page is alreadybeing read to the cache, the next request for the same page will wait for the previous read to be completed. Twoconfigurable parameters in web.config are used for the wait function: EPnCacheSpinlockCount andEPnCacheSpinlockTimeout. If nothing is stated in web.config, SpinlockCount will be 10 andSpinlockTimeout 1000 — timeout is stated in milliseconds — which is optimal in most cases.An indication that these parameters may need trimming is if you listen to the traffic to the database server and seea large amount of calls to stored procedures netPageDataLoad and/or netPageListLoad with exactly thesame ID parameters. Note that this may also be a sign that the cache is turned off. If this is not the case, tryincreasing SpinlockCount and decreasing SpinlockTimeout. Make sure that SpinlockCount *SpinlockTimeout is not more than 10 seconds, as the product of this is the maximum time for reading to thecache to be completed.Output Cache (HTML Cache)A dynamic page can be cached as a static HTML file on the server. These functions in EPiServer are built aroundthe output caching concept in ASP.NET. Output caching is only suitable for Web sites with many anonymousvisitors, and is not standard for this reason. EPiServer has its own functions that ensure that output cache is notactivated for users that are logged on, as different users see different content depending on access rights andpersonalized information. Output cache is only activated by EPiServer for common page requests of type "GET",and not for postings ("POST").A page is normally built up with information from several other pages in EPiServer, e.g. news listings and treestructures. All changes (publications) from Edit mode will, for that reason, delete all the information that EPiServerCopyright © ElektroPost Stockholm AB - www.episerver.com
Page 1 and 2: EPiServer Operator's GuideAbstractT
Page 3 and 4: Introduction | 3IntroductionThe doc
Page 5: ASP.NET Configuration | 5Util/style
Page 9 and 10: EPiServer Configuration Tool | 9Mic
Page 11: Performance and Load Measurements |

EPiServer Operator's Guide - EPiServer World

Create successful ePaper yourself

Delete template?

Save as template?