14 February, 2022

Sitecore Managed Cloud App Services - Information

Recently I got a chance to work in a Sitecore Managed Cloud App Services environment. This is my first Sitecore project in the Sitecore managed cloud environment. I wanted to list some of the findings and learnings. 

I will keep on updating this article with the new learnings. 

  1. Create new environment
    When the approval has been received from client and Sitecore team has asked you to request for the new environment, you can go to Sitecore Support Portal to request for new environment. 

    Login to Portal --> Create Service Request --> Sitecore Managed Cloud App Services --> Create New Environment. 

  2. Subscription and Resource Group names
    The Azure Subscription and Resource Group names for various environments will not have environment suffix or prefix. Names will be always a random string or guid. For example, if the environment is QA, it will not have QA as a suffix or prefix. Some customers create the production environment, use it as UAT environment till the site is ready to be launched and then switch it over as Production. Since Azure Resource Group names cannot be renamed, client will end up having resource group name with wrong environment prefix. 

    You can use Environment Marker Chrome Extension to differentiate between the resource groups. Azure Resource Group name will be always there in the URL when you use Azure Portal. So with the name (random string), you can add it to the chrome extension and add a marker to the page. 

  3. Sitecore Support asks for Resource Group name every time
    I find it strange to notice that whenever I create a Sitecore support ticket, they always ask for the resource group name of the relevant environment. Though I select it as part of the ticket creation, they always asks the questions. So it is better to add the resource group name upfront as part of the ticket creation for quicker response. 

  4. Media CDN Setup
    In our managed cloud environment, Sitecore media CDN is enabled by default (I guess. It happened to be the case for my request) and Azure CDN is used as CDN for media items. In case if there are some files stored in filesystem, you may need to customize the UrlBuilder provider to load filesytem media items with CDN hostnames. 

  5. Azure Front Door is not added by default
    In our managed cloud environment, Azure Front Door (AFD) is not added as part of initial environment creation. AFD has layer 7 load-balancing capabilities. It has Web Application Firewall support, can add custom route rules and also has CDN support. I strongly encourage everyone to set it up before the website launch. In case if you are tryin to add the Azure Front Door after the launch, there may be disruption to the site when configuring custom domain.

  6. SearchStax - SwitchOnRebuild is not enabled by default
    In our managed cloud environment, the default setup of SearchStax for managed cloud environment is not enabled with SwitchOnRebuild feature. You need to follow few steps to create Solr Collection, Aliases and then enable Sitecore patch file. You can follow the steps mentioned in this blog

    SwitchOnRebuild  - You can set up Solr to rebuild an index in a separate core so that the rebuilding does not affect the search index that is currently used. Once the rebuilding and the optimization of the index completes, Sitecore switches the two cores, and the rebuilt and optimized index is used.

  7. Azure Front Door (WAF) is costly but needs improvement (not related to Sitecore Managed Cloud)
    This point is not related to Sitecore Managed Cloud but Azure Front Door in general. AFD has various managed rules for Web Application Firewall (WAF). This is a costly product but it needs a lot of improvements on their WAF rules. You may expect various false positive blockage due to the cookie value or the cookie name. Even the ASP.NET cookie value content may be considered as SQL Injection. Even Microsoft document mentions that if the managed rule exclusion does not help, mark that rule as Log instead of Prevention. This leads the hackers to send malicious requests with that excluded rules. 

No comments:

Post a Comment

blockquote { margin: 0; } blockquote p { padding: 15px; background: #eee; border-radius: 5px; } blockquote p::before { content: '\201C'; } blockquote p::after { content: '\201D'; }