Separate the content website from Umbraco backend when deployment
Dear everyone,
We would like deploy the content website separated from umbraco backend. It means deploy the content website in server A and deploy the umbraco backend in server B, can we do that?
Why we have this idea since we need to ensure the security high. Although I referenced the following links about the admin backend folder security, but actually if we can deploy separated machine will be better. Please help me out if you have any idea.
PS: I tried the separate them myself, the admin backend runs failed. if only deploy the content website separated from admin backend, it's ok, but the content doesn't update if the page content of the admin backend changes.
It should be possible but if you have load balancing setup then there are certain files in the /umbraco/ folder that the publishing code calls so its not as simple as just deleting the backend section of the site. We've had similar problems when locking down access to the umbrace folder, the publishing code also gets blocked! You can do using IP blocking via IIS if you need to assuming you have the right access to do so (you hopefully have if you are load balancing?).
I'm not very familiar with CMS system. But as experience, CMS of enterprise should be the one, which edit in backend and deploy to N website in public with load balance software.
Of course, we can set some restrictions for IIS folder with IP range..etc. But I don't think it's a good solution. Backend is in intranet and websites are in internet would be more better for security.
Do you have more information about load balance about Umbraco? How a pity for Umbraco if it supports these not well. Thank you very much!
To ensure that everything updates correctly when using a separate backoffice and content website you can use the Load Balancing functionality. Both sites use the same database and a webservice is used to update the cache on the content server when changes are made in the backoffice. This does mean that the firewall configuration needs to allow the webservice call to be made from the backoffice server to the content server.
Load Balancing is configured in UmbracoSettings.config in the distributedCalls section. You need to add both of the servers to the list. Here is the detailed guide:
You install the full site on the backoffice server ( all the Umbraco files and your files ), and only install the minimal Umbraco files on the content site. Note that you can't delete all of the Umbraco files - it needs the webservice that refreshes the cache. The files you need to keep on the content site are
/umbraco/masterpages/default.masterpage
/umbraco/webservices/CacheRefresher.asmx
You will need to consider how to keep the media section synchronised between the two servers. Any media items added through the backoffice need to be made available to the content website. The same applies to the index files if you are using Examine for search.
Finally, the DistributedCall will log any exceptions to the log table in the database. This helps investigate why the content site is not getting updated with changes.
Separate the content website from Umbraco backend when deployment
Dear everyone,
We would like deploy the content website separated from umbraco backend. It means deploy the content website in server A and deploy the umbraco backend in server B, can we do that?
Why we have this idea since we need to ensure the security high. Although I referenced the following links about the admin backend folder security, but actually if we can deploy separated machine will be better. Please help me out if you have any idea.
PS: I tried the separate them myself, the admin backend runs failed. if only deploy the content website separated from admin backend, it's ok, but the content doesn't update if the page content of the admin backend changes.
http://our.umbraco.org/forum/getting-started/installing-umbraco/12385-Prevent-browsing-to-Umbraco-Admin-url
http://our.umbraco.org/forum/getting-started/installing-umbraco/9055-Prevent-external-access-to-umbraco
http://our.umbraco.org/forum/getting-started/installing-umbraco/13272-How-to-Lock-Down-Umbraco-Backend
Thank you very much!
Best Regards,
Jacky.Huang
It should be possible but if you have load balancing setup then there are certain files in the /umbraco/ folder that the publishing code calls so its not as simple as just deleting the backend section of the site. We've had similar problems when locking down access to the umbrace folder, the publishing code also gets blocked! You can do using IP blocking via IIS if you need to assuming you have the right access to do so (you hopefully have if you are load balancing?).
Thank you, Peter!
I'm not very familiar with CMS system. But as experience, CMS of enterprise should be the one, which edit in backend and deploy to N website in public with load balance software.
Of course, we can set some restrictions for IIS folder with IP range..etc. But I don't think it's a good solution. Backend is in intranet and websites are in internet would be more better for security.
Do you have more information about load balance about Umbraco? How a pity for Umbraco if it supports these not well. Thank you very much!
Best Regards,
Jacky.Huang
To ensure that everything updates correctly when using a separate backoffice and content website you can use the Load Balancing functionality. Both sites use the same database and a webservice is used to update the cache on the content server when changes are made in the backoffice. This does mean that the firewall configuration needs to allow the webservice call to be made from the backoffice server to the content server.
Load Balancing is configured in UmbracoSettings.config in the distributedCalls section. You need to add both of the servers to the list. Here is the detailed guide:
http://our.umbraco.org/documentation/Installation/load-balancing
You install the full site on the backoffice server ( all the Umbraco files and your files ), and only install the minimal Umbraco files on the content site. Note that you can't delete all of the Umbraco files - it needs the webservice that refreshes the cache. The files you need to keep on the content site are
/umbraco/masterpages/default.masterpage
/umbraco/webservices/CacheRefresher.asmx
You will need to consider how to keep the media section synchronised between the two servers. Any media items added through the backoffice need to be made available to the content website. The same applies to the index files if you are using Examine for search.
Here is the Umbraco Tv video on configuring the load balancing: http://umbraco.org/help-and-support/video-tutorials/for-site-builders/load-balancing/how-to-setup-load-balancing
Finally, the DistributedCall will log any exceptions to the log table in the database. This helps investigate why the content site is not getting updated with changes.
Dallas
is working on a reply...