+1-888-365-2779
Try Now
More in this section

Forums / Deployment / Sitefinity: Security, Remoting, Oracle, Ports

Sitefinity: Security, Remoting, Oracle, Ports

10 posts, 0 answered
  1. Jacques
    Jacques avatar
    427 posts
    Registered:
    28 Jun 2007
    01 May 2009
    Link to this post
    Hey there,

    We are about to implement Sitefinity for a client that has some concerns about security and optimal deployment options:

    Scenario: Dual windows servers for the presentation layer, possible application servers for the business logic layer and a separate server for the Oracle DB. Sitefinity will be configured to use InDatabase for session data. In terms of security the company's policies dictate a physical separation of the presentation layer into the DMZ and the business logic layer on application servers inside the local network.

    Here are the questions we need help with:

    1. Can Sitefinity be configured and deployed across three physical machines?
    2. If this is possible, does it come down to configuration or are there large changes required in terms of code?
    3. If this is not possible what are the security measures that one can put in place to avoid hacking of the web server and gaining access to the Oracle databases. (This is, over and above the encrypting of connection strings and expected firewalls).
    4. In either scenario what ports need to be open in the firewall to allow access to the Oracle DB. (Our understanding is that this is up to the DBA and the setup of the Oracle server, from an Asp.net standpoint the ports are configurable in the web.config... would this assumption be correct?)
    5. Is Sitefinity/Asp.net considered to be a stateful or stateless application.

    Any help here would be greatly appreciated and if someone has Sitefinity deployed in a similar environment I'd love to get in touch.

    Regards,
    Jacques

  2. Georgi
    Georgi avatar
    3583 posts
    Registered:
    28 Oct 2016
    04 May 2009
    Link to this post
    Hi J.Hov,

    Thank you for your questions and interest in our system. Here are the answers to these questions:

    1. Can Sitefinity be configured and deployed across three physical machines?

    Yes. You can have dual servers in load balance environment to handle your presentation. You can delete the Sitefinity/Admin/CmsAdmin directory, in oder to disable the Administration access, or you can deny any access if you do not want to delete any files. Then you can have another web server with a separate project, pointed to the same database as the front-servers. This way, when you manage the application from this server (which I assume will be behind the firewall), everything you change from this project, will affect the projects in front end (since we are storing mostly of the information of the database). Any physical files should be synchronized manually though. Your database server could be on a remote server, as long as any other server can access it.

    2. If this is possible, does it come down to configuration or are there large changes required in terms of code?
    When you configure the front-end server, you should only change the web.config settings related to the caching - Deploying Sitefinity in Network Balanced Environment

    4. In either scenario what ports need to be open in the firewall to allow access to the Oracle DB. (Our understanding is that this is up to the DBA and the setup of the Oracle server, from an Asp.net standpoint the ports are configurable in the web.config... would this assumption be correct?)
    - Your assumptions are correct. The DBA should be able to handle this.
    5. Is Sitefinity/Asp.net considered to be a stateful or stateless application.
    That's right. We are not saving any data in a session state. If you do any custom development, it is up to you to decide where and how you will store the temporary data. You can use sessions, but then your network load balanced environment should be configured to save the sessions in the database.

    Don't hesitate to contact us if you have other questions.

    Regards,
    Georgi
    the Telerik team

    Instantly find answers to your questions on the new Telerik Support Portal.
    Check out the tips for optimizing your support resource searches.
  3. Jacques
    Jacques avatar
    427 posts
    Registered:
    28 Jun 2007
    04 May 2009
    Link to this post
    On point 1 regarding the splitting of the application across physical tiers...

    I was referring more to the scenario where an application is split across three physical tiers where each of it's 'logical' tiers reside on a different machine.

    Specifically where the presentation layer is in a cluster or load balanced set of web servers, and where the business logic is on application servers and finally where the database is on a totally different server.

    So you could potentially have 2 servers serving the presentation layer needs, whilst another 2 servers serve the application needs and the DB server is hosted on a 5th machine.

    Regards,
    Jacques
  4. Jacques
    Jacques avatar
    427 posts
    Registered:
    28 Jun 2007
    05 May 2009
    Link to this post
    Any answers to this question?
  5. Georgi
    Georgi avatar
    3583 posts
    Registered:
    28 Oct 2016
    05 May 2009
    Link to this post
    Hi J.Hov,

    Could you please elaborate on the Business logic? Will it be a custom user controls/modules? Will it just provide an access to Administration?

    We would kindly ask you to submit only one thread (support of forum) for a given inquiry. Right now we have this question in several threads which slow us down. Thank you for your understanding in advance!

    Greetings,
    Georgi
    the Telerik team

    Instantly find answers to your questions on the new Telerik Support Portal.
    Check out the tips for optimizing your support resource searches.
  6. Jacques
    Jacques avatar
    427 posts
    Registered:
    28 Jun 2007
    05 May 2009
    Link to this post
    Hi Georg,

    There's two parts to the business logic.

    A) Sitefinity business logic (Assemblies)
    B) Custom modules (Also assemblies)

    The main reason we ask this is because the client would like to secure access to their database servers by placing the business logic in the local network and the presentation logic out in the DMZ. By doing this they do not have to open ports in their firewall for connections to Oracle, since the business logic layer is responsible for communicating with the database.

    Does that make more sense?

    Regards,
    Jacques
  7. Georgi
    Georgi avatar
    3583 posts
    Registered:
    28 Oct 2016
    05 May 2009
    Link to this post
    Hello J.Hov,

    Thank you for the additional details.

    In this case, you should do some custom development. Since the assemblies are part of the web site, it will not be an easy task to place them away engine that serves the pages. The only way of doing so that I can come up with it, is by creating web services which are serving the content. These web services should be part of the business logic, so the whole Sitefinity web site should be in this tier.

    Then your presentation layer should interact with the web services in order to take the content out of the CMS.

    Best wishes,
    Georgi
    the Telerik team

    Instantly find answers to your questions on the new Telerik Support Portal.
    Check out the tips for optimizing your support resource searches.
  8. Jacques
    Jacques avatar
    427 posts
    Registered:
    28 Jun 2007
    05 May 2009
    Link to this post
    Alright so if we were to take the web services route we would have to consider how Sitefinity extracts the different types of data out of the database.

    Would we be looking at wrapping the content providers for this? So in a normal situation I would imagine writing a web service that essentially wraps the original assembly objects and exposes the same methods via the web service. The website would then have to be configured to make calls to the webs service instead of the local assemblies.

    Does this sound correct?

    Regards,
    Jacques
  9. Georgi
    Georgi avatar
    3583 posts
    Registered:
    28 Oct 2016
    06 May 2009
    Link to this post
    Hi J.Hov,

    Yes, this sounds correct. Your web service should wrap the content management method and classes. Here are the base one:
    You can check the rest of the items that you want to manage/extract in our Developers Manual.

    Don't hesitate to contact us if you have other questions.


    All the best,
    Georgi
    the Telerik team

    Instantly find answers to your questions on the new Telerik Support Portal.
    Check out the tips for optimizing your support resource searches.
  10. Jacques
    Jacques avatar
    427 posts
    Registered:
    28 Jun 2007
    06 May 2009
    Link to this post
    Thanks Georgi
Register for webinar
10 posts, 0 answered