Sitecore Shared Environment “Good Neighbor” Rules
If you are working in a shared Sitecore environment, or about to create one, this is a post for you!
Not all rules below work for all situations, so consider them carefully based on your specific circumstances. The following list should be used by teams to create their own lists of rules to be applied to their shared environments. The goal of creating these rules is to mitigate risks associated with maintenance, releases, performance, stability, updates, upgrades of Sitecore and team conflicts.
*** This list should be used in combination with general Sitecore best practices. Although some of the mentioned rules apply to Sitecore solutions in general, they become much more important in a shared environment, thus, have been included in this list.
*** This is a living post, so make sure to sign up for publishing updates to stay up-to-date with the latest updates.
- Config patching
- Follow the Sitecore recommended configuration file patching approach
- Use Sitecore Layers instead of Z naming conventions to control configuration loading order (load Sitecore configuration first, then project-specific, then shared)
- If a configuration change will impact the entire instance (URL format, cache settings…etc.) – get an approval from all teams
- If need to implement a change in pipelines or core Sitecore functionality – apply it based on the website context to avoid affecting other websites
- Avoid removing default processors and pipelines, but rather patch a new one before or after the one intended to be customized based on the intended change
- If a pipeline requires significant customizations, create a custom project-specific or shared duplicate and perform changes there whenever possible to ease future maintenance (avoid making extensive customizations to any pipeline)
- Avoid changes to global.asax and web.config
- If needed to perform tasks on application start and end – tap into Sitecore pipelines instead, in this case initialization and shutdown
- Avoid making changes to web.config
- Export appSettings and assemblyBinding’s to external files
- Create website-specific search indexes, it’s fine to have many
- Library and NuGet package installation and updates
- When introducing new NuGet packages, check with all teams to ensure compatibility
- All teams must sign off on introducing new and updating libraries and frameworks
- Maintain and update a single list of 3rd party referenced NuGet packages and libraries for each environment
- Module installation and updates
- All teams must approve installation and updates for Sitecore modules
- Content
- Avoid use of aliases
- Follow assigned project paths and naming conventions
- Create project-specific naming conventions and namespaces
- Automate security overwrites using a PS script that can be run to ensure proper security access assignments for project-specific teams
- Secure access to tools in addition to hiding thumbnails on the launchpad or Sitecore menu for project-specific teams
- Remove access to the legacy tools like the IDE and File Explorer from project-specific teams
- Ensure all project-specific content is covered by workflows
- Setup automated publishing (either common publishing for all projects, or project-specific agents). As always, avoid frequent publishing, or publishing during peak traffic times.
- Code
- Always follow the assigned project namespaces in code and folder structure
- Ensure proper context checking to avoid applying functionality intended for a single website to the entire instance causing functional and performance issues
- Pay extra attention to coding for performance and security to avoid affecting other tenants
- Avoid blocking operations, run long running tasks asynchronously
- Perform periodic code reviews with a governance team
- Include all shared libraries in the shared package and set them copy local to False in project-specific solutions
- Encourage a standard solution architectural approach for all projects, although this is not necessary if proper naming and path rules are followed
- Share access to source code for all projects with all teams and encourage code reviews, borrowing and reuse
- Encourage the same branching strategy for all projects
- Communication
- Notify other teams of the upcoming releases to higher environments – staging and production
- Notify other teams of issues with environments that may affect them
- Automate notifications for deployments
- Notify other teams of all environment restarts
- Discuss ideas for new functionality with other teams
- Setup regular scrum calls with all teams
- Plan platform updates and upgrades ahead with all teams involved
- Warn all teams of potential risk of prolonged outages and instability in any environments once it’s identified providing a date and time frame
- Encourage direct communication among teams and team members
- Each team is responsible for communicating customizations to Sitecore functionality to the rest of the teams to see if that is something that should be added to the shared package
- Extensions
- Sitecore functional and UI extensions should be developed in a fashion where they can be enabled and disabled without a code deployment for a given tenant
- Use security assignment and Sitecore rules to control access to functionality
- Managed Services
- There has to be a single team managing all Sitecore environments in the same lane
- Project teams should have limited access to controlling the infrastructure
- Limit access to Sitecore Admin tools for project teams
- Remember that security access rights in Sitecore are configured based on user or role names; take extra care to avoid giving individual user rights as well as creating new users and roles with old names
- Make it easy to replicate any environment for developers locally
- Consider creating a local VM image with the vanilla Sitecore installation to allow teams setup copies of shared environments
- Setup a transparent support ticketing system
- Allow all teams to submit Sitecore tickets directly
- All support tickets must be submitted with the license used on the Sitecore instances
- Ensure all teams have at least read access to Sitecore support tickets submitted by other teams
- DevOps
- Builds causing downtime in lower environments should never be promoted
- Perform proper performance checks for new code to avoid slowing down the environment
- Perform proper security checks for new code to avoid compromising security for all websites
- Redeploy the shared package with each project-specific code deployment to ensure the shared code and libraries do not get overwritten
- Implement automated UI smoke testing that would run on every deployment for every hosted website
- When designing security roles account for flexibility needed to assign access based on unique combinations of a project, environment and project role
- If hosting in a cloud, configure proper access to cloud tools
- Allow project-specific teams control deployments to all environments
- Schedule code releases on different days and at different times to avoid conflicts as much as possible
- Perform periodic reviews of past releases by the governance team for potential risks (look for red flags like too little time spent in the development or testing environment)
- Remove the ability to manually deploy files to all environments
- Encourage CI/CD as much as possible
- Encourage code reviews inside project teams by disallowing direct commits to branches going to Sitecore environments and requiring to submit pull requests
- Disallow deploying failed builds to any environment
- There are multiple options for content serialization, consider that having a single option will reduce the maintenance overhead, however, may slow down progress
- Implement an automated environment locking approach to avoid having multiple solutions being deployed simultaneously
- Separate frontend from backend code deployments to speed up releases
- Create CI/CD steps and Sitecore PowerShell scripts to enforce established rules for code and content
- General
- Avoid using shared environments for tests that can be performed locally
- Agree on a plan for treating outages (for instance, if a release breaks an environment, the releasing team is allowed to spend 30 minutes to attempt bring it back up, otherwise, a backup should be restored)
- Create a dedicated or decentralized governance team that will be responsible for enforcing standards and maintaining the shared package
- Create a shared package with code, configuration and content customizations to configure the OOTB Sitecore setup per business requirements
- Automate and periodically test backup and restore strategies
- Implement and periodically test disaster recovery strategies together with other teams
- Warm-up all sites on the instance before adding it back into rotation in production to avoid flash crashes caused by a combination of the initial load and high traffic
- Plan for extra overhead on the management side due to various conflicts between teams and releases
- Component sharing among websites is possible in shared and separate Sitecore environments, it is a process and business problem, rather than a technical one
- Perform periodic health checks and retrospectives with teams to look for opportunities for improvement
- Encourage camaraderie, trust and respect among all project teams
- Conduct periodic anonymous surveys among all teams and team members on the state of the shared environment, processes…etc. to identify areas for improvement
- Remember that tight standardization and centralization of control slows down progress. Take extra care when designing the governance and security access models!
- Perform careful planning and cost calculation of all overhead around having a shared environment, and make sure it does not outweigh the benefits.