SDL Knowledge Center environment with ISHSTS
Example of a combined Content Manager, Content Delivery, and Quality Assistant network setup with ISHSTS integration.
The following clusters can fit in one SDL Knowledge Center deployment:
- Content Manager Advanced server cluster
- Content Delivery cluster
- Quality Assistant cluster.
Content Manager
A collection of front end servers behind a network load balancer serve interactive functionality, whereas a collection of back end servers serve non-interactive functionality.
ISHSTS is a Security Token Service as part of the Web role.
When designing a cluster like the above you should take special notice for the following items.
- Each Front end server behind the network load balancer is configured using the same certificate referring to the same host name.
- Every Back end server should be installed with its own certificate referring to its unique host name.
- For every federated service endpoint e.g. ISHWS, targeted from within the cluster, DNS resolving and network routing should be taken into consideration depending on the network topology.
- ISHSTS cannot be shared across different servers. As a result:
- Every ISHSTS on every server on the cluster requires configuration for all federated services for which it can potentially issue a token.
- ISHSTS on every Front end server has configuration based on the network load balancer hostname and certificate. Also it must have all required configuration relevant to other federate services as their endpoints are recognized from outside the cluster.
- ISHSTS on every Back end server has configuration based on the specific hostname and certificate of the server. This ISHSTS will be used by all entities of the same Back end server. All federated services integrated with Content Manager are required to be configured on the ISHSTS on every Back end server, using endpoints relevant to configured DNS resolving and network routing.
With a setup similar to this all user clients like browsers and client tools will target the network load balancing hostname and thus one of the Front end server. Any client that is running from within the cluster behind the network load balance will still have access to any Back end server by using its designated host name.
Content Delivery
The content delivery servers can be scaled out behind a network load balancer with affinity. Commenting and analytics are provided from independent installations that each serve as a common repository for all nodes within the cluster.
A distribution node is the target of publications. Then this node will distribute the data to all content deliver server nodes within the cluster so they can serve exactly the same information. This node is also the target of publishing from the Content Manager
The review installation provides the functionality for Collaborative Review. The source of the comments is the common commenting repository as is the analytics also. This installation is integrated with ISHSTS to provide the Single Sign On experience.
Quality Assistant
Multiple servers can be part of network load balancing cluster with affinity. All servers must be configured identically to pull the same information from external sources
Diagram
Figure 1. SDL Knowledge Center advanced deployment with ISHSTS