SDL Tridion Docs environment with ISHSTS
Example of a combined Content Manager, Dynamic Delivery and Collaborative Review network setup with ISHSTS integration.
The following clusters can fit in one SDL Tridion Docs deployment:
- Content Manager advanced server cluster.
- Dynamic Delivery advanced server cluster.
- Collaborative Review cluster.
Content Manager
A collection of front end servers behind a network load balancer serve interactive functionality, whereas a collection of back end servers serve non-interactive functionality.
ISHSTS is a Security Token Service that is part of the Web role.
When designing a cluster like the above you should take special notice for the following items.
- Each Front end server behind the network load balancer is configured using the same certificate referring to the same host name.
- Every Back end server should be installed with its own certificate referring to its unique host name.
- For every federated service endpoint e.g. ISHWS, targeted from within the cluster, DNS resolving and network routing should be taken into consideration depending on the network topology.
- ISHSTS cannot be shared across different servers. As a result:
- Every ISHSTS on every server on the cluster requires configuration for all federated services for which it can potentially issue a token.
- ISHSTS on every Front end server has configuration based on the network load balancer hostname and certificate. Also it must have all required configuration relevant to other federate services as their endpoints are recognized from outside the cluster.
- ISHSTS on every Back end server has configuration based on the specific hostname and certificate of the server. This ISHSTS will be used by all entities of the same Back end server. All federated services integrated with Content Manager are required to be configured on the ISHSTS on every Back end server, using endpoints relevant to configured DNS resolving and network routing.
With a setup similar to this all user clients like browsers and client tools will target the network load balancing hostname and thus one of the Front end server. Any client that is running from within the cluster behind the network load balance will still have access to any Back end server by using its designated host name.
Dynamic Delivery
The delivery servers can be scaled out behind a network load balancer. Commenting and search are provided from Back end services.
A deployment node is the target of publications from Content Manager. This node will be queried by each delivery server in the cluster.
Collaborative Review
The review installation provides the functionality for Collaborative Review. The source of the comments is the common commenting repository. This installation is integrated with ISHSTS to provide the Single Sign On experience.