Securing Experience Manager

Version: 9.0

Apply vendor best practices to all application roles, storage roles, and indexes. The following list of tasks are specific to Sitecore.

Application roles

Note

The XP Single topology technically supports a combined Content Delivery/Content Management role. This combination is not recommended in a production environment.

Secure the Content Delivery role

The following tasks apply to all core roles:

The following additional tasks should be performed on the Content Delivery role:

Important

Enabling FIPS is no longer mandatory. Only enable it if you're legally required to do so.

Secure the Content Management role

The following tasks apply to all core roles:

The following additional task should be performed on the Content Management role:

Important

Enabling FIPS is no longer mandatory. Only enable it if you're legally required to do so.

Secure the Content Publishing role

The following tasks should be performed on the Content Publishing role:

Enable HTTPS for the Content Publishing role

Storage Roles

Web database

No additional Sitecore-specific tasks.

Master database

No additional Sitecore-specific tasks.

Core database

No additional Sitecore-specific tasks.

Private Session State Store

No additional Sitecore-specific tasks.

Shared Session State Store

No additional Sitecore-specific tasks.

Forms database

No additional Sitecore-specific tasks.

Indexes

Web index

No additional Sitecore-specific tasks.

Master index

No additional Sitecore-specific tasks.

Core index

No additional Sitecore-specific tasks.

Do you have some feedback for us?

If you have suggestions for improving this article,