Separate Content Management and Content Delivery servers
Applies to |
Content Delivery, Content Management |
Sitecore Installation Framework |
Roles are separate in the XP Scaled topology. |
Azure Toolkit |
Roles are separate in the XP Scaled topology. |
As part of a defense in depth strategy, you should aim to reduce the surface area of your deployment.
Sitecore therefore recommends that you deploy separate Content Management (internal only) and Content Delivery (internet facing) servers in a production environment. Furthermore, you should not expose your Content Management environment to the internet.
A combined CD/CM environment is only possible in an XP Single topology that combines all core roles, or a CMS-only setup. Neither setup is recommended in production.
If you have to expose your Content Management environment to the internet, you must:
-
Use HTTPS to secure the Content Management server.
-
Consider using IP Filtering to allow only white-listed clients to connect to the Content Management environment
or
-
Consider using the Dynamic IP Address Restrictions feature that is available in IIS.