Configure & Consume

How many servers do I need to run Sitecore?

Warning: This post¬†contains no code. But it does have very useful information for estimating Sitecore server setup size! ūüėČ

The question above is frequently asked in a new Sitecore project. (Actually, if it isn’t, you should be worried). And there is no easy answer.¬†It’s a bit like asking: “How big a house do I need?”.

The answer to both questions is “That depends”. (and no one is any wiser). Below I’ll list some of the things you need to consider, when trying to decide what kind and how big of a server setup you need. This won’t answer your question, but leave you with many more. However if you try to find some answers for those questions, you will be a lot better qualified for estimating your Sitecore server setup.

I will also provide a real world story to showcase a server setup that works for Sitecore and one that does not.

Sitecore’s¬†minimum server setup

A while back I was starting up a new Sitecore project for a smaller client. They had a very tight budget and wanted real world advise for a minimum Sitecore Server Setup. They came from an older 6.0 Sitecore version with 1 Content Delivery Server (CD), 1 Content Management Server (CM) and 1 MSSQL server. 3 machines to run their (small) corporate website. There was also an integration to an older Dynamics AX server, containing ERM/CRM data. The client had around 5000 users, logging into the site 1-2 times a month (so quite a small site). The new site was a complete greenfield project (i.e. start from scratch) on Sitecore 8.0 (complete with Mongo, Solr, Analytics, etc.), and a reworked integration to Dynamics AX.

I asked around my colleagues at Pentia, to find some official recommendations from Sitecore or from other project we did at Pentia. And every time I asked the question, the answer was “That depends”, which of course it does. Part of the problem was that pretty much no one had done a Sitecore 8.0 project at that time and Sitecore 8.0 was a big change to Sitecore from previous versions. However, my colleague Thomas Stern (, had gone through the same ordeal and had pieced together this diagram during meetings at Sitecore:


Sitecore minimum server setup

Sitecore minimum server setup


10 servers. 10. Sitecore recommends 10 servers to run a small business site. That would be a complete no-go for the client, which was used to having 3 servers to run their site. Granted, Sitecore has become a much larger beast in the later years and targets much larger clients now. But smaller clients, like this example, still exists and has bought a Sitecore license, which gives them access to newer Sitecore versions too. I think Sitecore might have forgotten that, in these recommendations.


My minimum Sitecore Server setup recommendations

So I set out to create our own minimum Sitecore server setup recommendations for this small type of client. I considered the following things, which you also should do, when planning your server setup:

  • The amount of users and page hits
    • The most obvious parameter when estimating server needs is how many page hits are you going to have. And this is quite important. So try to find out some how. If you have an old site, run some statistics for a while. If not, do some sort of analysis.
  • Proper, fast performing, well thought out code.
    • Even if you do not have that many page hits, you can still get a badly performing site. This is often¬†due to bad code, which is very common. Your developer needs to know the pitfalls of Sitecore and how to avoid them, to do a properly performing site.
    • At Pentia we have done Sitecore development since Sitecore was created. And since Sitecore was created at Pentia, we know a lot about Sitecore! We know what not to do when coding Sitecore and what the pitfalls are. Therefor I know that our code will be very well tailored for Sitecore and perform well. This means that the client can do with less CD servers and less CM servers.
  • Downtime
    • The client ¬†would be OK with brief periods of downtime during deployments and upgrades. This means that having a single CD server would be an option. Having 2 CD servers would enable you to take 1 server down for an upgrade while the site would still be running. Having only 1 server, saves cost, but means that the site will be down during upgrades. Some clients (mainly smaller clients) are perfectly OK with this.
    • The triple redundant Mongo server setup is way, way overkill for a small client. Yes, Mongo needs 3 servers to be able to do upgrades and restoring without downtime, but smaller clients may not need 100% uptime, if it means saving 2 servers.
  • Amount of usage of Solr Search
    • If the site in question don’t use search very much, you might not need a standalone Solr server. The site in question did you search a bit, but has so few users, that it does not really justify a standalone Solr server. However, if your site uses search or filtering on searches a lot, you might need a standalone Solr server.
  • Amount of use of Sitecore Reporting and Analytics
    • The client in question was not planning on using Sitecore reporting or analytics much, if at all, to begin with. They might later, but then there is the option of adding a Reporting or Analytics server at that time.
  • Amount of caching and interaction with other systems
    • Oftentimes, interaction with 3rd party services or other systems that provide data or communicate with your site, are able to slow your site down. The user cannot see that your site is waiting for Dynamics AX to finish a webservice call to get data or something similar. To the user, it’s your site that is slow. Therefore you might need to do a lot of caching of data from the 3rd party services and store them on your servers RAM. This directly affects the amount of RAM your server needs.
  • How many editors work simultaneously
    • If you have many editors working at the same time, you might need more than 1 CM server.

There are many more factors to consider and many aspects will be different in your site, but the above points will help you along.

Below is the setup I ended up recommending for this particular client. I kept the server scale (i.e. RAM and CPU) the same.

  • 1 dedicated CD server to serve content to the users
  • 1 SQL server that holds all databases
  • 1 CM server that also doubles as Solr, Reporting server and Analytics server.
  • 1 MongoDB.
My minimum Sitecore server setup

My minimum Sitecore server setup

So we went from a 10 server setup to a 4 server setup, which I’m relieved to see perform just fine, with muscles to spare for even more future users.

A too small Sitecore server setup

After a while, the client decided, by themselves, to try to scale the servers down, in an attempt to save money on hosting. They told their provider to cut the CPU and RAM by half on all servers. We found out, when they called us because the site was down.

This is what a CD server with 2 CPU’s and 7 GB of RAM looks like:


CPU is maxed out

CPU is maxed out

This resulted in a site that either did not respond, timed out or responded in around 50+ seconds on a simple frontpage. You can safely assume that the above 4 server setup, with half the CPU and RAM, is not enough to run a small Sitecore site with normal use of search, reporting and analytics.

Consider cloud hosting

You should also consider using cloud hosting, such as Azure, which the client in question used. The great advantage here is that they are able to add or remove servers extremely fast and throttle the servers up or down as needed. This is extremely versatile and should not be under valued. If your analysis of your hardware needs was wrong, you can relatively easily correct your mistakes in the cloud.

However, it comes with trade offs. Usually, when hosting in Azure, your hosting partner, if you even use one, has no clue what Sitecore is and will be completely unable to help with any Sitecore related tasks. Be it setup of windows services that Sitecore needs, knowing what Sitecore requires or tweaking the server for Sitecore etc. This means that you need to spend time and money on handling these things yourself or pay someone else to do it.

You also don’t necessarily know where in the world your data lives, which can violate local legislation in some countries.

Finally, it can become quite expensive to host a site, and corresponding test and pre-production sites, in the cloud. You absolutely need to do the math on this before you decide.

So, how many servers do you need to run Sitecore?

There are many factors to consider, as you can see. There are no simple answer to this. You need to do an analysis of you needs and your circumstances. Counsel your Sitecore partner and try to come up with an answer that suits your needs.



Serving any content on a non-secure line will slowly kill your business

Google is pushing for all websites to serve all content on a secure connection only, using HTTPS. Google are backing this currently, through up-ranking sites that are running on HTTPS only and downranking sites that are using all or even some HTTP (not secure). Read more about this here.

Sometime during 2016, Google are changing their browser Chrome, to make it harder to achieve the “Green Lock” icon, thereby ensuring higher security. If not all of your content, including scripts, images, adverts etc, is served on HTTPS, you will not get the “Green Lock” icon that users know, that indicates that the site is safe.

These changes translates into: If your website is not running HTTPS only, you will not be at the top of the list in Google searches and your users on Chrome could be scared to use your site.

Expect other browsers such as Edge, Internet explorer or Firefox to implement similar functionality soon.

A green lock icon is what you want

Chrome is going to classify your content in 3 groups: “Secure”, “insecure” and “mixed content”.

Secure means that all of the content on a page is served over a secure connection. This will give your page the pretty green lock icon seen below:

Green Lock Icon

The Green Lock Icon ensures your users that the page is secure


Insecure¬†could mean that there is no https, that there is https but the certificate is invalid or compromised in some way, that there is insecure script from another site loaded on the page which is always blocked by chrome and a few other things. This will result in¬†“The red slashy lock icon of doom” (Google’s own term, I swear!).


This is what your users will see if your connection is not secure


Mixed content means that some of the content is secure but other parts is not. This could be that the text is served on a secure line but the images are not.

An important change that Chrome is bringing is that Mixed Content is now considered unsafe and will not have the Green lock icon, thereby not appearing to be entirely safe. This is important to understand! Websites that might appear OK in Chrome today, might, when Chrome Version 48 is pushed, appear to be unsafe.

Https, but not safe

There is HTTPS, but some content is using HTTP. No Green Lock Icon


Google Chrome version 48 introduces the “Security Panel” which lets the user drill down into where the content is coming from. I will talk about this in a later post, to avoid being too technical in this one.

Why Google are pushing HTTPS

Google are pushing for all websites to use HTTPS for all content, simply to make the World Wide Web a safer place for everyone. As simple as that. The disadvantages of using HTTPS over HTTP, is now so small, that the advantages outweighs the disadvantages.

Advantages of HTTPS

Not using HTTPS means that it is possible to capture and read data sent from a server to a user. For example, this could be the “Session cookie” that the ASP.NET framework, which almost all Microsoft based website uses, could be captured and read by a hacker. This cookie contains a readable key which could enable a hacker to impersonate a user, thereby gaining access to the users information on the website or even allow the hacker to buy items on the users creditcard. Using HTTPS completely eliminates this threat and many others, by encrypting all data, sent to and from the user, including cookies.

There are other advantages, such as it makes it impossible for ISP’s or wifi providers to inject adverts into the datastream, which can look like you are heavily using adverts on your website, even though you might have an entirely advert free site.

Lastly, using HTTPS identifies your website, through the SSL certificate, as actually being your website and not some other site that might have captured the users request.

Disadvantages of HTTPS

The main disadvantages to why not the whole world are already using HTTPS is simple: Performance. There is a performace hit on using HTTPS as the server and the client has to perform a “TLS handshake” and share security information in order to be able to encrypt and decrypt the data. Also the encryption/decryption itself is a slight performace hit.

Most of the performace hit is in the handshake. Once the connection is established, the encryption itself does not have a very large impact. There are ways to fine tune this however.

There a some hard-to-kill myths about using HTTPS, which is debunked here:

HTTPS becomes a requirement for HTML5 features in Chrome

Google Chrome is also going to require HTTPS to allow key HTML5 features to be available to the user and server. Features, such as using the users Camera, Microphone or even location data which many websites already use now to pinpoint the users location on some map oriented service, for example to guide the user to the nearest shop, will require full HTTPS. If your user’s security and privacy or your sites integrity does not convince you to serve HTTPS only, access to HTML5 features will.

How to handle the changes

First of all, don’t panic. Chrome version 48 is available now, but is not being pushed to users yet. So you do have time to create a battle plan.

What you need to do is to identify what changes are needed for your site to be able to run in HTTPS only. If you have a website that is already focusing heavily on security, you might not need to change anything. If you have a very simple site, you might get away with just flipping a HTTPS switch on your webserver.

But most likely you need to do an analysis of your website, to determine what action to take. Get started now, because the change for Chrome is coming and the change for Google search is already in effect.

More information

I will create more blogposts on the subject in the not too distant future, so make sure to subscribe to the blog and follow me on Twitter @Troels79.

For more in-depth information, please have a look at this presentation from Google:


How do you force a phone app to call a different url that it is hardcoded to call, when you cannot change the code? This is a question I had to find an answer to, in a project I recently worked on.

The answer was to use Request Manipulation through one of my favorite tools, Fiddler.

Here is how I did it:

Fiddler has a script file called CustomRules.js, in which various events is called and code executed. You can access this file through the filesystem or use the handy shortcut in the menu like this:

Customize Rules

Customize Rules


The event I needed to manipulate in this case was “OnBeforeRequest”. Fiddler has excellent documentation and you can read more about this specific topic here:

All I needed to do in this case, was to make sure that my phone was configured to use a proxyserver as described in my previous post, and then add a couple of lines like this in the Rules file:

static function OnBeforeRequest(oSession: Session)
   //This changes the host that is called in a request
   if (oSession.HostnameIs("")) 


Please leave a ‚ÄúLike‚ÄĚ and/or use the share buttons, if you found this guide usefull

I had a task a while ago where I had to recreate a dataservice for an iPhone app. First step in that task was to determine what data the app used. I did not have access to the sourcecode for the app at the time, so I had to figure out another way to do it. I thought of setting up something to sniff and capture all the data to and from the phone, while opening the app, and the activate all functions in the app I could find.

Granted, this is not fool proof, as you don’t really know for sure that you made the app do all the requests for data that it can, but this was a simple app, and the only way to start, while waiting for access for the app source code.

Here is how I did it:

It’s a rather simple process: Route the internet connection from your phone through a computer and use a packetsniffer (like Fiddler) to intercept all the data. All you need is a wifi network that both the computer and the phone can connect to.

Configuring the computer:

Go to and download and install Fiddler. I used Fiddler2.

Once Fiddler is running, go into “Tools” -> “Fiddler options” and configure it like below. Then restart Fiddler.

Configure Fiddler

Configure Fiddler

Now Fiddler accepts incoming connections on port 8888 and listens to all traffic there. Use F12 to toggle listening.

You need to know your computers IP address. You can get this by opening a command prompt and typing “ipconfig”. This gives you your computers IP like below:

IP Address

IP Address

Write down your ip address for later use.

Configuring your phone:

This guide is made for an iPhone, but should be applicable to other brands – I just haven’t tried.

On you iPhone, go to “Settings” –> “wi-fi”–>¬†Tap the network connect to (remeber that it has to be the same network that your computer is using), to see the settings for it. Scroll down to the very bottom and select “Manual” under HTTP-Proxy. Enter the IP you found above and the portnumber 8888 you configured in Fiddler, and save the settings.

iPhone Proxy settings

iPhone Proxy settings

Your phone is now connecting through your computer and you can capture all the data.

A tip for Fiddler:

It quickly becomes overwhelming trying to analyze all the traffic that Fiddler captures. A good tip is to use filters, where you can filter on almost everything. Below i configured a filter to only show traffic to and from

Fiddler filters

Fiddler filters


Please leave a ‚ÄúLike‚ÄĚ and/or use the share buttons, if you found this guide usefull

Yeah! I finally got around to upgrading to Visual Studio 2013. Unfortunately the new version forgot that I did not like the menu to SCREAM AT ME WITH ALL CAPITAL LETTERS!!!11!! So I needed to change it to Normal casing, like I did in VS2012.

Here’s how I did it:

There’s the smooth sailing way and the old school, more complicated way:

Smooth sailing:

Simply run this command i Powershell (in a single line):

Set-ItemProperty -Path HKCU:\Software\Microsoft\VisualStudio\12.0\General -Name SuppressUppercaseConversion -Type DWord -Value 1

BAM! You are done. Restart Visual Studio and enjoy!

Old school:

If you do not have Powershell or simply like to live your life on the edge, go straight into the registry and mess around yourself:

  1. Open regedit
  2. Navigate to “HKEY_CURRENT_USER\Software\Microsoft\VisualStudio\12.0\General”
  3. Create a DWORD value with the content “SuppressUppercaseConversion”
  4. Set its value to 1
  5. Pray you did not screw up your registry
  6. Close regedit and restart Visual Studio


Please leave a ‚ÄúLike‚ÄĚ and/or use the share buttons, if you found this guide usefull

Not long ago, we had a customer for whom we made a new website in Sitecore. Their old PHP website had a bunch of webservices delivering data to some IOS apps and Android apps. Naturally they did not want to lose their app users and since you can’t count on your users to update their apps, we had to recreate the old services on Sitecore so that the apps still would recieve data on the old URL’s. However, we did not want to be bound of the old, sometimes complicated URL paths, so we decided to use Microsoft IIS URL Rewrite¬†to map the old paths to something that Sitecore would be able to handle better.

This guide is for IIS 7 – Here is how we did it.

Installing IIS URL Rewrite

Installation is very easy. Simply navigate to this url and click install:

Agree to the terms, download and activate the file. This starts Microsofts Web Platform Installer, that takes care of the rest.

Configuring URL Rewrite

Fire up your IIS manager and navigate to the site you want to configure. After installation, you have a URL Rewrite icon in the IIS section. Click that to open URL Rewrite.

The URL Rewrite app

The URL Rewrite app

You are now looking at the URL Rewrite window with 2 areas and a toolbar on the right. The top area are for inbound rules and the lower is for outbound rules.

We want to create a rule to rewrite a request for a path that returns all magazine publications.

  1. Click on “Add Rule(s)…” on the top of the toolbar on the right. Choose “Blank Rule” under “Inbound rules” and click ok.¬†You are now looking at the “Edit Inbound Rules” window.
  2. I am going to name the rule “Rewrite Get all published magazines”. This configuration is saved in the web.config, so other people might stumble upon these settings. Therefor it helps to have a good descriptive name for the rule(s).
  3. Now for the “Match Url” section. This field is for matching up the path¬†of the URL, without the beginning ‘/’ and without any trailing query. So in the url ‘’, the ‘Pattern’ field in the ‘Match URL’ section only compares on this part: ‘category1/page2/section5/myfile.pdf’. You can select how to match this path: Regular expressions, wildcard or Exact match. I strongly suggest using Regular Expressions. (Even though many developers have a strong hatred against Regular Expressions, this really is the best way to accomplish this task and in this case, it is not hard. Instead of running away screaming, embrace this opportunity to get your feet wet and try to crack the Regular Expression nut. This is a really good place to start! Check out the links below for more info.)
  4. The path I need to rewrite is “api/public-publications/get/all/format/json” and it needs to be rewritten to “/API/Publications.ashx”. In the ‘Pattern’ field I enter ‘^api/public-publications/get/all/format/json$’. The ‘^’ is a regular espression sign and means that the path should start excatly where the ‘^’ is (and not in some random subdirectory). The ‘$’ mean that the path should end where the ‘$’ sign is at. You can click the ‘Test Pattern…’ button to test out your regular expression. Do this – It is a great help.
  5. For this rewrite rule, I leave the sections ‘Conditions’ and ‘Server variables’ alone. In the ‘Action’ section, I choose ‘Rewrite’ and enter the path I want to redirect to (/API/Publications.ashx). You can choose to append the querystring if you need – I don’t in this case. The rule is now complete and should look something like the image below.

    The first completed rule

    The first completed rule

Rewriting URL path arguments

I want to create one more rule to show you how to rewrite and pass on arguments from the path. This could be a filename, file extension or as in this case an ID from a REST path.

  1. In this case we want to rewrite a publication details view from the path ‘api/publication-details/id/XXXXX/format/json’ to ‘/API/PublicationDetails.ashx?id=XXXXX’, where there query ‘id’ is the id of the publication to get details for.
  2. Create a new rule, name it and enter the path to rewrite. Click the “Test pattern…” button. Enter the path and modify it to match this: ‘^api/publication-details/id/(\d+)/format/json$’. The ‘/d’ matches a number and adding the ‘+’ on the back means that it should be 1 or more numbers. That part is Regular Expression. Putting this inside parenthesis enables the URL Rewrite module to recognize parts in the path, which you then can use in the path that you rewrite to. You can in this case reference the ID as {R:1}.
    Referenced field

    Referenced field

    Then the Rewrite path becomes ‘/API/PublicationDetails.ashx?id={R:1}’. The rule then looks like this:

    The second rule

    The second rule

Manipulation server variables

The last trick I want to show you in this post, is how to manipulate server variables. The 2 rules I made, is both rewriting a path containing the word ‘json’, indicating that it should return json. If you for instance is creating a WebAPI, you could take advantage of the build in features in WebAPI and simply include an accept header that states “application/json”. This the WebAPI would recognice and return the desired format for you.

There is 2 steps to accomplishing this. First you need to make the server variable available and after that, add it to the rule(s).

  1. On the URL Rewrite front page, click “View server variables”

    View Server Variables

    View Server Variables

  2. Click ‘Add’ and enter ‘HTTP_ACCEPT’ and click ok and go back to the rules. Note that the available variables are listed as you type (surely it is a bug that Microsoft did not make this as a Dropdown box).
  3. Go into one of the rules created earlier and unfold the ‘Server Variables’ section and click ‘add’. Select the HTTP_ACCEPT variable and enter “application/json”.

    Select HTTP Accept

    Select HTTP Accept

  4. Click ‘Ok’ and save the rule. Now all requests to that path gets the accept header “application/json”.

Saving your Rewrite rules

The rules created above is saved to the web.config file fo the site, which is an important note to make, if you, like us at Pentia, use a build tool that automatically generates a new web.config on a full build. If you don’t extract the rules created from the web.config, they disappear at the next build.

The config section is under <Configuration><system.webServer><rewrite> and should look something like the image below

The web.config configuration

The web.config configuration

Links to more resources

Here is a couple of links to some good (and short!) youtube videos for further study:


Please leave a ‚ÄúLike‚ÄĚ and/or use the share buttons, if you found this guide usefull

Sitecore tackled

Small posts about Sitecore and solutions

Cooking with Sitecore

Diary of my experience working on great CMS called Sitecore

Visions In Code

Never look back

Cook 4 Passion

Food food fooooood. We love fooooooooood !!!


Sitecore, Digital Marketing, Work, Life and so on...

Down the DLL Rabbit Hole


Arash Sarfehjou

.NET code and tweaks

.NET code and tweaks

The grumpy coder.

.NET code and tweaks

Alan Coates - Sitecore/.NET blog

Pushing Sitecore to the limits and beyond

Patrick Delancy

i write code

Laub plus Co

.NET code and tweaks

iStern Blog

A simple Code Blog

Brian Pedersen's Sitecore and .NET Blog

Sitecore, C#, ASP.NET for developers