8 | <strong>EPiServer</strong> <strong>Operator's</strong> <strong>Guide</strong>has placed in the output cache. That is to say that the cache will be reloaded the next time a page is accessed. Iftemplates contain data that vary over time, e.g. a server-generated clock, you must state how long the page canbe cached as HTML, so that the information, in this case the time, will not be incorrect.Set EPnCachePolicyTimeout in web.config to activate output cache. This states how many seconds a cachingis valid. To achieve the best performance, you should have, on average, more than one hit per unique pageduring the period of time (EPnCachePolicyTimeout). Otherwise it is just an unnecessary load for the server, asthe cached variant will probably never be read. The recommended setting is at least 3600 seconds or 1 hour.The output cache varies based on the Web browser type and the page ID. These values can, however, becustomised in EPsCacheVaryByCustom and EPsCacheVaryByParams. If an installation has, for example, aquery string parameter "print" that controls how the page is adapted for printout, EPsCacheVaryByParams mustbe changed to "id,print".User CacheInformation concerning the roles that a user belongs to, along with personalized information, is read when a userlogs on. This data is cached, so that the information does not need to be re-read for each new page viewing. Userinformation that is not read for 5 minutes is removed from the cache. The length of this period of time can bechanged in web.config via the EPnUserCacheTimeout setting. If this value is changed to "0", the cache will beturned off. This may be useful for troubleshooting, but is not recommended for operation. The main advantage ofthis cache, from a performance point of view, is obtained when the group membership is read from ActiveDirectory, or another external source that requires more resources than a local database lookup.Shared HostingShared hosting is when several <strong>EPiServer</strong> installations or other ASP.NET applications are operated for severalcustomers on the same server.Roles and UsersIn order to cut down on administration, we recommend that each installation/site only has one superuser accountcreated in Windows, and that the customers themselves set up <strong>EPiServer</strong> users for editors and administrators.The superuser account can then be used for, e.g. FTP access.The disadvantage of using Windows users, and therefore Windows groups, for role membership is that theseapply to the entire server and all sites. That is to say that if two sites use the same groups or roles by mistake, theusers can access each other's sites. If you use <strong>EPiServer</strong> users and <strong>EPiServer</strong> groups, these will only work persite.A simple rule of thumb is that, in a hotel environment, the standard groups WebEditors and WebAdmins shouldnever exist in the Windows account database. If the general groups exist, you cannot add users to them. Onlyoperators, for example, who need to access several sites can add users.It is possible to remove the Write access rights for the ASP.NET account and only allow the superuser account towrite to the web.config file. This will result in only the superuser account being able to save new Systemsettings and not common <strong>EPiServer</strong> users.Limitations in Windows 2000ASP.NET uses a general account that the ASP.NET processes run under. This cannot be changed per site inWindows 2000. This causes a security problem, as a site could, code-wise, be able to access information fromanother site. Unfortunately there is no good solution for this, as it depends on Windows 2000 architecture.Copyright © ElektroPost Stockholm AB - www.episerver.com
<strong>EPiServer</strong> Configuration Tool | 9Microsoft Windows 2003 Server, which has a new process model in Internet Information Server 6.0, solves thisproblem. Windows 2003 Server is, therefore, recommended for all types of ASP.NET shared hosting. Make surefirst that your <strong>EPiServer</strong> version supports this platform.<strong>EPiServer</strong> Configuration ToolThe installation program automatically applies a configuration template at first time installation. This, among otherthings, sets file access rights and certain settings in IIS. There is a tool that is used to be able to run this templateand other templates manually. A template is defined in XML format, which contains file access rights, IIS settingsand web.config settings. This template can then be run by <strong>EPiServer</strong> Configuration Tool to apply its access rightsand settings on an <strong>EPiServer</strong> installation. There is currently a base template, which is used at installation. It is, ofcourse, possible to customize this template or build your own templates according to the organization's wishesand security requirements.Template SyntaxGeneralThe template with settings for a configuration is built up as an XML file containing 3 main parts: file access rights(XML tag acl), Internet Information Server settings (XML tag metabase), and ASP.NET configuration (XML tagweb.config). Each main part is placed under the respective location in the structure, when the settings are to beapplied (XML tag location). This chapter describes these parts in further detail.Test configTest only