Unlocking Sitecore's Full Potential
In the complex world of digital experience platforms, Sitecore stands out as a powerful and versatile solution. However, to fully leverage its capabilities and ensure optimal performance, regular audits are crucial. In our previous article, we provided a high-level overview of Sitecore Audits, outlining general expectations and broad inclusions. Now, it's time to peel back the layers and take a more in-depth look at this essential process.
This deep-dive exploration will examine each area covered in a Sitecore Audit, offering valuable insights into the intricacies of the audit. We'll elaborate on each section of the audit document, providing you with a comprehensive understanding of what gets reviewed and why it matters. From architecture and performance to security and content management, we'll leave no stone unturned.
Whether you're a Sitecore developer, a digital marketer, or an IT decision-maker, this article will equip you with the knowledge to better understand, prepare for, and benefit from a Sitecore Audit. By the end, you'll have a clear picture of how these audits can help optimize your Sitecore implementation, enhance your digital experiences, and drive better business outcomes.
Let's embark on this journey through the landscape of Sitecore Audits, uncovering the details that make this process an indispensable tool for Sitecore success.
Breaking Down the Audit Matrix
All items covered in the audit have a little grid for a quick reference if a Review was done and what status it was assigned:
Review
Is fairly self explanatory, whether the area of the audit was reviewed or not. Essentially highlights whether it was applicable to the scope of the audit or was it reviewed. Usually some context is provided if the review state is set to N/A.
Status
The audit provides the following three status’:
| Status | Description |
|---|---|
| OK | If it, at a minimum, meets Sitecore’s guidelines and standards it will be assigned the OK status. |
| Minor | Highlights an issue that may not have immediate impact on the solution, but has long term maintainability implications. This includes, but is not limited to, highlighting where recommended practices are not followed. |
| Major | Highlights an issue found in the implementation/architecture that could impact security, performance, scalability, or availability of the solution and immediate action should be taken to address it. |
Sections That Make Up the Audit
A comprehensive Sitecore Audit encompasses several critical areas of your implementation, each designed to evaluate specific aspects of your platform's health, performance, and security. Let's explore the following key sections that form the Sitecore Audit, each playing a vital role in ensuring your digital ecosystem operates at peak efficiency:
Executive Summary
The Audit document provides a summarized list of audit headings that fall into the Major and Minor status. This is meant to bring to the top the immediate areas of interest that should be addressed.
Not much detail is provided here beyond the list itself.
System Architecture Audit
The System Architecture Audit is designed to take inventory of all the servers associated with the Sitecore implementation. It will look at how well the servers meet or exceed Sitecore recommended practices for sizing and configuration, as well as record the Operating System (OS), installed software versions, Sitecore websites, and Sitecore databases.
This review focus in on the following areas:
- Sitecore Configuration - Covers the files within the App_Config\Include directory, any directly references to the master database, server scaling, configuration of the Global.asax file, the consistency of the Sitecore assemblies used, any patches that are applied, and the status of debug logging.
- XConnect Configuration - Tip to tail on the XConnect Collection Service, Search Service and the XConnect Search Indexer. Also includes the Marketing Automation Engine, Operations Service, and Reporting Service. Additionally, a review of the Reference Data Service, Sitecore Cortex Processing Engine (if utilized), and the Universal Tracking Collection and Processing services.
- Database Server Configuration - Covers Azure SQL configuration, SQL Maintenance plans, and Session State modes.
- Azure Sitecore Architecture - Whether your implementation is running on Azure, AKS, etc. the audit will review the recommended architecture and guidelines for Scaling, SQL Server, Solr/Search, Redis Cache, Certificates, and Index Updating configuration.
A solid system architecture forms the foundation of your entire Sitecore implementation. Proper server configuration and setup directly impact your site's performance, stability, and scalability. Misconfigurations can lead to system downtimes, poor performance, and security vulnerabilities - all of which can significantly impact your business operations and user experience. Regular architecture audits help prevent costly issues before they occur and ensure your infrastructure can handle your growing business needs.
Sitecore Architecture Review
The Sitecore Architecture Review provides an in depth look at how well the implementation follows Sitecore recommended practices. This includes the content editing experience, site scalability, maintenance and intuitiveness to be quickly picked up by someone whom had not used the CMS environment before.
This review focuses in on the following areas:
- Modules - A review of the installed modules on the environments and any concerns that may be related to them.
- Data Templates - A complete run down of the Sitecore Standard Practices covering, Naming conventions, folder structure, inheritance topics, insert options and use of tokens to name a few. The list is quite deep.
- Content Structure - Continuing from the previous point on Sitecore Standard Practices, Content Structure, number of sub items, number of versions kept, duplication of content, use of editor tools like the Rich Text Editor, Broken links report, Previewing, Validation Checks, use of Aliases and Redirects, and Access to content items that do not correlate to pages.
- Media - Where the content is stored - on Disk or in the Database, naming conventions and folder structure.
- Security Roles and Users - Use and application of Access Rights, and Security Roles, Restrictions to content or tools, Password policies, Use of Administrator accounts.
- Workflow - Are workflows utilized, do they have security applied to them, how many states, Can they be simplified, does a workflow have a final state, and is Publishing restricted to any specific roles.
- Presentation Layer - Limiting the number of layouts, use of static bindings, use of dynamic binding, use of Placeholder Settings, Sitecore presentation controls, and any Image manipulation controls.
- Experience Editor - Is it enabled and configured.
The architecture of your Sitecore implementation directly affects both your content authors' productivity and your site's maintainability. A well-structured implementation reduces training time, minimizes errors, and speeds up content delivery. Poor architecture choices can lead to content bottlenecks, difficult maintenance cycles, and increased development costs over time. This review ensures your implementation follows best practices that will save time and resources while providing a better experience for both content authors and end users.
Solution Review
The Solution Review is designed to review those areas of at Sitecore implementation that have been created, or customized, to meet the client’s requirements.
The Solution Review includes:
- Solution Code - What the solution is written in - C# for example, if any code exists in Razor Views, direct SQL calls, any overriding of Sitecore code or default functionality, highlighting any commented out code.
- Structure - Consistent naming between solution files and Sitecore, use of any NuGet packages instead of manually referenced libraries, use of build scripts to publish the solution.
- Hard coded values and references - paths, GUIDs, image paths or references to media library items, in-line content, language declarations, direct references to a database, device declarations, versions, or any references to domain names.
- Sitecore Helix - the solutions adherence to the Helix methodologies and guidelines.
Your solution's code quality and structure are crucial for long-term maintainability and scalability. Poor coding practices, hard-coded values, and deviations from Helix principles can lead to technical debt, making future updates more complex and expensive. This review helps identify potential issues early, ensuring your codebase remains clean, maintainable, and aligned with Sitecore best practices. This translates to faster development cycles, easier upgrades, and reduced maintenance costs.
Sitecore Log File Analysis
Review of the RAW Sitecore logs and calling out areas of interest for your attention. Covering major errors, reoccurring errors, flagged exceptions, and any severe looking “WARNS”. The audit also attempts to provide context around specific call outs so that you or the technology partner aren’t left guessing what the cause may have been. In some cases direct resolutions are provided as a remedy.
Log files are your window into your Sitecore implementation's health and performance. Unidentified errors can silently degrade performance, impact user experience, or indicate security vulnerabilities. Regular log analysis helps catch issues before they become critical problems, ensures optimal system performance, and provides valuable insights for proactive maintenance. This analysis can prevent potential system failures and help maintain consistent site performance.
Performance
This part of the review aims to discuss the main points of the Sitecore application that can negatively impact the performance of the solution. If the performance of the reviewed application remains a concern, Sitecore recommends that the “CMS Performance Tuning Guide”, be used to provide the full list of options that are available to tune the application.
Performance directly impacts user experience, search engine rankings, and ultimately, your bottom line. Studies show that even a one-second delay in page load time can result in significant drops in conversions and customer satisfaction. A performance review identifies bottlenecks and optimization opportunities, ensuring your Sitecore implementation delivers the speed and responsiveness your users expect. This leads to better user engagement, higher conversion rates, and improved ROI from your digital presence.
Security
Although Sitecore can run on several different operating systems, we recommend that you use the newest operating systems with the most up-to-date security features. Use the Windows update / Automatic update service to keep all your client computers and servers up-to-date with the most recent security updates and service packs. You should also create a disaster recovery plan to ensure the rapid resumption of services should a disaster occur. The recovery program should include:
- A plan for acquiring new or temporary equipment.
- A plan for restoring backups.
- Testing the recovery plan.
It is out of the scope of this auditing work to assess the existence and thoroughness of those afore mentioned items.
Maximizing Value Through Comprehensive Sitecore Audits
In today's digital landscape, security breaches can result in significant financial losses, damaged reputation, and legal complications. Regular security audits are essential for protecting sensitive data, maintaining compliance, and ensuring business continuity. A comprehensive Sitecore security review helps identify vulnerabilities before they can be exploited, ensuring your Sitecore implementation remains secure and resilient. This proactive approach to security helps protect your brand, your customers, and your bottom line.
Armed with this comprehensive understanding of Sitecore Audits, you're now well-equipped to navigate this crucial process with confidence. We've delved into each area covered by the audit, shedding light on the depth and breadth of the examination your Sitecore implementation will undergo. This knowledge empowers you to not only prepare thoroughly for your audit but also to set realistic expectations for the deliverables.
A Sitecore Audit is more than just a checklist—it's a roadmap for optimization, a blueprint for enhanced performance, and a catalyst for digital transformation. By understanding the intricacies of what's covered, you can better appreciate the value this process brings to your organization. From identifying potential bottlenecks to uncovering untapped opportunities, a well-executed Sitecore Audit can be the key to unlocking your platform's full potential.
As you embark on your Sitecore Audit journey, remember that you don't have to go it alone. The path to Sitecore excellence can be complex, but with the right guidance, it becomes a journey of discovery and improvement. Here at Fishtank, we're committed to supporting you every step of the way. Our team of Sitecore experts is ready to assist you through the audit process, helping you interpret the results and implement the recommendations effectively.
Whether you need help preparing for your audit, require assistance during the process, or seek guidance in implementing the suggested improvements, we're here to ensure your Sitecore implementation reaches its zenith. Don't hesitate to reach out—let's work together to transform your Sitecore Audit from a mere assessment into a launchpad for digital success.
Take the next step towards Sitecore excellence. Contact Fishtank today, and let's turn the insights from your Sitecore Audit into tangible improvements that drive your digital experiences to new heights.
