Gravatar for nstephens@hhogdev.com

Question by nickstephens, Nov 11, 2015 4:44 PM

Adding additional Sitecore Security Providers

Our production environment utilizes separate publishing instances of Sitecore. We were hoping to utilize those publishing servers to initially build our indexes prior to deploying Coveo to our active CMS server. One issue we have run into is dealing with the creation of the security providers.

Each publishing server has it's own Coveo Search Provider configuration. The SecurityProviderName and ServerUrl are unique to each publishing server. The Coveo Index Source Name is shared across all servers: "coveocoreindex [CMS Server Name]".

What we've found is the following:

  1. When initially creating the index from any of the servers, the security provider is created based on the host machine and the index is created with that security provider associated to it
  2. When trying to rebuild the same index from another server, where a security provider has not been created, we receive an error: "Job started: IndexUpdateIndexName=Coveocoreindex|#Exception: System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> System.InvalidOperationException: Sequence contains no matching element"
  3. If I then delete the coveocoreindex through the admin service, then try to rebuild the index from the other server; the security provider gets created, the index gets generated and I can now actually rebuild from either of the two servers without issue. (Now that both providers exist in CES)

Seeing as how the Security Provider/User Identity not being created is causing this issue, we tried manually creating a User Identity and associated Security Provider which matched the hosts that would be connecting to Coveo. However, when trying to add a User Identity following the same pattern generated in Coveo during an index rebuild, we receive the error "Your configuration is out of date." We also tried exporting an existing one, changing the host name in the export file, and re-importing. This resulted in the same "Your configuration is out of date" error.

The only way we have been able to get this to work is by updating each server, Publishing and CMS, then rebuilding a single index from each server until we have all servers Security Providers represented in Coveo.

Gravatar for nstephens@hhogdev.com

Comment by nickstephens, Nov 12, 2015 10:59 AM

I've also read through this documentation: https://developers.coveo.com/display/public/SC201502/Understanding+the+Coveo+Search+Provider%27s+Configuration+File#UnderstandingtheCoveoSearchProvider'sConfigurationFile-Basicconfigurationsettings

This does specify that it is possible to have multiple sitecore instances pointing to the same index while sharing the provider. I'm going to experiment with this in our instance.

Gravatar for nstephens@hhogdev.com

Comment by nickstephens, Nov 12, 2015 2:53 PM

This functionality looks to be working, however, I'm seeing that there are a lot of updates being logged where the index being updated first gets live monitoring disabled, then the user identity gets updated, then the live monitoring gets enabled.

Source "sitecore_master_index - [ServerName]-SitecoreCoveo" (oid:72068/id:31898) on Collection "Sitecore Search Provider" (oid:1811/id:1734) was modified (LiveMonitoringEnabled: true -> false) by [serviceUser].

SourceCustomParameter "UserIdentity" (oid:74123/id:18467) on Source "sitecore_master_index - [ServerName]-SitecoreCoveo" (oid:72068/id:31898) was added by [serviceUser].

Source "sitecore_master_index - [ServerName]-SitecoreCoveo" (oid:72068/id:31898) on Collection "Sitecore Search Provider" (oid:1811/id:1734) was modified (LiveMonitoringEnabled: false -> true) by [serviceUser].

I'm not sure exactly what's being updated here as the user identity stays the same on the security provider from what I can see. Will these frequent updates cause us performance issues when indexing from multiple instances? The Disabling and Re-Enabling of the Live Monitoring take a few seconds each time.

Gravatar for jflheureux@coveo.com

Comment by Jean-François L'Heureux, Nov 16, 2015 2:41 PM

Hi Nick,

There's a lot of content in your question. I just want to be sure I understand your setup correctly before going further.

You have:

  • 1 Publishing Sitecore instance
  • One or many Sitecore CM instances
  • One or many Sitecore CD instances
  • All of them share the same set of master/web/core databases
  • 1 Coveo Enterprise Search master server and index

Am I right?

Gravatar for jflheureux@coveo.com

Comment by Jean-François L'Heureux, Nov 16, 2015 2:54 PM

Did you also read the Coveo for Sitecore scaling guide when you use multiple Sitecore instances using the same databases (CM/CD/Publishing)? https://developers.coveo.com/pages/viewpage.action?pageId=29556990

When you have multiple Sitecore instances all using the same master/web/core databases, the goal with Coveo for Sitecore is to have:

  • Only one Coveo Security provider with a fixed name (You can do that by specifying the <SecurityProviderName> in all the Sitecore instances Coveo.SearchProvider.config files to the same value)
  • Only one Coveo source per Sitecore database (You can do that by specifying the <SourceName> of all the master Sitecore indexes in all the Sitecore instances Coveo.SearchProvider.config files to the same value. Do the same to the web and core indexes but with a different value than the master index.)

For the user identities however, there's no way actually to have only one for all the Sitecore instances. A different one will be created by each Sitecore instance. When a Sitecore instance ask Coveo for Sitecore to do an indexing operation, Coveo for Sitecore will ensure the sources and the security provider use its own user identity. That's why you see updates for that in the logs. This may cause performance issues if the indexing operations are often triggered by different servers.

By the way, CD servers should never trigger indexing operations. The indexing operations should always come from the publishing or CM Sitecore instances.

Gravatar for sholmesby@hhogdev.com

Comment by sholmesby, Dec 3, 2015 12:48 PM

Hi Jeff, Just following up on Nick's post. We have the same SecurityProviderName and SourceName across 3 publishing sites and 1 CM instance…. all pointing to 1 CES master server and index.

The problem is, each of the publishing and CM sites have a different UserIndentity, but SecurityProviders can only have 1. It seems like each of the instances, when used, remove whatever was used as the UserIdentity on the SecurityProvider, and replace it's own UserIdentity.

This is constantly happening across all sites…. and each switch is causing Live Monitoring to be switched on/off.

The CD instances never trigger the indexing operations…. but I think the 3 publishing instances (with their strategies) are causing all these switches…. which is causing this slowness. Does that sound correct?

Gravatar for jflheureux@coveo.com

Comment by Jean-François L'Heureux, Dec 3, 2015 4:17 PM

You are correct. The automatically created user identity was not correctly designed at the start.

This will change in a future version of Coveo for Sitecore. We will be able to fix the user identity name as we are able to do with the security provider name. This is planned for Coveo for Sitecore 4.0 in Q1 2016 but may be backported to Coveo for Sitecore 3.0 in the first 2016 release as it is too late for the December 2015 release.

0 Reply
Ask a question