A Go-Live checklist for a new site built with Sitecore SXA

Sitecore Experience Accelerator is an absolute game-changer for companies looking to roll-out a new site. It has so much great value out of the box that there are very few reasons why I would decide not to use it on any new Sitecore build. Of course there’s been plenty of other blogs and discussions on what makes SXA so great — instead let’s delve into what needs to be done when launching a new SXA site.

Friendly Error Page and Not Found Page

All too often I come across the dreaded ASP.NET Yellow Screen Of Death when looking at a new site. With SXA, all you need is a few clicks to have a nice customer-friendly 404 page and server error page. See here for the official documentation on how to configure this.

One gotcha that is not covered in the official docs at time of writing is that you need to make sure that the static error page .html file is deployed to all your CM and CD instances. Here is some more info and helpful hints on troubleshooting issues when setting it up and configuring.

Configure your Site Groupings

You shouldn’t be defining your SXA site as a <site> in config as you would with non-SXA sites. Instead use the far more flexible Site Grouping. It is still possible to define an SXA site via config instead of Site Grouping item, by setting IsSXASite=true on your site config. However, I’d only recommend doing this if you have a very good reason (I can’t think of any at the moment, but I’m sure there are some customization edge cases where this would be a good option).

I usually would check and configure the following on each Site Grouping site in the environment.

• Configure a custom link provider. If the site only supports one language then usually you’ll want to prevent language embedding or at least enable lowercase URLs.
• Configure the Host Name and Target Host Name settings.
• Make sure all Database settings are set to Web if the Host Name value will be used a CD server.
• Check your site(s) in the Site Manager to make sure there’s no issues with site ordering.

Check your Robots.txt and Sitemap.xml

These SEO things don’t take much time, but have a huge impact on search engine rankings. By default SXA will have a “Disallow all” robots.txt, and the Sitemap.xml might need some tweaking based on your business needs (or may require a custom link provider as mentioned above).

• Configure Robots.txt on your site settings item.
• Configure Sitemap.xml
• If you have multiple sites, watch out for this potential issue when using wildcard hostnames.

Enable and Configure the Asset Optimizer

Chances are if you’re reading this is that by now you’re familiar with the Asset Optimizer, as it is enabled by default and can be a pain to work with. But it’s worth double checking that it’s enabled and working and none of your assets are throwing 404’s due to duplicate asset items in the media library.

Set a Favicon

Favicons are necessary to add that extra polish to the site. Instructions are available here on how to configure one.

Set up Tenant and Site level security

SXA has some little-known scripts for creating some useful roles for Tenant-level and Site-level permissions.

Standard Sitecore Go-Live tasks

This isn’t SXA specific, but here are some steps to take to ensure your Sitecore environment is healthy. The order set here is important. Every single one of these steps is essential and needs to complete successfully.

1. Do a full republish of master to web.
2. Rebuild all link databases.
3. Rebuild all indexes.
4. XP Only: Deploy all Marketing Definitions and Taxonomies. Instructions for how to do this are part of the Installation Guide for your version of Sitecore. One tip I can give is if it doesn’t succeed and there’s no errors in the logs, try and deploy them one by one in reverse order.
5. Validate all instances in your Sitecore environment. How? I’m simply going to link to this post by Pete Navarra as it is quite definitive. One other tool that may help with checking xConnect connectivity is xConnectHelper.

Security

There are many considerations here and every installation and implementation is unique, but here are a few general things you can check on:

• Limit access to your CM, Processing, Reporting environments using IP restrictions.
• Limit access to Sitecore pages on CD servers. Either use URL Rewrite rules or deny anonymous access.
• Set good passwords on all CMS accounts — especially admin accounts.
• Set good passwords on all SQL user accounts.
• Enable HTTPS only connections (e.g. via a URL rewrite rule).
• Set the Secure flag on all cookies.

That’s it, if you have any questions, suggestions or comments hit me up on Twitter or Sitecore Slack.