Lately, I've been approached by several CTOs and CMOs seeking advice on managing their organization's hosting and architecture requirements for multiple websites. Often, they're curious about handling the installation and configuration of many sites in Kentico. Although this is not a new subject, it seems to be a recurring topic this summer for some unknown reason. As a result, I decided to share my insights and recommendations for multisite management in Kentico.
The rest of this post contains my recommendations for implementing multiple websites with the Kentico Xperience 13 platform, but it could also easily apply to Kentico's next generation platform, Xperience by Kentico.
Kentico Multisite Pros & Cons
Kentico is a content management system that emphasizes modularity, extensibility, and scalability. It succeeds at balancing a rich set of built-in functionalities against high costs. One of those functionalities is the ability for a single installation of the software to run multiple websites, often referred to as multisite and technically known as multitenancy. The two figures below visually show the differences at a very high level.
Kentico Multisite Architecture
Kentico Multiple Single Site Architecture
There are pros and cons to the idea of multitenancy in Kentico. They are broken out by many functional categories below.
Multi-site Objects and Content
It's easily possible to run multiple websites (domain1.com, domain2.com, etc.) from a single instance of Kentico. Each website gets its own content tree for page-based organization of content, can have its own media library for asset storage and delivery, and its own page types or types of content that can be created and managed. Users can be assigned to specific sites and excluded from others. Once multiple sites are set up, it's a fairly straightforward matter to synchronize settings and global objects (as desired) between sites. It's possible to import and export whole sites or sections of sites from one to the other.
All objects in Kentico are tied to a “Site” object, so whether from the User Interface, or from the API code, each action and/or each query a user takes respects all the correct multitenancy configuration.
All content pieces in Kentico are tied to a “Site” object as well. Each website can contain separate lists of blog posts, products, job postings, and normal pages.
In small doses where no complex customization per site is required, and unique content per site is desired, the Kentico multisite ability works well.
In earlier versions of Kentico not every single administration screen respected the storage of multisite objects. For instance, in earlier versions e-commerce customers who made orders were not completely separated from one site to the next. The default list of customers would just show every customer in the system. The same was true of the friend’s list functionality, and other places of the administrative UI.
In the most recent versions of Kentico this was resolved, however, it shows how easy it is to have data security or data integrity issues. If a developer creates an object or query and forgets to specify the optional SiteID parameter in the administrative UI or API code, the wrong data can be shown to the wrong site. It adds an extra layer of quality assurance testing to ensure everything has the correct SiteID specified.
Even though we are talking about multisite objects and content being able to be separated, there is also the flip side of the coin. There is no concept of globally sharing 1 piece of content from a page in the content tree across multiple sites. Let’s say you wanted to have one global www.domain1.com/about-us page that was the same on every single site in the instance of Kentico. You could potentially share the MVC Page Template via code to make the layout look similar from site to site, and even specify some default options to make it look like it was 100% global. However, if one user at the site levels clicks save on the page, that content is now a disconnected copy. It’s just not a robust method for having global content in the content tree. There are some small things you can utilize like custom tables or custom settings to get around this, but it is just that, a work-around. That work-around most likely won’t easily support workflow or translation.
Pro Tip: For those following along at home, Xperience by Kentico has a killer new feature that makes this global sharing of content across multiple website channels much more easier. I have a full blog post coming soon on that.
Integrations / Customizations
Platform extensibility and ease of integration with other systems are key requirements for organizations that leverage enterprise-level software. Kentico rises to the challenge by exposing a various set of APIs for working with widgets, modules, database objects, and more. Any task performed in the UI is also available through the API. Kentico is one of the best platforms in all of the CMS space to customize and integrate with.
Many powerful extensions can be written using RESTful calls. Any client side library, like jQuery, Vue, and ReactJS, is supported since there is no limitation on what can be used on the live site. Kentico provides an API Examples application that demonstrates how to perform basic operations with system objects (creating, retrieving, updating, and deleting objects) via a built in REST Service or API call.
There are global events that can be tied to that extend any event in the system such as authentication, publishing of content, modifying custom tables, and/or modifying user profile properties to name a few.
There are scheduled tasks both globally and site specific that can be leveraged to run custom code to do almost anything you want or need to do.
Integrations and customizations can work well for both single instance configurations of Kentico and multitenant instances.
In a multitenant approach, if one developer chooses to customize their Kentico site by leveraging a global event handler, every single site in the instance could be affected by the code change. If there is a bug in the authentication code for single sign on, or a bug in the code that pushes user registration to CRM, it could cause a fatal exception on the entire application, whether its 1 or 500 sites in Kentico, they would all go down. It is not recommended to put all your eggs in one basket for complex integrations. Global truly means global when it comes to modifying system wide events.
If an integration is completed for a global event restarting or recompiling the site is required to deploy that change set. Again, deployment of one line of code would cause the site to temporarily not respond, whether it is 1 or 500 sites in Kentico. Note: It is totally possible to support 0-downtime deployments when using modern Dev Ops practices with Kentico as well.
Often, an organization needs to rely on its CMS to enforce corporate branding standards, content quality standards, accessibility requirements, cross-cultural requirements, and so forth. Kentico's workflow/approval system is sophisticated enough to meet most needs, supporting conditional branching, time-outs, and custom logic. In Kentico, you also get a visual workflow designer far surpassing the capabilities of many a more expensive solution.
Administrators and managers have the option of setting up publishing rights, scheduling publishing of content, and ensuring compliance with branding, cultural, or other standards by enforcing the use of appropriate templates (or even requiring the translation of pages in certain site sections but not others). A newer addition in Kentico is the ability to apply an existing workflow to a given document on the fly, with the click of a button. This is extremely helpful for managing the approval of stray documents on a one-off/as-needed basis.
The product's rights model is elaborate, built not only on fine-grained permissions at the level of ACLs (access control lists) on documents and folders, but also on the notion of roles and memberships. The membership-based role management aspect of the product is powerful enough to tempt unwary customers into needlessly complex rights-management scenarios. So be sure to take time to understand your true security and role requirements thoroughly before implementing them with Kentico. The product will accommodate extremely sophisticated Scenarios.
In large installations of Kentico with 10s to 100s of sites, setting up specific permissions to only allow one role to access one application might become troublesome. Take for instance the Workflows application. There is one list of workflows for the entire installation of Kentico. There is only one way to control which permission has rights to view the list of workflows, or add/edit a workflow. A user with the rights to see workflows will see every possible workflow, not just the workflows in their site. It is not until you get to the workflow scope inner UI that you see which site a workflow applies to. This could become an issue.
The above scenario is also true of other objects in Kentico like Smart Search Indexes, Customers, and Localization. The admin user gets the ability to manage all of them, not just the ones associated to their site.
Search is of paramount importance to any web presence. Increasingly, users are searching rather than browsing, and mobile devices have pushed users even further in the direction of search. Kentico has a Lucene.NET search engine at the core of the product, supporting keyword stemming, tagging, best bets, a faceted search web part, and more. Users can be allowed the option of submitting smart search queries using an advanced syntax, and deep search can be configured to look inside the content of documents (including PDFs). In past versions this required additional configuration of SQL Server. With recent versions like 13 this is no longer needed as search in PDF, Office docs, HTML, TXT and XML using the built in Lucene .NET search engine is now supported, without using SQL Server.
On top of the built in Search, Kentico now also includes an out of the box integration with Azure Cognitive Search (ACS). ACS is a cloud based search solution that brings Search to a whole new level. It is highly recommended to be used over the built in Smart Search that Kentico offers. It’s faster, more accurate, and easier to work with.
In general, search ties in quite nicely with the product's e-commerce support. Search can be combined with filtering to allow site visitors to get custom views of related products, for example, with and without paging (e.g., you can set up a page to show 5 products at a time, if a search brings back 30 or 40 products).
The Smart Search engine puts heavy resource strain on the system. Normally the Smart Search index process runs off hours and is not that noticeable. However, if it is a large truly global installation of Kentico, that has 10s or 100s of Smart Search indexes to run, there are no off hours.
Also, if more than one Smart Search indexer is running at the same exact time we have seen the demands of the application outpace the ability of the web server filesystem to keep up. It is possible for the system to choke if you try to run too many indexers at the same time.
The Smart Search interface itself also has the same governance issue as reported above. There really is only one set of Smart Search indexes that apply everywhere. You would have to customize the UI to have the list only show per site.
These cons are also reasons why we suggest Azure Cognitive Search as the preferred search solution with Kentico. There is an additional monthly service charge from Microsoft to use ACS to consider. But your site will provide more accurate search results with this configuration.
Digital Marketing / Digital Experience Platform
Kentico’s digital marketing capabilities provide extensive support for campaigns, A/B testing of web and e-mail content, contact management (including segmentation and scoring), e-mail marketing (and list management), trigger-based marketing automation, optimization testing, personalization, analytics, AI based sentiment analysis, and more. Automation process steps are built using the Kentico Visual Workflow Designer mentioned earlier. Kentico comes with extensive support for email newsletters, including advanced A/B testing functionality for the content of each newsletter issue.
Kentico’s Digital Marketing capabilities are formidable, and they are growing with each new release. Kentico is poised to give other solutions a run for their money in the integrated marketing suite arena. Often times getting any of these systems to "really sing" requires a substantial investment of time in learning the system. That is still true with Kentico. For example, conditional logic is used in personalization, dynamic contact groups, and marketing automation, and while you don't have to be a developer to set these things up, you do have to know how macro expressions work, which includes a bit of a learning curve.
Kentico has managed to pack a huge amount of capability into the digital capabilities.
The ability to do this advanced functionality requires a lot of resources. A single site’s digital marketing and web analytics database objects can grow at an outstanding pace and generate millions of rows of data over a period of a year, again for just one site. Now multiply that by 10s or 100s of sites if you are using multitenancy. A large enterprise multitenancy digital marketing type of solution in Kentico will demand a large amount of computing resources / horsepower. If configured and optimized correclty Kentico will keep the marketing features running smoothly though.
Also, please note that certain parts, and perhaps the most significant part of the digital marketing portion of the system, contacts and contact groups, are shared across the entire instance, making them global only. In other words, you do not have site-specific Contacts or site-specific Contact Groups. To generate a contact group, lead score, or marketing automation history report, the query would have to sift through millions of rows of data. Again this could cause all the sites to grind to halt in that single instance if misconfigured. The online marketing database could be separated, but even that is not enough to fix this con. For large enterprise use, this essentially compels you to opt for a single instance rather than a large multisite instance.
Software Maintenance / Upgrade Path
In a multitenant installation of Kentico, running one patch or hotfix would update all sites in the instance at the same time. This could include bugfixes, security fixes, new features or enhancements, which Kentico releases weekly. In theory this means that keeping all the sites up to date is very easy.
In reality though, all of the sites in an installation might experience small downtimes during a hotfix, upgrade or code deployment. For large organizations that may not be desired. Also, if one site wants feature A they get it, but if a different site does not want feature A or is not ready for it, they still would get it too. Additional customization would need to be written to prevent this for a specific site to be excluded.
Managing the core software branch of source control becomes more difficult as well. We would assume multiple development teams would want access to make changes, commit updates, and merge commits in a multitenant approach. One development team in Australia could perform a merge that conflicts with changes from a team in Germany.
In multi-tenant instances backup and recovery processes become more complex. Ensuring data isolation and integrity is challenging enough, as recovery needs to be selective for individual tenants without affecting others. It's basically all or nothing.
Your software development process need to be more disciplined in a multsite configuration for sure.
Total Cost / Cost of Ownership
Kentico is typically licensed per top level domain. The number of licenses can be applied to as many installations as you would like, or to a single installation. That means there is no difference in the cost of the Kentico software license for either approach. The license cost is the same. The hosting costs can be quite low for a simple Kentico site running in Microsoft Azure. Yes Azure is your friend with Kentico as it is a .NET based product. In fact Kentico's cloud support is top notch.
The other aspect of cost in the hosting / infrastructure side is what is required to run a large multisite website instance. In a large multitenant installation, there could be some cost-saving advantages. It is only one database and computer resource to consider. However, this could be a larger cost because more resources are required to handle larger sites at load. The scale and load demands are extemely important to consider.
For multiple single tenant installations, each additional installation / website would add additional cost as it would be per database and per computer resource (unless running in a large virtual machine than it may be a single cost center).
Basically, when it comes to cost, you have to do the math / use the pricing calculators to determine which route is more cost effective.
Data Security / Compliance / Personal Identifiable Information (PII)
Kentico goes to great lengths to provide multiple levels of security measures that ensure adherence to relevant regulations and privacy standards. You can achieve any level of compliance you need to with it, HIPAA, PCI DSS, GDPR, they all can apply.
If your organization is a single entity with multiple brand sites and you are trying to achieve shared users, contacts, customers, and more, Kentico can be a great solution.
In a multisite installation, you are storing all user, customer, subscriber, and marketing data from different sites in a single database. There are out of the box tools such as SQL Reporting, or even just global administrator users, that have unlimited access to all data in that database. This means that it's impossible to completely isolate personal information to one site within a multisite instance.
Summary & Final Thoughts on Kentico Multisite Options
Hosting multiple websites in a single large multitenant instance of Kentico Xperience offers some basic advantages at first glance. It allows for centralized management and administration, simplifying updates, maintenance, and resource allocation. It can also lead to cost savings by utilizing shared infrastructure.
However, there are some major potential drawbacks to consider. The risk of performance issues or downtime affecting multiple sites simultaneously is much higher, and customization options may be limited due to shared resources or incompatibilities (ex: think of trying to integrate two different SSO methods, it would be extremely complicated in multitenancy). On the other hand, hosting multiple separate instances of Kentico with single tenant sites provides greater flexibility and isolation. Each website can have its own dedicated resources, ensuring better performance and customization options (ex: in this manner two different SSO methods for two separate sites is a straightforward task). This single tenant approach does require more resources and effort for management and maintenance to be fair.
Ultimately, the decision should be based on factors such as the specific needs of your websites, the level of customization required, and the trade-off between centralized management and flexibility. But, in my professional opinion, when considering the pros and cons above, I lean towards multiple single instances of Kentico makes sense most of the time. This is especially true when each site has fairly unique set of requirements and customization needs. The pros of flexibility and extensibility of multiple single tenant installations outweigh the pros for a large single multitenant installation.
As always, the final answer is, it depends on your exact scenario for which way is the best. If you need help figuring that out, drop me an email, or get in touch with me via my contact form.