Architecture

Sitefinity SaaS runs in a multi-tenancy architecture, where customers share some of the underlying infrastructure resources. Progress Software utilizes strong tenant isolation security and control capabilities to maintain segregation. Different services and components for each customer subscription (project) are logically isolated using network policies.

After purchasing a Sitefinity SaaS subscription, each customer gets their own dedicated organization. Each Sitefinity SaaS subscription corresponds to a project in the organization. When a customer purchases additional Sitefinity SaaS subscriptions, these are added as extra projects.

The following diagram illustrates a high-level Sitefinity SaaS setup with organizations for multiple customers:

Each Sitefinity SaaS subscription (project) hosts a single .NET Core Renderer application that has a single codebase. The .NET Core Renderer application is deployed consecutively to multiple environments through a built-in CI/CD pipeline. The Sitefinity CMS is provided as a service (SaaS) and is fully managed by Progress Software. A Sitefinity SaaS subscription (project) includes a Staging environment and a Production environment.

By default, Sitefinity SaaS allows for only 1 website, but it is possible to increase this limit. For more information, refer to the limits outlined in Capability matrix and limitations.

The following diagram is a high-level representation of a Sitefinity SaaS setup focusing on the different environments, as well as the integration and operations between them:

The following diagram is a detailed representation of the different infrastructure components in a Sitefinity SaaS setup and their interrelations:

The component marked with * in the diagram is purchased as add-on:

• Cloudflare HTTP and WAF Logs Push* is part of the Advanced Security add-on

The Sitefinity SaaS architecture is based on the following Microsoft Azure and Cloudflare services:

• Cloudflare WAF, Cloudflare DDoS Protection, and Cloudflare SSL/TLS to ensure optimal security for the web application.
• Cloudflare CDN to ensure a pleasant user experience by reducing page and content load times.
• Cloudflare Argo Smart Routing to detect real-time congestion and route web traffic across the fastest and most reliable network paths.
• Cloudflare Workers to create custom edge rules that can transform the request or response based on different conditions at the edge.
• Cloudflare Image Optimization to reduce the image size by stripping metadata and applying lossless or lossy compression to remove redundant bytes from images.
• Cloudflare Tunnel to provide a secure way to connect Azure resources to Cloudflare without a publicly routable IP address.  
• Azure Kubernetes Service (AKS) for hosting the applications.
• Azure SQL Database to store the website’s data, tuned to ensure optimal performance for the application.
• Azure Cache for Redis used for server-side data caching to further optimize the website performance.
• Azure Files for storing Lucene search index files.
• Microsoft Entra ID (formerly, Azure Active Directory) for easy user management and single sign-on.
• Microsoft Defender for Cloud to ensure defense in depth with its ability to both detect and help protect against threats.
  

The Management Portal provides all functionality for managing your Sitefinity SaaS project, including identity and access management, domain management, code manipulation, deployment, monitoring application metrics, and more. Below is a list of all services/tools provided by the Management Portal user interface: 

• Source Control Management 
• CI/CD Management
  
• Application Management 
• User Management 
• Domain Management
• Integration Hub
• Boards Hub
• Wiki 

The services are described in detail in Management Portal.  

For user management, the solution leverages the capabilities of Microsoft Entra ID (formerly, Azure Active Directory) and is described in User management.

The following regions are supported for Sitefinity SaaS:

• EMEA
  
• North America