Previous Topic: Port RulesNext Topic: Manage iConsole Settings

Platform Deployment GuideiConsole DeploymentPost-deployment TasksGeneral Setup TasksSet Up iConsole Servers for Network Load BalancingViewState Encryption

ViewState Encryption

If you deploy your iConsole front-end Web servers in a cluster, you need to use a common encryption key for the ViewState encryption. By default, the cluster nodes each use an auto-generated encryption key, but this can cause problems if a node switch occurs. Specifically, the iConsole browser can lose its connection to the CMS after the iConsole session times out.

To specify a common encryption key on each node in the cluster

  1. On each node, you need to edit the .NET file machine.config. Find it in this folder:

    %windir%\Microsoft.NET\Framework\v2.0.50727
    \CONFIG

  2. In this XML file, locate the machineKey: 
    <machineKey
  validationKey="AutoGenerate...
  decryptionKey="AutoGenerate...
  validation=<encryption_algorithm>"
/>

    Note that the validation parameter can be set to any encryption algorithm, such as SHA1 or 3-DES.

  3. Now change the machineKey parameters to: 
    <machineKey
  validation=<encryption_algorithm>"
  validationKey=<hex_key>"
/>

    Where hex_key is an encryption key (in hexadecimal format). You can use any length key, but be aware that there is a trade-off between security and response times. Longer keys, (say, 128‑bit) provide stronger security but also mean that data requests take longer to service. Conversely, shorter keys mean data requests are serviced more quickly but provide weaker security.

  4. Make this encryption change on all nodes (that is, iConsole servers) in the cluster.
  5. Finally, you need to restart Microsoft IIS on each node:
    1. In Cluster Administrator, take the cluster offline.
    2. Restart IIS on all nodes.
    3. Bring the cluster back online.