Guide - Checklist Going Live


Product Version

7.0

Product To Version


Status

final

1 Introduction

This guide is meant to provide an overview over important system settings that should be checked before going live with Intershop 7, the Commerce Management or an OCST product such as the Contact Center. For more information on selected topics, follow the links provided by this article, search the Support Knowledge Base, including the product documentation, or contact the Customer Support Team.

2 Encryption

Intershop 7 products, the Intershop Commerce Management as well as OCST products such as the Contact Center can encrypt sensitive database content. To decrypt data, the same algorithm and key must be used as for encryption.
Also it must be possible to use a different algorithm/key starting with a certain point in time to increase security.

Please follow the solution given in:

3 Database

3.1 Change the Database Passwords

Guide - Quick Database Setup With DBCA Templates describes how to create a database instance suitable for your Intershop 7. As soon as your system is about to go live, contact your Oracle Database Administrator to change these passwords. Afterwards, you have to update the passwords in your orm.properties, which is located in $IS_share/system/config/cluster:

Password
intershop.jdbc.password=<NewIntershopPassword>

3.2 Backup the Database

Make a backup of your database content before going live to preserve the original state of your database. Refer to your Oracle manuals, to the Knowledge Base article Cookbook - Database Maintenance or contact your Database Administrator for more information.

3.3 Set Oracle to Archive Mode

Setting the Oracle server to archive mode is essential to enable the recovery of the database in case of a system server crash, for example a disk crash. For more information refer to Cookbook - Database Maintenance.

3.4 Consider Oracle Tuning Measures

Tuning is strongly recommended, depending on your own database setup. Intershop outlines only the basic database requirements for the Intershop application, see Overview - System Requirements and its subsequent pages as well as Overview - Administration and Configuration. Some hints, which do not cover everything, though are available with the Cookbook - Database Tuning. Further adjustments are left for the responsible database administrator and depend on your very installation.

4 Web Server / Web Adapter

4.1 Page Cache

Enabling Page caching is recommended to decrease the response time of the Intershop Application, Commerce Management or OCST Product such as the Contact Center. It decreases the load on your application servers by caching single pages inside the Web Adapter. Refer to the Intershop 7 administration and configuration guides to learn more about the page caching mechanism. Page caching is usually turned off during development to have all changes to ISML templates displayed immediately, so do not forget to turn it on in the Commerce Management:

  1. Log in to your organizations's Commerce Management application.
  2. Select the channel whose pages shall be cached.
  3. Navigate to Preferences | Page Caching, check the box and click Apply.

For more detailed information, please refer to:

4.2 Web Robots

Define Website indexing rules for Web robots.

Avoid having your whole Intershop 7 site indexed by Web Robots instead of only your rewritten URLs. Therefore, the robots.txt has to be configured so that no robot can access URLs containing the string /INTERSHOP/. This leads to a site where just your rewritten URLs are indexed.

For further details, please refer to:

4.3 Online Search Engine Support

To improve the visibility of your system, have search engine Web robots, like that of Google, index your site in a controlled manner. This means that you allow selected indexing robots to access your system. To provide them with links which do not include session IDs (SID) or personalization group IDs (PGID) set the following property in $IS_SHARE/system/config/cluster/webadapter.properties:

session.skipForUserAgent.0=XampleBot

where XampleBot is the name of the robot. Thus, any user agent containing the string XampleBot will get links without IDs, allowing the robot to recheck the URL later.

For more information, refer to: Cookbook - URL Rewriting | Recipe: Define Website Indexing Rules for Web Robots.

4.4 Configure the Firewall

It is recommended to run your Intershop 7 machines behind a firewall. The only open ports should be ports 80 and 443 of your Web Server (these are the defaults).

4.5 Web Adapter Statistics Monitor

The Web Adapter Statistics monitor delivers information about your system (e.g., load, cache hit ratio, response times). For more information refer to Guide - Web Adapter Settings. The Web Server mapping of the Web Adapter Statistics monitor can be activated in $IS_HOME/httpd/conf/extra/httpd-webadapter.conf by adding the following lines:

<LocationMatch /wastatistics>
  Order Allow,Deny
  Allow from YourIPRange (Example: Allow from 10.10.10.0/24)
</LocationMatch>

After restarting the Web Server one can access the monitor page by using the url http://<host>/INTERSHOP/wastatistics.

To restrict access to the monitor, follow these steps:

  1. Choose a user who should have access.
  2. Open a command line and switch to $IS_HOME/httpd/bin
  3. Execute htpasswd -c passwordFileNameWithPath username
  4. Choose and confirm a password.
  5. Modify the $IS_HOME/httpd/conf/extra/httpd-webadapter.conf by inserting:

    <LocationMatch /wastatistics>
      AuthType Basic
      AuthUserFile passwordFileWithPath (e.g., /path/filename)
      AuthName "username"
        require valid-user
    </LocationMatch>
    
  6. Modify the $IS_HOME/httpd/conf/httpd.conf by activating these modules:

    • LoadModule auth_basic_module modules/mod_auth_basic.so
    • LoadModule authn_file_module modules/mod_authn_file.so
    • LoadModule authz_host_module modules/mod_authz_host.so
    • LoadModule authz_user_module modules/mod_authz_user.so
  7. Restart the Web Server to activate the changes.
    Now a user and password is necessary to access the Web Adapter Statistics monitor.
  8. Check TCP Stack Settings.
    Max number of ports and socket timeout must match the traffic:
    • Recommended number of ports: 65535
    • Recommended socket timeout: 30 - 60 seconds

5 Application Server

5.1 Java Virtual Machine

Adjust the memory size of the Java Virtual Machines by setting the following properties in $IS_HOME\bin\tomcat.bat:

JAVA_OPTS=%JAVA_OPTS%
-Xms2048m
-Xmx2048m
-XX:MaxPermSize=400m
-XX:NewRatio=8

For more information, refer to Guide - Node Manager | OutOfMemory Error Handling.

5.2 Log Level

Log levels can be defined separately for each Intershop 7 application server in the cluster or cluster wide. For development purposes, the log level is usually set to DEBUG which is not recommended for live systems, because of its negative impact on performance and the huge amount of logged data that blows up log files. Live systems should be configured to the levels ERROR, WARN, JOB and additionally to STAGING if the application server is part of a staging cluster.

To set the log level:

  1. Log in to the SMC.
  2. Go to the Logging section.
  3. Choose a cluster-wide setting, or select a single application server and specify the log scopes (log levels).

After changing the log level, check the content of the log files and perform a couple of requests on your site. The log level is successfully set when no debug messages can be found.

For more information about SMC logging refer to:

Note

Regarding the PA-DSS requirements you have to make sure, that your Audit Logging is enabled and configured as described in the PA-DSS Implementation Guide.

5.3 Clear/Backup Log Files

You should clear or backup the log files prior to going live, so that you can track potential problems more easily. To clear the log files:

  1. Stop (Intershop 7) Application and the Web Server.

  2. Move all files from $IS_SHARE\system\log to a backup directory (keep these old log files for reference).

  3. Start (Intershop 7) Application and the Web Server.

5.4 Jobs

Check the jobs within the SMC for each site. Disable jobs that are not needed. Schedule jobs (if possible) for low traffic time, e.g., at night, and make sure the jobs are scheduled to run with some time offset to reduce the risk of heavy system load due to concurrent jobs.

Note

Regarding the PA-DSS requirements, check if the OrderPaymentDataCleanup is enabled and configured. Please refer to the configuration and documentation in the PA-DSS Implementation Guide.

5.5 ISML Source Checking

Usually, your production system will not change often. To improve its performance disable ISML source checking during template processing by setting the following property in $IS_SHARE\system\config\cluster\appserver.properties:

intershop.template.CheckSource=false

5.6 ISML Precompilation

Use ISML template precompilation to improve the performance during high traffic times. All ISML templates are precompiled during application server start so that the system does not need to compile them on user request.

5.6.1 For Intershop 7 Versions < 7.2.1

To enable precompilation set the following property in $IS_SHARE\system\config\cluster\appserver.properties:

intershop.template.CompileOnStartup=true

5.6.2 For Intershop 7 Versions Starting From 7.2.1

The ISML templates can be precompiled by executing the Ant task:

ant precompile

5.7 Password Configuration for Encryption

Ensure that the value intershop.encryption.0.id has got a configured password which meets the requirements for a secure and safe password. For this you can check the usercredentialrules.properties, there you can find the mentioned requirements.

Note

Regarding the PA-DSS requirements, you have to ensure, that intershop.encryption.keystore.password is configured (90 characters) in your encryption.properties.

5.8 Set Correct Time

Before going live, set the correct time and timezone for the Intershop 7 application server machines, the database machine and also the Web Server machine. They all should be in sync.

5.9 License Key

Intershop Commerce Management distinguishes between development license keys and production license keys (standard and TBR (transaction-based renting)). So please check whether your license keys are made for live systems. If not, contact your Intershop account manager to request appropriate license keys.

5.10 Storefront Form Transmission

Be sure that all forms are transmitted using POST requests. Using GET requests is not recommended in regards of securing sensitive data.

5.11 Disable Development Mode of Tomcat

By default the inner Tomcat development mode is set to true, which can be a performance issue. In live system installations the development mode can be set to false. The suggested solution to increase the performance of production systems is to edit the file web.xml in %IS_SHARE\system\config\servletEngine\conf\ as follows:

...
<init-param>
  <param-name>development</param-name>
  <param-value>false</param-value>
</init-param>
<init-param>
  <param-name>reloading</param-name>
  <param-value>false</param-value>
</init-param>
...


Note

By setting the two values to FALSE, all properties that concern ISML template handling (these properties start with intershop.template) in appserver.properties become invalid (also see Guide - Intershop Application Server Settings). If, for example, you configure your system to check for newer versions of ISML templates at request (by using intershop.template.CheckSource=true) Intershop 7 will simply ignore this property. In other words, you can either disable the Tomcat development mode or be able to configure ISML source checking and ISML precompilation.

5.12 Disable AXIS HotDeployment

To avoid a lot of additional file system operations you can define the below settings:

/intershop/system/config/cluster/axis2client.xml
<parameter name="hotdeployment">false</parameter>
/intershop/system/config/cluster/axis2server.xml
<parameter name="hotdeployment">false</parameter>

5.13 Check Correctness of all Multicast Channels

To ensure the operational reliability of your Intershop 7 installation you have to check the Multicast settings in the following configuration files:

  • Multicast Channels from appservers, nodemanager & database
  • $IS_SHARE\system\config\cluster\appserver.properties
  • $IS_SHARE\system\config\cluster\orm.properties
  • $IS_SHARE\system\config\cluster\cache.properties
  • $IS_SHARE\system\tcm\config\tcm.properties

5.14 Disable Unused Sites

Disable sites that are not used. This applies to the Intershop 7 demo sites (e.g., inSPIRED). The demo store could even be misused to harm your systems performance by starting imports, syndication or heavy jobs. Sites can be disabled via the SLDSystem (in Operations Site) or SMC.

5.15 Development & Production Properties

Intershop 7 provides the possibility to create development or production properties, with the advantage to simply switch between configurations. The environment.properties ($IS_SHARE\system\config\cluster) define which property file is taken.
Please check if you have the correct configuration in the environment.properties.

5.16 Change the SMC and the TCC Passwords

The two admin consoles can be found under the following URLs:

  • SMC: https://<host>/INTERSHOP/web/BOS/SMC
  • TCC: https://<appserver-host>:10053/tcc
  1. Log into SMC/TCC as admin.
  2. Go to Change Password.
  3. Type a new password and confirm change.

Note

Regarding the PA-DSS requirements, you have to ensure that only designated users with unique userIDs have access to the backoffice.

5.17 Configure a Mail Server

  1. Open the file $IS_SHARE/system/config/cluster/appserver.properties.
  2. Modify the line intershop.SMTPServer=defaultMailServer.domain.com to add your own Mail server address.

5.18 Processor Affinity

Configure your Application Servers to use all available processors. Intershop 7 supports processor affinity to provide better performance in case you do not bind all Application Server processes to the same CPU. Every server process (the JAVA virtual machine) can be bound to a certain CPU or can be run unbound, which means that the Intershop 7 application servers will use all cores from the machine. Please note that CPU usage of all application servers has to be covered by the license file. If the license covers all possible cores, it is recommended to run the application servers unbound. To bind the application server processes:

  1. Switch to $IS_SHARE\system\config\servers.
  2. Enter the folder named with the IP address of the desired application server instance.
  3. Open the file appserver#.properties contained in this folder.
  4. Modify the line intershop.cpu.id = 0 to bind the server instance to one CPU (four CPUs have the numbers 0 to n).

5.19 Intershop Commerce Insight (ICI)

Configure your system to transfer log files to the ICI where the data is processed and made accessible in a graphical way. According to your Support contract you can use the ICI. Refer to Guide - Configure Data Transfer from Intershop 7 to the ICI to learn how automatic data transfer is configured between your system and the ICI.

Disclaimer

The information provided in the Knowledge Base may not be applicable to all systems and situations. Intershop Communications will not be liable to any party for any direct or indirect damages resulting from the use of the Customer Support section of the Intershop Corporate Web site, including, without limitation, any lost profits, business interruption, loss of programs or other data on your information handling system.

Customer Support
Knowledge Base
Product Resources
Support Tickets