Introduction
This guide is meant to provide an overview of important system settings that should be checked before going live with Intershop 7, the Commerce Management or an OCST product such as the Contact Center. For more information on selected topics, follow the links provided by this article, search the Support Knowledge Base, including the product documentation, or contact the Customer Support Team.
Encryption
Intershop 7 products, the Intershop Commerce Management as well as OCST products such as the Contact Center can encrypt sensitive database content. To decrypt data, the same algorithm and key must be used as for encryption.
Also it must be possible to use a different algorithm/key starting with a certain point in time to increase security.
Please follow the solution given in:
- Cookbook - Gradle Deployment Tools (valid from Intershop 7.4 CI to ICM 7.7) | Recipe: Configure Encryption
- Cookbook - Deployment Tools ICM 7.8 | Recipe: Configure Encryption
- Cookbook - Deployment Tools ICM 7.9 | Recipe: Configure Encryption
Database
Change the Database Passwords
Guide - Quick Database Setup With DBCA Templates describes how to create a database instance suitable for your Intershop 7. As soon as your system is about to go live, contact your Oracle Database Administrator to change these passwords. Afterwards, you have to update the passwords in your orm.properties, which is located in $IS_share/system/config/cluster:
intershop.jdbc.password=<NewIntershopPassword>
Backup the Database
Make a backup of your database content before going live to preserve the original state of your database. Refer to your Oracle manuals, to the Knowledge Base article Cookbook - Database Maintenance or contact your Database Administrator for more information.
Set Oracle to Archive Mode
Setting the Oracle server to archive mode is essential to enable the recovery of the database in case of a system server crash, for example a disk crash. For more information refer to Cookbook - Database Maintenance.
Consider Oracle Tuning Measures
Tuning is strongly recommended, depending on your own database setup. Intershop outlines only the basic database requirements for the Intershop application, see Overview - System Requirements and its subsequent pages as well as Overview - Administration and Configuration. Some hints, which do not cover everything, though are available with the Cookbook - Database Tuning. Further adjustments are left for the responsible database administrator and depend on your very installation.
Web Server / Web Adapter
Page Cache
Enabling Page caching is recommended to decrease the response time of the Intershop Application, Commerce Management or OCST Product such as the Contact Center. It decreases the load on your application servers by caching single pages inside the Web Adapter. Refer to the Intershop 7 administration and configuration guides to learn more about the page caching mechanism. Page caching is usually turned off during development to have all changes to ISML templates displayed immediately, so do not forget to turn it on in the Commerce Management:
- Log in to your organizations's Commerce Management application.
- Select the channel whose pages shall be cached.
- Navigate to Preferences | Page Caching, check the box and click Apply.
For more detailed information, please refer to:
Web Robots
Define Website indexing rules for Web robots.
Avoid having your whole Intershop 7 site indexed by Web Robots instead of only your rewritten URLs. Therefore, the robots.txt has to be configured so that no robot can access URLs containing the string /INTERSHOP/. This leads to a site where just your rewritten URLs are indexed.
For further details, please refer to:
- Concept - URL Rewriting
- Cookbook - URL Rewriting (pay special attention to Recipe: Define Website Indexing Rules for Web Robots)
Online Search Engine Support
To improve the visibility of your system, have search engine Web robots, like that of Google, index your site in a controlled manner. This means that you allow selected indexing robots to access your system. To provide them with links which do not include session IDs (SID) or personalization group IDs (PGID) set the following property in $IS_SHARE/system/config/cluster/webadapter.properties:
session.skipForUserAgent.0=XampleBot
where XampleBot is the name of the robot. Thus, any user agent containing the string XampleBot will get links without IDs, allowing the robot to recheck the URL later.
For more information, refer to: Cookbook - URL Rewriting | Recipe: Define Website Indexing Rules for Web Robots.
Configure the Firewall
It is recommended to run your Intershop 7 machines behind a firewall. The only open ports should be ports 80 and 443 of your Web Server (these are the defaults).
Web Adapter Statistics Monitor
The Web Adapter Statistics monitor delivers information about your system (e.g., load, cache hit ratio, response times). For more information refer to Guide - Web Adapter Settings. The Web Server mapping of the Web Adapter Statistics monitor can be activated in $IS_HOME/httpd/conf/extra/httpd-webadapter.conf by adding the following lines:
<LocationMatch /wastatistics> Order Allow,Deny Allow from YourIPRange (Example: Allow from 10.10.10.0/24) </LocationMatch>
After restarting the Web Server one can access the monitor page by using the url http://<host>/INTERSHOP/wastatistics.
To restrict access to the monitor, follow these steps:
- Choose a user who should have access.
- Open a command line and switch to $IS_HOME/httpd/bin
- Execute
htpasswd -c passwordFileNameWithPath username - Choose and confirm a password.
Modify the $IS_HOME/httpd/conf/extra/httpd-webadapter.conf by inserting:
<LocationMatch /wastatistics> AuthType Basic AuthUserFile passwordFileWithPath (e.g., /path/filename) AuthName "username" require valid-user </LocationMatch>Modify the $IS_HOME/httpd/conf/httpd.conf by activating these modules:
- LoadModule auth_basic_module modules/mod_auth_basic.so
- LoadModule authn_file_module modules/mod_authn_file.so
- LoadModule authz_host_module modules/mod_authz_host.so
- LoadModule authz_user_module modules/mod_authz_user.so
- Restart the Web Server to activate the changes.
Now a user and password is necessary to access the Web Adapter Statistics monitor. - Check TCP Stack Settings.
Max number of ports and socket timeout must match the traffic:- Recommended number of ports: 65535
- Recommended socket timeout: 30 - 60 seconds
Application Server
Java Virtual Machine
Adjust the memory size of the Java Virtual Machines by setting the following properties in $IS_HOME\bin\tomcat.bat:
JAVA_OPTS=%JAVA_OPTS% -Xms2048m -Xmx2048m -XX:MaxPermSize=400m -XX:NewRatio=8
For more information, refer to Guide - Node Manager | OutOfMemory Error Handling.
Log Level
Log levels can be defined separately for each Intershop 7 application server in the cluster or cluster wide. For development purposes, the log level is usually set to DEBUG which is not recommended for live systems, because of its negative impact on performance and the huge amount of logged data that blows up log files. Live systems should be configured to the levels ERROR, WARN, JOB and additionally to STAGING if the application server is part of a staging cluster.
To set the log level:
- Log in to the SMC.
- Go to the Logging section.
- Choose a cluster-wide setting, or select a single application server and specify the log scopes (log levels).
After changing the log level, check the content of the log files and perform a couple of requests on your site. The log level is successfully set when no debug messages can be found.
For more information about SMC logging refer to:
Note
Clear/Backup Log Files
You should clear or backup the log files prior to going live, so that you can track potential problems more easily. To clear the log files:
Stop (Intershop 7) Application and the Web Server.
Move all files from $IS_SHARE\system\log to a backup directory (keep these old log files for reference).
Start (Intershop 7) Application and the Web Server.
Jobs
Check the jobs within the SMC for each site. Disable jobs that are not needed. Schedule jobs (if possible) for low traffic time, e.g., at night, and make sure the jobs are scheduled to run with some time offset to reduce the risk of heavy system load due to concurrent jobs.
Note
ISML Source Checking
Usually, your production system will not change often. To improve its performance disable ISML source checking during template processing by setting the following property in $IS_SHARE\system\config\cluster\appserver.properties:
intershop.template.CheckSource=false
ISML Precompilation
Use ISML template precompilation to improve the performance during high traffic times. All ISML templates are precompiled during application server start so that the system does not need to compile them on user request.
For Intershop 7 Versions < 7.2.1
To enable precompilation set the following property in $IS_SHARE\system\config\cluster\appserver.properties:
intershop.template.CompileOnStartup=true
For Intershop 7 Versions Starting From 7.2.1
The ISML templates can be precompiled by executing the Ant task:
ant precompile
Password Configuration for Encryption
Ensure that the value intershop.encryption.0.id has got a configured password which meets the requirements for a secure and safe password. For this you can check the usercredentialrules.properties, there you can find the mentioned requirements.
Note
intershop.encryption.keystore.password is configured (90 characters) in your encryption.properties.Set Correct Time
Before going live, set the correct time and timezone for the Intershop 7 application server machines, the database machine and also the Web Server machine. They all should be in sync.
License Key
Intershop Commerce Management distinguishes between development license keys and production license keys (standard and TBR (transaction-based renting)). So please check whether your license keys are made for live systems. If not, contact your Intershop account manager to request appropriate license keys.
Storefront Form Transmission
Be sure that all forms are transmitted using POST requests. Using GET requests is not recommended in regards of securing sensitive data.
Disable Development Mode of Tomcat
By default the inner Tomcat development mode is set to true, which can be a performance issue. In live system installations the development mode can be set to false. The suggested solution to increase the performance of production systems is to edit the file web.xml in %IS_SHARE\system\config\servletEngine\conf\ as follows:
... <init-param> <param-name>development</param-name> <param-value>false</param-value> </init-param> <init-param> <param-name>reloading</param-name> <param-value>false</param-value> </init-param> ...
Note
intershop.template.CheckSource=true) Intershop 7 will simply ignore this property. In other words, you can either disable the Tomcat development mode or be able to configure ISML source checking and ISML precompilation.Disable AXIS HotDeployment
To avoid a lot of additional file system operations you can define the below settings:
/intershop/system/config/cluster/axis2client.xml
<parameter name="hotdeployment">false</parameter>
/intershop/system/config/cluster/axis2server.xml
<parameter name="hotdeployment">false</parameter>
Check Correctness of all Multicast Channels
To ensure the operational reliability of your Intershop 7 installation you have to check the Multicast settings in the following configuration files:
- Multicast Channels from appservers, nodemanager & database
- $IS_SHARE\system\config\cluster\appserver.properties
- $IS_SHARE\system\config\cluster\orm.properties
- $IS_SHARE\system\config\cluster\cache.properties
- $IS_SHARE\system\tcm\config\tcm.properties
Disable Unused Sites
Disable sites that are not used. This applies to the Intershop 7 demo sites (e.g., inSPIRED). The demo store could even be misused to harm your systems performance by starting imports, syndication or heavy jobs. Sites can be disabled via the SLDSystem (in Operations Site) or SMC.
Development & Production Properties
Intershop 7 provides the possibility to create development or production properties, with the advantage to simply switch between configurations. The environment.properties ($IS_SHARE\system\config\cluster) define which property file is taken.
Please check if you have the correct configuration in the environment.properties.
Change the SMC and the TCC Passwords
The two admin consoles can be found under the following URLs:
- SMC: https://<host>/INTERSHOP/web/BOS/SMC
- TCC: https://<appserver-host>:10053/tcc
- Log into SMC/TCC as admin.
- Go to Change Password.
- Type a new password and confirm change.
Note
Configure a Mail Server
- Open the file $IS_SHARE/system/config/cluster/appserver.properties.
- Modify the line
intershop.SMTPServer=defaultMailServer.domain.comto add your own Mail server address.
Processor Affinity
Configure your Application Servers to use all available processors. Intershop 7 supports processor affinity to provide better performance in case you do not bind all Application Server processes to the same CPU. Every server process (the JAVA virtual machine) can be bound to a certain CPU or can be run unbound, which means that the Intershop 7 application servers will use all cores from the machine. Please note that CPU usage of all application servers has to be covered by the license file. If the license covers all possible cores, it is recommended to run the application servers unbound. To bind the application server processes:
- Switch to $IS_SHARE\system\config\servers.
- Enter the folder named with the IP address of the desired application server instance.
- Open the file appserver#.properties contained in this folder.
- Modify the line
intershop.cpu.id = 0to bind the server instance to one CPU (four CPUs have the numbers 0 to n).
Intershop Commerce Insight (ICI)
Configure your system to transfer log files to the ICI where the data is processed and made accessible in a graphical way. According to your Support contract you can use the ICI. Refer to Guide - Configure Data Transfer from Intershop 7 to the ICI to learn how automatic data transfer is configured between your system and the ICI.