This guide is meant to provide an overview over important system settings that should be checked before going live with Intershop 7, the Commerce Management or an OCST product such as the Contact Center. For more information on selected topics, follow the links provided by this article, search the Support Knowledge Base, including the product documentation, or contact the Customer Support Team.
Intershop 7 products, the Intershop Commerce Management as well as OCST products such as the Contact Center can encrypt sensitive database content. To decrypt data, the same algorithm and key must be used as for encryption.
Also it must be possible to use a different algorithm/key starting with a certain point in time to increase security.
Please follow the solution given in:
Guide - Quick Database Setup With DBCA Templates describes how to create a database instance suitable for your Intershop 7. As soon as your system is about to go live, contact your Oracle Database Administrator to change these passwords. Afterwards, you have to update the passwords in your orm.properties, which is located in $IS_share/system/config/cluster:
Make a backup of your database content before going live to preserve the original state of your database. Refer to your Oracle manuals, to the Knowledge Base article Cookbook - Database Maintenance or contact your Database Administrator for more information.
Setting the Oracle server to archive mode is essential to enable the recovery of the database in case of a system server crash, for example a disk crash. For more information refer to Cookbook - Database Maintenance.
Tuning is strongly recommended, depending on your own database setup. Intershop outlines only the basic database requirements for the Intershop application, see Overview - System Requirements and its subsequent pages as well as Overview - Administration and Configuration. Some hints, which do not cover everything, though are available with the Cookbook - Database Tuning. Further adjustments are left for the responsible database administrator and depend on your very installation.
Enabling Page caching is recommended to decrease the response time of the Intershop Application, Commerce Management or OCST Product such as the Contact Center. It decreases the load on your application servers by caching single pages inside the Web Adapter. Refer to the Intershop 7 administration and configuration guides to learn more about the page caching mechanism. Page caching is usually turned off during development to have all changes to ISML templates displayed immediately, so do not forget to turn it on in the Commerce Management:
For more detailed information, please refer to:
Define Website indexing rules for Web robots.
Avoid having your whole Intershop 7 site indexed by Web Robots instead of only your rewritten URLs. Therefore, the robots.txt has to be configured so that no robot can access URLs containing the string /INTERSHOP/. This leads to a site where just your rewritten URLs are indexed.
For further details, please refer to:
To improve the visibility of your system, have search engine Web robots, like that of Google, index your site in a controlled manner. This means that you allow selected indexing robots to access your system. To provide them with links which do not include session IDs (SID) or personalization group IDs (PGID) set the following property in $IS_SHARE/system/config/cluster/webadapter.properties:
XampleBot is the name of the robot. Thus, any user agent containing the string
XampleBot will get links without IDs, allowing the robot to recheck the URL later.
For more information, refer to: Cookbook - URL Rewriting | Recipe: Define Website Indexing Rules for Web Robots.
It is recommended to run your Intershop 7 machines behind a firewall. The only open ports should be ports 80 and 443 of your Web Server (these are the defaults).
The Web Adapter Statistics monitor delivers information about your system (e.g., load, cache hit ratio, response times). For more information refer to Guide - Web Adapter Settings. The Web Server mapping of the Web Adapter Statistics monitor can be activated in $IS_HOME/httpd/conf/extra/httpd-webadapter.conf by adding the following lines:
<LocationMatch /wastatistics> Order Allow,Deny Allow from YourIPRange (Example: Allow from 10.10.10.0/24) </LocationMatch>
After restarting the Web Server one can access the monitor page by using the url http://<host>/INTERSHOP/wastatistics.
To restrict access to the monitor, follow these steps:
htpasswd -c passwordFileNameWithPath username
Modify the $IS_HOME/httpd/conf/extra/httpd-webadapter.conf by inserting:
<LocationMatch /wastatistics> AuthType Basic AuthUserFile passwordFileWithPath (e.g., /path/filename) AuthName "username" require valid-user </LocationMatch>
Modify the $IS_HOME/httpd/conf/httpd.conf by activating these modules:
Adjust the memory size of the Java Virtual Machines by setting the following properties in $IS_HOME\bin\tomcat.bat:
JAVA_OPTS=%JAVA_OPTS% -Xms2048m -Xmx2048m -XX:MaxPermSize=400m -XX:NewRatio=8
For more information, refer to Guide - Node Manager | OutOfMemory Error Handling.
Log levels can be defined separately for each Intershop 7 application server in the cluster or cluster wide. For development purposes, the log level is usually set to DEBUG which is not recommended for live systems, because of its negative impact on performance and the huge amount of logged data that blows up log files. Live systems should be configured to the levels ERROR, WARN, JOB and additionally to STAGING if the application server is part of a staging cluster.
To set the log level:
After changing the log level, check the content of the log files and perform a couple of requests on your site. The log level is successfully set when no debug messages can be found.
For more information about SMC logging refer to:
You should clear or backup the log files prior to going live, so that you can track potential problems more easily. To clear the log files:
Stop (Intershop 7) Application and the Web Server.
Move all files from $IS_SHARE\system\log to a backup directory (keep these old log files for reference).
Start (Intershop 7) Application and the Web Server.
Check the jobs within the SMC for each site. Disable jobs that are not needed. Schedule jobs (if possible) for low traffic time, e.g., at night, and make sure the jobs are scheduled to run with some time offset to reduce the risk of heavy system load due to concurrent jobs.
Usually, your production system will not change often. To improve its performance disable ISML source checking during template processing by setting the following property in $IS_SHARE\system\config\cluster\appserver.properties:
Use ISML template precompilation to improve the performance during high traffic times. All ISML templates are precompiled during application server start so that the system does not need to compile them on user request.
To enable precompilation set the following property in $IS_SHARE\system\config\cluster\appserver.properties:
The ISML templates can be precompiled by executing the Ant task:
Ensure that the value
intershop.encryption.0.id has got a configured password which meets the requirements for a secure and safe password. For this you can check the usercredentialrules.properties, there you can find the mentioned requirements.
intershop.encryption.keystore.passwordis configured (90 characters) in your encryption.properties.
Before going live, set the correct time and timezone for the Intershop 7 application server machines, the database machine and also the Web Server machine. They all should be in sync.
Intershop Commerce Management distinguishes between development license keys and production license keys (standard and TBR (transaction-based renting)). So please check whether your license keys are made for live systems. If not, contact your Intershop account manager to request appropriate license keys.
Be sure that all forms are transmitted using POST requests. Using GET requests is not recommended in regards of securing sensitive data.
By default the inner Tomcat development mode is set to
true, which can be a performance issue. In live system installations the development mode can be set to
false. The suggested solution to increase the performance of production systems is to edit the file web.xml in %IS_SHARE\system\config\servletEngine\conf\ as follows:
... <init-param> <param-name>development</param-name> <param-value>false</param-value> </init-param> <init-param> <param-name>reloading</param-name> <param-value>false</param-value> </init-param> ...
intershop.template.CheckSource=true) Intershop 7 will simply ignore this property. In other words, you can either disable the Tomcat development mode or be able to configure ISML source checking and ISML precompilation.
To avoid a lot of additional file system operations you can define the below settings:
To ensure the operational reliability of your Intershop 7 installation you have to check the Multicast settings in the following configuration files:
Disable sites that are not used. This applies to the Intershop 7 demo sites (e.g., inSPIRED). The demo store could even be misused to harm your systems performance by starting imports, syndication or heavy jobs. Sites can be disabled via the SLDSystem (in Operations Site) or SMC.
Intershop 7 provides the possibility to create development or production properties, with the advantage to simply switch between configurations. The environment.properties ($IS_SHARE\system\config\cluster) define which property file is taken.
Please check if you have the correct configuration in the environment.properties.
The two admin consoles can be found under the following URLs:
intershop.SMTPServer=defaultMailServer.domain.comto add your own Mail server address.
Configure your Application Servers to use all available processors. Intershop 7 supports processor affinity to provide better performance in case you do not bind all Application Server processes to the same CPU. Every server process (the JAVA virtual machine) can be bound to a certain CPU or can be run unbound, which means that the Intershop 7 application servers will use all cores from the machine. Please note that CPU usage of all application servers has to be covered by the license file. If the license covers all possible cores, it is recommended to run the application servers unbound. To bind the application server processes:
intershop.cpu.id = 0to bind the server instance to one CPU (four CPUs have the numbers 0 to n).
Configure your system to transfer log files to the ICI where the data is processed and made accessible in a graphical way. According to your Support contract you can use the ICI. Refer to Guide - Configure Data Transfer from Intershop 7 to the ICI to learn how automatic data transfer is configured between your system and the ICI.
The information provided in the Knowledge Base may not be applicable to all systems and situations. Intershop Communications will not be liable to any party for any direct or indirect damages resulting from the use of the Customer Support section of the Intershop Corporate Web site, including, without limitation, any lost profits, business interruption, loss of programs or other data on your information handling system.