Reference - Intershop Commerce Platform - Mandatory Prerequisites

Table of Contents


Product Version

7.10

Product To Version


Status

Final

1 Introduction

This document is addressed to customers and partners and provides information on prerequisites for setting up the system.

Please address these topics to the respective departments and bring as much information as possible to the kickoff meeting. When the setup phase - consisting of discovery phase, base setup phase, and connect & test phase - has started, we need IT experts from the customer present until all questions are clarified. This helps to expedite the setup process.

1.1 References

2 Mandatory Prerequisites

There are indispensable information that must be provided in advance and are essential for the initial setup of the system in the base setup phase.

The following table shows prerequisites for setting up environments and related responsibilities.

Info

All information should be provided after the kickoff with Intershop and will be documented in a Confluence page in the provided customer space. Please do not send this information in advance per e-mail.
Question to Partner and Customer

Access to:

  • Storefront and back office (ICM, IOM)
  • Backend systems (e.g. ERP, PIM, etc.)

Provide all parties' public IPs (including ports) that should be whitelisted during the project phase to gain access to storefront and back office, as well as backend systems.

Intershop (OPS)

CUSTOMER

PARTNER (DEV)

PWA

  • Ports 22, 80, 443
    • (warning) 195.110.61.246 (Jena)
    • (warning) 195.110.61.200 (Monitoring)
  • Ports 80, 443
    •  (question) TBD (location/usage like London office or ERP service)
  • Ports 22, 80, 443
    •  (question) TBD (location/service name like Berlin office or VPN gateway)
  •  (question) TBD by Intershop after setup

(question) to be provided

(warning) to do

(tick) done (whitelisted)

(error) more information required (source (web or application server?), protocol, port, etc.)

Questions to Partner
Jenkins

Define the authentication provider:

We want to increase the security in regards to accessing the Intershop Commerce Platform (somebody left the project, but access will not be removed) and want to reduce the effort on both sides when setting up user access (single user account). Therefore, we strongly recommend to use a Microsoft account to log in. This is mandatory for Azure DevOps and we want to use this for authentication on Jenkins, too.

Provide list of users with name, e-mail and public SSH key to access:

  • CI/CD service (Azure DevOps), if necessary/relevant
  • Jenkins (to run jobs like deployment)
  • INT Environment (access developer environment via SSH connection)

Please note that the following SSH key formats are accepted:

  • ssh-rsa (the default value)
  • ssh-ed25519
  • ecdsa-sha2-nistp256
  • ecdsa-sha2-nistp384
  • ecdsa-sha2-nistp521
Questions to Customer
VPN and private IP address range

Do we need to establish a VPN connection to connect any backend services from the customer? Or will access be provided via public internet?

See also CaaS FAQ - How to set up a VPN? (if necessary)

If the answer is yes:

  • Will a VPN be used to connect the backend services?
  • Will a VPN be used by customer employees to connect to Intershop services?

VPN is an additional optional service which can be provided by Intershop.

To set up a VPN, it is necessary to agree on used private IP ranges to prevent network address conflicts.

Default private IP ranges in the Intershop ICM system are as follows:

Standard

IP range (default)Purpose
10.1.1.0/25ICM INT
10.1.2.0/25ICM UAT
10.1.3.0/25ICM PRD

10.2.x.y or 10.3.x.y can also be used instead of the 10.1.x.y. Please check the potential IP conflicts with all ranges.

Alternative A

IP range (default)Purpose
172.21.1.0/25ICM INT
172.21.2.0/25ICM UAT
172.21.3.0/25ICM PRD

172.22.x.y or 172.23.x.y can also be used instead of the 172.21.x.y. Please check the potential IP conflicts with all ranges.

Alternative B

IP range (default)Purpose
192.168.1.0/25ICM INT
192.168.2.0/25ICM UAT
192.168.3.0/25ICM PRD
Domains

Define the domains of the web shop for all environments. See Domain Examples below.

SSL Certificates

Provide SSL certificates for the domains described above (dedicated, SAN or a Wildcard Certificate), also see Reference - CaaS FAQ | What are the Requirements for DNS and SSL/TLS Certificates?

JenkinsIf development is also done by the customer, answer the questions regarding Jenkins in the "Partner" section above as well.
Mail Service

Provide an SMTP service or an endpoint to which Intershop relays customer e-mails (e.g. order confirmation mails), see Mail Service - Necessary Information below.

Is the mail service already available? If not, when will it be available? 

Please note that Intershop does not provide any mail service. However, it is required to have one.

See Reference - CaaS FAQ | How to Configure the Mail Service of ICM?

2.1 Domain Examples

The following table shows domain information including example domains. These must be defined by the customer. See CaaS FAQ - Requirements for DNS and SSL/TLS Certificates.

Best practice example (mydomain.com will be replaced by the customer's domain):

EnvironmentClusterDomain Name
(to be configured by the customer to point to "CNAME")
PRDliveshop.mydomain.com
editshop-edit.mydomain.com
UATliveshop-uat-live.mydomain.com
editshop-uat-edit.mydomain.com
INTliveshop-int-live.mydomain.com
editshop-int-edit.mydomain.com


Info

Those domains concern the storefront and are mandatory. If a PWA is used, other domains can be defined for the backend (back office, REST API). It is recommended but not mandatory.

2.2 Mail Service - Necessary Information

The following information must be defined by the customer and is required to connect to a 3rd party mail provider like a Microsoft 365 (Exchange) account. Of course, one account can be offered for all environments.

ParameterPRDUATINT
AppSvr1
  • Live: TBD
  • Edit: TBD
  • Live: TBD
  • Edit: TBD
  • Live: TBD
  • Edit: TBD
URL

TBD

TBDTBD
Port

TBD

TBDTBD
User

TBD

TBDTBD
Password

Provide via one-time link like https://onetimesecret.com/ 

Outgoing public IP of app servers for ICM clusters (live and edit)

Empty fields (TBD) must be defined/provided.

Disclaimer

The information provided in the Knowledge Base may not be applicable to all systems and situations. Intershop Communications will not be liable to any party for any direct or indirect damages resulting from the use of the Customer Support section of the Intershop Corporate Web site, including, without limitation, any lost profits, business interruption, loss of programs or other data on your information handling system.

Customer Support
Knowledge Base
Product Resources
Tickets