Reference - CaaS - Mandatory Prerequisites

Table of Contents

Product Version


Product To Version



1 Introduction

This document is addressed to customers and partners and provides information on prerequisites for setting up the CaaS system.

Please address these topics to the respective departments and bring as much information as possible to the kick-off meeting. When the setup phase - consisting of discovery phase, base setup phase and connect & test phase - has started, we need IT experts from the customer present until all questions are clarified. This helps to expedite the setup process.

1.1 References

2 Mandatory Prerequisites

There are indispensable information that must be provided in advance and are essential for the initial setup of the CaaS system in the base setup phase.

The following table shows prerequisites for setting up environments and related responsibilities.


All information should be provided after the kick-off with Intershop and will be documented in a Confluence page in the provided customer space. Please do not sent this information in advance per email.
Question to Partner and Customer

Access to:

  • Storefront and backoffice (ICM, IOM)
  • Back end systems (e.g. ERP, PIM, etc.)

Provide all parties' public IPs (including ports) that should be whitelisted during the project phase to gain access to storefront and back office, as well as back end systems.

Intershop (OPS)




  • Ports 22, 80, 443
    • (warning) (Jena)
    • (warning) (Monitoring)
  • Ports 80, 443
    •  (question) TBD (location/usage like London office or ERP service)
  • Ports 22, 80, 443
    •  (question) TBD (location/service name like Berlin office or VPN gateway)
  •  (question) TBD by Intershop after setup

(question) to be provided

(warning) to do

(tick) done (whitelisted)

(error) more information required (source (web or application server?), protocol, port, etc.)

Questions to Partner

Define the authentication provider:

We want to increase the security in regards to accessing the CaaS system (somebody left the project, but access will not be removed) and want to reduce the effort on both sides when setting up user access (single user account). Because of this we strongly recommend to use a Microsoft account to log in. This is mandatory for Azure DevOps and we want to use this for authentication on Jenkins too.

Provide list of users with name, e-mail and public SSH key to access:

  • CI/CD service (Azure DevOps), if necessary/relevant
  • Jenkins (to run jobs like deployment)
  • INT Environment (access developer environment via SSH connection)

Please note that the following SSH key formats are accepted:

  • ssh-rsa (the default value)
  • ssh-ed25519
  • ecdsa-sha2-nistp256
  • ecdsa-sha2-nistp384
  • ecdsa-sha2-nistp521
Questions to Customer
VPN and private IP address range

Do we need to establish a VPN connection to connect any back end services from the customer? Or will access be provided via public internet?

See also CaaS FAQ - How to set up a VPN? (if necessary)

If the answer is yes:

  • Will a VPN be used to connect the back end services?
  • Will a VPN be used by customer employees to connect to Intershop services?

VPN is an additional optional service which can be provided by Intershop.

To set up a VPN, it is necessary to agree on used private IP ranges to prevent network address conflicts.

Default private IP ranges in Intershop ICM CaaS system are as follows:


IP range (default)Purpose

shared services INT UAT PRD

10.2.x.y or 10.3.x.y can also be used instead of the 10.1.x.y. Please check the potential IP conflicts with all ranges.

Alternative A

IP range (default)Purpose services INT UAT PRD

Alternative B

IP range (default)Purpose

Shared services INT UAT PRD

Define the domains of the webshop for all environments. See Domain Examples below.

SSL Certificates

Provide SSL certificates for the above domains (dedicated, SAN or a Wildcard Certificate), also see Reference - CaaS FAQ | What are the Requirements for DNS and SSL/TLS Certificates?

JenkinsIf development is also done by the customer, answer the "Jenkins" questions in the "Partner" section above as well.
Mail Service

Provide an SMTP service or an endpoint to which Intershop relays customer emails (e.g. order confirmation mails), see Mail Service - Necessary Information below.

Is the mail service already available? If not, when will it be? 

Please note, that Intershop provides no mail service. However it is required to have one.

See Reference - CaaS FAQ | How to Configure the Mail Service of ICM?

2.1 Domain Examples

The following table shows domain information including example domains. These must be defined by the customer. See CaaS FAQ - Requirements for DNS and SSL/TLS Certificates.

Best practice example ( will be replaced by the customers domain):

EnvironmentClusterDomain Name
(to be configured by the customer to point to "CNAME")


Those domains concern the storefront and are mandatory. If a PWA is used, other domains can be defined for the backend (backoffice, REST API). It is recommended but not mandatory.

2.2 Mail Service - Necessary Information

The following information must be defined by the customer and is required to connect to a 3rd party mail provider like a Microsoft 365 (Exchange) account. Of course one account can be offered for all environments.

  • Live: TBD
  • Edit: TBD
  • Live: TBD
  • Edit: TBD
  • Live: TBD
  • Edit: TBD







provide via one-time link like 

Outgoing public IP of app servers for ICM clusters (live and edit)

Empty fields (TBD) must be defined/provided.


The information provided in the Knowledge Base may not be applicable to all systems and situations. Intershop Communications will not be liable to any party for any direct or indirect damages resulting from the use of the Customer Support section of the Intershop Corporate Web site, including, without limitation, any lost profits, business interruption, loss of programs or other data on your information handling system.

Customer Support
Knowledge Base
Product Resources