The Intershop Knowledge Portal uses only technically necessary cookies. We do not track visitors or have visitors tracked by 3rd parties.
Please find further information on privacy in the Intershop Privacy Policy and Legal Notice.
Document Tree
Document Properties
Kbid
3143S7
Last Modified
28-May-2025
Added to KB
28-May-2025
Public Access
Everyone
Status
Online
Doc Type
References
Product
ICM 7.10
HomeKnowledge Base3143S7
Share this document
Reference - Intershop Platform - Operational FAQ 7.10

Table of Contents

Introduction

This FAQ answers common questions about deploying and operating the Intershop Commerce Platform. It covers topics like infrastructure, security, and questions regarding specific apps to help users configure and maintain their environments.

References

General

Can a Separate Test Environment be Provided?

Intershop does not typically provide a separate test environment.

However, when upgrading with a severe DBMigrate, it may be necessary to verify the execution on the PRD platform in advance in the Intershop Commerce Platform test environment.

In such exceptional cases, a separate test environment can be provided by prior arrangement.

How to Login to Jenkins with Microsoft Account?

  1. Open the Jenkins web console https://ishXX-ci.fse.intershop.de/jenkins/ and click the Microsoft button:

  2. If you are already signed with your Microsoft account, select it or use option Use another account and enter your credentials:

  3. After this you see the Jenkins web console:

How to Configure the Transport Framework for SFTP-Based Data Import/Export?

To enable the import or export of data from an SFTP-based transfer server or service to the Intershop application server and vice versa:

  1. Log in to the Intershop Organization Management as a user that has at least the access privilege Transport Manager assigned.

    • URL: https://<my_domain>/INTERSHOP/web/BOS/SLDSystem

    • Organization: Operations

  2. From the left menu, select Transport Configuration.

  3. Select a transport configuration from the list or create a new one (Type: SFTP).

  4. Enter the following configuration details:

Configuration Details

Data

Notes

Remote Location

/home

Subdirectories can be created later if necessary.

Authentication method

Key

User name

<user name>_int
<user name>_uat
<user name>_prd

The username depends on the environment.

Pass phrase

The pass phrase is not used, but a required field when you use the web form, so it is necessary to type in anything.

Key File Path

/home/intershop/.ssh/id_rsa

Is There an Automatic Cleanup for .bacpac Files on the FTP Server?

There is no automatic cleanup of exported .bacpac files on the FTP server. The implementation partner is responsible for their maintenance and cleanup.

Which Time Zone Is Used on Server Side?

The server-side time zone is set to UTC and cannot be changed. This ensures consistency for platform processes. Use application-specific options to adjust the time zone as needed (e.g., in the back office).

Is There a Deployment Schedule That Intershop Recommended and How Will Intershop Tackle Urgent Deployments?

See Guide - Intershop Commerce Platform Deployment Process (valid to 7.10) | Scheduling and Lead Time.

How are Rollbacks Handled?

See Guide - Intershop Commerce Platform Deployment Process (valid to 7.10) | Performing the Deployment.

Can Customer Patch Files Be Added to the eserver1/lib Folder?

In principle, any changes to the system should only be made on the basis of releases.

Is There a Microservice Framework Available in the Standard Intershop Commerce Platform Setup?

The Intershop Commerce Platform supports hosting and operation of custom microservices.

Since microservices are typically highly customized, costs depend on the required infrastructure resources and operational effort. Operational effort is influenced by factors such as the number of deployments, the number of incidents, etc.

Microservices are run in containers within a Kubernetes cluster. To prepare a detailed offer, a complete infrastructure sizing is required.

Security

What are the Requirements for DNS and SSL/TLS Certificates?

The customer is responsible for (external) domains and related DNS configuration, for example, for PWA/ICM or any external (headless) storefront.

Therefore, the customer must provide corresponding SSL/TLS certificate(s) for each desired domain. This may include one certificate per ICM cluster or multiple certificates per ICM cluster if different channels are available under separate domains.

Generally, domain configuration should be done on a CNAME basis, whereas Intershop will provide the target domain name for corresponding environments and clusters.

Please consider that Intershop offers to set up an automatic Let's Encrypt certificate management process. For every domain, a free-of-charge, secure, and automated certificate renewal process will be established. This reduces effort on the customer and Intershop sides to replace the certificate every year and reduces possible manual mistakes during certificate replacement.

The requirement for this is an already-configured DNS (CNAME) record for the related domain pointing to the Intershop platform.

In the future, certificate renewals will occur every 47 days (see here for details), which implies that we need to automate such configuration changes.

How Is the Web Application Firewall (WAF) Integrated?

The WAF is an optional package and is not included by default.

How Are Backups Stored, and Are They Immutable?

The shared file system is fully backed up once per day. Databases managed by Azure SQL Managed Instance support point-in-time recovery.

Is the Database Connection Encrypted?

Yes, Azure SQL Managed Instances use transparent data encryption with system-managed encryption keys.

How to Set up a VPN? (If Necessary)

General

By default, Intershop Commerce Platform solutions hosted on Microsoft Azure are accessible on the Internet via a public IP address. To grant customer and partner clients or servers access to Azure, their public addresses are whitelisted. These connections, including those to storefronts, back-office sites, or provided APIs, use HTTPS and are therefore encrypted with TLS. TLS/SSL certificates are installed on the Azure web server tiers for this purpose. No additional VPN is required in this case.

A VPN is required when one of the clients or servers of partners or customers does not have direct access to the public Internet. Typical cases are: internal services such as mail (SMTP), ERP, or PIM. In this case, a VPN tunnel establishes a virtually direct and secured connection between the customer or partner and the Azure environment. Before configuring the VPN, precisely site-to-site (S2S) VPN, the parties involved (e.g., the customer and Intershop) must agree on the networks to be used, i.e., one or more private IP address range(s). These private IP ranges must not overlap with IPs or IP ranges already in use or planned for use. For this reason, it is important for Intershop to know as early as possible whether a VPN is required and which private network range(s) will be used.

Example: The customer has a mail service on a private network, without direct access to the public Internet. It should be used to send e-mails originating from an Azure-based Intershop Commerce Management (ICM) environment. Since the mail service lacks access to the public Internet and cannot connect directly, a VPN tunnel between Azure, where ICM is hosted, and the private network hosting the mail service is required.

Technical

To create a VPN tunnel between Azure and your (or your partners) on-premise infrastructure, Intershop requires the following information:

Public IP address of your device

This is the device on your (or your partners) side. Intershop needs this IP address to establish a connection.

While configuring the VPN in Azure, Intershop will get a public IP address for the opposite side.

Intershop will communicate the newly created public IP address as soon as possible.

Address space of your local network(s)

Azure needs to know the private address ranges that correspond to your network.

Each VPN gateway must know the local area networks of both sides, otherwise it will not work.

Multiple subnets are possible, but must not overlap.

Type of VPN

  • PolicyBased = IKEv1 or

  • RouteBased = IKEv2 (recommended)

Azure supports IKEv1 and IKEv2, but it depends on your device which type can be used.

Intershop can check the requirements for you, which requires the type and firmware version of your device.

For more information, refer to the compatibility list:

https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpn-devices

Note
IKEv1 (PolicyBased VPN) is no longer recommended for a productive environment. Microsoft has decided to limit the PolicyBased VPN to the Basic SKU in December 2017. That limits the bandwidth to 100 Mbps.

Shared Key (PSK)

Both VPN devices must use the same shared key. Intershop will create a key if the customer does not provide one.

Apps: PWA

Where Can the PWA Be Hosted OOTB?

The Intershop Commerce Platform offers hosting and operation of the PWA.

Since the PWA is typically highly customized, the costs depend on the infrastructure resources required and the operational effort. The latter depends on factors such as the number of deployments, number of incidents, etc.

The PWA is operated using containers in a Kubernetes cluster. To prepare a concrete offer, a sizing of the entire infrastructure is necessary. 

Apps: ICM

Who is Responsible for Signing off UAT Changes?

The Intershop Commerce Platform partner can trigger deployments on UAT in self-service, see Reference - Intershop Commerce Platform - Responsibilities Matrix.

Any other changes to the system that go beyond this must be agreed with Intershop in advance. The changes are likely to affect system behavior and must be implemented in the production environment. The goal is to have consistent system settings across all environments.

How to Configure the Mail Service of ICM?

To use the mail service of ICM (app server), it is necessary to set correct Mail-From addresses, e.g., in pipeline:

  • core/release/pipelines/ProcessPasswordReminder.pipeline: <configurationValues name="DefaultEmailFrom" value="info@test.intershop.de"/>

Each app server runs a Postfix mail server. This server catches all mails via localhost and forwards them to the customers mail server.

In Intershop Commerce Management it looks like this:

All other configuration items such as host name, port, email address, login user and password are set directly by the Intershop PPS team on each app server directly.

E-mail trap: for the lower environments, an e-mail trap can be used in place of a standard SMTP server. This server should be provided by the customer or partner. 

How to Access the Log Files?

ICM and IOM

There are two options to access the log files:

Option 1: On INT (ED+LV), there are read-only mounts for accessing ICM PRD+UAT (LV+ED) and IOM PRD log files as well:

/var/intershop/logs/prd/lv
/var/intershop/logs/prd/ed
/var/intershop/logs/uat/lv
/var/intershop/logs/uat/ed
/var/intershop/logs/iom/prd

Option 2: Access log files and monitoring files via SMC, which is more comfortable and explained in Concept - Intershop Commerce Platform DevOps - Access and Permissions.

Note

ICM log files and web adapter log files are saved for 30 days and then deleted!

PWA

This task requires Azure CLI and kubectl on your local machine. Alternatively, you may use https://shell.azure.com.

To access PWA logs or check the status of a pod, do the following:

  1. Connect to the cluster by using Azure CLI: az aks get-credentials --subscription $subscription -g $resource-group -n $name

    Subscription, namespace, and resource information as well as information on permissions can be found in your Customer System Confluence page.

  2. Use kubectl for exploring the namespace:

    • List all pods: kubectl get pods -n $namespace

    • Status of a single pod: kubectl describe pod -n $namespace $pod

    • Log messages of a pod: kubectl logs -n $namespace $pod

How Does the ’ICM Shared Filesystem Sync’ Work?

This job is used to sync ICM environments, for example, UAT and INT. The sync is only done from Live to Live or Edit to Edit, but not from Live to Edit. The sync only takes place from higher to lower environments (for example, from PROD to PRE).

How Can a Database Backup be Restored Directly?

Currently, it is not possible to pass an exact backup created with the Backup+Upload job to the Point-in-time Restore job via .bacpac upload.

Point-in-time restore is only available by choosing a source and a target database, for example, PRD to INT.

Is it Possible to Import .bacpac Files Directly From the FTP Server?

Currently there is no process to import .bacpac older than 7 days files into the Intershop Commerce Platform environment directly from the FTP server.

If required, this import can be done by an Intershop database administrator after prior consultation.

Will Restore be Pseudonymized?

Pseudonymization is only done from PRD to a lower environment. Test users might be excluded. These need to be provided by partners and customers.

Data is replaced by random data, which can cause confusion in some corner cases.

How to Roll Back After the Maintenance Window?

In some cases, critical/blocking issues identified after the environment has been upgraded and went operational may require a rollback after the maintenance window.

Therefore, create a service desk ticket. If a database change happened, the old database will be restored within a full rollback.

This may be associated with data loss.

Will Restore Have a Performance Impact on the PRD Live Environment?

This question refers to performing an ICM DB MSSQL PointInTime Restore with the following parameters:

  • RESTORE_TIME=NOW

  • RESTORE_SOURCE=prod-live

  • RESTART_CLUSTER_AFTER_RESTORE=false

In this case, Restore should not affect the production system, since the target is usually UAT or INT. However, Intershop recommends to perform the recovery at a time when traffic is low.

How to Reduce PRD Downtime for Platform Deployment with DBMigrate?

Whether DBMigrate is taking too much time can be checked in the lower environment. If this is the case, DBMigrate can be split or switched to DBPrepare (recommended).

Is a Reverse DBMigrate Possible?

Currently Intershop does not provide a reference SQL script for a reverse DBMigrate.

Please create a service desk ticket and we will provide you with a quote.

How to Access the Database and Manage Related Data?

For information on how to access and manage the database, please refer to Guide - Intershop Commerce Platform Database Handling.

Apps: ICM and PWA

Can a Partner Provide a Custom robots.txt?

Intershop can implement custom robots.txt files.

Disclaimer
The information provided in the Knowledge Base may not be applicable to all systems and situations. Intershop Communications will not be liable to any party for any direct or indirect damages resulting from the use of the Customer Support section of the Intershop Corporate Web site, including, without limitation, any lost profits, business interruption, loss of programs or other data on your information handling system.
Home
Knowledge Base
Product Releases
Log on to continue
This Knowledge Base document is reserved for registered customers.
Log on with your Intershop Entra ID to continue.
Write an email to supportadmin@intershop.de if you experience login issues,
or if you want to register as customer.