Document Properties
KbidP29201
Last Modified03-Dec-2020
Added to KB12-Aug-2019
Public AccessEveryone
StatusOnline
Doc TypeReferences
Product
  • ICM 7.10
  • Intershop CaaS

Reference - CaaS FAQ

1 Introduction

This document provides frequently asked questions and answers about the Intershop CaaS offering.

2 Who is Responsible for Signing off UAT Changes?

The CaaS partner can trigger deployments on UAT in self service, see Reference - CaaS Responsibilities Matrix.

Any other changes to the system that go beyond this must be agreed with Intershop in advance. The changes most likely affect system behavior and must be implemented in the production environment. The goal is to have consistent system settings for all environments.

3 How are Rollbacks Handled?

See Guide - CaaS DevOps - Intershop Commerce Management | Rollback.

4 Is There a Deployment Schedule That Intershop Recommended and How Will Intershop Tackle Urgent Deployments?

See Guide - CaaS DevOps - Intershop Commerce Management | Scheduling.

5 Can Customer Patch Files Be Added to the eserver1/lib Folder?

In principle, any changes to the system should only be made on the basis of releases.

6 Where Can the PWA Be Hosted OOTB?

The hosting and operation of the PWA is offered by Intershop as an additional service (front-end as a service).

As the PWA is typically highly individualized, the costs depend on the infrastructure resources required and the operational effort. The latter depends, for example, on the factors of the number of deployments, number of incidents, etc.

The PWA is operated using containers in a Kubernetes cluster. In order to prepare a concrete offer, a sizing of the entire infrastructure is necessary. 

7 Is there a Microservice Framework Available in the Standard CaaS Setup?

Hosting and operation of custom Microservices is offered by Intershop as an additional service. 

As Microservices are typically highly individualized, the costs depend on the infrastructure resources required and the operational effort. The latter depends, for example, on the factors of the number of deployments, number of incidents, etc.

Microservices are operated using containers in a Kubernetes cluster. In order to prepare a concrete offer, a sizing of the entire infrastructure is necessary. 

8 How to Configure the Mail Service of ICM?

To use the mail service of ICM (app server), it is necessary to set correct Mail-From addresses, e.g., in pipeline:

  • core/release/pipelines/ProcessPasswordReminder.pipeline: <configurationValues name="DefaultEmailFrom" value="info@test.intershop.de"/>

Each app server runs a Postfix mail server. This server catches all mails via localhost and forwards them to the customers mail server.

In Intershop Commerce Management it looks like this:

All other configuration items such as host name, port, email address, login user and password are set directly by the Intershop PPS team on each app server directly.

9 How to Configure the Transport Framework for SFTP-Based Data Import/Export?

To enable the import or export of data from an SFTP-based transfer server or service to the Intershop application server and vice versa:

  1. Log in to the ICM Operations back office as user that has at least the access privilege Transport Manager assigned.
    • URL: https://<my_domain>/INTERSHOP/web/BOS/SLDSystem
    • Organization: Operations
  2. Go to Transport Configuration.
  3. Select a transport configuration from the list or create a new one (Type: SFTP).
  4. Enter the following configuration details:

    Configuration DetailsDataNotes
    Remote Location/homeSubdirectories can be created later if necessary.
    Authentication methodKey
    User name<user name>_int
    <user name>_uat
    <user name>_prd
    The username depends on the environment.
    Pass phrase
    The pass phrase is not used, but a required field when you are using the web form, so it is necessary to type in anything.
    Key File Path/home/intershop/.ssh/id_rsa

10 How to Login to Jenkins with Microsoft Account?

  1. Open the Jenkins web console https://ishXX-ci.fse.intershop.de/jenkins/ and click the Microsoft button:
  2. If you are already signed with your Microsoft account, select it or use option Use another account and enter your credentials:
  3. After this you see the Jenkins web console:

11 What are the Requirements for DNS and SSL/TLS Certificates?

Customer is responsible for (external) domains and related DNS configuration for example for ICM/PWA Storefront. Therefore customer needs to provide corresponding SSL/TLS certificate(s) for each desired domain, e.g., one per ICM cluster or multiple ones per ICM cluster in case of different channels made available under different domains, see below.

Generally, domain configuration should be done on CNAME base, whereas Intershop will provide target domain name for corresponding environments and clusters. 

11.1 DNS Intershop Commerce Mangement (ICM)

Basically, three environments (Production (PRD), User Acceptance Test (UAT) and Integration (INT)) with two clusters each (live (LV) and edit (ED)) are provided for standard ICM system. Therefore at least six (6) domains are required, optionally more (if so, number of domains has to be the same for each tier, e.g., INT and UAT and PRD), for example:

  • PRD (LV): shop.myDomain.com
    • optional if needed:
      • shop-de.myDomain.com
      • shop-nl.myDomain.com
      • shop-fr.myDomain.com
  • PRD (ED): shop-edit.myDomain.com
    • optional if needed:
      • shop-edit-de.myDomain.com
      • shop-edit-nl.myDomain.com
      • shop-edit-fr.myDomain.com
  • UAT (LV): uat-live.myDomain.com
    • optional if needed:
      • uat-live-de.myDomain.com
      • uat-live-nl.myDomain.com
      • uat-live-fr.myDomain.com
  • UAT (ED): uat-edit.myDomain.com
    • optional if needed:
      • uat-edit-de.myDomain.com
      • uat-edit-nl.myDomain.com
      • uat-edit-fr.myDomain.com
  • INT (LV): int-live.myDomain.com
    • optional if needed:
      • int-live-de.myDomain.com
      • int-live-nl.myDomain.com
      • int-live-fr.myDomain.com
  • INT (ED): int-edit.myDomain.com
    • optional if needed:
      • int-edit-de.myDomain.com
      • int-edit-nl.myDomain.com
      • int-edit-fr.myDomain.com

11.2 DNS Intershop Progressive Web App (PWA)

Applies only, if PWA is in use.

Customer needs to provide additional domains. Only live (LV) clusters use PWA, edit (ED) cluster usually do not need PWA as a main purpose is to perform and check content changes. PWA domains could be seperated by channels (channel specific) as well. Therefore at least three (3) domains are needed, for example:

  • PRD (LV):  shop-pwa.myDomain.com
    • optional if needed:
      • shop-de-pwa.myDomain.com
      • shop-nl-pwa.myDomain.com
      • shop-fr-pwa.myDomain.com
  • UAT (LV):  shop-uat-pwa.myDomain.com
    • optional if needed:
      • uat-de-pwa.myDomain.com
      • uat-nl-pwa.myDomain.com
      • uat-fr-pwa.myDomain.com
  • INT (LV):  shop-int-pwa.myDomain.com
    • optional if needed:
      • int-de-pwa.myDomain.com
      • int-nl-pwa.myDomain.com
      • int-fr-pwa.myDomain.com

11.3 DNS Intershop Order Management (IOM)

Applies only if IOM is in use. 

In addition to the ICM, corresponding domains and certificates are also required for the IOM. As IOM is only connected to the live (LV) cluster of each environment, independent of the number of channels, three (3) domains are required.

  • PRD: shop-oms .myDomain.com
  • UAT: uat -oms .myDomain.com
  • INT: int -oms .myDomain.com

11.4 Types of SSL/TLS certificates

General note: provided SSL/TLS certificates shall at least have a valid duration period of 1 (one) year, better 3 years. Intershop requires both public key(s), the certificate(s) as well as private key file(s).

OptionSSL/TLS Certification RelationCertificate (example)Domain (example)Notes
BasicONE SSL/TLS certificate per ONE domain

certificate 1 →

certificate 2 →

certificate 3 →

certificate 4 →

channelA.myDomain.com

channelB.myDomain.com

channelC.mySecondDomain.com

channelD.myThirdDomain.com

  • Each domain in use requires its own certificate
  • May become expensive/complex when using multiple domains/channels
SANONE TLS/SSL certificate per MULTIPLE domains


SAN certificate 1 →

channelA.myDomain.com, 

channelB.myDomain.com, 

channelC.mySecondDomain.com, 

channelD.myThirdDomain.com

  • Certificate contains SANs (Subject Alternative Name(s))
  • Commonly called "multi-domain" certificate (although naming is not entirely correct)
  • May be best/cheapest/most wanted option as customer can select which domains certification is valid before handing over certificate to Intershop
  • Can handle different domains/subdomains
  • Also see: https://support.dnsimple.com/articles/what-is-ssl-san/
WildcardONE TLS/SSL certificate per ALL subdomains of a certain single domain

wildcard certificate 1 →

wildcard certificate 2 →

wildcard certificate 3 →

*.myDomain.com

*.mySecondDomain.com

*.myThirdDomain.com

  • Cheaper for a large amount of domains to handle
  • Customer needs to take note that handling over a certificate for all subdomains of a certain domain

12 How to Access Database?

To access the database, add your public SSH key to the INT live or edit environment. This way you are able to access database either directly via command line, or, preferably and much more comfortable via SQL Management Studio or Azure Data Studio.

To do so, you need to connect to INT via SSH and establish an SSH tunnel/port forwarding to enable to access DB via a local port on your machine forwarding traffic to the remote host.

Credentials and connection information can be found here: /var/intershop/share/system/config/cluster/orm.properties.

Note

It is sufficient to establish an SSH tunnel/port forwarding to either INT (LV) or INT (ED) in order to be able to access DB as the same physical DB machine operates in the background where databases are located.

Also note that a connection via SSH can only be established if the originating public IP address, where attempting to access from, is included on the whitelist.

For more instructions on how to establish an SSH tunnel, see Guide - CaaS Database Access.

Disclaimer

The information provided in the Knowledge Base may not be applicable to all systems and situations. Intershop Communications will not be liable to any party for any direct or indirect damages resulting from the use of the Customer Support section of the Intershop Corporate Web site, including, without limitation, any lost profits, business interruption, loss of programs or other data on your information handling system.

Customer Support
Knowledge Base
Product Resources
Tickets