This document introduces the deployment of EPiServer Commerce solutions. General information about deploying EPiServer solutions and the EPiServer Deployment Center, can be found in the Deployment section of the EPiServer CMS SDK.
Commerce-specific deployment checklist
In the following you will find a deployment checklist that can be followed and used to mark off different tasks that need to be verified for a successful deployment.
Ensure that you have reliable, scheduled backups for the EPiServer Commerce Application as well as the database using SQL backup jobs.
There are different tools available to deploy your EPiServer Commerce site. If you are pushing changes made on a development and test/QA environment, then it is a matter of copying web files to the production server and ensuring that each config file is pointing to the correct servers. For example, an easy method for copying web files over to a new server is Richcopy, a powerful GUI wrapper for Robocopy, the standard file duplication command-line utility included with Windows and Windows Server. There are numerous copy utilities available to users; if you currently use a utility that suits your need, then it should be a capable deployment tool.
Syncing files from development to live site
When deploying .NET sites on the production server, all you need is the non-compiled files, for example *.asax; *.aspx; *.ascx; *.asmx; *.gif; *.jpg; *.html; *.js; *.xml; *.png; *.css and so on. You do not need the *.cs and *.resx files. You also need to transfer all of the files in the /bin directory. This is where the compiled code is. You do not need the *.pdb files (debug files) in this directory. Also, do not forget any updated configuration files as well.
Deploying ECF directories
The built-in ECF directories are all needed. Remember that these directories only need to be deployed once, unless you make any changes to them. However, changing the built-in directories is not recommended, since they get updated if you upgrade the ECF application later.
Updating DLLs only
When updating an ECF site later on and you have only made changes to the server-side code, only the custom dlls in the bin catalog need to be deployed on the production server. If you make any changes to the aspx/ascx files, you will also have to deploy those files.
Deployment security and access
Once your site is deployed, protecting and securing your deployment becomes a high priority. Here are some high-level security checks you can do to ensure that Commerce Manager is restricted to only authorized users.
- Change the default password after a fresh installation.
- Enable a firewall to restrict remote access to Commerce Manager.
- Keep Commerce Manager available only within your internal network--not publicly accessible. If you need remote access to Commerce Manager, a VPN solution is highly recommended.
- Setup roles and permissions for users that do have access to Commerce Manager. Refer to the User Guide for more information.
- Limit database access by enabling SQL or Windows authentication.
- Enable SSL on your public site.
- Set appropriate file and folder permissions.
Setting up automatic updates and disabling automatic restart
It is important to update Windows regularly to keep it secure and prevent attacks. Make sure that automatic restart is disabled so that the server does not go down unexpectedly after updates are installed. Restart and maintain the server during scheduled downtime. Also utilize a staging and version control system to deploy updates. In addition:
- Create an app_offline.htm file so customers will see a user-friendly downtime message.
- Set up an error logging system.
Configuring e-mail notifications and alerts
Setup e-mail notifications and alerts to be immediately notified if there are problems with the site.
Setting up Secure Socket Layer (SSL) security
Every website that handles personal data in one form of another should have SSL security to encrypt traffic and secure customer information. This is especially important when customers are checking out and purchasing items directly from the site.
- Purchase an SSL certificate and install it on your website.
- Configure SSL after installation.
- Sync up Files.
Other things to check
- Turn ON caching. Make sure <cache enabled="true"> is set to true in relevant config files.
- Turn OFF debug mode. Make sure <compilation debug="false"> is actually set to false in application config files.
- Turn OFF tracing. Make sure that <trace enabled="false"/> is false in applicable config files.
- Set up and configure Web Analytics to track site traffic, visitors, and increase conversion.
- Use an XML sitemap so that search engines can crawl your site more intelligently.
- Learn the difference between 301 and 302 redirects: it is not the same for search engines!
- Set up a robots.txt file.
Internet Information Services (IIS)
- Create a new Application Pool for your website to increase its reliability.
- Set the memory limit for your Application Pool. Specify the memory time limit instead of using the default. It is recommended that you configure the memory recycling feature in IIS.
- Double-check IIS permissions.
- Deployment section in the EPiServer CMS SDK
- Deployment Center section in the EPiServer CMS SDK