This content is archived. See latest version here

Last updated: Oct 12 2015

This topic describes the deployment of Episerver Commerce solutions. The topic's sections describe the commerce-specific tasks needed to verify a successful deployment. See also the Deployment section in the Episerver CMS Developer Guide for a general understanding of how to deploy Episerver solutions.


Implement reliable, scheduled backups for the Episerver Commerce Application and the database using SQL backup jobs.

Deployment tools

If you push changes made on a development and test/QA environment, then copy web files to the production server and ensure that each config file is pointing to the correct server. For example, you can copy web files to a new server with Richcopy, a powerful GUI wrapper for Robocopy, the standard file duplication command-line utility included with Windows and Windows Server. Other copy utilities are available; be sure your utility suits your needs.

Syncing files from development to live site

Deploying files

When you deploy .NET sites on the production server, you need the non-compiled files, such as *.asax; *.aspx; *.ascx; *.asmx; *.gif; *.jpg; *.html; *.js; *.xml; *.png; *.css and so on. You also need to transfer the files in the /bin directory, which is where the compiled code is. Also, do not forget any updated configuration files.

You do not need the *.cs and *.resx files. Also, you do not need the *.pdb files (debug files) in the /bin directory.

Deploying ECF directories

You need the built-in ECF directories but these directories only need to be deployed once, unless you make changes to them. However, you should not change the built-in directories because they get updated if you upgrade the ECF application later.

Updating DLLs only

When you update an ECF site later on and made changes only to the server-side code, you need to deploy only the custom dlls in the bin catalog on the production server. If you make any changes to the aspx/ascx files, you also have to deploy those files.

Note: When the site is recompiled, transfer the updated dlls. When the HTML code is changed, transfer the updated *.aspx or *.ascx files. If changes are made to both dlls and HTML, transfer both.

Deployment security and access

After your site is deployed, protect and secure your deployment with the following high-level security checks to ensure that Commerce Manager is restricted to only authorized users.

  • Change the default password after a fresh installation.
  • Enable a firewall to restrict remote access to Commerce Manager.
  • Keep Commerce Manager available only within your internal network; not publicly accessible. If you need remote access to Commerce Manager, use a VPN solution.
  • Set up roles and permissions for users that have access to Commerce Manager. See the User Guide.
  • Limit database access by enabling SQL or Windows authentication.
  • Enable SSL on your public site.
  • Set appropriate file and folder permissions.

Setting up automatic updates and disabling automatic restart

  • Update Windows regularly to keep it secure and prevent attacks.
  • Disable automatic restart so that the server does not go down unexpectedly after updates are installed.
  • Restart and maintain the server during scheduled downtime.
  • Use a staging and version control system to deploy updates. 
  • Create an app_offline.htm file so customers see a user-friendly downtime message.
  • Set up an error logging system.

Configuring e-mail notifications and alerts

  • Set up e-mail notifications and alerts to be immediately notified if there are problems with the site.

Setting up Secure Socket Layer (SSL) security

Each website that handles personal data should have SSL security to encrypt traffic and secure customer information. This is especially important when customers are checking out and purchasing items directly from the site.

  • Purchase an SSL certificate and install it on your website.
  • Configure SSL after installation.
  • Sync up Files.


  • Turn on caching by setting <cache enabled="true"> in relevant config files.
  • Turn off debug mode by setting <compilation debug="false"> in application config files.
  • Turn off tracing by setting <trace enabled="false"/> in applicable config files.

SEO/Web analytics

  • Set up and configure Web Analytics to track site traffic, visitors, and increase conversion.
  • Use an XML sitemap so search engines can crawl your site more intelligently.
  • Learn the difference between 301 and 302 redirects: it is not the same for search engines!
  • Set up a robots.txt file.

Internet Information Services (IIS)

  • Create a new Application Pool for your website to increase its reliability.
  • Set the memory limit for your Application Pool. Specify the memory time limit instead of using the default. It is recommended that you configure the memory recycling feature in IIS.
  • Enable GZIP in IIS (reduces size of pages/css/javascript).
  • Double-check IIS permissions.

Do you have feedback on this documentation? Send an email to For development-related questions and discussions, refer to our Forums on