This topic describes the deployment of Episerver Commerce solutions. The topic's sections describe the commerce-specific tasks needed to verify a successful deployment. See also Deployment in the CMS Developer Guide for a general understanding of how to deploy Episerver solutions.
Implement reliable, scheduled backups for the Episerver Commerce application and the database using SQL backup jobs.
Push changes made on a development and test/QA environment, then copy web files to the production server, and ensure that each config file points to the correct server. For example, use Richcopy to copy files to a new server. (Richcopy is a powerful GUI wrapper for Robocopy, the standard file duplication command-line utility included with Windows and Windows Server.) Other copy utilities are available; be sure your utility suits your needs.
Syncing files from development to live site
When you deploy .NET sites on the production server, you need the non-compiled files, such as *.asax; *.aspx; *.ascx; *.asmx; *.gif; *.jpg; *.html; *.js; *.xml; *.png; *.css and so on. You also need to transfer files in the /bin directory, which contains the compiled code. Also, remember any updated configuration files.
You do not need the *.cs and *.resx files. Also, you do not need the *.pdb files (debug files) in the /bin directory.
Deploying ECF directories
You need the built-in ECF directories but these directories only need to be deployed once, unless you change them. However, you should not change the built-in directories because they get updated if you later upgrade the ECF application.
Updating DLLs only
If you later update an ECF site and change only server-side code, you need to deploy only the custom dlls in the bin catalog on the production server. If you change the aspx/ascx files, you also have to deploy them.
Note: When a site is recompiled, transfer the updated dlls. If the HTML code is changed, transfer the updated *.aspx or *.ascx files. If changes are made to both dlls and HTML, transfer both.
Deployment security and access
After your site is deployed, protect and secure it with the following high-level security checks to restrict Commerce Manager to authorized users.
- Change the default password after a fresh installation.
- Enable a firewall to restrict remote access to Commerce Manager.
- Keep Commerce Manager available only within your internal network; not publicly accessible. If you need remote access to Commerce Manager, use a VPN solution.
- Set up roles and permissions for users who need access to Commerce Manager. See the User Guide.
- Limit database access by enabling SQL or Windows authentication.
- Enable SSL on your public site.
- Set appropriate file and folder permissions.
Setting up automatic updates and disabling automatic restart
- Update Windows regularly to keep it secure and prevent attacks.
- Disable automatic restart so the server does not go down unexpectedly after updates are installed.
- Restart and maintain the server during scheduled downtime.
- Use a staging and version control system to deploy updates.
- Create an app_offline.htm file so customers see a user-friendly downtime message.
- Set up an error logging system.
Configuring e-mail notifications and alerts
- Set up e-mail notifications and alerts to be generated immediately if there are problems with the site.
Setting up Secure Socket Layer (SSL) security
Each website that handles personal data should have SSL security to encrypt traffic and secure customer information. This is especially important if customers check out and purchase items directly from the site.
- Purchase an SSL certificate and install it on your website.
- Configure SSL after installation.
- Sync up files.
- Turn on caching by setting <cache enabled="true"> in relevant config files.
- Turn off debug mode by setting <compilation debug="false"> in application config files.
- Turn off tracing by setting <trace enabled="false"/> in applicable config files.
- Set up and configure Web Analytics to track site traffic, visitors, and increase conversion.
- Use an XML site map so search engines can crawl your site more intelligently.
- Learn the difference between 301 and 302 redirects: it is not the same for search engines!
- Set up a robots.txt file.
Internet Information Services (IIS)
- Create a new Application Pool for your website to increase its reliability.
- Set the memory limit for your Application Pool. Specify the memory time limit instead of using the default. Configure the memory recycling feature in IIS.
- Double-check IIS permissions.