Dev GuideAPI ReferenceUser Guide
Dev GuideAPI Reference
Dev GuideAPI ReferenceUser GuideGitHubNuGetDev CommunityOptimizely AcademySubmit a ticketLog In
Dev Guide
GitHubNuGetDev CommunityOptimizely AcademySubmit a ticket

Deployment solutions

Describes the deployment of Optimizely Commerce Connect solutions, and the Commerce-specific tasks needed to verify a successful deployment.

This article is the developer's pre-deployment checklist for Optimizely Commerce Connect: backups, deployment tools, file synchronization, security, monitoring, and IIS tuning. Work through the sections in order — each one calls out what to verify before switching a Commerce Connect site to production.

For a general overview of how to deploy Optimizely solutions, see Deploy in the Optimizely Content Management System (CMS) Developer Guide.

Backups

Implement reliable, scheduled backups for the Optimizely Commerce Connect application and the database using SQL backup jobs.

Deployment tools

Push changes from your development environment to test or QA, then copy the web files to the production server, and verify that each configuration file points to the correct server. For example, use Richcopy — a graphical wrapper for the Windows Robocopy utility — or any equivalent file-copy tool that fits your environment.

Synchronize files from development to live site

Deploy files

When you deploy .NET sites to the production server, transfer the noncompiled assets (*.gif, *.jpg, *.html, *.js, *.xml, *.png, *.css, and similar), the contents of the /bin directory (which holds the compiled code), and any updated configuration files.

Do not transfer *.cs, *.resx, or *.pdb (debug) files.

Deployment security and access

Apply the following security baselines after deployment so only authorized users can reach the Commerce Connect administration interface:

  • Change the default password after a fresh installation.
  • Enable a firewall to restrict remote access to the CMS or Commerce Connect administration interface.
  • Configure roles and permissions for users who need access to the administration site.
  • Limit database access by requiring SQL or Windows authentication.
  • Enable TLS on your public site.
  • Set appropriate file and folder permissions.

Set up automatic updates and disable automatic restart

  • Update Windows regularly to keep it secure and prevent attacks.
  • Disable automatic restart so the server does not go down unexpectedly after updates are installed.
  • Restart and maintain the server during scheduled downtime.
  • Use a staging and version control system to deploy updates.
  • Create an app_offline.htm file so customers see a user-friendly downtime message.
  • Set up an error logging system.

Configure email notifications and alerts

Configure email notifications and alerts so the operations team is paged immediately when the site has problems. Cover at least:

  • Application-level errors that the error-logging system records.
  • Health-check failures from your monitoring stack.
  • Certificate expirations and TLS handshake errors.

Set up TLS

Every website that handles personal data should use Transport Layer Security (TLS) to encrypt traffic and protect customer information. TLS is the modern successor to Secure Sockets Layer (SSL); both terms are still used interchangeably in product UIs.

To enable TLS on your site:

  1. Purchase a TLS certificate from a trusted certificate authority and install it on your website.
  2. Configure your web server to require HTTPS for all traffic.
  3. Synchronize the certificate and configuration files across all environments where the site runs.

Performance

  • Turn on caching by enabling cache-related settings such as CacheEnabled in appsettings.json for the relevant configuration sections.
  • Turn off debugging, logging, and tracing in production. To do this, maintain separate appsettings.json files for development and production environments. For details, see Configuration in ASP.NET Core in the Microsoft documentation.

SEO and web analytics

  • Configure web analytics to track site traffic and visitors and to support conversion-rate analysis.
  • Publish an XML sitemap so search engines can crawl the site efficiently.
  • Use the right HTTP redirect type for your case — 301 for permanent moves, 302 for temporary ones — because search engines treat them differently.
  • Add a robots.txt file to control crawler access.

Internet Information Services (IIS)

  • Create a dedicated application pool for the website to isolate it from other workloads and improve reliability.
  • Set memory limits on the application pool — both the private-memory and recycle-on-time settings — instead of leaving them at IIS defaults.
  • Enable GZIP compression in IIS to reduce the size of HTML, CSS, and JavaScript responses.
  • Verify IIS permissions for the application-pool identity, the site root, and any writable folders.

Related resources

Updated 21 days ago