For a general understanding of how to deploy Optimizely solutions. see also [Deployment](🔗) in the Optimizely Content Management System (CMS) Developer Guide .

## Backups

Implement reliable, scheduled backups for the Optimizely Customized Commerce application and the database using SQL backup jobs.

## Deployment tools

Push changes made on a development and test/QA environment, then copy web files to the production server, and ensure that each config file points to the correct server. For example, use Richcopy to copy files to a new server. This is a powerful GUI wrapper for Robocopy, the standard file duplication command-line utility included with Windows and Windows Server. Other copy utilities are available, ensure that the utility you pick suits your needs.

## Syncing files from development to live site

### Deploying files

When you deploy .NET sites on the production server, you need the _non-compiled_ files, such as \*.gif; \*.jpg; \*.html; \*.js; \*.xml; \*.png; \*.css and so on. You also need to transfer files in the _/bin_ directory, which contains the compiled code. Also, remember any updated configuration files.

You do not need the \*.cs and \*.resx files. Also, you do not need the \*.pdb files (debug files) in the _/bin_ directory.

## Deployment security and access

After your site is deployed, protect and secure it with the following high-level security checks to restrict Customized Commerce Admin to authorized users.

• Change the default password after a fresh installation.

• Enable a firewall to restrict remote access to CMS/Commerce admin.

• Set up roles and permissions for users who need access to Admin site.

• Limit database access by enabling SQL or Windows authentication.

• Enable SSL on your public site.

• Set appropriate file and folder permissions.

## Setting up automatic updates and disabling automatic restart

• Update Windows regularly to keep it secure and prevent attacks.

• Disable automatic restart so the server does not go down unexpectedly after updates are installed.

• Restart and maintain the server during scheduled downtime.

• Use a staging and version control system to deploy updates.

• Create an app\_offline.htm file so customers see a user-friendly downtime message.

• Set up an error logging system.

## Configuring e-mail notifications and alerts

• Set up e-mail notifications and alerts to be generated immediately if there are problems with the site.

## Setting up Secure Socket Layer (SSL) security

Each website that handles personal data should have SSL security to encrypt traffic and secure customer information. This is especially important if customers check out and purchase items directly from the site.

• Purchase an SSL certificate and install it on your website.

• Configure SSL after installation.

• Sync up files.

## Performance

• Turn on caching by setting cache related settings, for example CacheEnabled in _appsettings.json_ for relevant configuration sections.

• Turn off debugging and logging/tracing configuration in production. You can achieve this by having separate appsettings.json config files for development and production environment, see [Configuration in ASP.NET Core](🔗).

## SEO/Web analytics

• Set up and configure Web Analytics to track site traffic, visitors, and increase conversion.

• Use an XML site map so search engines can crawl your site more intelligently.

• Learn the difference between 301 and 302 redirects - it is not the same for search engines!

• Set up a _robots.txt_ file.

## Internet Information Services (IIS)

• Create a new Application Pool for your website to increase its reliability.

• Set the memory limit for your Application Pool. Specify the memory time limit instead of using the default. Configure the memory recycling feature in IIS.

• Enable **GZIP **in IIS (reduces size of pages/css/javascript).

• Double-check IIS permissions.

**Related blog post:** [Real-world integration for Optimizely Commerce implementation](🔗)