For a general understanding of how to deploy Optimizely solutions. see also [Deployment](🔗) in the Optimizely Content Management System (CMS) Developer Guide .
Implement reliable, scheduled backups for the Optimizely Customized Commerce application and the database using SQL backup jobs.
## Deployment tools
Push changes made on a development and test/QA environment, then copy web files to the production server, and ensure that each config file points to the correct server. For example, use Richcopy to copy files to a new server. This is a powerful GUI wrapper for Robocopy, the standard file duplication command-line utility included with Windows and Windows Server. Other copy utilities are available, ensure that the utility you pick suits your needs.
## Syncing files from development to live site
### Deploy files
When you deploy .NET sites on the production server, you need the _non-compiled_ files, such as \*.gif; \*.jpg; \*.html; \*.js; \*.xml; \*.png; \*.css and so on. You also need to transfer files in the _/bin_ directory, which contains the compiled code. Also, remember any updated configuration files.
You do not need the \*.cs and \*.resx files. Also, you do not need the \*.pdb files (debug files) in the _/bin_ directory.
### Deploy ECF directories
You need the built-in ECF directories but these directories only need to be deployed once, unless you change them. However, you should not change the built-in directories because they get updated if you later upgrade the ECF application.
### Update DLLs only
If you later update an ECF site and change only server-side code, you need to deploy only the custom dlls in the bin catalog on the production server. If you change the aspx/ascx files, you also have to deploy them.
When a site is recompiled, transfer the updated dlls. If the HTML code is changed, transfer the updated _.aspx or _.ascx files. If changes are made to both dlls and HTML, transfer both.
## Deployment security and access
After your site is deployed, protect and secure it with the following high-level security checks to restrict Commerce Admin to authorized users.
Change the default password after a fresh installation.
Enable a firewall to restrict remote access to CMS/Commerce admin.
Keep Commerce Manager available only within your internal network; not publicly accessible. If you need remote access to Commerce Manager, use a VPN solution.
Set up roles and permissions for users who need access to Admin site.
Limit database access by enabling SQL or Windows authentication.
Enable SSL on your public site.
Set appropriate file and folder permissions.
## Set up automatic updates and disabling automatic restart
Update Windows regularly to keep it secure and prevent attacks.
Disable automatic restart so the server does not go down unexpectedly after updates are installed.
Restart and maintain the server during scheduled downtime.
Use a staging and version control system to deploy updates.
Create an app\_offline.htm file so customers see a user-friendly downtime message.
Set up an error logging system.
## Configure e-mail notifications and alerts
Set up e-mail notifications and alerts to be generated immediately if there are problems with the site.
## Set up Secure Socket Layer (SSL) security
Each website that handles personal data should have SSL security to encrypt traffic and secure customer information. This is especially important if customers check out and purchase items directly from the site.
Purchase an SSL certificate and install it on your website.
Configure SSL after installation.
Sync up files.
Turn on caching by setting **\<cache enabled="true"\>** in relevant config files.
Turn off debug mode by setting **\<compilation debug="false"\>** in application config files.
Turn off tracing by setting **\<trace enabled="false"/\>** in applicable config files.
## SEO/Web analytics
Set up and configure Web Analytics to track site traffic, visitors, and increase conversion.
Use an XML site map so search engines can crawl your site more intelligently.
Learn the difference between 301 and 302 redirects - it is not the same for search engines!
Set up a _robots.txt_ file.
## Internet Information Services (IIS)
Create a new Application Pool for your website to increase its reliability.
Set the memory limit for your Application Pool. Specify the memory time limit instead of using the default. Configure the memory recycling feature in IIS.
Double-check IIS permissions.
**Related blog post:** [Real-world integration for Optimizely Commerce implementation](🔗)