2014 ecommerce holiday prep

HOLIDAY 2014 Ecommerce Prep Guide

Brought to you by

Our guide to preparing your infrastructure, application and marketing for the upcoming holiday season

Holiday 2014 Ecommerce Preparation 2

Part One – Infrastructure 5. Assess your Infrastructure 6. Secure your environment

Part Two – Application 14. Optimize your site 15. Monitor your environment 16. Find Free Capacity

Part Three - Marketing 19. Campaign Best Practices 21. Email Best Practices 24. Promotions and Discounts

Part Four- Planning 29. Communicate 30. Test. Test. Test.

Contents


http://info.tenzing.com/holidayprep



Part One - Infrastructure


Capacity and Performance Assessments are at the cornerstone of your holiday planning. Understanding your organizations ability to fulfill orders during the holiday season includes your ability to receive them. Your infrastructure, and application capacity is critical.

Assess your Infrastructure If your infrastructure provider is not performing a holiday capacity assessment with you and your team, request one. Reach out to vendors providing integration points for your application. Understand their limitations and how to increase your capacity.


Check your Baseline Start off with assessing your current performance and capacity. If you are seeing issues now, that won’t change when you add more users. Look at your traffic projections for the upcoming season, If you have a history of unexpected spikes, use that spike as a benchmark for adding additional capacity.

Ensure all areas of your application are assessed from hardware, network, storage through to the session limitations at your database level. Include your Systems Integrator or application support group in your assessment. This will ensure that your application is tuned for the level of traffic you are expecting. Increasing capacity during an incident (or unexpected downtime) often takes longer than anticipated. If you have limited budget, now is the time to invest in temporary capacity increases.


Understand your vendor’s capacity planning process Increasing capacity during an incident (or unexpected downtime) often takes longer than anticipated. If you have limited budget, now is the time to invest in temporary capacity increases. Speak to your vendors about the process for adding capacity during an incident as part of your holiday planning. Can they automatically scale to capacity increases or if they will throttle you? For example, some infrastructure providers will limit your bandwidth capacity to your commit level, others will allow you to spike but you will be billed for it later.


Do a load test The true capacity of a website is determined by a combination of the website code and the infrastructure it uses. This means that testing any one part does not give you a true picture of what the environment can handle. Including a load test prior to the start of your holiday campaign season will not only provide comfort on what your capacity can handle but also can uncover problems which occur when an environment is under stress.

Develop an emergency capacity plan Determine if your vendors can add capacity on a temporary contract, and if they have different pricing options for devices that are staged and powered off. If you pre-stage additional capacity, this gives you the option to test and tune it before the holiday season.

Tenzing Site Tester is our fully managed cloud-based, multi-endpoint load testing service. By simulating peak load on your site it can pinpoint performance issues in real time. Best of all, because it is cloud based we can simulate load across a range of geographies, device types and networks and keep the cost affordable for a mid sized retailer.


Secure your Environment

Make sure you’re up to date Understanding your infrastructure provider’s patch and vulnerability program is critical to the security of your platform. Make sure you have either opted in to your provider’s program or patch your servers yourself. Your final patch (unless an emergency patch is released) should be at the beginning of October. Some ecommerce applications have restrictions on which servers can be patched, but most will allow for public web servers to be updated without violating support agreements. Ensure those servers which cannot be patched are not accessible to the internet, and have other mitigating controls in place like firewalls between them and your public facing servers.


Keeping your environment secure is not only important through your busy season; it is something that should be in your DNA throughout the year.

Develop an emergency patch and security plan Plan for problems in the future, make sure you have a plan in place to handle emergency security issues like emergency patching or an unexpected security vulnerability. Know which teams you will need to assemble to resolve those issues quickly.

Limit access Limit access to your environment to authorized personnel. Require your personnel to use strong passwords and regularly review your access list. Complete an audit of users who can access your environment prior to your busy season.

Run a Vulnerability Scan Vulnerability scanning is an important tool in your security toolbox. Running a scan can help you identify known vulnerabilities in your environment.


Denial of Service Attacks can bring your campaign strategy to a screeching halt and historically, November is a busy month for DOS Attacks. Denial of Service Attacks should be part of your disaster planning and your pre-campaign checklist. Understand your provider’s policy and response plan for DoS attacks. Most vendors will remove the attack target from their network. This means, if you are the victim your website will be unavailable to the outside world until the attack subsides and the risk level for your bandwidth provider is mitigated. DoS mitigation providers can be very expensive. If you don’t have room in

your budget to be behind one year round, now is the time to move behind a mitigation service. To further manage costs of this program, look at an always on versus pre-staged protection. Pre-staged allows you to have the service contracted and effectively turned off until you are attacked. If an attack occurs, your traffic can be routed to the mitigation service with a simple firewall change. The difference can mean 20 minutes of downtime versus much longer period. On average, it takes 24 hours to move behind a DoS mitigation provider and can take up to 5 days to tune the environment so that all aspects of your site are rendering.

Plan for an attack


Key Security Checks Make sure security checks are a part of your pre-holiday season checklist, include key items like:

Patch status Open Port audit (JBOSS Management

Port Open to the world) Check that administration pages are

inaccessible to the outside world or have strong passwords

User audit

Part Two- Application


All applications need to be tuned from time to time and there is no better time than the present. Speak to your application team about the health of your environment. Have them look at session limits, long running queries, and activities that use a lot of resources.

Optimize your site You can gain capacity and speed up site performance by leveraging a Content Delivery Networks or CDNs. However, CDNs take time to set up and tune appropriately to get optimal performance. It is best to start this activity well before the holiday season.

Tenzing Site Optimizer is a site speed and optimization solution that goes beyond the capabilities of a CDN. Our service identifies the performance profile of your shoppers and applies a variety of techniques to optimize your store for their profile, with dramatic effect on load times and conversions. This fully managed, cloud-based service can be deployed and configured in a matter of hours with no disruption to your web store.


Monitor your Environment Once you have your infrastructure and application in an optimal state it is important to monitor the performance as you move through the holiday season. There are activities leading up to Cyber Monday, like Back to School which give you the opportunity to see how your environment is performing and make changes before your big selling days.

Measure, Analyze, Act Make sure your monitoring strategy is holistic. Infrastructure availability, application performance, end user experience and traffic levels are all elements you should be paying close attention. Don’t forget to include monitoring around connections to third party systems. You want to understand how links to payment gateways, and postal outlets are performing.


Find Free Capacity There are lots of opportunities to find hidden capacity in your environment. It is important to regularly review your application performance and tune areas that are resource intensive, particularly before peak season.

Adjust your Caching Caching can save system resources by holding information in memory but when the cache has to be refreshed it draws system resources to complete this activity. During peak times increase the time between caches.

Adjust ‘type ahead’ search Type ahead search uses additional sessions and threads within your application. Increasing the number of characters before the search is initiated or how long the system will wait before it starts searching will give you added capacity when you need it.


Remove/adjust view all options Giving customers the option to view all items in a category is available on many sites but if you have a large catalog the loading of these elements take time and resources. Review all the areas where the option to view all is available and restrict the number of items that can be viewed when it is selected.

Limit Publishing Limit your publishing during peak times. Catalog updates on mass are resource intensive because in most applications the database and search engines need to re-index, in addition caching has to be refreshed.

Application Performance Monitoring tools like Tenzings’ Commerce Performance Manager can help you identify problem areas during your holiday planning. This service can automatically pinpoint performance bottlenecks in your application code.

Part Three- Marketing


Communicate Communicate to all your stakeholders your campaign plans – dates and times of future traffic increases helps during the troubleshooting process. Monitor your campaigns closely.

Constantly Evaluate Initial campaigns in the holiday season will give you an idea of your application performance in the upcoming weeks. If you received a higher than anticipated response or your application did not perform as expected this is a good indication of problems to come.

Small changes to how the business or marketing teams manage their campaigns can help to make the holiday season less stressful for all those involved.

Campaign Best Practices


Establish a campaign change process Identify who can approve changes to a campaign strategy and how they are communicated out to stakeholders.

Freeze Once you have prepared your environment and planned your campaigns STOP making changes. Freeze your environment and communicate these dates to your vendors. Make sure you understand all your vendors change policies and if they have a freeze which could impact your planning.

Limit Changes Publishing and catalog changes are a huge drain on system resources. Establish a policy and process for applying these changes and be disciplined in following. This may mean you have to plan your changes better but it is worth the effort.


Email campaigning remains one of the top methods for engaging and pushing customers to ecommerce sites. It also has the potential to cause a self-inflicted Denial of Service Attack to your own environment. This can happen if you send a campaign with large images that clients need to download to their email browser, or when a discount code causes unnecessary traffic to the database. Ensure that your email campaigns don’t overwhelm your site with these simple best practices.

Email Best Practices


Segment your list Segment your campaign into blocks. Rather than sending out one email to 1,000,000 users, consider breaking the campaign up into smaller groups. This allows you to better control traffic spikes and will spread activity over multiple hours as opposed to creating a stampede. The practice of staggering your campaigns extends the life of your capacity as users are alerted to the sales over a longer period rather than a mad rush when the sale starts. Problems can be better mitigated when you stagger, limiting the negative customer impact if you experience a problem.


Manage your media content The use of media in an email campaign can have a positive impact on your campaign, but using multiple or large images can increase bandwidth use and traffic to your environment. As customers receive the email, they will begin downloading the images to their workstation resulting in additional traffic to your environment. On a large scale this can cause performance degradation. To avoid this consider saving your collection of images as flat files to manage their size. You can also store email pictures or media on a separate server to avoid affecting your site performance. If you are using video, host it on Youtube, again this will help you manage site performance and bandwidth costs.


Promotions and Discounts Discount codes are a key driver to holiday selling. We have seen a number of campaigns go horribly wrong when discount codes were incorrectly configured in the application or not tested appropriately.

Don’t get fancy Make sure you do not introduce new discount structures in your peak season. If you have never used a “first Time purchaser” discount previously, now is not the time to use it. Use new discount structures during off-peak times as a test before applying them in your peak season.


Test Test Test Test all discount codes before using them. Test the new discount code, and perform regression testing with codes that are both active and inactive. Treat a discount code like an application launch and come up with standard test cases that can be used for each code release. Make sure your test cases both meet and break the rules of the discount. This is a good time to use your end user test group. Customers will always try doing things testers and application developers don’t think of.

Avoid Database Searches Avoid discount codes which can put unnecessary load on your database. Returning to the First Time Purchaser example, this type of discount requires your application to search your database to determine if the user is eligible to use it. The larger your database the longer the search. This activity will put unnecessary load on the database impacting other users using your site. Keeping a library of your discount codes and their parameters helps with designing your test plan for new codes and campaigns.

Part Four – Planning


Even with the best planning you can still run into problems. A well placed campaign can return higher than expected volumes to your site. For example, last Christmas one of our clients discounted a single item to $1.00. The result was a 940% increase in traffic to their site in a 10 minute period. This was well over the 40% increase in traffic they had predicted. Make sure you look at your environment and identify the areas at the greatest risk to have a problem and prioritize planning around those areas.


Plan for the inevitable In our experience it is inevitable that something with go awry, but the most successful teams aren’t those who are prepared. On that note, make sure you develop an emergency response plan. When creating one make sure you cover scenarios for Traffic overload, unplanned downtime, and unexpected security incidents. Create specific plans for

Website Overload Incident Response Security/DoS response

As part of your plan identify the resources you will need to resolve the issue, how to contact them and rules for triggering the plan.


Communication is key to ensuring success. Communicate key traffic days to all stakeholders. Share your emergency planning with everyone who needs to be aware including marketing, IT, customer service and appropriate vendors.

Communicate


Test. Test. Test. Testing your environment end to end is the best way to be prepared for the holiday season. Make sure you plan your campaigns, assess your campaign needs and capacity, Test, test and do more tests and communicate your plans to your stakeholders. One of the best tools in your holiday preparation is a load test. By simulating a high volume of users you can identify bottlenecks and the levels at which degradation occurs. This can help you decide at whether to invest in additional resources for your peak season.

As mentioned earlier Tenzing has recently introduced a fully managed, cloud-based, multi endpoint load testing service. Tenzing Site Tester simulates peak load on your website across a range of geographies, device types and networks. It speeds root cause analysis and remediation by pinpointing performance issues in real time.

We hope you’ve found this guide useful but there is plenty more where it came from. Don’t hesitate to reach out to [email protected] with any questions related to the contents of the ebook, or the products mentioned.

Good Luck this holiday season!

mailto:[email protected]

2014 ecommerce holiday prep

Retail