From 6d49cf9aea1f8246d9c91a3d1865594b7794b62c Mon Sep 17 00:00:00 2001 From: olenalaktionova Date: Thu, 9 Jan 2025 17:36:30 +0200 Subject: [PATCH] Update CLOUD topics --- docs/ca/dev/preparation-for-going-live.md | 84 +++++++++++------------ 1 file changed, 42 insertions(+), 42 deletions(-) diff --git a/docs/ca/dev/preparation-for-going-live.md b/docs/ca/dev/preparation-for-going-live.md index 1112272a99..d2c5b723c3 100644 --- a/docs/ca/dev/preparation-for-going-live.md +++ b/docs/ca/dev/preparation-for-going-live.md @@ -23,49 +23,49 @@ We've divided the preparation into approximate timeframes, and you can adjust th ## Eight weeks before go-live -| ID | CATEGORY | NAME | DESCRIPTION | NOTE | -|--------|----------------------------------------------------------|--------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| -| GEN-01 | General | Share Go-Live Plan | Inform your Partner or Customer Success Manager about your go-live date and time. Update them if plans change. | This is critical for Domain Name System (DNS) switching and the hypercare phase Spryker provides before and after go-live. | -| CLO-01 | Cloud | Ensure a network diagram | Ensure a network diagram is available for quick reference to explain the setup if needed. | Sample of the [diagram](https://docs.spryker.com/docs/dg/dev/sdks/the-docker-sdk/docker-environment-infrastructure.html). | | -| CLO-02 | Cloud | Third-party systems integration | Double-check that all VPC peering and Site-to-Site VPN connections are monitored and secure. | We don't usually monitor such connections with external parties. | -| CLO-03 | Cloud | Third-party systems integration | Make sure that routing works as expected, and no internal resources are accidentally exposed via the Site-to-Site or VPC peering setup. | | -| CLO-04 | Cloud | Evaluate DOS and DDOS prevention (frontend) | Check your concepts for denial-of-service (DOS) and distributed denial-of-service (DDOS) prevention or mitigation, and check with relevant vendors for products that fit your needs and are compatible with SCCOS. | | -| CLO-05 | Cloud | Evaluate DOS and DDOS prevention (backend / Merchant Portal) | Check your concepts for DOS and DDOS prevention in the Back office and Merchant portal. Add basic auth if applicable. | For instructions on implementing basic auth, see [Configure basic .htaccess authentication](/docs/pbc/all/identity-access-management/{{site.version}}/configure-basic-htaccess-authentication.html) | -| CLO-06 | Cloud | Define DNS strategy | Define DNS strategy. | If you delegate DNS to Spryker, let us know the date on which to point the domain name to your Spryker project. | -| CLO-07 | Cloud | Set up whitelisting (security) | Web Application Firewalls (WAF) IPs, proxies, and other security and traffic filtering systems used to route traffic to Spryker are whitelisted. | This prevents these systems to be accidentally blocked by Spryker security systems. You can request IPs to be whitelisted via an Infrastructure Change Request on the [Support Portal](https://support.spryker.com/s/). | +| ID | CATEGORY | NAME | DESCRIPTION | NOTE | +|--------|----------------------------------------------------------|--------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| GEN-01 | General | Share Go-Live Plan | Inform your Partner or Customer Success Manager about your go-live date and time. Update them if plans change. | This is critical for Domain Name System (DNS) switching and the hypercare phase Spryker provides before and after go-live. | +| CLO-01 | Cloud | Ensure a network diagram | Ensure a network diagram is available for quick reference to explain the setup if needed. | Sample of the [diagram](https://docs.spryker.com/docs/dg/dev/sdks/the-docker-sdk/docker-environment-infrastructure.html). | | +| CLO-02 | Cloud | Third-party systems integration | Double-check that all Virtual Private Cloud (VPC) peering and Site-to-Site Virtual Private Network (VPN) connections are monitored and secure. | Spryker usually does not monitor such connections with external parties. More details on [Site to Site VPN](https://docs.spryker.com/docs/ca/dev/environment-provisioning.html#optional-site-to-site-vpn) | +| CLO-03 | Cloud | Third-party systems integration | Make sure that routing works as expected, and no internal resources are accidentally exposed via the Site-to-Site or VPC peering setup. | | +| CLO-04 | Cloud | Evaluate DOS and DDOS prevention (frontend) | Check your concepts for denial-of-service (DOS) and distributed denial-of-service (DDOS) prevention or mitigation, and check with relevant vendors for products that fit your needs and are compatible with SCCOS. | | +| CLO-05 | Cloud | Evaluate DOS and DDOS prevention (backend / Merchant Portal) | Check your concepts for DOS and DDOS prevention in the Back office and Merchant portal. Add basic auth if applicable. | For instructions on implementing basic auth, see [Configure basic .htaccess authentication](/docs/pbc/all/identity-access-management/{{site.version}}/configure-basic-htaccess-authentication.html) | +| CLO-06 | Cloud | Define DNS strategy | Define DNS strategy. | If you delegate DNS to Spryker, let us know the date on which to point the domain name to your Spryker project. | +| CLO-07 | Cloud | Set up whitelisting (security) | Web Application Firewalls (WAF) IPs, proxies, and other security and traffic filtering systems used to route traffic to Spryker are whitelisted. | This prevents these systems to be accidentally blocked by Spryker security systems. You can request IPs to be whitelisted via an Infrastructure Change Request on the [Support Portal](https://support.spryker.com/s/). | | APP-01 | Application | Activate IP tracking | Activate IP tracking. [Activating IP tracking](https://github.com/spryker/docker-sdk/blob/master/docs/07-deploy-file/02-deploy.file.reference.v1.md#cloud-define-gateway-ip-addresses) significantly increases chances to mitigate or spot malicious activities like DOS attacks. You might need to evaluate this from a data protection policy perspective. | -| APP-02 | Application | Upgrade code | Upgrade your project's code to the [latest Demo Shop release](/docs/about/all/releases/product-and-code-releases.html). Or at least upgrade to a release that fully supports the Docker SDK (202009.0 and later). | -| APP-03 | Application | Upgrade code (twig) | Update `spryker/twig` to version 3.15.2 or later because this and later versions have important stability improvements over version 3.15.1. | -| APP-04 | Application | Migrate DB (Maria DB) | Migrate the project's database to MariaDB. | -| APP-05 | Application | Migrate endpoints | Split the project's Zed endpoints as described in [Integrating separate endpoint bootstraps](/docs/dg/dev/integrate-and-configure/integrate-separate-endpoint-bootstraps.html). | -| APP-06 | Application | Check service name | Verify that your project's service naming scheme exactly matches the examples in the [sample deploy-spryker-b2c-staging.yml file](https://github.com/spryker-shop/b2c-demo-shop/blob/202204.0-p2/deploy.spryker-b2c-staging.yml). | -| APP-07 | Application | Create a deploy file | Create [deploy files](/docs/dg/dev/sdks/the-docker-sdk/deploy-file/deploy-file.html) for each of your environments. File names must follow the naming convention: `deploy.(project)-(environment).yml`. For example, `deploy.example-staging.yml`. | -| APP-08 | Application | Define Docker SDK version | [Define a Docker SDK version](/docs/dg/dev/sdks/the-docker-sdk/choosing-a-docker-sdk-version.html). | -| APP-09 | Application | Integrate FlySystem | Integrate [FlySystem](/docs/ca/dev/configure-data-import-from-an-s3-bucket.html) to use data in S3 Buckets instead of local storage for the project. | -| APP-10 | Application | Check S3 bucket import | If you're using CSV imports, make sure they're imported from S3 buckets. -| APP-11 | Application | Set up S3 bucket (staging) | Connect Staging S3 bucket to a staging environment. | -| APP-12 | Application | Set up S3 bucket (production) | Connect Production S3 bucket to a production environment. | -| APP-13 | Application | Implement general performance guidelines | Implement approaches described in all the [performance guidelines](/docs/dg/dev/guidelines/performance-guidelines/performance-guidelines.html). -| APP-14 | Application | Implement Jenkins guidelines | Implement [Jenkins operational best practices](/docs/ca/dev/best-practices/jenkins-operational-best-practices.html) -| APP-15 | Application | Implement publish and sync guidelines | Implement the [Publish and Sync stability best practices](/docs/ca/dev/best-practices/best-practises-jenkins-stability.html#memory-management) where applicable. -| APP-16 | Application | Implement general security guidelines | Apply Spryker [security guidelines](/docs/dg/dev/guidelines/security-guidelines.html). | -| APP-17 | Application | Implement password security guidelines | Make sure that you don't have any plain-text passwords, private keys, or API secrets in config files or Git repositories. -| APP-18 | Application | Implement credentials security guidelines | Minimize the use of personal credentials and choose work-specific accounts based on each environment (production, staging, testing). We highly recommend employing Centralized Credential Management to securely store and manage these credentials. -| APP-19 | Application | Implement secrets rotations | Secrets, like API tokens, should be rotated regularly. Outline and test rotation strategies to make sure they're not going to cause issues during live operation. -| APP-20 | Application | Implement internal update security guidelines | Install all the [security updates](/docs/about/all/releases/product-and-code-releases.html) from all Spryker packages. -| APP-21 | Application | Implement external update security guidelines | Install all the security updates from all the external packages. | To check if your project modules require security updates, you can use the [security checker](/docs/dg/dev/guidelines/keeping-a-project-upgradable/upgradability-guidelines/spryker-security-checker.html). -| APP-22 | Application | Perform compliance and legal checks | Perform compliance and legal checks. To ensure the platform complies with relevant legal and regulatory requirements, especially for international operations, consult your legal team. Make sure to check [guidelines for GDPR compliance](/docs/about/all/support/gdpr-compliance-guidelines.html). -| APP-23 | Application | Set up Access Control List (ACL) | Make sure that the Back Office ACL setup is configured correctly to manage user permissions and access rights within the system's administrative interface. | For instructions on how to configure ACL, see [Users and rights overview](/docs/pbc/all/user-management/{{site.version}}/base-shop/user-and-rights-overview.html). -| APP-24 | Application | Set up DB logs strategy | If your application is writing logs into your database, develop a strategy on how these logs can be regularly rotated or truncated to avoid large table sizes that can affect the application's performance. | By default, the `spy_oms_transition_log` is used to log state machine transitions and can get very large if not [truncated](/docs/dg/dev/troubleshooting/troubleshooting-general-technical-issues/the-spy-oms-transition-log-table-takes-up-too-much-space.html) regularly. -| APP-25 | Application | Evaluate and implement payment tips | If possible, check if you can implement payment options in a redundant way so that, if one payment provider has an outage, customers can still pay using another one. -| TES-01 | Testing | Perform deployment tests | Perform deployment tests. To understand how your application will perform and work when deployed, [test your deployments locally](/docs/dg/dev/miscellaneous-guides/simulating-deployments-locally.html). -| TES-02 | Testing | Perform local payment test | Before deploying your payment options, test them all locally. | For more information, see [HowTo: Debug payment integrations locally](/docs/pbc/all/payment-service-provider/{{site.version}}/base-shop/debug-payment-integrations-locally.html). -| TES-03 | Testing | Perform UAT | Perform User Acceptance Testing (UAT). Besides internal testing, before opening your system publicly, we highly recommend conducting extensive UAT to validate the functionality and user experience from an end-user perspective. If applicable, ensure the platform's compatibility and optimal performance across various devices and browsers -| SEO-01 | Search engine optimization (SEO) | Set up redirects | Set up redirects. If you are migrating from another shop or project to Spryker, that is, the domain you want to use already points to a shop or a project, you need a migration plan to phase out the old project and phase in the new one. Check with your SEO experts on the strategy for your content and search engine results. -| SEO-02 | SEO | Implement SEO best practices | Review and implement the best practices where applicable. For details, see [Basic SEO techniques to use in your project](/docs/dg/dev/best-practices/basic-seo-techniques-to-use-in-your-project.html). -| TR-01 | Training | Prepare internal training | Prepare role-specific enablement training for all internal users of the platform. These may include: Back Office administrators (including role specifics), support assistants and agents, marketplace operators, merchant portal users. -| TR-02 | Training | Prepare external training | Prepare trainings for external users, such as those interacting with the platform via APIs or third-party systems. -| TR-03 | Training | Prepare customer training | Make sure your end customers are aware of any changes that the new platform may bring. Besides striving for good user experience and transparency, make sure to consult with your legal team about any obligations in that regard. +| APP-02 | Application | Upgrade code | Upgrade your project's code to the [latest Demo Shop release](/docs/about/all/releases/product-and-code-releases.html). Or at least upgrade to a release that fully supports the Docker SDK (202009.0 and later). | +| APP-03 | Application | Upgrade code (twig) | Update `spryker/twig` to version 3.15.2 or later because this and later versions have important stability improvements over version 3.15.1. | +| APP-04 | Application | Migrate DB (Maria DB) | Migrate the project's database to MariaDB. | +| APP-05 | Application | Migrate endpoints | Split the project's Zed endpoints as described in [Integrating separate endpoint bootstraps](/docs/dg/dev/integrate-and-configure/integrate-separate-endpoint-bootstraps.html). | +| APP-06 | Application | Check service name | Verify that your project's service naming scheme exactly matches the examples in the [sample deploy-spryker-b2c-staging.yml file](https://github.com/spryker-shop/b2c-demo-shop/blob/202204.0-p2/deploy.spryker-b2c-staging.yml). | +| APP-07 | Application | Create a deploy file | Create [deploy files](/docs/dg/dev/sdks/the-docker-sdk/deploy-file/deploy-file.html) for each of your environments. File names must follow the naming convention: `deploy.(project)-(environment).yml`. For example, `deploy.example-staging.yml`. | +| APP-08 | Application | Define Docker SDK version | [Define a Docker SDK version](/docs/dg/dev/sdks/the-docker-sdk/choosing-a-docker-sdk-version.html). | +| APP-09 | Application | Integrate FlySystem | Integrate [FlySystem](/docs/ca/dev/configure-data-import-from-an-s3-bucket.html) to use data in S3 Buckets instead of local storage for the project. | +| APP-10 | Application | Check S3 bucket import | If you're using CSV imports, make sure they're imported from S3 buckets. +| APP-11 | Application | Set up S3 bucket (staging) | Connect Staging S3 bucket to a staging environment. | +| APP-12 | Application | Set up S3 bucket (production) | Connect Production S3 bucket to a production environment. | +| APP-13 | Application | Implement general performance guidelines | Implement approaches described in all the [performance guidelines](/docs/dg/dev/guidelines/performance-guidelines/performance-guidelines.html). +| APP-14 | Application | Implement Jenkins guidelines | Implement [Jenkins operational best practices](/docs/ca/dev/best-practices/jenkins-operational-best-practices.html) +| APP-15 | Application | Implement publish and sync guidelines | Implement the [Publish and Sync stability best practices](/docs/ca/dev/best-practices/best-practises-jenkins-stability.html#memory-management) where applicable. +| APP-16 | Application | Implement general security guidelines | Apply Spryker [security guidelines](/docs/dg/dev/guidelines/security-guidelines.html). | +| APP-17 | Application | Implement password security guidelines | Make sure that you don't have any plain-text passwords, private keys, or API secrets in config files or Git repositories. +| APP-18 | Application | Implement credentials security guidelines | Minimize the use of personal credentials and choose work-specific accounts based on each environment (production, staging, testing). We highly recommend employing Centralized Credential Management to securely store and manage these credentials. +| APP-19 | Application | Implement secrets rotations | Secrets, like API tokens, should be rotated regularly. Outline and test rotation strategies to make sure they're not going to cause issues during live operation. +| APP-20 | Application | Implement internal update security guidelines | Install all the [security updates](/docs/about/all/releases/product-and-code-releases.html) from all Spryker packages. +| APP-21 | Application | Implement external update security guidelines | Install all the security updates from all the external packages. | To check if your project modules require security updates, you can use the [security checker](/docs/dg/dev/guidelines/keeping-a-project-upgradable/upgradability-guidelines/spryker-security-checker.html). +| APP-22 | Application | Perform compliance and legal checks | Perform compliance and legal checks. To ensure the platform complies with relevant legal and regulatory requirements, especially for international operations, consult your legal team. Make sure to check [guidelines for GDPR compliance](/docs/about/all/support/gdpr-compliance-guidelines.html). +| APP-23 | Application | Set up Access Control List (ACL) | Make sure that the Back Office ACL setup is configured correctly to manage user permissions and access rights within the system's administrative interface. | For instructions on how to configure ACL, see [Users and rights overview](/docs/pbc/all/user-management/{{site.version}}/base-shop/user-and-rights-overview.html). +| APP-24 | Application | Set up DB logs strategy | If your application is writing logs into your database, develop a strategy on how these logs can be regularly rotated or truncated to avoid large table sizes that can affect the application's performance. | By default, the `spy_oms_transition_log` is used to log state machine transitions and can get very large if not [truncated](/docs/dg/dev/troubleshooting/troubleshooting-general-technical-issues/the-spy-oms-transition-log-table-takes-up-too-much-space.html) regularly. +| APP-25 | Application | Evaluate and implement payment tips | If possible, check if you can implement payment options in a redundant way so that, if one payment provider has an outage, customers can still pay using another one. +| TES-01 | Testing | Perform deployment tests | Perform deployment tests. To understand how your application will perform and work when deployed, [test your deployments locally](/docs/dg/dev/miscellaneous-guides/simulating-deployments-locally.html). +| TES-02 | Testing | Perform local payment test | Before deploying your payment options, test them all locally. | For more information, see [HowTo: Debug payment integrations locally](/docs/pbc/all/payment-service-provider/{{site.version}}/base-shop/debug-payment-integrations-locally.html). +| TES-03 | Testing | Perform UAT | Perform User Acceptance Testing (UAT). Besides internal testing, before opening your system publicly, we highly recommend conducting extensive UAT to validate the functionality and user experience from an end-user perspective. If applicable, ensure the platform's compatibility and optimal performance across various devices and browsers +| SEO-01 | Search engine optimization (SEO) | Set up redirects | Set up redirects. If you are migrating from another shop or project to Spryker, that is, the domain you want to use already points to a shop or a project, you need a migration plan to phase out the old project and phase in the new one. Check with your SEO experts on the strategy for your content and search engine results. +| SEO-02 | SEO | Implement SEO best practices | Review and implement the best practices where applicable. For details, see [Basic SEO techniques to use in your project](/docs/dg/dev/best-practices/basic-seo-techniques-to-use-in-your-project.html). +| TR-01 | Training | Prepare internal training | Prepare role-specific enablement training for all internal users of the platform. These may include: Back Office administrators (including role specifics), support assistants and agents, marketplace operators, merchant portal users. +| TR-02 | Training | Prepare external training | Prepare trainings for external users, such as those interacting with the platform via APIs or third-party systems. +| TR-03 | Training | Prepare customer training | Make sure your end customers are aware of any changes that the new platform may bring. Besides striving for good user experience and transparency, make sure to consult with your legal team about any obligations in that regard. ## Four weeks before go-live