HOLIDAY 2014

Ecommerce Preparation

Our guide to preparing your infrastructure, application

and marketing for the upcoming holiday season

Brought to
you by

Contents
Part One Infrastructure
5. Assess your infrastructure
8. Secure your environment

Part Two Application

14. Speed up your site

15. Find free capacity
19. Monitor your environment

Part Three - Marketing

21. Campaign best practices

23. Email best practices
26. Promotions and discounts

Part Four- Planning

29. Plan for the inevitable

Holiday 2014
Ecommerce Preparation

Part One - Infrastructure

Capacity and performance assessments are at the cornerstone of your holiday

planning. Understanding your organizations ability to fulfill orders during the
holiday season includes your ability to receive them. Your infrastructure and
application capacity is critical to your overall success.

Assess your infrastructure

If your infrastructure provider is not performing a
holiday capacity assessment with you and your
team, request one. Reach out to vendors providing
integration points for your application.
Understand their limitations and how you can go
about increasing your capacity with them during
the holidays.

Holiday 2014
Ecommerce Preparation

Check your baseline performance

Start off with assessing your current performance and

capacity. If you are seeing issues now, that wont change
when you add more users. Look at your traffic projections for
the upcoming season. If you have a history of unexpected
spikes, use your largest spike as a benchmark predicting
traffic volumes.
Ensure all areas of your application are assessed at all layers.
Include your Systems Integrator or application support group
in your assessment. This will ensure that your application is
tuned for the level of traffic that you are expecting.
Key areas to focus on:
Server CPU, Disk, Memory
Network Distribution Switch Capacity, Firewall, Load Balancers
Database CPU, Disk, Memory, Storage, Query Performance, Indexing
Bandwidth
Storage IOPs, CPU, Latency, Disk Space

Holiday 2014
Ecommerce Preparation

Understand your vendors capacity

planning process

Increasing capacity during an incident (or unexpected

downtime) often takes longer than anticipated. If you
have limited budget, now is the time to invest in
temporary capacity increases. Speak to your vendors
about the process for adding capacity during an incident
as part of your holiday planning. Can they automatically
scale capacity as demand increases, or will they throttle
you?
For example, some infrastructure providers will limit your bandwidth capacity to
your commit level, while others will allow you to spike and bill you later for any
overages.

Add or pre-stage capacity for potential problem areas

Based on your assessment of current performance, add capacity to areas that need
it. If your budget is limited, prioritize the components which could have the greatest
impact on performance (like your database or network). CPU is often a bottleneck in
ecommerce environments, so pre-order larger CPUs and have them on hand should
you need them.

Holiday 2014
Ecommerce Preparation

Develop an emergency capacity plan

Determine if your vendors can add capacity on a temporary

basis, and if they have different pricing options for devices
that are staged and powered off. If you pre-stage additional
servers, this gives you the option to test and tune them before
the holiday season. It will also reduce turn-around time
when deploying a server in an emergency.

Do a load test

The true capacity of a website is determined by a combination

of the website code and the infrastructure it uses. This means
that testing any one part does not give you a true picture of
what the environment can handle. Including a load test prior
to the start of your holiday campaign season will provide you
with a clear understanding of the amount of traffic that your
web store can handle. It also helps you uncover problems
which only occur when your environment is under stress,
and gives you the opportunity to address these defects before
they impact shoppers.
Budget for multiple load tests. Often a test will uncover a
problem, which will need to be fixed. Once the issue has been
resolved another test may be required to confirm the changes
have resolved the issue.
Holiday 2014
Ecommerce Preparation

Tenzing Site Tester

is our fully
managed cloudbased, multiendpoint load
testing service. By
simulating peak
load on your site, it
can pinpoint
performance issues
in real time. Best of
all, because it is
cloud based it can
simulate load
across a range of
geographies, device
types and networks
and keep the cost
affordable for a
mid-sized retailer.

Secure your Environment

Make sure youre up to date
Keeping your
environment
secure is not
only
important
through your
busy season; it
is something
that should be
in your DNA
throughout
the year.

Understanding your infrastructure providers patch and

vulnerability program is critical to the security of your
platform. Make sure you have either opted in to your
providers program or patch your environment yourself.
Understand who is responsible for monitoring security patches
and applying them to all areas of your environment from your
infrastructure layer, operating system and all the way up to
your application.
Your final patch (unless an emergency patch is released)
should be at the beginning of October. Some ecommerce
applications have restrictions on which servers can be patched,
but most will allow for public web servers to be updated
without violating compatibility restrictions.
Ensure those servers which cannot be patched are not
accessible to the Internet, and have other mitigating controls
in place like firewalls protecting them from the public access.

Holiday 2014
Ecommerce Preparation

Develop an emergency patch and security plan

Plan for problems in the future by making sure you have a plan in
place to handle security issues like emergency patching or an
unexpected security vulnerability. Know which teams you will
need to assemble to resolve these types of issues quickly.

Limit access

Limit access to your environment to authorized personnel. Require your personnel to use
strong passwords and regularly review your access list. Complete an audit of users who
can access your environment prior to your busy season.

Run a vulnerability scan

Vulnerability scanning is an important tool in your security toolbox. Running a scan can
help you identify known vulnerabilities in your environment before they impact your
busy season.

Run a penetration test

Penetration testing will look for active weaknesses in your application and
infrastructure. Executing a penetration test annually is an important component of your
security program.

Holiday 2014
Ecommerce Preparation

Protect from a DoS attack

A Denial of Service attack (a.k.a. DoS attack) is an

attempt to take an organizations Internet presence
offline by exhausting all computing resources so
that the general public cant access the site or
services. It is usually by accomplished by
overwhelming the sites network connection or
server with traffic. 1
DoS attacks can bring your campaign strategy to a screeching halt, and
historically November is a busy month for these types of attacks. Mitigating DoS
attacks should be part of your disaster planning and your pre-campaign checklist.
Understand your providers policy and response plan for DoS attacks.
Most hosting providers will remove the attack target from their network. This
means that if you are the target of a DoS attack your website will be unavailable to
the outside world until the attack subsides and the risk to your hosting provider is
low.
DoS mitigation solutions prevent this scenario from happening by filtering
illegitimate traffic before it hits your hosting providers network.
1 http://www.dosarrest.com/ddos-blog/anticipating-preventing-and-managing-ddos-attacks/#sthash.VEjDutXE.dpuf

Holiday 2014
Ecommerce Preparation

10

DoS mitigation options

DoS mitigation services can be very expensive. If you dont

have room in your budget to leverage this type of service all
year round, consider using one during the holidays on a short
term basis. To further manage the costs of this program, look
at an pre-staged versus always on configuration. A prestaged DoS mitigation service allows you to have the service
contracted and on stand-by until you are attacked. If an
attack occurs, your traffic can be routed to the mitigation
service with a simple firewall change.
Keep in mind that on average it takes 24 hours to move behind
a DoS mitigation service and can take up to 5 days to tune the
environment so that all aspects of your site are rendering
properly. Pre-staging a DoS mitigation service is an costeffective way to dramatically reduce your response time to
DoS attacks. Once your DoS mitigation service is pre-staged, it
can take as little as 20 minutes to recover from an attack.
Content Delivery Networks (CDNs) can also help mitigate
against a DoS attack. If you can afford only one, a CDN or a
DoS Mitigation service, invest in a CDN. The distributed
nature of the CDNs network helps protect your site, while also
improving your sites performance.
Holiday 2014
Ecommerce Preparation

Tenzings DoS
Mitigation service
DoS Assure
provides 24x7
protection from a
wide number of
incursions
including CMP &
UDP floods, Port
Scans, SYN attack
and Distributed
Reflection DoS.
Service options
include proactive,
always-on
protection, hotstandby and ondemand emergency
services.

11

Key security checks

Make sure security checks are a part of
your pre-holiday season checklist.
Include key items like:
Patch status infrastructure, operating system, and
application
Open port audit
Firewall rule audit
Check that administration pages are inaccessible to
the outside world and have strong passwords
User audit
Vulnerability scan
Penetration testing

Holiday 2014
Ecommerce Preparation

12

Part Two- Application

All applications need to be tuned from time to

time and there is no better time than the present.
Speak to your application team about the health
of your environment. Have them look at session
limits, long running queries, and activities that
use a lot of resources.

Speed up your site

You can gain capacity and speed up site

performance by leveraging Content Delivery
Networks (CDNs). However, CDNs take time to set
up and tune appropriately to get optimal
performance. It is best to start this activity well
before the holiday season.

Holiday 2014
Ecommerce Preparation

Tenzing Site Optimizer is

a site optimization
solution that goes beyond
the capabilities of
traditional CDNs. This
service identifies the type
of device and network that
shoppers are using and
applies a variety of frontend optimization
techniques to accelerate
page performance with
dramatic effects on load
times and conversions.
This fully managed, cloudbased service can be
deployed and configured
in a matter of hours with
no disruption to your web
store.

14

Find free capacity

There are lots of opportunities to find hidden capacity in your environment. It is
important to regularly review your application performance and tune areas that
are resource intensive, particularly before the peak holiday season.

Adjust your caching

Caching can save system resources by holding information in memory, but when
the cache has to be refreshed it draws on system resources to complete this
activity. During peak periods of demand increase the time between caches.
Review what is cached and what is not. Make sure frequently called items are
cached. Some ecommerce applications by default have caching turned off for
some of their database elements. Review these settings and adjust them
appropriately.

Adjust type ahead search

Type ahead search uses additional sessions and threads within your application.
Increasing the number of characters a shopper must type before a type ahead
search is initiated will give you added capacity.

Holiday 2014
Ecommerce Preparation

15

Remove/adjust view all options

Giving shoppers the option to view all items in a category is available on many
ecommerce platforms, but if you have a large catalog loading these elements takes
time and resources. Review all the areas where the option to view all is available
and restrict the number of items that can be viewed when this option is selected.

Know what is scheduled and when

Review when recurring jobs are scheduled to run. Making

sure jobs are not colliding with each other or running during
peak periods can help you make the most of your current
capacity.
Key areas to look at:
Cache refresh rate, for both your application and CDN
Search indexing
Backup
Database jobs, especially archiving and indexing jobs
Pricing updates
Inventory updates

Holiday 2014
Ecommerce Preparation

16

Limit publishing and catalog updates

Limit your publishing during the holidays. En mass
catalog updates are resource intensive because in
most applications the database and search engines
need to re-index. In addition caching has to be
refreshed.
Establish a strategy to time catalog updates so that
they dont impact peak shopping periods . Ensure
updates are performed during the point of the day
when traffic is the lowest and bundle changes in to
small groups instead of doing them all at once.
Review the thresholds under which a catalog change will force a cache refresh.
Some ecommerce platforms will allow you to set a threshold to invalidate the
entire cache when a specific number of records are changed. Review these
thresholds and make sure they are optimized for your business. Indexing is
another area which can be adjusted. Make sure a full index is not triggered when a
minor catalog change is made to prevent unnecessary resources from being
consumed.

Holiday 2014
Ecommerce Preparation

17

Manage bot traffic

Bots can suddenly and dramatically increase the traffic

to your web store. Ensure that you have a strategy to
manage bot traffic received from sites like Pinterest,
Google, Twitter and others. Look at ways to manage
traffic from these sources like configuring your
application to release sessions created by a bot faster
than human sessions. If your default session time out is
30 minutes, update apache to recognize when a session
is from a bot and release that session after a shorter
period. Alternatively, you can configure a separate
server to service only bot traffic. Ensuring that your
applications bot profiles are updated are critical to both
these strategies.

Holiday 2014
Ecommerce Preparation

Application
Performance
Monitoring tools like
Tenzings Commerce
Performance Manager
can help you identify
problem areas during
your holiday planning.
This service can
automatically pinpoint
performance
bottlenecks in your
application code.

18

Monitor your environment

Once you have your infrastructure and application in an

optimal state, it is important to monitor performance as
you move through the holiday season. There are
shopping periods leading up to Cyber Monday, like the
back to school season, which give you the opportunity to
measure how your environment is performing and to
make changes before your biggest selling days.

Measure, analyze, act

Make sure that your monitoring strategy is holistic. Infrastructure availability,

infrastructure performance, application performance, end user experience and traffic
levels are all elements that you should be paying close attention to.
Dont forget to monitor third party systems that support your web store. You want to
continually monitor the performance of items like payment gateways and postal
outlets to ensure that these critical services perform optimally and dont impact your
shopping experience.

Holiday 2014
Ecommerce Preparation

19

Part Three- Marketing

Small changes to how the business or marketing teams manage their campaigns
can help to make the holiday season less stressful for all those involved.

Campaign best practices

Communicate

Communicate your campaign plans to all of your stakeholders. Ensuring everyone

knows that dates and times of future traffic increases helps during the
troubleshooting process. Monitor your campaigns closely.

Constantly evaluate

Initial campaigns that you launch during the holiday

season will give you an idea of your application
performance in the upcoming weeks. If you received a
higher than anticipated response or your application
did not perform as expected this is a good indication of
problems to come.

Holiday 2014
Ecommerce Preparation

21

Establish a campaign change process

Identify who can approve changes to a campaign strategy and how these
changes are communicated out to stakeholders.

Freeze

Once you have prepared your environment and planned your campaigns
STOP making changes. Freeze your environment and communicate
campaign dates to your vendors. Make sure you understand all your
vendors change policies and if they have a freeze which could impact
your planning.

Limit changes

Publishing and catalog changes are a huge drain on system resources.

Establish a policy and process for applying these changes and be
disciplined in following this process. This may mean you have to plan
your changes better, but it is worth the effort.

Holiday 2014
Ecommerce Preparation

22

Email Best Practices

Email campaigning remains one of the top methods for
engaging shoppers and driving them to ecommerce sites. It
also has the potential to drive an overwhelming amount of
traffic to your web store over a very short period of time, with
effects similar to those of a DoS attack. Ensure that your
email campaigns dont overwhelm your site with these simple
best practices.

Segment your list

Segment your campaign into blocks. Rather than sending out one email to
1,000,000 users, consider breaking the campaign up into smaller groups. This
allows you to better control traffic spikes and will spread activity over multiple
hours as opposed to generating a rush of traffic in a matter of minutes.
The practice of staggering your campaigns extends the life of your capacity as
users are alerted to the sales over a longer period rather than a mad rush when the
sale starts. This strategy allows you to pause a campaign when a problem is
detected, limiting the impact the campaign has on your shopping experience.

Holiday 2014
Ecommerce Preparation

23

Manage your media content

The use of media in an email campaign can have a

positive impact on response rates, but using large,
detailed images or video puts additional load on your
web store. As customers open your email, they will begin
downloading this content to their web client. On a large
scale this can cause performance degradation.
To avoid this problem consider saving your collection of
images as flat files to manage their size. You can also
store images on a separate server to avoid affecting the
performance of your web store. If you are using video,
host it on services like YouTube or Vimeo. Again this will
help you manage site performance and minimize
bandwidth costs.

Holiday 2014
Ecommerce Preparation

24

Promotions and discounts

Discount codes are a key driver to holiday selling. We have
seen a number of campaigns go horribly wrong when
discount codes were incorrectly configured in the application
or not tested appropriately.

Dont get fancy

Make sure you do not introduce new discount structures during your peak
shopping season. If you have never used a first time purchaser discount, now is
not the time to use it. Use new discount structures during off-peak seasons as a
test before applying them during your peak shopping season.

Holiday 2014
Ecommerce Preparation

25

Avoid expensive database searches

Avoid discount codes which can put unnecessary load on your database. Returning
to the first time purchaser example, this type of discount requires your application
to search your database to determine if the user is eligible to use it. The larger your
database the longer the search. This activity will put unnecessary load on the
database, impacting other shoppers using your site.
Keeping a library of your discount codes and their parameters helps with designing
your test plan for new codes and campaigns.

Test discount codes

Test all discount codes before using them. Perform regression

testing with codes that are both active and inactive. Treat a
discount code like an application launch and come up with
standard test cases that can be used for each code release. Make
sure your test cases both meet and break the rules of the
discount. This is a good time to use your end user test group.
Customers will always try doing things testers and application
developers never thought of doing.

Holiday 2014
Ecommerce Preparation

26

Part Four Planning

Even with the best planning you can still run into problems.
A well placed campaign can generate higher than expected
traffic to your site. For example, last Christmas one of our
clients discounted a single item to $1.00. The result was a
940% increase in traffic to their site in a 10 minute period.
This was well over the 40% increase in traffic they had
predicted.
Make sure you look at your environment and identify the
areas at the greatest risk to have a problem and prioritize
planning around those areas.

Holiday 2014
Ecommerce Preparation

28

Plan for the inevitable

In our experience it is inevitable that something will go awry, but the most
successful teams are those who are prepared. On that note, make sure you develop
an emergency response plan. Develop, document, test and communicate your
plans to all stakeholders.
Creating plans for each of these areas will help you and your team be prepared:
Website overload
Service impacting incident or disaster event
Security or DoS attack
Work with your team and vendors to review possible scenarios and identify ones
which are most likely to occur or will have the biggest impact.
Each of these plans should include:
An internal team contact list that describes who to notify and when
A customer communication strategy
Vendor details like support contacts, escalation contacts, and support
agreements
Steps to execute the plan

Holiday 2014
Ecommerce Preparation

29

Communicate

Communication is key to ensuring

success. Communicate key traffic
days to all stakeholders. Share your
emergency planning with everyone
who needs to be aware, including
marketing, IT, customer service and
appropriate vendors.

Test. Test. Test.

Testing your environment end to end is the best way to be

prepared for the holiday season. Make sure that you plan
your campaigns, assess your campaign needs and capacity
requirements. Then test, test and do more tests and
communicate your plans to your stakeholders.
One of the best tools in your holiday preparation toolkit is a
load test. By simulating a high volume of users you can
identify performance bottlenecks and the levels at which
degradation occurs. This can help you decide whether to
invest in additional resources for your peak shopping season.

Holiday 2014
Ecommerce Preparation

As mentioned
earlier Tenzing
has recently
introduced a fully
managed, cloudbased, multiendpoint load
testing service.
Tenzing Site
Tester simulates
peak load on your
website across a
range of
geographies,
device types and
networks. It
speeds root cause
analysis and
remediation by
pinpointing
performance
issues in real
time.

30

So here you are, some thirty odd pages later. Hopefully you
now have a better idea of how to prepare for Holiday 2014.
Its no small feat, however we cannot stress enough that
careful planning and preparation is the best way to make
sure that your web store stays up and running this holiday
season.

Please dont hesitate to contact us at

ecommerce@tenzing.com with any questions related to the
content of this eBook or any of the products mentioned
here. We are happy to help.

Holiday 2014
Ecommerce Preparation

31

Still not sure if youre

ready for the holidays?
Sign up for Tenzings
FREE Retail Readiness
Performance Test

Holiday 2014
Ecommerce Preparation

32

Founded in 1998, Tenzing delivers more than scalable

infrastructure, fast networks and great managed services.
Tenzing combines deep commerce platform expertise,
advanced managed services, and extensive industry
partnerships to help merchants increase revenues and
deliver remarkable shopping experiences. Retailers choose
Tenzing because we help them increase SEM performance,
reduce shopping cart abandonment rates and ensure
performance during peak shopping seasons. For more
information, visit us at www.tenzing.com.

Holiday 2014
Ecommerce Preparation

33

About the author

Elizabeth Scott, @BethxScott

Tenzing Director of Technical Services
Elizabeth Scott is the Director of Technical Services at Tenzing, a leading managed
services provider for Ecommerce merchants. Elizabeth and her teams manage the
deployment, maintenance and performance of infrastructure for many leading
retailers. Inspired by her experience working with retailers, Elizabeth created
Tenzings Cyber Week and Holiday Season Preparedness Programs to ensure
Tenzing clients are well prepared for the holiday season, much of which drove this
books content. Elizabeth is a Project Manager and ITIL Practitioner with over ten
years experience in IT support and service.

Holiday 2014
Ecommerce Preparation

34

www.tenzing.com 1-877-767-5577 ecommerce@tenzing.com