[WIP] Update preparation-for-going-live.md #2403
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Restructure.
helen-laktionova
requested review from
andriitserkovnyi and
lenadoc
as code owners
Added some more points and considerations
feversocial
reviewed
Dec 20, 2023
feversocial
previously approved these changes
Dec 20, 2023
Nidhognit
reviewed
Dec 20, 2023
shadman
reviewed
Dec 20, 2023
shadman
previously approved these changes
Dec 21, 2023
bnymn
reviewed
Dec 22, 2023
ishakuta
reviewed
Dec 22, 2023
Co-authored-by: Bünyamin Inan <bnymn@users.noreply.github.com>
…elen-laktionova-patch-3
| - Double-check that you don't have any clear text passwords or API secrets stored in config files or repositories. | ||
| - Make sure to install all the [security updates](https://docs.spryker.com/docs/scos/user/intro-to-spryker/whats-new/security-updates.html) from all Spryker packages. | ||
| - Make sure to install all the security updates from all external packages. [Security checker](https://docs.spryker.com/docs/scos/dev/guidelines/keeping-a-project-upgradable/upgradability-guidelines/spryker-security-checker.html) can be used. | ||
| - *Compliance and Legal Checks* - Consult your legal team to ensure the platform complies with relevant legal and regulatory requirements, especially for international operations. Check [Guidelines for new GDPR rules](https://docs.spryker.com/docs/scos/user/intro-to-spryker/support/guidelines-for-new-gdpr-rules.html) as a starting point. |
There was a problem hiding this comment.
@helen-laktionova is checking with a legal team
helen-laktionova
commented
Jan 5, 2024
helen-laktionova
commented
Jan 5, 2024
helen-laktionova
commented
Jan 5, 2024
AymenSegni
reviewed
Jan 5, 2024
helen-laktionova
commented
Jan 5, 2024
|
|
||
| ## Four weeks before go-live | ||
|
|
||
| Four weeks before your project goes live, ensure you addressed all the items from the following checklists. | ||
|
|
||
| ### Cloud | ||
|
|
||
| - *Make sure you have an APM set up*. Application Performance Monitoring tools help you identify performance bottlenecks in your application. You can request NewRelic APM from Spryker (subject to additional fees). | ||
| - *Make sure you have an APM set up*: | ||
| - Application Performance Monitoring tools help you identify performance bottlenecks in your application. You can request NewRelic APM from Spryker (subject to additional fees). |
There was a problem hiding this comment.
Add a link or a guide on how they can request our APM service and consult their Spryer contact to get a quote
helen-laktionova
commented
Jan 5, 2024
|
|
||
| ### Testing | ||
|
|
||
| - *Conduct load tests*. Conduct load tests for your application. The sample data used for testing should be comparable to the size and complexity of the production data. | ||
| - *Performance testing and environment scale dial-in*. Testing your production environment before officially going live and assessing its performance are critical steps for a successful launch. Because production environments typically employ horizontal auto-scaling, it's essential to conduct stress and performance tests under expected average and peak loads. These tests enable our team to optimize the environment's vertical scaling in advance, ensuring that it can seamlessly handle the expected loads from the get-go, without any potential delays caused by auto-scaling mechanisms. This proactive approach eliminates the need for post-launch adjustments, providing your team with a significant advantage and peace of mind, while delivering a fast and responsive experience to your users right from the first request to the application. | ||
| To make this process work effectively, maintain active communication with us. Inform us about your load and performance test plans and share the results so that we can fine-tune the environment to meet your specific requirements. | ||
| - Import real data on production. | ||
| - TO BE DISCUSSED *Perform security audits to identify and address vulnerabilities.* |
There was a problem hiding this comment.
@helen-laktionova we suggest to replace this with the below that also includes the form for requesting a pentest:
We highly recommend performing a penetration test by an independent third-party provider and address the identified vulnerabilities. Before conducting a penetration test, Spryker should be informed at least two weeks in advance by completing the below form:
https://docs.google.com/forms/d/e/1FAIpQLSfunn1HY-nsqueP6sRQSLmScUWlmmQyQJk9cscIVIP_5BmuOw/viewform?usp=sf_link
| - *Make sure you have an APM set up*. Application Performance Monitoring tools help you identify performance bottlenecks in your application. You can request NewRelic APM from Spryker (subject to additional fees). | ||
| - *Make sure you have an APM set up*: | ||
| - Application Performance Monitoring tools help you identify performance bottlenecks in your application. You can request NewRelic APM from Spryker (subject to additional fees). | ||
| - Establish robust post-launch monitoring plan, with the aim to watch system's performance and configuring alerting mechanisms. |
There was a problem hiding this comment.
@helen-laktionova can we extend this sentence with the below:
We highly recommend logs to be configured to be gathered in a centralised SIEM system, in order to ensure that effective investigation would be possible in case of security incidents.
Added new point about personal accounts usage
…elen-laktionova-patch-3
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Restructure.
PR Description
TBD
Checklist