fbpx
GENE
Adobe Commerce

Digital Housekeeping: How to Keep your Adobe Commerce Store Healthy

Posted on 15th November, 2022

Digital Housekeeping for your Adobe Commerce site is arguably the most fundamental “project” for a growing ecommerce business.

To do this, you will have shared responsibilities with Adobe, which we will discuss in this article, as well as best practice examples to keep your site healthy. 

Please note: most of this blog post applies specifically to Adobe Commerce Cloud hosting. However, most of it will also apply to “On-Prem” Adobe Commerce Hosting via 3rd party providers. Having said that, their level of support may differ from the Shared Responsibility Model that Adobe uses

Your Shared Responsibility Model with Adobe 

Adobe Commerce Cloud hosting is marketed as a PaaS (Platform-as-a-Service) solution to run your Adobe Commerce store. 


The platform health is managed by Adobe, but the application (code) running on it is your responsibility (or your Adobe Commerce Agency’s).

Adobe describes this in its Shared Responsibility Model1 and gives the following examples of tasks and who is responsible for them:

Technical TasksResponsible Party
Follow recommended development workflowsYou and your Partner (agency/developers)
Custom code and 3rd party themes/extension supportYou and your Partner (agency/developers)
Apply Magento software/security patches when availableYou and your Partner (agency/developers)
Ensure launch readiness and manage site launchYou and your Partner (agency/developers)
All application deploymentsYou and your Partner (agency/developers)
Core application and infrastructure supportAdobe
Patch supporting services (e.g. Nginx, Redis, MySQL, etc)Adobe
Proactive infrastructure monitoring and scalingAdobe

Adobe also provides lots of useful tools (ece-tools, NewRelic, SWAT, Observation Tool, etc) to help you with deployments, patches and keeping your store healthy.

How to keep your Adobe Commerce Cloud store healthy


As part of our support offering, our EcomOps team keeps a close eye on all our clients’ stores.  We use the following tools and techniques to keep our Adobe Commerce stores fit and healthy. We think they’re important enough to share with you.

Keep your disk space and database usage below 70% 

It’s a bad idea to let disk space fill up on servers, even when using cloud services. Adobe Support will be alerted when used space goes above 90% and will expand your disk space to prevent outages if it gets close to 100% usage. You’ll be charged for this increase in your monthly hosting costs and you can’t shrink the disk space down again after you’ve deleted and tidied up files, so regularly check your disk space is healthy and that you’re not using more than you need to.

You can do this for free by sshing into the individual server nodes and running df -h

Don’t worry about /dev/loop0 being 100% usage. This is intentional (it’s the read only copy of your Adobe Commerce store). Focus on the /data mounts and /mnt/shared disks.

Or use NewRelic (also free and included as part of Adobe Commerce Cloud) which automatically opens alerts (warning violations) when disk space goes over 70% usage:

As you can see, this client has just hit 71% usage for the MySQL database and 70% usage of shared storage. This doesn’t mean we need to panic and start deleting files and optimising databases, or enlarging disks and paying for additional cloud storage. There is still some free space (20Gb for the database and 48Gb for shared files). 

But it does mean it’s time to do a bit of “Spring Cleaning”. Ask yourself, do you really need to keep those hundreds of exported CSVs in var/export? Could some database tables be tidied up a bit? And don’t forget to keep an eye on disk usage to make sure it doesn’t increase further!

Install Adobe Commerce updates

Approx every quarter Adobe releases new versions of Adobe Commerce. Usually, a feature version (e.g. 2.4.5) and a patch version (e.g. 2.4.4-p1) only include security fixes since the last release. 

Jumping to a new version, even a minor 2.4.4 to 2.4.5 upgrade, can break 3rd party modules and customisations. Sometimes it’s not worth rushing to update as soon as these larger feature updates are released, as it just causes more problems. However, installing a -p1 or -p2 patch to your existing version is much less likely to break things. This ensures your store is as secure as possible. 

Occasionally hotfix security patches are released outside of a scheduled quarterly patch release. These are usually for critical vulnerabilities and can be applied individually by following the guidance in the Adobe Security Bulletins

As well as updating the core Adobe Commerce code, it’s essential to keep ece-tools and its associated modules up to date. These are critical for the smooth integration of Adobe Commerce code with the PaaS framework that Adobe is responsible for maintaining, and sometimes these updates include critical security patches and changes.

If you prefer to follow the releases on their respective GitHub pages

Install 3rd Party Module updates

All those nice 3rd party extensions you’ve paid for (Amasty, Magefan, etc). Yes, they also need to be regularly checked for updates as well! There’s no point in upgrading your core Adobe Commerce code and leaving 3rd party modules out of date and vulnerable to attack!

Check for malware and/or vulnerabilities using a security scanning tool

Use the free Adobe Security Scanner or something a bit more advanced (and paid for) like Sansec eComscan. It costs a bit more, but what is the cost of your site (and your customers) security if you were hacked?!

These sorts of tools will find vulnerabilities (code or config related) and suggest what needs to be changed or which fixes need to be applied to secure your Adobe Commerce store

This is an example of some of the types of checks Sansec eComscan did on one of our clients. It detected a missing hotfix for a recent Adobe Commerce vulnerability, and an outdated copy of the Adyen_Payment module. However, it found no active malware or vulnerabilities in the database or active server processes. 

Check the health of your Adobe Commerce Store with SWAT (Site-Wide-Analysis-Tool) and implement the recommendations

This is another free tool included with Adobe Commerce Cloud PaaS. It’s also available for On-Prem Adobe Commerce but needs manually installing and configuring.

You get a nice dashboard listing the health % and an overview of the health and potential issues of your site. You can trigger an Upgrade Compatibility Scan (useful for highlighting potential issues with your planned upgrade to the next Adobe Commerce version), see highlights of issues, and multiple tabs of data to dig deeper into.

I’m not going to duplicate Adobe’s documentation of what SWAT can do and how to use it but I do want to highlight probably the most useful tab, recommendations!

Each issue listed has details of how it was detected, and how to best resolve it, and a priority of how serious it is. This part of SWAT can be exported as a PDF with the Download Recommendations Report button, so even if you don’t understand all the technical details of the issues yourself, you can pass it on to someone else (your agency?) who can understand and fix them.

To be clear, Adobe Support will not automatically solve most of these issues as part of the Shared Responsibility Model. They keep the platform running smoothly, and these issues need to be fixed by you (or your agency/developers) by following the recommendations.

Use NewRelic and the Observation Tool for Adobe Commerce 

I’ve already mentioned it earlier, use NewRelic! It’s included free with Adobe Commerce Cloud, so make sure you’ve got it properly configured and have access to all its data and reporting. It’s used by Adobe support, so you might as well use it too. You can even add yourself to the pre-configured alert levels, so if something triggers a Violation, you’ll be notified when Adobe Support does, and you can do something about it.

Recently Adobe added the Observation Tool for Adobe Commerce which is an App within New Relic. It pulls in lots of useful statistics and data into a single dashboard, highlighting any anomalies and issues. 

As you can see, there are plenty of free tools available from Adobe to help you keep your site healthy. Now it’s up to you (or your agency/developers) to use them to keep your Adobe Commerce site fit and healthy.
Oh, and remember to always test your deployments on staging and don’t deploy on a Friday!

Footnotes

  1. Excerpt from: https://www.adobe.com/content/dam/cc/en/trust-center/ungated/whitepapers/experience-cloud/adobe-commerce-shared-responsibility-guide.pdf

    Adobe® Commerce is a PaaS platform that relies on a shared responsibility security model in which Adobe, the customer, as well as the cloud service provider each bear distinct responsibilities for maintaining the security of the Adobe® Commerce application and customer-specific code and extensions. 

This shared responsibility approach enables customers to design and implement a highly flexible, customizable, and scalable solution that best suits their business requirements while minimizing operational responsibilities and costs. 

In general, Adobe is responsible for developing and maintaining secure core code, maintaining the security of the platform, ensuring the platform’s SOC2 and PCI compliance of the PaaS environment and the platform’s compatibility with PCI-compliant technology components (e.g., PHP, Redis), and responding to security issues concerning the core application or PaaS. 

The customer, in turn, is responsible for maintaining a secure customized application (including the integration of any third-party applications to the customer’s website), ensuring secure application development, obtaining PCI certification if requested by the customer’s payment processor, and reacting and responding to security incidents

  • Other blog topics