Archive

Posts Tagged ‘penetration test’

10 Steps to a Successful Enterprise Website Launch

November 22nd, 2010


Photo Credit : miss604.com

If you have been working hard to build a website or the Internet next-big-thing, make sure you’re launching it well.
The launch is also an important part, or you’ll risk losing all the hard work you have been doing all this while altogether.

This list might not be exhaustive nor definitive, but missing any of it might just sabotage your very best investment:

1) Preparation and planning

With a written plan, you can get back on course when you go astray. Without a plan, you don’t even have a reliable way to determine whether you are off course. – Paul Merriman

You have a project plan, and development plan. Launching plan and a backup plan is also important to make sure you are showing your site to the world without any glitches, even if there’s any, none should be too serious to recover from, in the quickest time possible.
What about capacity planning?

2) Load test / Stress Test as capacity planning
Have you check that you have completed a load testing or stress test of your website/application?
There are many software tools to help with it, although you can get a group of people to log on to your site concurrently. Of course, that’ll depend on the size of your users and anticipated traffic as well.
If your website is an enterprise site, getting a group of people will be another challenge in itself, so using tools is the best bet.
Load testing and stress testing is non-functional testing, ensure you have performed a thorough functional testing as well, that include multiple browsers, or multiple operating systems / computers test.

3) Traffic anticipation
If you have done a load testing or stress testing, what is the result? What is the number of users you are anticipating in the test?
20 concurrent users? 200? 2000? Or 1 million? (Yes, it’s not easy to build sites like MySpace/Twitter/Facebook/Google)
How well do you know your market?
Getting a close-to-accurate number of concurrent users will most definitely save you from getting ‘your website is down’ problem, when you are getting a surge in web traffic.

4) Soft launch/beta test
A good way to pre·empt a high concurrent traffic, besides knowing the max number of users you can cater to after your stress test, is to have a soft launch or a beta test.
You can invite/select a group of advance users who would be able to test all the functionalities of your website as well.
That way, you can sort out whatever issues that users might encounter and then get ready for the actual public launch on a later date.
This reminded me of some Google products or even Twitter new features.
There will be staggering release to selected/invited group of users, so that functionalities are deployed to 5, then 10, then 15 users… you get the drill?
Imagine getting all Twitter users to one website? It’ll get crashed in no time.
Or, the worst you could do is to make a count down timer, and get everyone excited about it to log on CONCURRENTLY. Live Stress Testing. 🙂
Unless you’ve have been doing a wonderful stress testing and confident with any number of concurrent connections, then that’s fiine.
If you’re not, then that’s similar to a SUICIDE.

5) Trim down launch site or employ CDN
Usually during a launch, most likely not all functions will be available. Only focus on important features.
With that in mind, a lot of resources can be trimmed down to cater to the surge in web traffic during the first few days.
If your website is a portal or content intensive, having a CDN (Content Delivery Network) service for your website will be very beneficial.
A CDN can off-load a lot of connections and load from your servers. Of course, that will come with a price.
If you’re using some website builder tools, it is also likely that such products are highly customizable and where plugins or scripts that are not used, it is best to turn them off or get them removed altogether.

6) Security/ penetration test
To catch a thief, you need to get into the mind of a thief (and I would disagree that you try to be a thief) 🙂
Call them hackers or information security experts, these group of people are very expert in finding holes in computer systems.
Perform a security evaluation and also get advice on the risks you might face and how to get around them.
Sometimes there are things you cannot prevent, but you can reduce the risks or loss to the minimum.

7) Vendor SLA
Be it your hosting provider, your programmer who did your website, or any service provided, they are your vendors.
Any vendor you pay to do their job should have a SLA (Service Level Agreement).
Make sure that they attend to any issues that might be encountered during the first few days of launch with immediate response, as top priority.
If your website is inaccessible, that is of highest severity.
An example (the required response time may vary) :

Severity Priority Level Definition Estimated Initial Response Time
1 ASAP System is down or effectively unusable as a result of the problem. Problem causes mission-critical impact on the Customer’s operation with no acceptable workaround or functionality used to perform tasks considered to be essential to Customer operations, project completion or normal productivity of end-user. Within 1 hour
2 High System is up and running, but the problem causes significant impact and has no acceptable workaround. High impact problem where operation is proceeding, but in a significantly impaired fashion or functionality used to perform tasks considered to be important but not primary to immediate business operations. Within 2 hours
3 Medium System is up and running and the problem causes only limited or insignificant impact. Important to long-term productivity, but is not causing an immediate work stoppage. Within 4 hours
4 Low Problem does not have significant impact to the Customer or functionality that is not important and infrequently used. Within 4 hours

8 ) Hardware
One failure that you will not be able to predict is hardware failure. Depending how mission critical or how complicated your architecture is, replacing hardware could be either easy or complicated.
If your website is a mission-critical application, and hardware are difficult to procure, or probably need to be imported/flown from elsewhere, you better had a backup plan ready before trying to launch it.

9) Backup, no single point of failure
A backup plan is important so that you can proceed with launching your website with whatever issues that could be predicted or not.
You can either have a backup copy of your website, or an entire backup site (physical site with a smaller architecture), so that you can redirect all web-traffic to the backup version, while you are trying to figure out what went wrong.
Have a copy of everything for redundancy so that there is no single point of failure that will jeopardize your launch.

10) Transparency
Regardless of you having a great time with your launch or having major issues with it, transparency to your users are important, especially the latter.
However, make sure you get the correct facts of the problem, and provide accurate and relevant information to your users.
Keeping the users in the dark will not only project a bad image of your business/website, it will also show how bad you are in handling a situation.

It is not an easy task to launch an Enterprise website, and it requires a lot of planning, coordination, monitoring and cooperation from many teams.
Learn to appreciate even it is is a difficult situation, because that is when you will be able to learn how to overcome it.
Accept the fact that you will get complaints or negative comments from issues but rarely praises for doing a good job.

Most of all, you are required to plan for failure and ways to overcome it.
Failing to plan is just the same as planning to fail.

Appreciate the fail whale, even the world’s few websites with the highest number of users will have downtime.
The important thing is only how well you handled it, and how you recover from it.

Software, Technology , , , , , ,