E-Commerce Monitoring Service | Canary

Month: November 2014

Stress Testing Your Store

Black Friday and Cyber Monday are right around the corner and it’s time to talk about stress testing.

Your site is going to get hammered unlike any other time of the year, and if you’re like most retailers in 2014 you’re hoping to go back into the black from a weaker fall retail season.

So what do you need to do to stay afloat?

There are plenty of services available to you but one I’ve used and particularly found useful was LoadImpact.com.

What are concurrent users?

Stress testing is usually measured by concurrent users, that is to say, how many requests are simultaneously being made to your server at any given moment. Now 100 concurrent requests does not equal 100 customers. Take this blog for instance, you are on the site, but you aren’t making any requests right now. The text from this blog has already loaded and is sitting cached on your machine where you are reading it. You would not be a concurrent user because you made the request a few minutes ago and no you are no longer asking for anything from this server.

How many concurrent users should I test for?

There is no one-size fits all number but there is a good formula to start. We are mainly concerned about your busiest time, right? So let’s think about that time frame, it should be an 8-10 hour window. Estimate how many orders you’ll be getting during that time, you can do this by looking at last year’s and multiplying by how much you’ve grown in the last year. If you don’t have historical data, take your busiest time this year and multiply that by 50%.

The formula for concurrent users is as follows:

(Estimated Orders / hours it spans) * 2 = Concurrent Users to test for

So let’s use some practice numbers:

Let’s say you get 500 orders during your busiest time, which spans 8 hours, your concurrent users are as follows:

(500 / 8) * 2 = 125

You should run a test for 125 or more concurrent users.

Hopefully, this will prepare you for a very fortuitous holiday shopping season!

Also, while you’re doing your load testing, make sure you keep your monitors and alerts up to date on Canary so if anything goes wrong, you’ll be the first one to find out.

POODLE and Your Ecommerce Shop

Padding Oracle On Downgraded Legacy Encryption (“POODLE”) is a vulnerability in SSL v3 which is used by very old browsers such as Internet Explorer that allows someone, such as a nosy IT admin to watch traffic in between computers and the websites they are asking for. If you have an ecommerce shop, that means that someone could potentially see your customer’s credit card information when your customer hits the “Checkout” button in your shopping cart.

It’s one of those security problems that is so bad, that you have to fix it as soon as humanly possible. In fact, Authorize.NET put out a newsletter last week stating they will no longer process payments from any site that hasn’t fix POODLE.

So how do you know if you are affected?
First, try this test: SSL Lab’s POODLE Test.

If there is a red bar that says your domain is vulnerable to POODLE, then keep reading. If you are getting the all clear green bar then don’t worry about it, you’re done!

So if you’re still reading, you’re impacted by POODLE and you need to fix it.

If you are running a windows server, click here.

If you are running a linux server, click here.

For the Microsoft Windows boxes we repaired it took about 10 minutes to make the registry changes plus a server reboot because the change needs to happen in the registry. For the Linux (apache) boxes we repaired it only took about 5 minutes to make the change, and no server reboot was required but it did require an apache restart. So keep this downtime in mind while you bring your servers up to speed.

Start your free Canary trial today and stop worrying about downtime.