24x7 ecommerce operations

When a business maintains a presence on the internet it is critical that all elements that form the presence be in service. The malfunction of any one element could make the entire internet structure unavailable to potential customers.

In a 24x7 world, systems and individual network components must be monitored automatically and alerts sent to interested parties when problems are detected.

Using the best equipment and double checking everything helps, but failures and mistakes will still happen. Monitoring and notification are the key to maintaining a good uptime record and avoiding unscheduled downtime.

For ecommerce in particular, there are many elements that need to be monitored. For most ecommerce businesses the following elements are key considerations:

  • domain ownership
  • dns services
  • ssl certificates
  • http services
  • https services
  • privacy policy
  • smtp services
  • pop/imap services
  • authentication services
  • payment gateways
  • partner services
  • spam blacklists
These elements are discussed below.

domain ownership

domain ownership and expiry must be monitored. ownership and control of the domain is required to control dns services for the domain.

dns services

dns services must be available for users to be able to reach all internet services offered at the site. Checking the usability of dns services requires following the chain of resolution from the root servers to the name servers for the domain in a specific manner. If any validation step is skipped it is possible to have dns problems that are not noticed but are causing problems for external users. The base checks for dns zone functions are:

  • delegation
  • soa
  • ns
These are the basic requirements for a dns server to be usable. In addition, there are other dns records that are required for specific services. These are:
  • a
  • cname
  • mx

ssl certificates

While ssl certificates remain usable when invalid, users are often alarmed when browsers warn of problems with the encryption certificate credentials presented by a secure server. The certificate must be monitored for expiry and validity of the certification chain.

privacy policy

A machine readable privacy policy is needed to permit the best possible user experience on your site. Even if a P3P compact privacy policy file has been put in place, the policy file and each required element contained in the policy file must be monitored for continuous availability and compliance.


public access to web sites uses the http protocol. monitoring the availability of http responses ensures that the web server is responding to visitor requests.


public access to secure portions of a web site, such as ecommerce shopping carts depends on ssl encryption of the http response stream. an ssl failure will usually stop sales completely.


smtp is used for outbound and inbound email. failure of smtp services also means failure to email outbound sales confirmations and receipt of email customer inquiries. It may also stop the email forwarding of forms based inquiries, or autoresponder functions.

pop mail / imap mail

pop or imap access to incoming email is required for timely response to customer emails. a hidden failure in these services may mean missing an opportunity to respond to a customer.

authentication services

sites requiring a user to login must ensure that the chosen authentication method is functional at all times.

payment gateways

completing sales depends on the availability of the payment processor gateway. a failure here means a lost sale even if everything else has gone well. the gateway is normally a external system using ssl as a public key encryption scheme. this means that as a single component, it still needs a full chain of checks from dns, certificate validity, and service availability.

partner services

some sites use partner services. examples are product data feeds from amazon or ebay, ad feeds from adsense and shipping cost calculations from fedex or ups. these are external systems, and with the exception of the ssl component, availability must be considered in the same manner as in the specialiesed case of payment gateways.


Many consumer internet service providers use spam blacklists. A business that is interested in reaching consumers by email must always be aware of whether their domains or servers appear on any spammer blacklists. Since the blacklists do not issue notices, the business must monitor the blacklist for new entries affecting their ability to send emails.

copyright 2006, all rights reserved