How to bulletproof your website

Computerworld - 'Tis the season to begin ramping up online shopping activity, and for retailers that means doing all they can to ensure their websites are up, highly available and able to handle peak capacity. Looming in many IT managers' minds is the cautionary tale of Target, whose website crashed twice this fall after it was inundated by an unprecedented number of online shoppers when the retailer began selling clothing and accessories from high-end Italian fashion company Missoni.

"We are working around the clock to ensure that our site is operating efficiently and delivering an exceptional guest experience that's reflective of Target's brand,'' said a Target spokesperson in an email, but declined to give specifics on the measures the company has taken.

One company's hardship is often another company's gain, and those that face well-publicized failures tend to become de facto role models, retail industry watchers say. Take what happened to Best Buy in 2005: Its website experienced what some have called a catastrophic holiday failure and customers were unable to make online purchases. That same year, competitor Circuit City saw a huge spike in traffic, says Dave Karow, senior product manager of Web performance and testing at Keynote, a firm that monitors and tests mobile and Internet performance.

"There's nothing like falling flat on your face to give you the conviction to do right thing going forward. That was an extremely effective wakeup call for Best Buy,'' he says, adding that the retailer now conducts several load tests throughout the year.

Web retailers should be shooting for 99.5% availability, otherwise "they're not cutting it," Karow maintains. "Ninety-nine percent is not acceptable because if you achieve that, you're still one percent unavailable." That has a significant impact since it means more than one percent of potential transactions didn't occur -- and likely won't going forward, he says.

This holiday season, more than ever, Web retailers need to be prepared for the onslaught, since a growing number of consumers will be using mobile devices to shop. A report recently released by mobile ad network InMobi claims an estimated 60 million mobile users are planning to use their devices to shop during the Black Friday/Cyber Monday holiday weekend, with over 21 million intending to make purchases from those devices.

Prepare, test and review

Online shoe retailer Zappos conducts load testing early in the fall to ensure its site stays up and highly available during the holiday season, says Kris Ongbongan, senior manager, technical operations and systems engineering. Every year they follow the same procedure, he says: estimate load.

"We have our finance and planning departments give us sales predictions and we take a multiple of that to see what traffic we can absorb and test to that," typically beginning in September, Ongbongan says. That gives them enough time to make changes and add any necessary infrastructure.

Retailers should go through their transaction volume testing and validation in the September/October timeframe and then code lock their systems until about January 15th, suggests Michael Ebert, a partner in IT Advisory Services at KPMG. During that period, "retailers typically freeze their systems ... and don't do updates unless absolutely necessary to avoid performance issues,'' he says.

Another practice the very large Internet retailers tend to employ is having distributed networks in order to route traffic to make sure transactions are balanced around the U.S., Ebert says. That way, if one site gets too busy the customer will automatically be routed to another. "So make sure you have multiple points of your Internet presence around the U.S." A data center "may be slow to respond, but at least I'm up and running,'' he adds. "There's always a percentage of business you never regain if someone leaves the site."