Magento Commerce Understanding Magentos Cloud Architecture
Magento Commerce provides a fully featured, highly customisation (PaaS) architecture, streamlining deployments and environment in Magento. It is a complete solution for delivering ecommerce sites based on the Magento Commerce 2 application, a high availability server environment, a content delivery network (CDN), plus solutions to analyse and interpret website performance.
Magento Commerce offers two plans with different infrastructures. Magento Commerce Starter is best suited for smaller stores with less complexity and smaller catalogs. Magento Commerce Pro is built for larger stores with more complexity, larger product catalogs and peaky traffic. Magento can determine the appropriate architecture for you via consultation or otherwise, you can talk to us.
Pro Architecture and Environments
The Magento Commerce Pro service includes high-availability production and staging environments along with the associated server capacity. Server capacity on production environments is intended to be effectively unlimited for most customers within fair-use restrictions – as discussed below. The Pro architecture uses three servers deployed across multiple Amazon Web Services (AWS) Availability Zones within a single AWS Region. Services such as the database, Elasticsearch, and file system are deployed so that data is synchronised on the servers across Availability Zones. Since each Availability Zone is designed as a separate failure zone, geographically distributed across a region, this approach provides a robust architecture ensuring high availability.
Each Magento Commerce Pro customer gets a dedicated production environment and a small dedicated staging environment. The staging environment capacity can be temporarily increased for load testing purposes or permanently (for an additional fee). In addition to production and staging environments, Magento Commerce Pro customers receive eight integration environments that can be used for testing during the build and deploy process with production settings.
Starter Architecture and Environments
The Magento Commerce Starter architecture uses containers running on shared server infrastructure for all environments. This architecture offers 99.90% service availability vs. the 99.99% offered with Pro. The Magento Commerce Starter plan is suitable for smaller stores that hold small product catalogs and have minimal complexity. Magento Commerce Starter also does not provide infrastructure logs or application logs, and cannot be implemented in a two-tier (split web and database tiers) architecture.
Magento Commerce Starter customers receive three integration environments. These integration environments run on shared server resources with customers isolated using containers. This container-based shared infrastructure is also used for the Magento Commerce Starter production and staging instances.
All Magento Commerce customer can make use of a shared-SNI-SSL certificate. Magento provides Domain-Validated SSL certificates issued by GlobalSign. The certificate is shared with other Magento Commerce cloud customers. Use of the shared SSL certificate is included in the base fees. If customers want to bring their own SSL certificate (for example to use an Extended Validation Certification), there is an additional fee to deploy the SSL Certificate to all of the servers in the Content Delivery Network (CDN). The fee Magento charges is a pass thru of the fee Fastly charges.
Magento Commerce Pro customers can select which AWS Region to host their production and staging instances from any AWS Region except for the Mainland China Regions and the US GovCloud Region. Magento Commerce Starter customers can select from a fixed set of locations including Dublin, Ireland; Sydney, Australia; and Oregon, United States.
The Magento Commerce deployment approach is based around the Git source control system. Each server environment is associated with a branch in a Git repository. The associated branch can be changed as needed. The repository in the Magento environment can be synchronised with a remote Git repository, Github or Bitbucket.
Presales Support for Partners
Magento Presales resources are available to help with Magento Commerce opportunities. These resources include Solution Consultants to help with core functionality, solution architects to help with technical presales questions as well as resources to help with technical enablement for partners.
To facilitate local development and testing, Magento Commerce enables developers to download docker containers that match environment configurations to local computers. Using Docker Compose commands for defining and running each service of the application stack in multiple containers, the Docker implementation streamlines local development setup while ensuring that local development and testing will match results in the Magento Commerce environments.
Magento Commerce continually enhances its cloud architecture. Initiatives include ongoing improvements to self-service environment configuration, continued investment in security tools and monitoring, the ability to implement a decoupled architecture between the web and database tiers to scale them independently, and partitioning the database by business domains (checkouts, orders, etc.). With these capabilities, Magento Commerce will be able to address a broader range of use cases. While Magento Commerce currently uses Amazon Web Services to provide underlying cloud infrastructure, it is also working toward support for Microsoft Azure.
Fastly Provides Merchants with a Varnish-based, Global Content
Delivery Network (CDN). This allows the native Magento Page Cache to be cached and managed on the CDN, providing a distributed cloud Varnish service. Varnish is a core component necessary to ensuring high performance on Magento Commerce and Fastly allows Magento to deliver that capability natively. Fastly has a global network of points of presence (POPs) that allows for content to be cached close to users. Fastly enables content to be purged across the CDN network in approximately 150ms based on merchandising changes in the Magento application. Using Fastly for the Page Cache improves the customer experience by improving page load times while reducing load at the origin.
As mentioned above, there are fair-use limits on the server usage and CDN capacity. Given the range of use cases Magento can support and the flexibility provided to create unique ecommerce experiences, these fair-use restrictions are required. Magento is very transparent about these limits and expresses them as vCPU Day limits with included CDN capacity details. Customers with traditional ecommerce sites should not encounter these restrictions—only 1% of Magento Commerce customers require capacity beyond what is included within the fair-use restrictions.
Global Content Delivery Network (CDN)
Fastly provides merchants with a Varnish-based, global Content Delivery Network (CDN). This allows the native Magento Page Cache to be cached and managed on the CDN, providing a distributed cloud Varnish service. Varnish is a core component necessary to ensuring high performance on Magento Commerce and Fastly allows Magento to deliver that capability natively.
Using Fastly for the Page Cache improves the customer experience by improving page load times while reducing load at origin. All customers must use the Fastly CDN as part of their system unless they are only using secure private connections to the environment – e.g. using Headless deployment or only PrivateLink connections. There is a Magento extension used to integrate with Fastly and configure the CDN behaviour. The CDN can be further tailored using Varnish Configuration Language (VCL) snippets. Other systems such as content management systems can also be configured alongside Fastly (Note: these systems cannot be hosted in the Magento Commerce environments).
Continuous Integration Continuous Delivery (CICD) Tooling
Magento Commerce comes with tools to easily develop and deploy projects in the cloud. These tools, known as ece-tools, enable agile and rapid development and testing, encourage deployment best practices, and streamline the build and deploy process for all environments. Ece-tools allow developers to interact with the code deploy and environments. All functionality can be accessed using a Command Line Interface (CLI) tool while a subset of functionality is also displayed via a graphical user interface. These improvements allow developers to complete common environment configuration and management tasks without submitting a Magento Support ticket.
Recent self-service configurations include:
- Cron tasks
- Enablement/disablement of PHP extensions
A key differentiator between Magento Commerce and on-premise deployments of Magento is that Magento Commerce enforces best practices across the build and deploy processes. For example, the application must correctly complete the dependency injection (DI) compilation process and run cleanly in production mode before being deployed. Ece-tools allow developers to improve the speed, flexibility and reliability of deployments. It is best practice to stay current on ece-tool versions. Some examples of ece-tools functionality are: enabling project configuration to achieve zero-downtime deployment, improved management of cron tasks plus deep validation checks.
Ece-tools are released on a regular basis (eight releases over last year) and can be upgraded independently from the Magento Commerce application. The project has been open-sourced and as a result, is open to contributors. During the onboarding process, Magento Commerce Pro customers will have full access to a Magento Commerce Technical Account Manager (TAM). In addition to their regular duties, your TAM will help make sure your team understands how to use Ece-tools, including all the best practices Magento Commerce requires. Magento has TAMs based in Los Angeles, San Jose, Austin, Dublin, and Barcelona with plans to add resources in APAC. Magento Commerce Starter customers will have access to 3 hours of technical onboarding.
In addition to the core elements of the eCommerce application, the Server, and the CDN, Magento provides solutions to help customers operating within eCommerce. To further investigate application and infrastructure issues, logs are streamed to a Sumo Logic instance. Currently, Sumo Logic logs are only available internally. Exposing Sumo Logic to customers and partners is planned in the Magento Commerce Roadmap. Customers can better understand the business performance of their digital commerce operations with Magento Business Intelligence (MBI), included with Magento Commerce. MBI is a complete SaaS-based business intelligence solution that includes a data warehouse, incremental data extraction process, and visualisation tools to create KPIs, reports and dashboards from multiple sources including Magento Commerce, Google Analytics and other systems.
Securing Connections to Magento Commerce
By default, connections between a merchant’s systems and cloud environments can be secured using web service calls over HTTPS, like rsync and SSH Tunnels. AWS Availability Zone is a separate data centre, designed as an independent failure zone. This allows for replication of data and a high availability deployment architecture. All data, code, and assets are secure file transfer enabled. Those who want to use other means of securing communications can do so using Amazon PrivateLink for a fee. PrivateLink is an AWS service that introduces specific services to other AWS Virtual Private Clouds (VPCs) in the same AWS Region. Customers can then connect their Magento Commerce environment(s) to a VPC they own, which in turn can be connected to other cloud services or their corporate network using a VPN connection, AWS Direct Connect, or any other approach the customer desires.
Privacy and Compliance
Privacy and Compliance are major areas of focus for Magento. By leveraging Adobe’s robust security tools and processes we remain security-first in providing a more secure Magento. The platform has completed a SOC2 audit covering our security practices and is similar to ISO 27001 certification (Magento is placing ISO 27001 certification under consideration for the future).
In regards to the General Data Protection Regulation (GDPR), Magento’s Data Protection Agreement and list of sub-processors is published online. Magento acts as a Data Processor with Magento Commerce and has the EU Model Clauses in place with all our Magento Commerce sub-processors. If requested, Magento Support will help address GDPR-related requests around private data on behalf of customers. Adobe’s team of security researchers can help you identify architectural improvements and by migrating the bug bounty program to Adobe’s Hacker One Magento reaches more contributors to improve the preventative security of the platform.
Security is both shared responsibility and a multi-faceted concern. Magento Commerce has multiple layers of security and security controls in place including deploying code into a read-only file system image and an intrusion detection system (IDS) monitored by Adobe. These include features of AWS, Fastly, the Magento Commerce application, and the Magento Commerce environment. These features mare beyond the scope of this document but can be shared upon request including support for presales and compliance questions. A high-level overview of the security features can be found in the Magento Trust Center.
On-premise customers receive patches during the quarterly minor release of the core software. As a benefit of the cloud, ece-tools backports core patches into a regular release cycle. Thus, for critical (security-related) patches cloud customers can get patches as they become available throughout the quarter, often sooner than on-premise customers. Also, the origin-side WAF is offered by a proxy installed in front of each web server for Pro customers. The proxy server directs inbound traffic to web (origin) server using route table rules. These rules can be customised by Magento based on monitoring incoming traffic. Thus, the proxy server also acts as an origin-side firewall. Used in conjunction with the existing Fastly WAF solution, there is an additional layer of protection in Cloud.
Training and Certifications
Magento has a variety of educational resources. These include on-demand and instructor-led Magento University (Magento U) courses for both Magento Commerce customisations and deployment tools. Trained developers can also be certified in both customisation and the deployment approaches. Suggested courses and certifications for the Magento Commerce cloud offering, which will help you win more customers and implement cloud projects faster and more reliably, are: Magento Commerce Cloud For Developers Magento Commerce Cloud for Developers (On-Demand) Magento Certified Professional Cloud Developer.
Looking for resources, or ways to engage? One of the best ways to do so is to join #cloud on the Magento Community Engineering Slack channel. Here you can learn all about the Magento Commerce cloud platform through Magento U courses and by attending Magento events. Also keep an eye out on the Magento blog and our social media accounts for announcements and updates. We hope this article has given you a head start in getting to grips with Magento’s cloud architecture!
Ready to Make the Switch? See our Magento 2 Migration Page for Help and Advice
Have a Question or Want to Check out our Credentials? See our full list of services here