SlideShare a Scribd company logo

Performance & Security Optimization for Your Magento Store

Download as PPTX, PDF
N
Nexcess.net LLC

Your site's security and performance directly correlates to order volume. A tuned and secure Magento install can instantly mean more sales and the converse is also true. This session is meant to give you an overview of the importance of security and performance for your e-commerce site as well as provide steps to make Magento perform as your business grows.

Internet
1 of 40
The Importance of Performance & Security and Simple Steps to Achieve Them CHRIS WELLS – CEO – NEXCESS.NET LLC
WEST SOUTH NORTH MID-WEST??? NORTH-EAST NORTH? NORTH-CENTRAL? MIDDLE? Detroit, MI USA
Quick Facts About Michigan • Michigan has the longest fresh water shoreline in the U.S. (world?) at 3,126 miles. • Four flags have flown over Michigan: French, English, Spanish and U.S. • Michigan is split into an “upper” and “lower” peninsula • The upper is dubbed the “U.P.” • Detroit, MI is called The “Motor City” in the U.S. • 1st mile of concrete road laid in 1909 • Detroit is the potato chip (crisp) capital of the world
Notes About This Talk • Lessons learned from MagentoLive Australia 2013 • If masses walk out during the talk I have either: A. Miscalculated the technical level acceptable for the audience. B. Miscalculated my own ability to be interesting for 40 minutes. • Lessons learned from MagentoLive UK 2013
Why Care About Performance and Security?
They Both Affect Your Bottom Line DIRECTLY!
Anecdotal Notes on Performance • Just think about it... • slow….means….frustrating…. • Metrics aside - you know slow when you see it! • There’s rarely an upside to a site loading slow • Unless it’s your competitors  • Mobile adds a new variable (3G is essentially dial-up) • An un-optimized Magento Enterprise is slow out-of-the-box • ~3 second load times are typical before adding extensions
Performance Wins (Part 1) • Firefox Browser • Slow page loaders downloaded less often • 1 second of increased performance increased downloads by 2.7% • Shopzilla.com • Had page load times of ~7 seconds • 5 second decrease in page load time (7s  2s) • 25% increase in page views • 7 – 12% increase in revenue • 50% decrease in physical hardware (and hardware costs)
Performance Wins (Part 2) • Google • Tested a longer page 1 (30 entries instead of 10) and found a 25% drop-off in clicks • The addition of a shopping cart icon: • Added 2% delay in loading • Resulted in 2% less searches/user • Wal-Mart noted: • Every 1 second improvement equated to 2% increased CVR • Every 100 milliseconds improvement equated to 1% in incremental revenue
Where to Start? • Start simple – how does the site feel? • Gather metrics • Web Page Test (http://www.webpagetest.org/) • Google Analytics • Yahoo’s Yslow (browser plug-in) • New Relic & other paid tools • Tackle one issue at a time, test, repeat • Big gains are possible with targeted optimization • Remember Pareto’s Principal (the 80/20 rule) -- “80% of the effects come from 20% of the causes”
Performance Step #1 – Tune the Environment
Tune the Environment • Hardware and software choices matter! • Choose a hosting provider that fits within your workflow and requirements. • Ensure that your hosting provider: • Configures the PHP interpreter correctly (this runs Magento) • Uses PHP 5.4 if at all possible (patch may be required) • Configures the database server correctly (typically MySQL) • Uses Percona Server instead of MySQL • Implements the Magento best practices (at a minimum)
Effect of Database Software Choice Percona Server hits ~1800 transactions/sec Standard MySQL tops out at ~1200 transactions/sec
Effect of PHP Software Choice #1 0 100 200 300 400 500 600 700 800 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 20 25 30 35 40 45 50 55 60 Siegetransacons/second Dura on (in minutes) PHP 5.3.24 PHP 5.4.28 ~615 t/sec (~12% increase!!)
Effect of PHP Software Choice #2 0 100 200 300 400 500 600 700 800 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 20 25 30 35 40 45 50 55 60 Siegetransacons/second Dura on (in minutes) PHP 5.3.24 PHP 5.4.14 PHP 5.4.28 Even upgrading from 5.4.14 shows gains of ~4%
Effect of PHP Software Choice #3 0 100 200 300 400 500 600 700 800 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 20 25 30 35 40 45 50 55 60 Siegetransacons/second Dura on (in minutes) PHP 5.4.28 PHP 5.5.12 ~781 t/sec ~25% better than 5.4 ~41% better than 5.3 WOW 
Performance Step #2 – Tune Magento
Notes on Magento • Magento is very CPU heavy • The bulk of this heaviness is within PHP code • MySQL CPU usage is typically bound by PHP’s CPU usage (speaking in single server terms) • Magento is not very I/O heavy • I know, I know this sounds like heresy – I’ll explain • I/O is bound by PHP’s CPU usage • PHP is often the bottleneck!
Tune Magento • Make full use of Magento’s built-in features! • The two-level memory-based cache • Session memory-based caching • The Magento memory-based full page cache (FPC) • HUGE performance gains instantly • 1.13+ has smarter cache invalidation than prior versions • 1.14+ supports PHP 5.4 out of the box • Use available domain-based optimizations (SOLR, etc)
Performance Step #3 – Tune The Edge
Tune the Edge • Host where your customers are • Put your site on the same continent as your audience (or closer) • Use a global content delivery network (CDN) • 75% of all e-commerce sites do not use a CDN • Turn on compression for JavaScript, CSS, HTML, images, etc • 22% of all e-commerce sites do not use compression • Turn on HTTP Keep-alives (keeps per-client connections open) • 13% of all e-commerce sites do not use the keep-alive setting • Beware of too many (or just plain bad) external resources (JavaScript, CSS, images, ads and other external assets)
Performance Step #4 – Extensions…
Extension Choices Matter • Make use of good 3rd party extensions • You have to define “good” • Beware of bad 3rd party extensions • May induce slowness (complex or non-optimal queries) • May include slow off-server content • Test all extensions for performance before using in production! • Don’t assume that 3rd party developers have tested for performance • Strike a usability balance between performance and features
Bringing It All Together
We’re at about 3 seconds to start Not a great start… Ignore these for now. Remember - one thing at a time! TTFB is ~¾ of a second TTFB (Time to First Byte) BUT… Repeat views are not bad!
The Power of the Full Page Cache And we’ve gained a full ½ second (was 2.8) From “F” to “B” with a single config change Repeat pages are served at just over ½ a second! (was ~1) TTFB is only .36 seconds! (was .75)
Edge Tuning Image compression is best done by your design team CDN configured We’ve gained another full second (was 2.4) The second was largely gained here (was 1.6) TTFB largely unaffected (as expected) Simple server-side changes make these perform Overall – Very good!
Turpentine/Varnish Caching & Response Time FPC yields ~.5 second page load times (under optimal conditions) Turpentine can cut this down quite a bit!
Adding Nexcess/Turpentine Down to almost 1 second! From “B” to “A” with a single free extension Even with all optimizations ON there is still variance Our lowest TTFB yet! (was .38)
On to Security!
Security Reality Check • Security is costly • Maintaining a high level of security takes effort • Breaches cause a loss of customer goodwill • Breaches absorb time/energy that could be spent more profitably • Security is hard • It’s like dieting… • Security is multi-faceted • Many key players with diverse responsibilities • Security never ends • There are no diet breaks 
Security Step #1 – Secure the Environment
Security Step #2 – Secure Magento
Basic Magento Security • Keep Magento up to date • I know I know – easier said than done … but do it • Maintain unique user accounts per user • This is also a PCI requirement! • Use a unique admin URL • Require SSL (network encryption) • Restrict admin access to known allowed IP addresses • Extensions add new variables – don’t ignore them!
Security Step #3 – Secure Your Workflow
Basic Security • Password security • Passwords do not necessarily need to be complex • PillowCarpetTelevision  22 characters! • Don’t reuse passwords on other sites • Use LastPass (or something like it) • Use a secure means to publish content • Avoid FTP! • Ensure backups exist (and are recent) • Trust but verify your hosting arrangements
Performance and Security are NOT spectator sports!
Thank You!! P.S. I had a bag of chips for each audience member but I ate them all because I’m from Detroit . Sorry… But not really… Sorry that is.
References • http://www.nexcess.net/magento-best-practices-whitepaper • http://blog.kissmetrics.com/loading-time/ • http://blog.mozilla.org/metrics/category/website-optimization/ • http://www.webperformancetoday.com/2012/02/28/4-awesome- slides-showing-how-page-speed-correlates-to-business-metrics-at- walmart-com/ • http://programming.oreilly.com/2009/07/velocity-making-your-site- fast.html

Recommended

MagentoLive Australia 2014 - The Importance of Performance & Security and Sim...
MagentoLive Australia 2014 - The Importance of Performance & Security and Sim...MagentoLive Australia 2014 - The Importance of Performance & Security and Sim...
MagentoLive Australia 2014 - The Importance of Performance & Security and Sim...Nexcess.net LLC
 
Continuous Deployment
Continuous DeploymentContinuous Deployment
Continuous DeploymentTimothy Fitz
 
The Hard Problems of Continuous Deployment
The Hard Problems of Continuous DeploymentThe Hard Problems of Continuous Deployment
The Hard Problems of Continuous DeploymentTimothy Fitz
 
Continuous Deployment
Continuous DeploymentContinuous Deployment
Continuous DeploymentTimothy Fitz
 
The Continuous delivery value - Funaro
The Continuous delivery value - FunaroThe Continuous delivery value - Funaro
The Continuous delivery value - FunaroCodemotion
 
Continuous Deployment: Beyond Continuous Delivery
Continuous Deployment: Beyond Continuous DeliveryContinuous Deployment: Beyond Continuous Delivery
Continuous Deployment: Beyond Continuous DeliveryTimothy Fitz
 
Managing sysadmins
Managing sysadminsManaging sysadmins
Managing sysadminsMarian Marinov
 
The Continuous delivery Value @ codemotion 2014
The Continuous delivery Value @ codemotion 2014The Continuous delivery Value @ codemotion 2014
The Continuous delivery Value @ codemotion 2014David Funaro
 

Recommended

MagentoLive Australia 2014 - The Importance of Performance & Security and Sim...
MagentoLive Australia 2014 - The Importance of Performance & Security and Sim...MagentoLive Australia 2014 - The Importance of Performance & Security and Sim...
MagentoLive Australia 2014 - The Importance of Performance & Security and Sim...Nexcess.net LLC
 
Continuous Deployment
Continuous DeploymentContinuous Deployment
Continuous DeploymentTimothy Fitz
 
The Hard Problems of Continuous Deployment
The Hard Problems of Continuous DeploymentThe Hard Problems of Continuous Deployment
The Hard Problems of Continuous DeploymentTimothy Fitz
 
Continuous Deployment
Continuous DeploymentContinuous Deployment
Continuous DeploymentTimothy Fitz
 
The Continuous delivery value - Funaro
The Continuous delivery value - FunaroThe Continuous delivery value - Funaro
The Continuous delivery value - FunaroCodemotion
 
Continuous Deployment: Beyond Continuous Delivery
Continuous Deployment: Beyond Continuous DeliveryContinuous Deployment: Beyond Continuous Delivery
Continuous Deployment: Beyond Continuous DeliveryTimothy Fitz
 
Managing sysadmins
Managing sysadminsManaging sysadmins
Managing sysadminsMarian Marinov
 
The Continuous delivery Value @ codemotion 2014
The Continuous delivery Value @ codemotion 2014The Continuous delivery Value @ codemotion 2014
The Continuous delivery Value @ codemotion 2014David Funaro
 
Continuous delivery @wcap 5-09-2013
Continuous delivery @wcap 5-09-2013Continuous delivery @wcap 5-09-2013
Continuous delivery @wcap 5-09-2013David Funaro
 
Elite Bug Squashing
Elite Bug SquashingElite Bug Squashing
Elite Bug SquashingTony Brown
 
Tests antipatterns
Tests antipatternsTests antipatterns
Tests antipatternsMaciej Przewoznik
 
Programs you need!
Programs you need!Programs you need!
Programs you need!dshinkfield
 
How to survive in the work from home era
How to survive in the work from home eraHow to survive in the work from home era
How to survive in the work from home eraMarian Marinov
 
Introduction to Continuous Integration
Introduction to Continuous IntegrationIntroduction to Continuous Integration
Introduction to Continuous IntegrationSomkiat Puisungnoen
 
The 5 Minute MySQL DBA
The 5 Minute MySQL DBAThe 5 Minute MySQL DBA
The 5 Minute MySQL DBAIrawan Soetomo
 
Mage uk-2013-1345-chris-wells-131030120920-phpapp01
Mage uk-2013-1345-chris-wells-131030120920-phpapp01Mage uk-2013-1345-chris-wells-131030120920-phpapp01
Mage uk-2013-1345-chris-wells-131030120920-phpapp01Karla Mae Tejon
 
The Importance of Site Performance and Simple Steps to Achieve It
The Importance of Site Performance and Simple Steps to Achieve ItThe Importance of Site Performance and Simple Steps to Achieve It
The Importance of Site Performance and Simple Steps to Achieve ItNexcess.net LLC
 
ExpressionEngine - Simple Steps to Performance and Security (EECI 2014)
ExpressionEngine - Simple Steps to Performance and Security (EECI 2014)ExpressionEngine - Simple Steps to Performance and Security (EECI 2014)
ExpressionEngine - Simple Steps to Performance and Security (EECI 2014)Nexcess.net LLC
 
Stress Test as a Culture
Stress Test as a CultureStress Test as a Culture
Stress Test as a CultureJoão Moura
 
Why retail companies can't afford database downtime
Why retail companies can't afford database downtimeWhy retail companies can't afford database downtime
Why retail companies can't afford database downtimeDBmaestro - Database DevOps
 
Citrix troubleshooting 101
Citrix troubleshooting 101Citrix troubleshooting 101
Citrix troubleshooting 101eG Innovations
 
Stored Procedure Superpowers: A Developer’s Guide
Stored Procedure Superpowers: A Developer’s GuideStored Procedure Superpowers: A Developer’s Guide
Stored Procedure Superpowers: A Developer’s GuideVoltDB
 
In (database) automation we trust
In (database) automation we trustIn (database) automation we trust
In (database) automation we trustDBmaestro - Database DevOps
 
DBmaestro's State of the Database Continuous Delivery Survey- Findings Revealed
DBmaestro's State of the Database Continuous Delivery Survey- Findings RevealedDBmaestro's State of the Database Continuous Delivery Survey- Findings Revealed
DBmaestro's State of the Database Continuous Delivery Survey- Findings RevealedDBmaestro - Database DevOps
 
FMK2016 - HOunz Koudelka - Audit and Optimization
FMK2016 - HOunz Koudelka - Audit and OptimizationFMK2016 - HOunz Koudelka - Audit and Optimization
FMK2016 - HOunz Koudelka - Audit and OptimizationVerein FM Konferenz
 
Back from the Dead: When Bad Code Kills a Good Server
Back from the Dead: When Bad Code Kills a Good ServerBack from the Dead: When Bad Code Kills a Good Server
Back from the Dead: When Bad Code Kills a Good ServerTeamstudio
 
System hardening - OS and Application
System hardening - OS and ApplicationSystem hardening - OS and Application
System hardening - OS and Applicationedavid2685
 
Citrix Troubleshooting 101
Citrix Troubleshooting 101Citrix Troubleshooting 101
Citrix Troubleshooting 101eG Innovations
 
The challenges of live events scalability
The challenges of live events scalabilityThe challenges of live events scalability
The challenges of live events scalabilityGuy Tomer
 
FMK2016 - HOunza Koudelka - Audit and Performance (Sponsored Session)
FMK2016 - HOunza Koudelka - Audit and Performance (Sponsored Session)FMK2016 - HOunza Koudelka - Audit and Performance (Sponsored Session)
FMK2016 - HOunza Koudelka - Audit and Performance (Sponsored Session)Verein FM Konferenz
 

More Related Content

What's hot

Continuous delivery @wcap 5-09-2013
Continuous delivery @wcap 5-09-2013Continuous delivery @wcap 5-09-2013
Continuous delivery @wcap 5-09-2013David Funaro
 
Elite Bug Squashing
Elite Bug SquashingElite Bug Squashing
Elite Bug SquashingTony Brown
 
Programs you need!
Programs you need!Programs you need!
Programs you need!dshinkfield
 
How to survive in the work from home era
How to survive in the work from home eraHow to survive in the work from home era
How to survive in the work from home eraMarian Marinov
 
Introduction to Continuous Integration
Introduction to Continuous IntegrationIntroduction to Continuous Integration
Introduction to Continuous IntegrationSomkiat Puisungnoen
 
The 5 Minute MySQL DBA
The 5 Minute MySQL DBAThe 5 Minute MySQL DBA
The 5 Minute MySQL DBAIrawan Soetomo
 

What's hot (7)

Continuous delivery @wcap 5-09-2013
Continuous delivery @wcap 5-09-2013Continuous delivery @wcap 5-09-2013
Continuous delivery @wcap 5-09-2013
 
Elite Bug Squashing
Elite Bug SquashingElite Bug Squashing
Elite Bug Squashing
 
Tests antipatterns
Tests antipatternsTests antipatterns
Tests antipatterns
 
Programs you need!
Programs you need!Programs you need!
Programs you need!
 
How to survive in the work from home era
How to survive in the work from home eraHow to survive in the work from home era
How to survive in the work from home era
 
Introduction to Continuous Integration
Introduction to Continuous IntegrationIntroduction to Continuous Integration
Introduction to Continuous Integration
 
The 5 Minute MySQL DBA
The 5 Minute MySQL DBAThe 5 Minute MySQL DBA
The 5 Minute MySQL DBA
 

Similar to Performance & Security Optimization for Your Magento Store

Mage uk-2013-1345-chris-wells-131030120920-phpapp01
Mage uk-2013-1345-chris-wells-131030120920-phpapp01Mage uk-2013-1345-chris-wells-131030120920-phpapp01
Mage uk-2013-1345-chris-wells-131030120920-phpapp01Karla Mae Tejon
 
The Importance of Site Performance and Simple Steps to Achieve It
The Importance of Site Performance and Simple Steps to Achieve ItThe Importance of Site Performance and Simple Steps to Achieve It
The Importance of Site Performance and Simple Steps to Achieve ItNexcess.net LLC
 
ExpressionEngine - Simple Steps to Performance and Security (EECI 2014)
ExpressionEngine - Simple Steps to Performance and Security (EECI 2014)ExpressionEngine - Simple Steps to Performance and Security (EECI 2014)
ExpressionEngine - Simple Steps to Performance and Security (EECI 2014)Nexcess.net LLC
 
Stress Test as a Culture
Stress Test as a CultureStress Test as a Culture
Stress Test as a CultureJoão Moura
 
Why retail companies can't afford database downtime
Why retail companies can't afford database downtimeWhy retail companies can't afford database downtime
Why retail companies can't afford database downtimeDBmaestro - Database DevOps
 
Citrix troubleshooting 101
Citrix troubleshooting 101Citrix troubleshooting 101
Citrix troubleshooting 101eG Innovations
 
Stored Procedure Superpowers: A Developer’s Guide
Stored Procedure Superpowers: A Developer’s GuideStored Procedure Superpowers: A Developer’s Guide
Stored Procedure Superpowers: A Developer’s GuideVoltDB
 
DBmaestro's State of the Database Continuous Delivery Survey- Findings Revealed
DBmaestro's State of the Database Continuous Delivery Survey- Findings RevealedDBmaestro's State of the Database Continuous Delivery Survey- Findings Revealed
DBmaestro's State of the Database Continuous Delivery Survey- Findings RevealedDBmaestro - Database DevOps
 
FMK2016 - HOunz Koudelka - Audit and Optimization
FMK2016 - HOunz Koudelka - Audit and OptimizationFMK2016 - HOunz Koudelka - Audit and Optimization
FMK2016 - HOunz Koudelka - Audit and OptimizationVerein FM Konferenz
 
Back from the Dead: When Bad Code Kills a Good Server
Back from the Dead: When Bad Code Kills a Good ServerBack from the Dead: When Bad Code Kills a Good Server
Back from the Dead: When Bad Code Kills a Good ServerTeamstudio
 
System hardening - OS and Application
System hardening - OS and ApplicationSystem hardening - OS and Application
System hardening - OS and Applicationedavid2685
 
Citrix Troubleshooting 101
Citrix Troubleshooting 101Citrix Troubleshooting 101
Citrix Troubleshooting 101eG Innovations
 
The challenges of live events scalability
The challenges of live events scalabilityThe challenges of live events scalability
The challenges of live events scalabilityGuy Tomer
 
FMK2016 - HOunza Koudelka - Audit and Performance (Sponsored Session)
FMK2016 - HOunza Koudelka - Audit and Performance (Sponsored Session)FMK2016 - HOunza Koudelka - Audit and Performance (Sponsored Session)
FMK2016 - HOunza Koudelka - Audit and Performance (Sponsored Session)Verein FM Konferenz
 
Citrix Troubleshooting 101: How to Resolve and Prevent Business-Impacting Cit...
Citrix Troubleshooting 101: How to Resolve and Prevent Business-Impacting Cit...Citrix Troubleshooting 101: How to Resolve and Prevent Business-Impacting Cit...
Citrix Troubleshooting 101: How to Resolve and Prevent Business-Impacting Cit...eG Innovations
 
Challenges and best practices of database continuous delivery
Challenges and best practices of database continuous deliveryChallenges and best practices of database continuous delivery
Challenges and best practices of database continuous deliveryDBmaestro - Database DevOps
 
E2 evc 3-2-1-rule - mikeresseler
E2 evc 3-2-1-rule - mikeresselerE2 evc 3-2-1-rule - mikeresseler
E2 evc 3-2-1-rule - mikeresselerMike Resseler
 

Similar to Performance & Security Optimization for Your Magento Store (20)

Mage uk-2013-1345-chris-wells-131030120920-phpapp01
Mage uk-2013-1345-chris-wells-131030120920-phpapp01Mage uk-2013-1345-chris-wells-131030120920-phpapp01
Mage uk-2013-1345-chris-wells-131030120920-phpapp01
 
The Importance of Site Performance and Simple Steps to Achieve It
The Importance of Site Performance and Simple Steps to Achieve ItThe Importance of Site Performance and Simple Steps to Achieve It
The Importance of Site Performance and Simple Steps to Achieve It
 
ExpressionEngine - Simple Steps to Performance and Security (EECI 2014)
ExpressionEngine - Simple Steps to Performance and Security (EECI 2014)ExpressionEngine - Simple Steps to Performance and Security (EECI 2014)
ExpressionEngine - Simple Steps to Performance and Security (EECI 2014)
 
Stress Test as a Culture
Stress Test as a CultureStress Test as a Culture
Stress Test as a Culture
 
Why retail companies can't afford database downtime
Why retail companies can't afford database downtimeWhy retail companies can't afford database downtime
Why retail companies can't afford database downtime
 
Citrix troubleshooting 101
Citrix troubleshooting 101Citrix troubleshooting 101
Citrix troubleshooting 101
 
Stored Procedure Superpowers: A Developer’s Guide
Stored Procedure Superpowers: A Developer’s GuideStored Procedure Superpowers: A Developer’s Guide
Stored Procedure Superpowers: A Developer’s Guide
 
In (database) automation we trust
In (database) automation we trustIn (database) automation we trust
In (database) automation we trust
 
DBmaestro's State of the Database Continuous Delivery Survey- Findings Revealed
DBmaestro's State of the Database Continuous Delivery Survey- Findings RevealedDBmaestro's State of the Database Continuous Delivery Survey- Findings Revealed
DBmaestro's State of the Database Continuous Delivery Survey- Findings Revealed
 
FMK2016 - HOunz Koudelka - Audit and Optimization
FMK2016 - HOunz Koudelka - Audit and OptimizationFMK2016 - HOunz Koudelka - Audit and Optimization
FMK2016 - HOunz Koudelka - Audit and Optimization
 
Back from the Dead: When Bad Code Kills a Good Server
Back from the Dead: When Bad Code Kills a Good ServerBack from the Dead: When Bad Code Kills a Good Server
Back from the Dead: When Bad Code Kills a Good Server
 
System hardening - OS and Application
System hardening - OS and ApplicationSystem hardening - OS and Application
System hardening - OS and Application
 
Citrix Troubleshooting 101
Citrix Troubleshooting 101Citrix Troubleshooting 101
Citrix Troubleshooting 101
 
The challenges of live events scalability
The challenges of live events scalabilityThe challenges of live events scalability
The challenges of live events scalability
 
FMK2016 - HOunza Koudelka - Audit and Performance (Sponsored Session)
FMK2016 - HOunza Koudelka - Audit and Performance (Sponsored Session)FMK2016 - HOunza Koudelka - Audit and Performance (Sponsored Session)
FMK2016 - HOunza Koudelka - Audit and Performance (Sponsored Session)
 
Citrix Troubleshooting 101: How to Resolve and Prevent Business-Impacting Cit...
Citrix Troubleshooting 101: How to Resolve and Prevent Business-Impacting Cit...Citrix Troubleshooting 101: How to Resolve and Prevent Business-Impacting Cit...
Citrix Troubleshooting 101: How to Resolve and Prevent Business-Impacting Cit...
 
Enterprise-Scale WordPress
Enterprise-Scale WordPressEnterprise-Scale WordPress
Enterprise-Scale WordPress
 
Web Performance Optimization (WPO)
Web Performance Optimization (WPO)Web Performance Optimization (WPO)
Web Performance Optimization (WPO)
 
Challenges and best practices of database continuous delivery
Challenges and best practices of database continuous deliveryChallenges and best practices of database continuous delivery
Challenges and best practices of database continuous delivery
 
E2 evc 3-2-1-rule - mikeresseler
E2 evc 3-2-1-rule - mikeresselerE2 evc 3-2-1-rule - mikeresseler
E2 evc 3-2-1-rule - mikeresseler
 

Recently uploaded

Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...SofiyaSharma5
 
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girlsstephieert
 
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Delhi Call girls
 
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service PuneVIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service PuneCall girls in Ahmedabad High profile
 
Russian Call Girls Thane Swara 8617697112 Independent Escort Service Thane
Russian Call Girls Thane Swara 8617697112 Independent Escort Service ThaneRussian Call Girls Thane Swara 8617697112 Independent Escort Service Thane
Russian Call Girls Thane Swara 8617697112 Independent Escort Service ThaneCall girls in Ahmedabad High profile
 
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts servicesonalikaur4
 
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girladitipandeya
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Servicesexy call girls service in goa
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Dana Luther
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGAPNIC
 
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Roomdivyansh0kumar0
 
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With RoomVIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Roomdivyansh0kumar0
 
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 

Recently uploaded (20)

Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
 
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
10.pdfMature Call girls in Dubai +971563133746 Dubai Call girls
 
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
 
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service PuneVIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
 
Russian Call Girls Thane Swara 8617697112 Independent Escort Service Thane
Russian Call Girls Thane Swara 8617697112 Independent Escort Service ThaneRussian Call Girls Thane Swara 8617697112 Independent Escort Service Thane
Russian Call Girls Thane Swara 8617697112 Independent Escort Service Thane
 
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service
 
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
 
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOG
 
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
 
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
 
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With RoomVIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
VIP Kolkata Call Girl Dum Dum 👉 8250192130 Available With Room
 
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
 
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls KolkataVIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata
 

Performance & Security Optimization for Your Magento Store

  • 1.
  • 2. The Importance of Performance & Security and Simple Steps to Achieve Them CHRIS WELLS – CEO – NEXCESS.NET LLC
  • 4. Quick Facts About Michigan • Michigan has the longest fresh water shoreline in the U.S. (world?) at 3,126 miles. • Four flags have flown over Michigan: French, English, Spanish and U.S. • Michigan is split into an “upper” and “lower” peninsula • The upper is dubbed the “U.P.” • Detroit, MI is called The “Motor City” in the U.S. • 1st mile of concrete road laid in 1909 • Detroit is the potato chip (crisp) capital of the world
  • 5. Notes About This Talk • Lessons learned from MagentoLive Australia 2013 • If masses walk out during the talk I have either: A. Miscalculated the technical level acceptable for the audience. B. Miscalculated my own ability to be interesting for 40 minutes. • Lessons learned from MagentoLive UK 2013
  • 6. Why Care About Performance and Security?
  • 7. They Both Affect Your Bottom Line DIRECTLY!
  • 8. Anecdotal Notes on Performance • Just think about it... • slow….means….frustrating…. • Metrics aside - you know slow when you see it! • There’s rarely an upside to a site loading slow • Unless it’s your competitors  • Mobile adds a new variable (3G is essentially dial-up) • An un-optimized Magento Enterprise is slow out-of-the-box • ~3 second load times are typical before adding extensions
  • 9. Performance Wins (Part 1) • Firefox Browser • Slow page loaders downloaded less often • 1 second of increased performance increased downloads by 2.7% • Shopzilla.com • Had page load times of ~7 seconds • 5 second decrease in page load time (7s  2s) • 25% increase in page views • 7 – 12% increase in revenue • 50% decrease in physical hardware (and hardware costs)
  • 10. Performance Wins (Part 2) • Google • Tested a longer page 1 (30 entries instead of 10) and found a 25% drop-off in clicks • The addition of a shopping cart icon: • Added 2% delay in loading • Resulted in 2% less searches/user • Wal-Mart noted: • Every 1 second improvement equated to 2% increased CVR • Every 100 milliseconds improvement equated to 1% in incremental revenue
  • 11. Where to Start? • Start simple – how does the site feel? • Gather metrics • Web Page Test (http://www.webpagetest.org/) • Google Analytics • Yahoo’s Yslow (browser plug-in) • New Relic & other paid tools • Tackle one issue at a time, test, repeat • Big gains are possible with targeted optimization • Remember Pareto’s Principal (the 80/20 rule) -- “80% of the effects come from 20% of the causes”
  • 12. Performance Step #1 – Tune the Environment
  • 13. Tune the Environment • Hardware and software choices matter! • Choose a hosting provider that fits within your workflow and requirements. • Ensure that your hosting provider: • Configures the PHP interpreter correctly (this runs Magento) • Uses PHP 5.4 if at all possible (patch may be required) • Configures the database server correctly (typically MySQL) • Uses Percona Server instead of MySQL • Implements the Magento best practices (at a minimum)
  • 14. Effect of Database Software Choice Percona Server hits ~1800 transactions/sec Standard MySQL tops out at ~1200 transactions/sec
  • 15. Effect of PHP Software Choice #1 0 100 200 300 400 500 600 700 800 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 20 25 30 35 40 45 50 55 60 Siegetransacons/second Dura on (in minutes) PHP 5.3.24 PHP 5.4.28 ~615 t/sec (~12% increase!!)
  • 16. Effect of PHP Software Choice #2 0 100 200 300 400 500 600 700 800 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 20 25 30 35 40 45 50 55 60 Siegetransacons/second Dura on (in minutes) PHP 5.3.24 PHP 5.4.14 PHP 5.4.28 Even upgrading from 5.4.14 shows gains of ~4%
  • 17. Effect of PHP Software Choice #3 0 100 200 300 400 500 600 700 800 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 20 25 30 35 40 45 50 55 60 Siegetransacons/second Dura on (in minutes) PHP 5.4.28 PHP 5.5.12 ~781 t/sec ~25% better than 5.4 ~41% better than 5.3 WOW 
  • 18. Performance Step #2 – Tune Magento
  • 19. Notes on Magento • Magento is very CPU heavy • The bulk of this heaviness is within PHP code • MySQL CPU usage is typically bound by PHP’s CPU usage (speaking in single server terms) • Magento is not very I/O heavy • I know, I know this sounds like heresy – I’ll explain • I/O is bound by PHP’s CPU usage • PHP is often the bottleneck!
  • 20. Tune Magento • Make full use of Magento’s built-in features! • The two-level memory-based cache • Session memory-based caching • The Magento memory-based full page cache (FPC) • HUGE performance gains instantly • 1.13+ has smarter cache invalidation than prior versions • 1.14+ supports PHP 5.4 out of the box • Use available domain-based optimizations (SOLR, etc)
  • 21. Performance Step #3 – Tune The Edge
  • 22. Tune the Edge • Host where your customers are • Put your site on the same continent as your audience (or closer) • Use a global content delivery network (CDN) • 75% of all e-commerce sites do not use a CDN • Turn on compression for JavaScript, CSS, HTML, images, etc • 22% of all e-commerce sites do not use compression • Turn on HTTP Keep-alives (keeps per-client connections open) • 13% of all e-commerce sites do not use the keep-alive setting • Beware of too many (or just plain bad) external resources (JavaScript, CSS, images, ads and other external assets)
  • 23. Performance Step #4 – Extensions…
  • 24. Extension Choices Matter • Make use of good 3rd party extensions • You have to define “good” • Beware of bad 3rd party extensions • May induce slowness (complex or non-optimal queries) • May include slow off-server content • Test all extensions for performance before using in production! • Don’t assume that 3rd party developers have tested for performance • Strike a usability balance between performance and features
  • 25. Bringing It All Together
  • 26. We’re at about 3 seconds to start Not a great start… Ignore these for now. Remember - one thing at a time! TTFB is ~¾ of a second TTFB (Time to First Byte) BUT… Repeat views are not bad!
  • 27. The Power of the Full Page Cache And we’ve gained a full ½ second (was 2.8) From “F” to “B” with a single config change Repeat pages are served at just over ½ a second! (was ~1) TTFB is only .36 seconds! (was .75)
  • 28. Edge Tuning Image compression is best done by your design team CDN configured We’ve gained another full second (was 2.4) The second was largely gained here (was 1.6) TTFB largely unaffected (as expected) Simple server-side changes make these perform Overall – Very good!
  • 29. Turpentine/Varnish Caching & Response Time FPC yields ~.5 second page load times (under optimal conditions) Turpentine can cut this down quite a bit!
  • 30. Adding Nexcess/Turpentine Down to almost 1 second! From “B” to “A” with a single free extension Even with all optimizations ON there is still variance Our lowest TTFB yet! (was .38)
  • 32. Security Reality Check • Security is costly • Maintaining a high level of security takes effort • Breaches cause a loss of customer goodwill • Breaches absorb time/energy that could be spent more profitably • Security is hard • It’s like dieting… • Security is multi-faceted • Many key players with diverse responsibilities • Security never ends • There are no diet breaks 
  • 33. Security Step #1 – Secure the Environment
  • 34. Security Step #2 – Secure Magento
  • 35. Basic Magento Security • Keep Magento up to date • I know I know – easier said than done … but do it • Maintain unique user accounts per user • This is also a PCI requirement! • Use a unique admin URL • Require SSL (network encryption) • Restrict admin access to known allowed IP addresses • Extensions add new variables – don’t ignore them!
  • 36. Security Step #3 – Secure Your Workflow
  • 37. Basic Security • Password security • Passwords do not necessarily need to be complex • PillowCarpetTelevision  22 characters! • Don’t reuse passwords on other sites • Use LastPass (or something like it) • Use a secure means to publish content • Avoid FTP! • Ensure backups exist (and are recent) • Trust but verify your hosting arrangements
  • 38. Performance and Security are NOT spectator sports!
  • 39. Thank You!! P.S. I had a bag of chips for each audience member but I ate them all because I’m from Detroit . Sorry… But not really… Sorry that is.
  • 40. References • http://www.nexcess.net/magento-best-practices-whitepaper • http://blog.kissmetrics.com/loading-time/ • http://blog.mozilla.org/metrics/category/website-optimization/ • http://www.webperformancetoday.com/2012/02/28/4-awesome- slides-showing-how-page-speed-correlates-to-business-metrics-at- walmart-com/ • http://programming.oreilly.com/2009/07/velocity-making-your-site- fast.html

Editor's Notes

  1. JOKE ABOUT SOCCER
  2. U.S. IS DIVIDED INTO 4 SECTIONS
  3. 8 MILE JOKE (HAS NOTHING TO DO WITH 8 MILE)