Someone asked me for resources on how to harden a Commerce Server deployment. The best starting point is:

• Deployment – see http://msdn.microsoft.com/en-us/library/dd464584.aspx
• Securing a Deployment – can be found at http://msdn.microsoft.com/en-us/library/dd442366.aspx

Hope this helps!

I was sent several questions about Virtual Catalogs over this last month. So here are the answers…

• Q: My understanding is that items and categories are including in a Virtual Catalog by creating INCLUSION RULES.  Is there a limit to the number of INCLUSION RULES that I can create?
  • A: No. Though, practically speaking, there is a limit of ~80 base catalogs to a virtual catalog. And understand that the more of these there are, the more work SQL is having to do to stitch it all together. The best advice – is be practical and use common sense.
• Q: At what point (# of items) do you think a VIRTUAL CATALOG should be MATERIALIZED?
  • A: It is a good practice to always materialize virtual catalogs in production. This minimizes query overhead. And not materialize them in the environment being used for business users – to ensure that data is always up to date.
• Q: If I create a virtual catalog with 1,000 specific items (no variants or categories) do I need to rebuild the virtual every time I rebuild the base?
  • A: Base catalogs don’t get rebuilt. So the scenario described would not apply. If you are using a Virtual Catalog View (virtual on virtual), it would apply as the Base would change, needing a rebuild of the Virtual, which would in turn need a rebuild of the Virtual View. You need to rebuild whenever underlying data changes – and this is triggered automatically by the Catalog system.

Hope this helps!

I am super-excited to announce that today we have shipped:

• Commerce Server 2009 Template Pack: http://go.microsoft.com/fwlink/?LinkId=147778
• Commerce Server 2009 Inline Product Property Editor: http://go.microsoft.com/fwlink/?LinkId=147779
• A new white paper “Localizing Your Commerce Server 2009 Site using Site Variations”: http://go.microsoft.com/fwlink/?LinkId=147752

The Template Pack provides a styled HTML skin over and above the “white label” default site shipped in Commerce Server 2009. It is meant to be easily redesigned to easily accommodate your own look-and-feel. It also includes a Mobile site, which has been optimized for both Windows Mobile and the iPhone.

The Inline Product Property Editor provides a Silverlight control that lets you edit catalog data within your site – a great asset for business users as you no longer have to fly blind when making standard, day-to-day catalog product changes.

Lastly, one of the most compelling features of Microsoft Office SharePoint Server (MOSS) is Site Variations. It lets you completely localize your site in another language without having to recompile it. This white paper tells you how to do that with Commerce Server 2009, MOSS, and the SharePoint Commerce Services feature of CS2009.

Hope this helps – enjoy!

As of this week, Microsoft Office SharePoint Designer is now available for free. You can download it from http://office.microsoft.com/en-us/sharepointdesigner/default.aspx. This will be a great tool for use in editing the pages in the Default Site in Commerce Server 2009 – or any other supporting file (e.g. – Resource File) or page created in SharePoint Commerce Services on top of Commerce Server 2009. Hope this help!

The question keeps coming up about whether or not there is a Commerce Server certification. As of right now, there is not – nor are there any definitive plans to offer this through the typical Microsoft Training and Certification channels now or in the future. Given the size of the customer base of Commerce Server relative to, say, Windows Server, it simply does not meet the typical models for certification. Hope this helps.

When we shipped Commerce Server 2007, we began supporting ASP.NET Authentication for SQL Authentication and ADFS for Windows Authentication. In fact, this became the preferred and directed method to handle site authentication for Commerce Server. The legacy ISAPI authentication filter was maintained for backward compatibility, but was marked as deprecated. This story did not change for Commerce Server 2009.

For the next version of Commerce Server, we are proposing to remove the legacy CS2000/CS2002 ISAPI Authorization filter entirely, effectively forcing you to use ASP.NET Authentication or ADFS. If this will cause you a problem, please leave us a comment.