Cesivi Production Deployment Checklist¶
Home → Documentation → Reference → Production Checklist
This checklist ensures a smooth and secure production deployment of Cesivi server.
Pre-Deployment Checklist¶
1. Environment Validation¶
- [ ] .NET Runtime installed (.NET 10.0 or later)
- [ ] Hardware meets minimum requirements:
- CPU: 2+ cores (4+ recommended)
- RAM: 4GB+ (8GB+ recommended)
- Disk: SSD with 20GB+ available
- [ ] Operating System supported and patched
- [ ] Network ports available (5000 for HTTP, 5001 for HTTPS)
- [ ] Firewall configured to allow required ports
- [ ] DNS records configured (if using custom domain)
2. Security Configuration¶
- [ ] HTTPS enabled with valid SSL certificate
- [ ] Authentication mechanism configured:
- [ ] NTLM authentication tested
- [ ] Basic authentication tested (development only)
- [ ] Bearer token authentication tested
- [ ] CORS configured with specific origins (not wildcard
*) - [ ] Rate limiting enabled and tested
- [ ] Security headers enabled:
- [ ] HSTS (Strict-Transport-Security)
- [ ] X-Frame-Options
- [ ] X-Content-Type-Options
- [ ] Content-Security-Policy
- [ ] Secrets management implemented (no hardcoded credentials)
- [ ] Audit logging enabled for security events
3. Configuration Review¶
- [ ]
appsettings.Production.jsonreviewed and validated - [ ] Environment variables set correctly:
ASPNETCORE_ENVIRONMENT=Production ASPNETCORE_URLS=https://+:5001;http://+:5000 - [ ] Logging level set appropriately (Warning or Error for production)
- [ ] MockData location configured correctly
- [ ] Connection strings (if using database) validated
- [ ] Cache configuration optimized:
- [ ] Cache expiration set
- [ ] Cache size limits configured
- [ ] Distributed cache (Redis) configured if HA required
4. Performance Validation¶
- [ ] Performance benchmarks executed:
cd tools/PerformanceBenchmark dotnet run - [ ] Baseline metrics documented:
- [ ] Average response time < 10ms for SOAP
- [ ] Average response time < 15ms for REST
- [ ] P95 response time < 50ms
- [ ] Compression enabled (Brotli/Gzip)
- [ ] Response caching configured and tested
- [ ] MockData structure optimized (no files > 10MB)
5. Monitoring Setup¶
- [ ] Health check endpoint accessible:
/_vti_bin/diagnostics - [ ] Application Insights or monitoring tool configured
- [ ] Log aggregation setup (ELK, Loki, or Serilog to file)
- [ ] Alerts configured for:
- [ ] Service down (health check failure)
- [ ] High error rate (> 5%)
- [ ] High memory usage (> 80%)
- [ ] Slow response times (P95 > 100ms)
- [ ] Low cache hit rate (< 40%)
- [ ] Metrics dashboard created (Grafana/Azure Dashboard)
6. Backup & Recovery¶
- [ ] Backup strategy implemented:
- [ ] Daily automated backup of MockData
- [ ] Configuration files backed up
- [ ] Backup retention policy: 30 days minimum
- [ ] Backup storage verified (local/S3/Azure Blob)
- [ ] Restore procedure tested successfully
- [ ] Disaster recovery plan documented
- [ ] RTO/RPO defined and achievable:
- [ ] RTO < 1 hour
- [ ] RPO < 24 hours
7. High Availability (if required)¶
- [ ] Load balancer configured and tested
- [ ] Multiple instances deployed (minimum 2)
- [ ] Shared storage for MockData (NFS/Azure Files/EFS)
- [ ] Session affinity configured if needed
- [ ] Health checks enabled on load balancer
- [ ] Failover tested successfully
- [ ] Auto-scaling configured (if Kubernetes/cloud)
Deployment Steps¶
1. Pre-Deployment Actions¶
- [ ] Change window scheduled and communicated
- [ ] Stakeholders notified of deployment
- [ ] Rollback plan prepared and reviewed
- [ ] Deployment team briefed
- [ ] Support team on standby
2. Build and Publish¶
# Build application
dotnet clean
dotnet build --configuration Release
# Run tests
dotnet test --no-build --verbosity normal
# Publish application
dotnet publish Cesivi.Server/Cesivi.csproj \
--configuration Release \
--output ./publish \
--self-contained false
- [ ] Build successful with 0 errors, 0 warnings
- [ ] All tests passing (146/146)
- [ ] Published artifacts created
3. Deployment Execution¶
Choose deployment method:
Option A: systemd Service (Linux)¶
# Copy application
sudo cp -r ./publish/* /opt/Cesivi/
# Set permissions
sudo chown -R Cesivi:Cesivi /opt/Cesivi
# Restart service
sudo systemctl restart Cesivi
# Verify service
sudo systemctl status Cesivi
- [ ] Application copied successfully
- [ ] Permissions set correctly
- [ ] Service started successfully
- [ ] Health check passing
Option B: Docker¶
# Build image
docker build -t Cesivi:v1.0 -f deployment/docker/Dockerfile .
# Run container
docker-compose up -d
# Verify container
docker ps | grep Cesivi
docker logs Cesivi
- [ ] Image built successfully
- [ ] Container running
- [ ] Health check passing
- [ ] Logs show no errors
Option C: Kubernetes¶
# Apply manifests
kubectl apply -f deployment/k8s/deployment.yaml
kubectl apply -f deployment/k8s/ingress.yaml
# Check deployment
kubectl get pods -n sharepoint
kubectl get svc -n sharepoint
# Check logs
kubectl logs -n sharepoint -l app=Cesivi
- [ ] Pods running (all replicas)
- [ ] Service accessible
- [ ] Ingress configured
- [ ] Health checks passing
4. Post-Deployment Validation¶
- [ ] Health endpoint accessible:
curl https://Cesivi.company.com/_vti_bin/diagnostics - [ ] SOAP services responding:
curl -X POST https://Cesivi.company.com/_vti_bin/Lists.asmx \ -H "Content-Type: text/xml" \ --data '<soap:Envelope>...</soap:Envelope>' - [ ] REST API responding:
curl https://Cesivi.company.com/_api/web \ -H "Authorization: Bearer <token>" - [ ] PnP PowerShell connectivity tested:
Connect-PnPOnline -Url "https://Cesivi.company.com" -Credentials $creds Get-PnPWeb - [ ] Error logs reviewed (no critical errors)
- [ ] Performance metrics within acceptable range
- [ ] SSL certificate valid and trusted
5. Smoke Tests¶
Run smoke test suite:
# REST API smoke test
curl https://Cesivi.company.com/_api/web | jq '.d.Title'
# SOAP smoke test
curl -X POST https://Cesivi.company.com/_vti_bin/Lists.asmx \
-H "SOAPAction: http://schemas.microsoft.com/sharepoint/soap/GetListCollection" \
--data @soap-request.xml
# Search smoke test
curl "https://Cesivi.company.com/_api/search/query?querytext='test'" | jq
- [ ] All smoke tests passing
- [ ] Response times acceptable
- [ ] No errors in logs
Post-Deployment Checklist¶
1. Monitoring Verification¶
- [ ] Metrics flowing to monitoring system
- [ ] Dashboards showing live data
- [ ] Alerts tested and firing correctly
- [ ] Logs aggregating correctly
2. Performance Validation¶
- [ ] Baseline performance measured and documented
- [ ] Response times within SLA:
- [ ] SOAP operations < 10ms average
- [ ] REST operations < 15ms average
- [ ] P95 < 50ms
- [ ] Throughput tested (requests/second)
- [ ] Concurrent users load tested
3. Security Audit¶
- [ ] Vulnerability scan completed
- [ ] SSL configuration tested (SSL Labs A+ rating)
- [ ] Authentication working correctly
- [ ] Authorization enforced
- [ ] Audit logs capturing events
4. Documentation Update¶
- [ ] Deployment date recorded
- [ ] Version number documented
- [ ] Configuration changes logged
- [ ] Known issues documented
- [ ] Runbook updated
5. Stakeholder Communication¶
- [ ] Deployment success communicated
- [ ] Service URL shared
- [ ] Support contacts provided
- [ ] Known limitations communicated
- [ ] Feedback mechanism established
Rollback Procedures¶
When to Rollback¶
Rollback immediately if: - [ ] Critical functionality broken - [ ] Error rate > 10% - [ ] Service unavailable for > 5 minutes - [ ] Data corruption detected - [ ] Security vulnerability introduced
Rollback Steps¶
systemd Service¶
# Stop current service
sudo systemctl stop Cesivi
# Restore previous version
sudo cp -r /backup/Cesivi-previous/* /opt/Cesivi/
# Restore configuration
sudo cp /backup/config/appsettings.Production.json /opt/Cesivi/
# Start service
sudo systemctl start Cesivi
# Verify
curl http://localhost:5000/_vti_bin/diagnostics
Docker¶
# Rollback to previous image
docker-compose down
docker tag Cesivi:v1.0 Cesivi:rollback
docker tag Cesivi:v0.9 Cesivi:v1.0
docker-compose up -d
Kubernetes¶
# Rollback deployment
kubectl rollout undo deployment/Cesivi -n sharepoint
# Verify rollback
kubectl rollout status deployment/Cesivi -n sharepoint
- [ ] Rollback completed
- [ ] Service functional
- [ ] Stakeholders notified
- [ ] Post-mortem scheduled
Sign-Off¶
Deployment Team¶
| Role | Name | Signature | Date |
|---|---|---|---|
| Release Manager | _______ | _______ | //_____ |
| DevOps Engineer | _______ | _______ | //_____ |
| QA Lead | _______ | _______ | //_____ |
| Security Officer | _______ | _______ | //_____ |
Approvals¶
- [ ] Technical Lead approval obtained
- [ ] Security Team approval obtained
- [ ] Operations Team approval obtained
- [ ] Product Owner approval obtained
Post-Deployment Review¶
Schedule post-deployment review within 48 hours:
- [ ] Lessons learned captured
- [ ] Issues encountered documented
- [ ] Process improvements identified
- [ ] Documentation updated
Appendix¶
Contact Information¶
| Team | Phone | Escalation | |
|---|---|---|---|
| DevOps | devops@company.com | +1-xxx-xxx-xxxx | On-Call |
| Security | security@company.com | +1-xxx-xxx-xxxx | CISO |
| Support | support@company.com | +1-xxx-xxx-xxxx | L2 Support |
Reference Documents¶
- DEPLOYMENT_GUIDE.md - Detailed deployment instructions
- OPERATIONS.md - Operations manual
- PERFORMANCE.md - Performance optimization guide
- TROUBLESHOOTING.md - Common issues and solutions
- API_REFERENCE.md - Complete API documentation
Service Level Agreements (SLA)¶
| Metric | Target | Measurement |
|---|---|---|
| Availability | 99.9% uptime | Monthly |
| Response Time | P95 < 50ms | Hourly average |
| Error Rate | < 0.1% | Daily average |
| Support Response | < 15 minutes | Business hours |
Deployment Version: 1.0 Document Version: 1.0 Last Updated: 2025-01-06 Next Review: 2025-02-06