locked
Managing production and test environments RRS feed

  • Question

  • We're expecting to go-live with our HV application that is currently on the test platform.

    What's the best way to set up our production and test environments?

    Specifically, we've had to generate a new cert for the production environment.

    We've kept a copy of our old certificate.

    And cloned the application.

    So now we have 2 folders: 1 with our production app, and the other where we will be adding new features.

    Do we simply create another application in the HV config center for our test app?

    Or, do we continue using the same application id?

    And then the test and production environments manage the 2 copies of the app with the same application id?

    Thanks,
    Gary

    Sunday, February 7, 2010 12:44 AM

Answers

  • Hello Gary,

    You have to use the same application ID in both PPE and Production environment, but both the environments can have different certificates. Please follow
    this link for more information on how to manage the public key.

    When any changes are to be done on the application configuration you can do the changes in the PPE configuration center and then inform your Go-Live contact person about the change. Then we can push the PPE configuration to the production environment. Changes in the PPE configuration does not directly affect the application's Production Environment configuration. So the new features can be tested in the PPE itself.

    Please let me know if you need any further clarification.

    Thanks and Regards,
    Aneesh D.
    Monday, February 8, 2010 2:43 AM
    Moderator
  • Let me expand on what Aneesh noted earlier.

    The PPE and Production environments are independent from each other.  We have tools that allow us to copy application configuration from one to another-- which is one reason why we require that you use the same app ID in both environments.  This is easier for partners as well, as they only need to remember one app ID per app.  You have one app ID, with a PPE copy and a Production copy.

    The only thing that is not copied is your certificate.  This is to help ensure environment isolation.  It not only reduces the chance you'll accidentally point at the wrong environment, but it also reduces the exposure of your production private key.  If your production private key is compromised, then anyone with access to it can impersonate your application.  This is BAD.  You must ensure the security of your production private key.

    So... if you use the same key pair for PPE and Production, that means your production private key is stored on your dev and test servers.  So anyone with access to those servers could compromise the production environment.  Badness!

    You can do dev work in PPE and update your config without it affecting Prod.  When you're ready to take those changes live, we just push the updated config from PPE to Prod as a copy/overwrite.

    Long story short--  There are two copies, one in PPE and one in Production.  They share the same ID.  We push a copy from PPE to Production.  Each copy can and should be configured with different certificates.

    You have the ability to edit/change the certs in PPE yourselves, via the app config center.  Only the HealthVault team can access and modify your production certificate.  You send us a copy of your production public cert (but not the private cert), and we load it into Prod for you.

    Monday, February 8, 2010 8:36 PM
    Moderator

All replies

  • Hello Gary,

    You have to use the same application ID in both PPE and Production environment, but both the environments can have different certificates. Please follow
    this link for more information on how to manage the public key.

    When any changes are to be done on the application configuration you can do the changes in the PPE configuration center and then inform your Go-Live contact person about the change. Then we can push the PPE configuration to the production environment. Changes in the PPE configuration does not directly affect the application's Production Environment configuration. So the new features can be tested in the PPE itself.

    Please let me know if you need any further clarification.

    Thanks and Regards,
    Aneesh D.
    Monday, February 8, 2010 2:43 AM
    Moderator
  • But we still have 2 copies of the application?

    One that's running the test configuration, and the other running the production config?

    Or, does HV actually push a copy of our entire application?

    I would assume "no", but I just want to clarify.

    Also, the link says to delete the old certificate.

    We've kept the old certificate, with the assumption that we use this old one for the test app (or copy of our production app).

    So how do we manage 2 different certs for one application id?

    Thanks.
    Monday, February 8, 2010 7:13 PM
  • Let me expand on what Aneesh noted earlier.

    The PPE and Production environments are independent from each other.  We have tools that allow us to copy application configuration from one to another-- which is one reason why we require that you use the same app ID in both environments.  This is easier for partners as well, as they only need to remember one app ID per app.  You have one app ID, with a PPE copy and a Production copy.

    The only thing that is not copied is your certificate.  This is to help ensure environment isolation.  It not only reduces the chance you'll accidentally point at the wrong environment, but it also reduces the exposure of your production private key.  If your production private key is compromised, then anyone with access to it can impersonate your application.  This is BAD.  You must ensure the security of your production private key.

    So... if you use the same key pair for PPE and Production, that means your production private key is stored on your dev and test servers.  So anyone with access to those servers could compromise the production environment.  Badness!

    You can do dev work in PPE and update your config without it affecting Prod.  When you're ready to take those changes live, we just push the updated config from PPE to Prod as a copy/overwrite.

    Long story short--  There are two copies, one in PPE and one in Production.  They share the same ID.  We push a copy from PPE to Production.  Each copy can and should be configured with different certificates.

    You have the ability to edit/change the certs in PPE yourselves, via the app config center.  Only the HealthVault team can access and modify your production certificate.  You send us a copy of your production public cert (but not the private cert), and we load it into Prod for you.

    Monday, February 8, 2010 8:36 PM
    Moderator
  • Ok, thanks.

    I understand now.

    Missed the obvious.

    Our test copy keeps using the old cert (or test cert).

    We don't have to create 2 certs in the app config center since we don't have anything to do with config for the production app.

    Thanks a lot.


    Monday, February 8, 2010 9:08 PM
  • No problem-- thanks for asking and making sure.  That's exactly correct.
    Monday, February 8, 2010 9:35 PM
    Moderator