Securing a Self-Hosted uStore Deployment

Infrastructure and deployment best practices for organizations that install and operate uStore on their own servers.

Summary: This article describes the infrastructure, network, and operational controls XMPie recommends for customers who self-host (on-premises or in their own cloud account). It complements uStore Security Features, which covers the application-level controls available inside uStore itself. Where that article is about settings within the product, this one is about the environment you run it in.

Scope & the shared responsibility model

uStore is a powerful web-to-print platform that, when self-hosted, runs inside infrastructure that you own and operate. Security and availability of a self-hosted deployment are a shared responsibility:

XMPie is responsible for the security of the uStore software — secure development practices, application-level controls, and the timely release of security patches.
You, the licensee, are responsible for the security, configuration, patching, monitoring, and resilience of the servers, network, operating system, database, and any third-party components the software runs on, and for applying XMPie patches in a timely manner.

Following the practices below helps keep your deployment aligned with industry-standard security and with the configuration assumptions in your XMPie Software License and Services Agreement. They are recommendations for a robust, defense-in-depth posture; the specific controls appropriate for your organization depend on your risk profile, regulatory obligations, and how the storefront is exposed.

Two layers, two articles: This article covers the deployment / infrastructure layer. For controls inside the uStore application, see uStore Security Features. Apply both.

Network & edge protection

Deploy uStore behind a Web Application Firewall (WAF)

XMPie strongly recommends that any internet-facing self-hosted uStore storefront sit behind a Web Application Firewall. A WAF adds a critical layer of defense — filtering common web attacks (OWASP Top 10), bot traffic, and many automated exploitation attempts before they reach your application servers.

Choose a WAF that can inspect the full request, including the request body — not only the URL, query string, and headers. Some attacks carry their payload in the body (for example, in multipart form-data), and an edge rule scoped only to the URL will not see them.
Route public DNS for your storefront through the WAF, and restrict the origin servers so they only accept traffic from the WAF (e.g. via security groups / firewall rules), preventing attackers from bypassing the WAF by hitting the origin directly.
Keep WAF rule sets current and enable managed/automatic rule updates where available.

Encrypt everything in transit (TLS)

Serve all storefront and administrative traffic over HTTPS with a valid certificate; redirect HTTP to HTTPS.
Disable legacy protocols and weak ciphers (TLS 1.2+ only, modern cipher suites).
See uStore Security Features for configuring SSL inside uStore and on any proxy in front of it.

Restrict and segment access

Limit administrative surfaces. Restrict the uStore Back Office, REST APIs, and any API documentation (e.g. Swagger) to trusted networks — internal addresses, a VPN, or an IP allowlist — rather than exposing them to the open internet.
Segment the network. Place the database and any back-end services on a private subnet with no direct internet route; only the web tier should be reachable from the edge. Use host firewalls / security groups to allow only the ports each component genuinely needs.
Apply the principle of least privilege at the network layer between every tier (web, application, database, file storage).

Host & operating system hardening

Build servers from a hardened OS baseline — for example a CIS-benchmarked Windows Server image — rather than a default install.
Run an endpoint protection / EDR agent (anti-malware with detection and response) on every server.
Run uStore application pools and services under a dedicated service account configured with the permissions documented in the uStore installation guide. Because this account carries elevated rights, limit its reach everywhere else: use it only for uStore (never share it with other applications), never grant it elevated domain privileges such as Domain Admin (a domain user account is normal in distributed or cluster deployments), restrict interactive/remote logon where operationally possible, protect it with a strong managed password, and monitor its activity.
Tighten NTFS permissions on the web and content directories. Where your deployment allows it, deny execute permissions on directories that only need to hold uploaded content, so an uploaded file cannot be run as code. (Validate against your operational needs — some components require filesystem access.)
Disable unused Windows roles, features, and services to reduce the attack surface.

Patch & vulnerability management

Apply XMPie security patches promptly. XMPie evaluates, tests, and releases patches for security issues; for high-risk patches, hosted customers are notified proactively. As a self-hosting customer, you are responsible for applying released patches in a timely manner.
Keep the operating system, IIS, .NET, SQL Server, and any third-party components current with vendor security updates.
Maintain a vulnerability-management process: scan regularly, track findings, and remediate on a timeline that matches the risk.
Subscribe to XMPie product and security communications so you learn about relevant patches when they are released.

Identity & access management

Enforce strong, unique passwords and account-lockout policies (see uStore Security Features for the in-product settings).
Give every administrator and operator a unique account; do not share credentials.
Add multi-factor authentication at the network/identity layer (e.g. VPN or SSO) for administrative access wherever feasible.
Review accounts and permissions periodically and remove access that is no longer needed.

Logging, monitoring & detection

Retain IIS and application logs, and forward security-relevant logs to a central location or SIEM so events can be correlated and retained beyond a single server.
Alert on anomalies — unusual login activity, unexpected administrative actions, spikes in error rates, or access from unfamiliar locations.
Establish a basic incident-response plan: who is notified, how a host is isolated, and how credentials are rotated if compromise is suspected.

Backup, recovery & resilience

Back up the database and application data on a regular schedule, and test restores — an untested backup is not a backup.
Define your own Recovery Time Objective (RTO) and Recovery Point Objective (RPO) and ensure your backup cadence meets them.
Keep at least one backup copy isolated from the production environment to protect against ransomware and accidental deletion.
For high-availability requirements, consider redundancy across availability zones / data centers with load balancing and database failover.

Secure customization & integrations

If you develop custom plugins, integrations, or storefront code, apply secure-development practices — input validation, output encoding, and code review.
Treat all externally supplied input (filenames, paths, parameters) as untrusted.
Vet third-party components and keep them patched; their vulnerabilities become yours.

Governance & assurance

Align your deployment with a recognized framework (e.g. SOC 2, ISO 27001) appropriate to your business and your customers' requirements.
Perform periodic penetration tests and architecture reviews of your environment.
Document your controls so you can demonstrate due diligence to your own customers and auditors.

Self-hosting at a glance

Control area	Your responsibility when self-hosting
Edge protection (WAF, DDoS, bot mitigation)	Source, configure, and maintain
Network segmentation & firewalls	Design and operate
OS hardening & endpoint protection (EDR)	Build, deploy, and manage
OS / database / component patching	Plan and apply
Applying XMPie security patches	Apply promptly when released
Logging, SIEM & 24/7 monitoring	Stand up and staff
Backup, restore testing & HA / failover	Implement and test
Compliance attestation (SOC 2 / ISO)	Pursue independently

Prefer to have this handled for you? XMPie StoreFlow Cloud

The controls above represent a significant, ongoing investment in people, tooling, and process. Many organizations find that operating them to a consistently high standard is more than a part-time IT effort can sustain — and that gaps tend to appear precisely where attackers look first.

When XMPie hosts uStore for you on StoreFlow Cloud, these layers come built in and managed for you:

Imperva WAF
DDoS & bot mitigation
CrowdStrike Falcon EDR
CIS-hardened images
SIEM (Cortex XSIAM)
24/7 NOC monitoring
Tenant isolation
Daily backups
Multi-AZ high availability
Proactive patching
Secure SDLC & pen testing

These operational controls are described in detail in StoreFlow Cloud Security and Availability.

Independently verified. XMPie maintains a SOC 2 Type 2 attestation for the Security trust services category, covering its Cross-Media and StoreFlow platform. An independent auditor examines XMPie's security controls over a multi-month period; in the most recent examination the controls were found to be suitably designed and operating effectively. The report is renewed annually and is available under NDA on request.

Beyond security, XMPie hosting also delivers resilience, availability, and scalability at the platform level — fault-tolerant architecture across availability zones, managed backups with defined recovery objectives, and continuous operational monitoring — without your team having to build or run any of it. (Cloud infrastructure is provided on AWS; see the StoreFlow article for the full architecture.)

In short: self-hosting can look less expensive on paper, but the true cost includes everything in the table above, maintained continuously. If you would rather we carried that load, we've got you covered. For the full picture of what XMPie hosting provides, see StoreFlow Cloud Security and Availability, or talk to your XMPie account team about moving to a hosted deployment.

uStore Security Features — application-level security controls inside uStore.
StoreFlow Cloud Security and Availability — the security, resilience, and availability controls XMPie operates when it hosts uStore for you.

The recommendations in this article are general guidance for self-hosted deployments and do not modify the terms of your XMPie Software License and Services Agreement. The information above can change from time to time and is true as of the last review date of this document.

Created by: Nahum Cohen, last updated on June 2026