Welcome to the E-commerce Wizards Podcast where we feature top leaders in e-commerce and business to discuss proven strategies and trends from people in the trenches. Now, let’s get started with the show.
Guillaume: All right, Guillaume Le Tual here. I’m the host where we feature top leaders in business and e-commerce. Today I have Robert Rand with me who’s Head of Partnerships at JetRails hosting. And today we’ll be talking about the transition from Magento 1 to Magento 2.
Just before we start, we have a sponsorship here. This episode is brought to you by MageMontreal. If a business wants a powerful e-commerce online store that will increase their sales or move piled up dormant inventory to free up cash, and we truly all want that. Or to automate business processes to gain efficiency and reduce human processing error, our company MageMontreal can do that. We have been helping e-commerce stores for over a decade. Here’s a catch, we’re specialized in and only work on the Adobe Magento e-commerce platform. We’re among only a handful of certified Adobe Magento companies in Canada.
We do everything Magento related. If you know someone who needs design, development, maintenance, training, support, debugging, performance analysis and enhancements on your Magento e-commerce store, we got their back. You can email our team [email protected] or visit us at magemontreal.com.
All right, Robert. Back on track, let’s talk about that migration Magento 1 to Magento 2. Let’s start high level, why do merchants needs to do it? Or do they need to do it?
Robert: I think that’s been the question for a few years now. When Magento 2 first hit, it was, at this point a very long time ago, we’re going back to, makes me feel old, 2015 and Magento announced this new platform. It was an entire shift from the Magento 1 code base. Obviously, there’s a lot of similarity. But there was no easy upgrade path. It was no one click or few hours here there. So, that started this debate about when do we upgrade? When is it cost effective? When is it going to be important? And then we finally hit after some delays after the Magento and Adobe teams moved the end of life of Magento 1 forward a bit that gave people a reprieve and said look, instead of three years, we’ll give you basically until June of 2020 in the end to upgrade, and they stopped putting out security patches.
June 30 2020 shifted into a new era for those Magento 1 users. A different era where the original software publishers aren’t providing a security patch for the sites anymore. And I could go on and on about some of the implications of that but that is going to impact PCI compliance, it’s going to impact actual security of the sites. At this juncture, users have choice still, they can secure their stores on Magento 1 using patches from others and other security tools, and there are layers of protection that you would want. They can move to Magento 2, which is a more modern stack, and it does have a lot of improvements and additions.
At this point Magento 1 by and large is a more static platform that you’re operating. Magento 2 is receiving frequent updates from the Adobe team and from the community at large. In that sense, you’re talking about e-commerce as a living breathing ecosystem as an industry. And Magento 1, if you have everything that you need, you might be able to stick with for a while longer. In some cases, it’s possible for years. But for a lot of users, they’re going to want to start to at least plan their migration. And that’s the important factor here.
It all comes down to planning that a lot of businesses waited until now to figure out what they should do, what they want to do. And now that we’ve had a few months without security patches from the Adobe team, I think we’re starting to see the chips on the table and what it actually looks like. Sites haven’t been ‘imploding’, it’s not a Y2K, they haven’t stopped working.
Guillaume: Sites did not explode and that’s it. The anxiety that merchants have right now if they’re still in a Magento 1 store, they generate sales right now. What’s the real risk for them? Could they one day not be able to process, be rejected by a payment processor? What’s the risk for their business to stay on Magento after the end-of-life date?
Robert: There was a lot of fear in the weeks leading up to Magento 1’s end-of-life. Visa put out an advisory, as did other companies in the payment processing world saying, end-of-life software, everyone should be moving on from this, this is not a software that you should be using. They didn’t take into account options to continue to support the product, they either hadn’t researched that far, or weren’t going to put their names out there in that way that they wanted to, in essence, just tell a certain line to tell people hey, look, you’ve got old software time to update.
In reality, there are paths that merchants can choose. One great option that came up leading up to this was Mage One. Mage One is a company that you pay for a subscription to Magento 1 patches. They have a bug bounty program, they have experts in the field, they have partnerships with companies like JetRails and lots of others. And they are standing up patches, they’ve already got a range of patches that they’ve released since Magento 1 hit end-of-life. I believe we’re fast approaching 10 or so of them. They’re active, they’re doing what needs to be done. And they’re making sure that sites can remain secure and in essence compliant. Which really, I think of separately, security and compliance are two different things. Compliance says that you met someone’s rules that are pre-determined. And security really, typically goes above and beyond that, because just because you’ve met someone’s baseline rules doesn’t mean that you’re really doing everything that you should be in a holistic way.
The other major authority that has been stepping up to the plate is a group called OpenMage. Magento is open-source software, and OpenMage has created a fork of Magento 1, basically a version of Magento 1 and they are putting out new versions, they are putting out new features and some security updates. You don’t pay them. It’s available through GitHub, and it gives you a source as well. I think individually, businesses need to take a look between these companies and see which one is going to meet their security needs, which one is going to meet their short term or long-term needs. I don’t think that it’s going to be a holistic answer for everyone deciding on exactly the same metrics, but you have options there. So, in that sense, you shouldn’t be sitting high and dry waiting for a security incident.
The second side of this is dealing with more proactive security in general. Security patches are important. That’s the case for Magento 2, for WordPress, for Drupal, for any open-source platform. It’s basic, but you also need to do other things to lock down your website so that there are layers between hackers and the important information and the code base and the database and everything else.
Guillaume: Are there practices that JetRails would bring to table in this regard?
Robert: Absolutely. When it came to Magento 1 end-of-life, we knew that we had customers that would be potentially in harm’s way. And we looked at it really stringently to try to determine what could we bring to the table that would make sense? We determined that with authorities like Mage One and OpenMage putting out updates, that we were web hosts and not web developers, and that that would be our best use case, we do put out some Magento extensions for integration of systems like CloudFlare and Varnish for caching, to provide certain enhancements, other things, it’s not that we are incapable. But when it came to standing up bug bounty programs and dealing with the intricacies of the platform, it takes a good amount of attention.
Guillaume: It’s not your mission. It’s not your goal.
Robert: That’s right. And we didn’t believe that this should be done by 100 different companies to be done well. We thought that there should be a smaller number of groups really focused on it. And we wanted to support those groups. We have partnerships and relationships and we’re involved in the community at large as such. But there’s that side. On our side, instead of focusing on the security patches, which basically a vulnerability is identified, or some other security issue is identified like there’s a version of PHP that’s going to no longer be supported, no longer get security patches itself. And so you’re going to want to upgrade your Magento website to be compatible with the new version of the PHP software that’s going to run in your Magento hosting environment.
There are things that you are going to get out of those patches that are going to be, in essence, reactive to known information. But then there’s multiple layers of proactive security that we can have in addition, and every Magento user in our opinion, should have. By and large, these are things that we deploy for Magento 2 users as well. There might be some slight differences and certain tools that we use or certain configurations, but we deal with web application firewalling. So basically, locking down the environment, locking down the Magento admin, and other resources that folks from the outside that don’t work as part of the team managing the website, it shouldn’t be accessible to the whole world. There are things that we do that have to do with reactive security layers ourselves.
We’ve got intrusion detection systems and malware scanners and different things that are going to tip us off, if something is awry, and we’ve got a knock and network operation center where we’re monitoring our accounts 24/7, we’re monitoring our clients’ sites. If we see signs, whether it’s a DDoS attack, or a denial-of-service attack of some sort, or some kind of changes to the code base, or otherwise that seem unusual, or connections to the site that seem unusual, we want to notice those things and help address them before it turns into a major incident before there’s a lot of data… let’s say with card skimmers that someone’s injected code into the site that’s going to steal credit cards as people are in the checkout. Well, if you catch that real fast, you’ve really limited any potential damage done. Or if you catch them while they’re trying to break in before they really inject code or do other things.
So, there are layers here that are always supposed to work together, just like in the ‘brick and mortar’ world where you can have security guards, you can have alarm systems, you can have good locks, you can have other best practices.
Guillaume: You have to better the reactive measures. There’s a lot of things that JetRails can put in place to help a merchant on JetRails feel more secure. In the meantime, there’s those two projects, Open Magento and Mage One that you can go with in terms of extending the lifespan of Magento 1 but are there downsides to that game plan? Because you were talking about planning the migration to Magento 2. What’s the downside of trying to extend the lifespan like that?
Robert: That’s a good question. Magento is alive, I mean Magento 1. There’s no question that there’s a lot of users that are still using it, some aren’t accepting credit cards, or debit cards, payment cards as we typically refer to them. Some don’t have the same compliance issues. Maybe it’s used internally within an organization, or maybe it’s used as an online catalog, and there’s less fear of what’s going on. Someone has done a lot of custom work to that site, it’s going to cost a lot of money to migrate to another platform and there are challenges.
I think for some users, they don’t yet know how pricing has in some cases come down or stabilized for that migration. Because at this point, teams like MageMontreal have worked on so many migration projects, that inevitably, tools and best practices and enhancements to that process come out that makes some of that more streamlined. It’s a more fine-tuned process than some of those early projects in 2015, 2016, etc. I think for some when Magento 1 was really cooking along, I think that was part of the challenge back towards 2015. Magento 1 had really become stable. It was a good place to be and Magento 2 released and it was not stable. A lot of people initially heard a lot of feedback about Magento 2 being unstable, being buggy, being a tougher platform to work with.
Guillaume: In 2015 that was totally true when it came out 2.0 was not ready at all. But by version 2.2, it was considered very stable and mature. It took them a good two years or more to get there.
Robert: I think that some of the conversation is that there’s history to sort of rewind and people get hardwired on some of those things. That you get a prejudice against something or sometimes you feed into your own bias, so I don’t want to spend the money on it, somebody told me once that it was cumbersome or something else and so I just stick with that. Taking a step back a few weeks ago, there was a major security incident that affected Magento 1 sites, it was labeled card bullied. And there were thousands of Magento 1 sites that were attacked over the course of a long weekend.
A company called Sansec that we partner with, and we utilize some of their security tools, great company. They caught it and helped the Magento 1 ecosystem to deal with that, patches were put out. Now I’ll say that JetRails’ customers were not impacted. Our security held up. I know that that seems overly simplified because it was what’s known as zero day. It was something that hadn’t been seen before and hadn’t been exploited in the wild, it wasn’t an old bug or known issue that someone took advantage of. It’s something that hadn’t yet been taken advantage of. Although from our standpoint, it was, I don’t want to overstate and say obvious. But it had to do with a portion of the website that only admins should really have access to in the first place. And that in our configuration wasn’t open to the public, for hackers to be able to attack.
This is the sort of thing that could have happened with another platform. Like I said, it’s a zero day, it’s not something that there was a patch out for one way or the other. And patches were put out by these patching authorities like Mage One to help lock things down. But for users that had more secure web hosting, they were in better shape in the first place. Taking that sort of a step forward, there are Magento 1 users that are doing perfectly well and that haven’t broken ground on a new site yet. And that’s okay. On the flip side, there are things coming out for Magento 2 that make it really interesting. There’s a movement now that’s underway toward PWA Progressive Web Apps, which allows for a very fast, a very user-friendly front-end interface for the website. And it can be more like a mobile app experience. And you can even save a tile to your mobile device.
Guillaume: PWA is predicted to kill about 50% of the native app market in the next coming year. That’s just how powerful that change is.
Robert: So, Magento 2 I just put up the article on October 15. Magento released their latest updates for Magento 2. And in that article, I mentioned that PWA Studio, which is a product for Magento of Magento reached version 8. So, they keep moving forward with this solution. With its own front-end theme, its own framework for the front-end that makes it easier to experience that PWA technology to deliver it to your users. It is not something that every site is going to have by 2021.
Guillaume: It’s already in market but it’s one example that with Magento 1, you’re stuck with old technology, you’re stuck with DHS, and you’re not getting the new DVD and Blu-ray and these easy stuff, you’re stuck with the old stuff.
Robert: That’s right. Think about it like this, once Magento 2 was out, the Magento team really focused on putting out new features for Magento 2. On the JetRails podcast, we’ve tackled this, I believe we tackled it in the JetRails blog as well. The progression of Magento 2, that sometimes it’s hard to even get a pulse on it until you go back and look at all of the deployments of Magento 2.0, 2.1, 2.2, 2.3, 2.4, and see what’s there that wasn’t there back in Magento 1 and there are a number of items. I think that that’s something that businesses need to always look at. And it’s a question of value. So, you sit there and you say what are these things worth to me? You look at some of the other questions around security and compliance and just other things that are important to you as a business and you make a decision. And in some cases, let’s say that your site is a few years old already and it’s time for a new theme. It’s time for a refresh anyway.
Guillaume: That’s the point of reinvesting, is it a safe investment to put money back in Magento 1? Because on the point of view, is sort of the web opinion is a heavy no. And what’s your point of view on it?
Robert: Yeah. So firstly, if you’re going to do a full redesign, if you’re looking to go with a PWA front-end experience, or you’re otherwise going to be doing some heavy retooling there. You have to say to yourself, well, if I’m going to dump 100 hours at whatever hourly rate of labor into that, that could go toward my Magento 2 project where I’d have to start with a fresh theme anyway, wouldn’t that start to make some sense to rip the band aid off and go for the newer stack? I think the same applies in some cases, once you start to get down to Magento extensions and integrations, there really aren’t any wealth of integrations or extensions being written for Magento 1 anymore, certainly on a case-by-case basis.
Guillaume: They’re even removed from the marketplace. On the marketplace you cannot download Magento 1 extension, you have to go directly to some vendors’ website to get them and they have no more updates, no more patches, there’s nothing new being built.
Robert: Yeah, I mean some are still supporting, some are still patching. I have another article on the JetRails blog that just went up on Friday, that talks about Magento 1 as it relates to what’s happened. Basically, what we’re talking about today, what’s happened since June 30, or since July 1, perhaps. Depending on whose math you use for Genex, has suggested that there are still about 200,000 Magento 1 sites in the wild, Sansec is saying closer to maybe a little under 100,000. So regardless of whether it’s 100,000, or 200,000, obviously a huge discrepancy there. But it’s a lot of sites. For some of these extension developers, and some of these teams, they still have more users on Magento 1 than Magento 2, it’s not unusual.
So, not everyone has stopped patching or supporting those users. And I think that that’s an important distinction. And I think that’s what’s happened across the board. Going back to the earlier statement about before Magento 1 hit end of life, some of the payment processors and folks were throwing up some warnings, including big companies like PayPal, saying, putting out messaging to a lot of their users on Magento 1 saying that they weren’t going to continue to support Magento 1.
Guillaume: Right, it’s a pretty threatening message for merchants. I had merchants talking to me and saying, hey, are PayPal going to cut me? Am I at risk of not being able to be transactional anymore on my website like tomorrow? What’s my risk?
Robert: We had a lot of those similar conversations. I was running into conspiracy theories, because I don’t think these companies sit down. It’s going to come out poorly, but I don’t think that they’re organized in that way with something like that. At this point, Braintree is the only payment processor native in Magento 2.4. Everything else you have to add. Magento had a program with PayPal to give people some kind of upgrade financing to get from M1 to M2. There were certain things there that some people pointed to, but as opposed to business minded people, I really think that this has been a case and we saw this at other payment processors. This came down to compliance, this came down to security, the security minded folks took a look at a balance sheet, risk sheet, that’s what they do for a living. And they said we have X number of Magento 1 users, if there is a security incident, and they’re not PCI compliant, and we allowed them to keep processing without being PCI compliant, we’re going to have some liability here. And we’re going to take action X as a result. And that’s what we saw a variety of payment processors doing. But in the end, even with some of that strong language, it didn’t wind up from everywhere that I’ve seen coming to fruition that I’m yet to find payment processors that really cut ties with their Magento 1 merchants.
Guillaume: Yeah, I think they’re barking for now. But the real question is, will they bite? No.
Robert: I spent a lot of time reaching out to a lot of my friends in payment processing. We have several partnerships that we made sure we’re on the ready. In case any of that was really happening because we don’t mind merchants feeling some pressure to make some decisions, that otherwise, things can really stagnate. But we didn’t want our users just being left high and dry. And we know that for our customers, we’re more of a white glove service as a web host. We have those conversations and some of our clients may not be working with an agency. So, we’re their eyes and ears into the Magento community in many cases. It’s a challenge.
We made sure that we had several reputable major firms ready, that we’re going to be happy to service them if companies like PayPal pulled out of that market. It’s PayPal’s right to do so, I don’t hold anything against them. If they were going to do that, I think they could have given users more notice. But it’s a string of events. I think that until Visa and companies of similar relation. We’re reaching out to these issuing banks and these payment processors and saying, yeah, Magento 1 end-of-life. And we don’t want anything to do with that. I think that they were just doing business as usual. There was a lot of ill will, I’d say, in those weeks, and then very Y2K style, nothing really came of it. Everyone’s lived to fight another day.
Guillaume: But also, the question of understanding that Adobe left a healthy platform as of June 2020. So, it’s not like you’re left with a shipwreck, you’re left with a healthy platform. They’re just saying we will not continue supporting it, we’ll not patch up and we’re moving on something else. The other aspect is the underlying technology under Magento 1. Yes, you can coast along with it but as you were mentioning, like the PWA stuff, just to get back to this in a more, clear way. Magento 1 has a certain old stack of technology, PHP, and so on. And then you have Magento 2 coming with a new stack of technology, that I’m going to call those classic web development features. And then there’s the new generation, that’s PWA. So PWA is still Magento 2, from a technological point of view, you have Magento 1, you have Magento 2, and then you have Magento 2 PWA. It’s again, a new stack of technology to develop on, to build for the future, and so on. So, Adobe sure doesn’t want to develop on the old stack of Magento 1. It is the thing, like, I’m going to invest more in VHF…
Robert: It’s cost prohibitive, that’s why version 2.0, 2.1, 2.2, they’re all end-of-life, they’re not supporting them either. If they’re out there working on updates and patches for every version of software, then they’re burning resources, and they’re not really working on a core platform. In essence, I think that users have to understand that that is the basic policy of Adobe. It’s that they’re going to focus on businesses, they’re going to be upgrading and more future minded.
Guillaume: It’s just logical. You can place a call with an iPhone 3 or a 2010 android phone if you feel like it, but don’t expect the latest feature or anything.
Robert: Don’t expect security updates for Windows XP.
Guillaume: The world moves on.
Robert: I’m an Android phone user. And there’s just so long that those phones stay supported as well with the latest operating systems and security. This is part and parcel of the world that we live in. We’ve talked PWA, there are other things that Magento has certainly released in Magento 2, there’s the two-step native checkout as opposed to the five-step checkout of Magento 1. There’s still a lot of users that are going to use one-step checkout or bolt or something else to further improve the checkout. But nonetheless, they’ve had some varying improvement in the checkout process.
Guillaume: The AI as well, that artificial intelligence. If you go with Magento and say commerce, yes, there’s the Adobe Sensei that are available since roughly May 2020. Regardless how you host it and if you are open source, you can add let’s say the Amazon personalized AI which is the recommendation engine of Amazon. You can have that on your Magento site. The recommendation will not be as thorough as let’s say with Adobe Sensei not because of the recommendation engine itself, not because of the technology there, it’s more about the integration within Magento that you install the plugin which allows you to use let’s say Amazon personalized on your Magento site.
There are plugins for that on the marketplace. But you have so many new techs are really cool. When you use AI to let’s say recommend personalized products, personal recommendation. Imagine you go on Netflix, and everybody would see the same recommendation makes no sense. Maybe my wife’s recommendation would be different from my recommendation. It’s not the same thing we want to watch and my kids don’t want to watch the same stuff for sure. You cannot have the same recommendation.
Robert: Yeah, which I think of in a very similar way. You’re trying to find product in a store and think about it. I always talk about like having a sales clerk in a physical store. If the clerk says no, we don’t have that, or yeah, it’s on aisle 12 when it’s really on aisle two, you’re not making a sale, it’s a bad experience, no one’s happy. Magento 1 site search feature was very weak, it was very basic. Now some people are already using a more advanced system like Searchspring, fantastic. But for folks that want to stick open source that aren’t looking to add an expense there, Magento 2 integrates Elasticsearch natively. So, you get additional improvement and additional benefit off the shelf. And if it’s something that you didn’t know, weren’t already addressing in a better way, in the first place, it’s great.
Multi-source inventory is another feature that came out in Magento 2. Where if you’ve got multiple stores or multiple warehouses, and you need to track the inventory that’s available in different locations and create rules and do things based on that, Magento 2 is much better equipped to handle that than if you would have built on top of the M1 was.
Guillaume: Yeah, same thing while we’re talking about search. It’s in the roadmap for 2021, to add AI to the search of Magento. So, it’s part of those all kind of new features to get with the software. It’s of course, still alive and evolving versus sticking to the old software.
Robert: There were security enhancements, whether it’s including Google reCAPTCHA, or now 2-factor authentication. For Magento 1 our team actually wrote 2-factor authentication extension that would help protect the Magento admin and lots of users still using it, it’s on GitHub, it’s free, we did it as a service for the community. We don’t usually charge for any of our extensions. The benefit is making it harder for someone to break into your Magento admin. And it’s something that Magento recognized enough to develop something in the core for Magento 2. If you don’t have it yet, go get that extension. It’s free, it’s on GitHub, it’s great. There’s a lot about that’s happening.
There’s also new native integrations and things, partnerships that Magento has, that they’ve added new things that you can leverage from third parties. No shortage of opportunities.
Guillaume: We’ve covered security issues fairly well. And all the new benefits of switching to the new platform, not totally, but we’ve covered a lot in that it can be an exciting experience, actually, if you’re due to re-invent, redesign your user experience and get all the new features and new and latest knowledge and so on, and you build for the future, because reinvesting into Magento 1 is, of course, not just risky, it’s lots money, pretty much.
Now there are options were talking about that you can extend the lifespan of your Magento 1. You can go to hosting like JetRails with added security measure, you guys will help them with either Mage One or OpenMage with security patches.
Robert: Absolutely, they get to choose where they want to get their software from. We can advise them, which we’re happy to do. But at the end of the day, we believe that merchants should have choice, whether they want to use the wealth that we partner with CloudFlare or security or other companies. They have some choice, we’ll make strong recommendations. But we believe in that open-source community and in working with these systems, they’re going to best support those developers and those website owners absolutely.
Guillaume: Right. Let’s say what’s compatible between Magento 1 and Magento 2? There’s stuff they can import, right?
Robert: So by and large, moving over, the data needs a little bit of freshening up on the way over. There are tools for that and teams that are very experienced with it, like MageMontreal. But moving over the data, and even perhaps some of the settings is not necessarily the hardest part. I would say that the biggest part of the job, from my perspective, is going to have to do with the front-end development. So theming, and it’s going to have to deal with extensions and any customization of the platform. Most people chose Magento 1 because of its flexibility and malleability because they could customize it to do what they wanted to do. Now, software that was built for Windows XP versus software that’s built for Windows 10 or the same could be said for other operating systems.
In some cases, you need to go out and get new extensions or have extensions built for you that are compatible or ported over in a particular way, it’s not the same platform. So, between those things, the data migration, the theming, the extension or installation and customization portions, there’s a lot of things happening aside from any final touch up around content and testing and go live. From the hosting vantage point, we spin up a fresh server. While we have users that have upgraded in place, in essence, they’ve stood up a Magento 2 site within their existing Magento 1 servers that we operate for them are within the AWS or other cloud accounts that we operate for them. Most have a spin up a fresh dev environment. And that may become their staging or production environment later.
But we start fresh because just like a house, imagine how much clutter you have after 10 years. If you think about an old computer, and how many things you’ve installed, who’s used, it what’s going on with it, sometimes it’s just better to start with something clean that you know isn’t cluttered up. Start with applying security principles properly from the onset. And so that includes things like least privileged access, making sure that everything that should be locked down is locked down, and everything is PCI compliant, and so on and so forth. And everything is optimized for Magento 2. There are some core differences.
We’ve got an article on the blog as well about differences between hosting Magento 1 and Magento 2. Some of it comes down to things like PHP versions. Some of the pretty subtle differences. There are differences in how you update and manage a Magento 2 site like using composer. There may be some intricacies there. But by and large, a lot of the principles are the same, although I’d say that Magento 2 is a little bit more robust than Magento 1, I will be kind. In some cases, you may want a little bit more server resource for it. If you think about the computing power that a car needed five years ago, or 10 years ago, versus what it can do today, technology upgrades, and it requires a little bit more. So, we look at that case by case, we size out folks, our goal is not to oversell. It’s also not to undersell it but we don’t want to spend up an architect and environment and tailor it and find out that it wasn’t going to meet the particular needs.
You’ll find that a lot of web hosts will just direct you to their website to pick a hosting environment. Or they’ll ask you about things like your revenue, which really has no direct bearing on what your hosting needs are. We’ll actually spend a little bit of time with you, we’ll take a look at your analytics with you. And we will recommend an appropriate environment based on actual need. Based on peak traffic and what’s the volume of information that you’re trying to crunch from your database and things that we know are going to have an impact on the overall performance of the site.
Guillaume: Okay, so you have new servers, environment safe that Magento 2, it’s more optimized for Magento 2 and I’ve seen that in collaborating with you. I totally agree with you also, the front-end, the back-end and pretty much all the code goes to the trash. And we just imported data, which is a benefit could be port of also to any other platform. But there’s a benefit to porting over to the same platform because it’s really…
Robert: It’s much closer to a one-to-one migration versus… some of the SaaS solutions don’t really handle product attributes in nearly the same way. It’s just random meta information tied down. In some cases, it can be much more challenging, depending on where you’re going to not only to get some data over but to be able to utilize it in the same way. I will say that in some cases, I’ve seen merchants try to use the same extensions from the same developers for the new version. They had a certain reward point or gift card extension for Magento 1, they’ll try to get the same extension for Magento 2 to try to help make moving that data over the old the existing gift cards, all the existing reward points over to the new site. There are benefits like that, that sometimes you can make your life a little bit easier with.
Guillaume: For reward points, that would be certainly a good approach. But on a general way you’d still want to review every single extension if they’re still relevant like lots of people were using, for example, the product import extension, MagMe and Magento 1. Now pretty much you don’t need MagMe in Magento 2 you know the native import can do all that stuff.
Robert: MagMe, I can’t think of a year where it didn’t make security headlines because it was being terribly abused by hackers. That’s one of those cases where I can’t stand seeing that still installed. Anyway, I appreciate the value proposition of it. But I don’t think it’s been a good solution for the user base in general. But I’m with you that I think that most of the time, if you were to go through just like software, in a computer apps on a phone or tablet, people have hoarded this over time, that it’s taken years of downloading, installing, etc. These different software addons, these modules or extensions, plugins, however you want to label them in Magento vernacular, of course, extensions.
But how many are really bringing value today? How many are worth buying again, installing, maintaining, as they need to be patched on occasion. Any technical depth that they add in terms of more code that could potentially be compromised or slow down your site or cause other issues. If the average site has 20 or 30, extensions, I would guess that maybe a third to half of them are really necessary. And a lot of the rest, they’re just relics, they’re sitting around, they were an interesting idea, they may have had more popularity at another time, but they’re not really going to use. Or due to some of these improvements in Magento 2 that we were talking about things that relate to, you name it, to site search, to checkout, whatever it may be that maybe you don’t need anymore, maybe you don’t want anymore.
Or maybe they were just integrations for things that aren’t really in use anymore, that people don’t use or don’t care about. Payment systems change, shipping systems change, integrations with other systems, maybe there was a day where you were connecting with more coupon websites in an affiliate way, and you’re not anymore. Really depends, you go when you sit down, and I think it’s really a great opportunity to start fresh. And that’s another area where I think a lot of people have been misquoted over time on the process of moving from M1 to M2. Because they basically said, here’s everything that I’ve got, how much to move? And they didn’t really sit down and even they don’t remember what half those extensions are. They don’t even know if they’re really using them or not. They didn’t actually identify what their real scope was. There were too many assumptions on the table.
Guillaume: Yeah, for sure. You need the discovery and planning and it’s the perfect time to reinvent the user’s experience and do even better. You have more experience, maybe it was your first site, maybe it’s your second or third or fourth site. Now you got to go again with another side. It’s perfect timing to reinvent all that.
Robert: Even if you were going to go to another platform and not go to Magento 2, that planning is still just as valuable. And I think that dealing with Magento experts through that planning is extremely helpful, because they know what those extensions were, they were around, they install them for people.
Guillaume: And it’s not everybody will move from Magento 1 to Magento 2. Some will go to other platform, and it will be the right choice. Magento 2 is even more targeted toward the mid-market, midsize enterprise. It can of course, serve a small mom and pop shop, but it’s not the targeted clientele for it. They’re really going after midsize all the way to enterprise but of course, small businesses as well, it’s more like businesses like a million and a half of offline revenue that they’re after.
Robert: I’d say that, from our vantage point of JetRails, that that’s pretty accurate that 10 years ago, when a lot of folks were jumping on Magento 1 in the first place. Other solutions weren’t really readily available. And there are solutions now if they’re doing straight retail basic products small catalog, that they probably don’t need Magento, you know, to do 50,000 or 100,000 dollars in revenue a year. There’re better solutions for that. If you’re trying to treat e-commerce as the primary source of business, as a primary channel within your organization, as an important channel within reorganization that you really want to be on the cutting edge of, you really want a lot of flexibility.
If you really care about your data and you want to stay open source because you don’t want that data being in the hands of a lot of other parties. There are different reasons that you’re going to choose Magento 2, I guess I’ve written more articles than I realized but I had written for one of our industry partners and channel a few months back. An article about why our users have been choosing by and large to go from Magento 1 to Magento 2 and not to other options, because there are other options and there’s no question. And I think in a lot of cases, it did have to do with security and compliance and data. Some of it has to do with pricing and just manifest destiny.
When you go to, for instance, a SaaS platform, you don’t really own the site in the same way. You don’t control which apps are available, you can’t edit those apps in the same way. They’re not extensions, they’re hosted somewhere, you can’t really have the same impact on what those apps are going to cost you long term. Typically, you’re paying somebody for those that are hosted elsewhere. There’re ongoing fees is not like an extension that’s purchased and installed. There’s a lot a lot of unknowns, you can’t control so much of the experience.
Like I said, there are users that were more locked down, more limited experience is going to be perfectly fine. And in some cases, better, more beneficial, simpler experience for company. But if you got value out of that Magento 1 instance, chances are, there’s a reason. I think there’s a lot of moving parts when it comes to the difference between Magento and other systems. But JetRails, we provide single tenant web hosting, dedicated environments. We typically deal with folks that are going to have at least a dedicated server or their own account with AWS or DigitalOcean in the cloud.
We don’t have the small shared hosting and the tens of dollars a month kind of an offering. We don’t find that Magento is really formed. And there are different hosts out there. That’s part of what allows us to provide the really high touch, white glove mission critical support that we do, because that’s what we’re focused on. And we’ve chosen that knowingly. But because we mainly work with businesses that are a little bit more established, I think that that’s part of the interesting line that we saw that there are a lot of users that have gone SaaS, but they’re not really the target audience that we have. Nor do we believe that they’re the target audience that Magento has laid out for Magento 2. I think you got it right, a million dollars and up in annual online revenue, or there abouts depending on their use case.
Guillaume: Yeah, for sure the Magento is about personalized experience. Because often with a SaaS platform, you have very limited control on what you can change. You can change the layout, the colors, but you’re still going to have pretty much the same experience as the competitor. With Magento, you have a more unique approach, you can do whatever you want there. You’ll be able to stand out more and be different. So that’s the first thing. The second thing is Magento has restraint on Business Process automation. A lot of stuff that you would do manually, you can automate, reduce human errors, you can print your shipping labels automatically, that you can stick on boxes, create packaging, how many products fit in a box and stuff like that. You can automate and streamline the experiment and operation aspects. It’s more than just a website, it goes all the way to business process information, that makes a huge difference.
Robert: The SaaS market. If we were to look at a platform like Shopify, there were integrations like MailChimp that came and went, and if you were tied to MailChimp, and now there was no integration anymore, you were high and dry. You were forced to choose another marketing platform rather than something like Magento where you’ve retained choice. The same with things like payments, where if you want to use a different payment processor with Shopify, you’re going to pay a penalty. It’s not your website. The same way that they have something to say about perhaps what products you’re selling, or certain other facets of the site.
I’m not against apps in general, I think that there are lots of cases for integration and using something that’s more than a one-off extension. But apps typically get access to a range of data. And that includes customer data and other things that are really sensitive. Shopify recently had a security incident where some of their employees were caught, basically stealing data from their merchants and selling it. Now, that’s something that they dealt with pretty effectively with the authorities. They didn’t sweep it under the rug. So, I’m not suggesting that the Shopify is okay with that or there can’t be… I don’t know how I want to say this, just put on my comic book hat and say, evildoers out there that are going to make bad choices and do things like that. But at the same time, if every app that you’re using is opening up your data to yet another company, and you need a lot of apps in order to hit the baseline functionality that you need in the long run, that’s something I think that is an industry that we’re still coping with.
The same way that we’re coping with all those app providers. I worked at a web host, right? Is their hosting secure? What standards are they meeting? Is it scalable? Will they have a problem on Black Friday? Is that app going to slow down my website? Do I have any control over it? With an open-source extension, you might be able to gut things out or do certain things to adjust or if you’re really limited to available apps, you’re really limited. And basically, if you don’t like available apps, you have to go and write your own and host it and manage it, at which point, you might as well have started with open source and stuck with it.
Guillaume: Right, and it can slow down the user’s experience. If you have a lot of apps calling external services, they need an answer. If you just have one or two, okay, but if you have a lot that can stack up. And the other point is about regulation and compliance. Some industry will have limitation, the data cannot cross the border and stuff like that. And then you’ll look for more self-hosted solution, that’s for sure.
Robert: Absolutely. And in some of these cases, there’s API throttling and other limitations that you can’t always do what you want to do with that data anyway. You really have to think about it. Again, talking about these folks that are doing some volume, that are more established that I think that you really have to sit down and look at the pros and cons. Because what I’ve seen happen in recent years, are merchants that talk to someone that’s really trying to sell them something. And that’s okay but in that case, you have to talk to someone that’s trying to sell you the other thing too, because the grass is always going to be greener on the other side. If you only look at the pros of something and not the cons, I think that’s a tough way to make a good decision.
Guillaume: Let’s say we want to wrap up. Is there any specific topic that we forgot or anything else that we should cover to talk about that migration of Magento 1 to Magento 2?
Robert: I think we’ve covered a lot of the major bases. I think that the biggest question that came up maybe a few months ago was, do I go to Magento 2.3 or 2.4? 2.4.0 had just come out and so was a little fresh itself. October 15, they released version 2.4.1 and it’s a lot more stable. And as time goes, more of the extensions in the Magento marketplace are being made compatible with the 2.4 family, with the 2.4 track there. I think that that’s perhaps an important question. Whether you go with a more traditional front-end or a PWA front-end, I think is a question we’ve tackled.
Guillaume: It’s a bigger question, PWA or not because there’s one or the other, and there’s no easy switch, it’s a make-over after. But the version, you’re going to have development time anyway. So, most projects will be like three to six months anyway. They’re going to iron out the bugs in 2.4.1 and release the next version. I think the versions are not too much of a problem right now. But for sure, PWA is a big decision.
Robert: And I think that Magento Open Source versus Magento Commerce is another big question that we’ve just scratched at. I do have an article on that one, too. On some of the decision process, some of the questions that merchants will typically ask when trying to figure that out. To me, it really comes down to a cost benefit analysis. Magento Commerce, Magento Enterprises or EE, Enterprise Edition. It includes a large assortment of different additional features. And so that includes things like page builder, which is a great way from the admin side to be able to lay out different landing pages and things with more of a drag and drop style editor. More like you might be familiar with if you’ve ever used an email marketing platform in recent years, things like that.
Some great stuff for B2B organizations. Magento Commerce has some really strong B2B features. But the way that I look at it, you have to be able to use a certain number of these to get value out of it. And it’s not a cheap, long term investment when you think about it over the course of 10 years and the increase and things that come with it. So, you want to make sure that you’re not putting budgets somewhere that’s going to take away from your marketing and growth that’s going to stifle you, that you choose wisely that I see a lot of that question come up from our users.
From a performance standpoint, we have a really great time scaling both. So, we don’t really run into too many issues there. From the hosting standpoint, I think that there have been changes in the landscape. There are hosts that used to be more prevalent in the Magento world that aren’t anymore. At JetRails, our company is around for over 20 years. And there’s a lot of institutional knowledge and really a deep relationship with the Magento community. And what we’ve looked at, there are these shared multi-tenant hosts. We’ve really found what was best performing and what led to the best results for customers long run.
I usually advise people don’t focus holistically and only on the monthly cost. Think about the difference that the loading speed optimization will make in your site. If you’ve got a team working with you on that, think about the security layers that you need, and what your host is including and what they’re actually monitoring and managing for you. Think about the load testing and scalability, if you’re going to know if your site is ready for whether it’s Black Friday, or major marketing campaign. Doesn’t mean that JetRails is going to be the right sell for everyone. Think about the support, the expectations that you have. Do you expect your host to pick up the phone? How quickly do you expect them to respond to a ticket? How many people do you expect to need to go through until you get to resolution on that ticket or call?
You know that all these things time is money in e-commerce. And I think that we’ve all learned through the years that best effort, as they say, in the telecoms, it’s not really what anyone’s looking for. It’s mission critical. Figuring out exactly what your needs and expectations are, and what your flexibility needs are, that we found that there are a lot of web hosts that will spin up a Magento environment, but it’s inflexible, and a lot of Magento extensions won’t work there, a lot of other customizations aren’t compatible.
From the host’s vantage point, it’s really about figuring out what your needs are, and what’s going to work best for you in the long run. What’s going to service you best if you’re paying by the hour for support from your developers. What’s going to be effective there versus having them chase for days and weeks after a host for an issue. We look at those sorts of things. When it comes to developers, it’s the same thing that you want to be thinking about, you want a team that knows the platform, that is going to spend time in understanding and discovering your needs and putting together the right project plan. As soon as you commoditize these things, I think that’s where these projects, usually start to climb.
Guillaume: You need an expert with you, you cannot just shop yourself. You need a CPA and a lawyer, you need a web developer and so on. For sure there are lots of addition, Magento Open Source, Magento Commerce and then commerce either on-premise or commerce cloud. On different choices that you have there and on premise would be to say hosting with you guys and for many of us it’s actually required you have all those. We CBD industries or you have other regulations like online contest, you have all kinds of industry that…
Robert: Sure. All kinds of compliance ….
Guillaime: … compliance stuff from different states and so on that you will have to have your own on-premise environment.
Robert: And the same with some of those larger users. When it comes to scalability, we truly auto scale, we’re elastic. We scale horizontally and vertically in the cloud, where some of the prefab environments have a harder time being able to handle the loads that we can handle much more elegantly. It really comes down to use case and what someone’s individual needs are.
Guillaume: For sure. Okay, so that kind of covers it. That’s the bottom line to wrap this up. You can put Magento 1 on life support to sort of extend this but you should have a game plan to transition to Magento 2. Because any money you reinvest in your Magento 1 is well, eventually a loss for sure. It’s old architecture like your VHS was saying. Nobody reinvests in that where DVD and streaming and HDTV and so on. It’s a new set of technology, and it can be an exciting project. That’s another thing to remember like say hey, I can work on my business, I can improve my customers experience I can improve this whole thing. Doesn’t have to feel like I’m being forced or getting my arm twisted to upgrade to Magento 2 or change to another platform, it’s good.
Robert: That’s right. It all starts with knowing your options. Having that conversation with some great agencies and understanding what the real costs are going to look like, understanding proper hosting environment and costs and long-term expenditure. I think it’s all important to the overall process understanding, Magento Open Source versus Magento Commerce. That process of knowing what your choices are, is empowering, because then it’s a question of when not a question of if. Because it’s understandable that people aren’t going to be on Magento 1 in 10 years. This is a question of figuring out a roadmap for your organization, on an individual basis. And while Yes, this very much is about money. That’s the reason that most people haven’t upgraded, that are on Magento 1. It’s because of cost in both physical dollars and in their own internal resources that have to spearhead from their side the project and the things that they’re responsible for.
I would just say overall, think about all of it as a long-term investment. Think about, okay I’ve gotten a lot out of this car, it’s still running, it’s still getting me to work. But is this my future? Or am I waiting for it to completely break down? What am I doing with it? What would my experience be with an upgrade? What would the benefits be? The same way when you’re trying to choose your agency, the same way when you’re trying to choose your web host. It’s not about the very cheapest thing for your business.
If every decision that you made was about the very, very, very cheapest solution that you could come up with, you wouldn’t be in business for all that long. There’s just so long that business is going to operate effectively, and see growth, when you don’t invest into your future. At all points in this decision process, I always try to make sure that people think about it, not just from the short-term cost, but look at it as the long game. What’s my ROI going to be from this? And what’s my satisfaction going to be? Am I going to be happier here? Is this going to be a good move for me? What’s safer? What’s healthier? Just like everything else in life, I could change my own oil for these days, 20 bucks, but I’d much rather drop off the car and have someone else do it. My time is worth more than that.
So, figuring out in life, what’s important and in business, I think equally. Our time is our most valuable commodity. Do you want to keep scratching out this? Or do you want to move forward with it? You’ve got to put yourself in control.
Guillaume: Yep. cost benefit analysis. Where you’re at now, where you want to go with e-commerce growth.
Robert: And risk analysis, which I think not enough people do in the industry. But really the risk of staying on M1 versus risk of going to M2, risk of going with this host versus that host. I actually like and I think more people would sleep better at night if they did a risk analysis on some of these things.
Guillaume: Right. Okay, cool. Thank you for being here, Robert.
Robert: Thanks for having me.
Thanks for listening to the E-commerce Wizards Podcast. We’ll see you again next time and be sure to click subscribe to get future episodes and contact us at magemontreal.com.