5Enterprise Questions about Drupal Is the content model flexible enough?Is it secure?Will Drupal fit within my IT infrastructure?Does Drupal scale?Will Drupal continue to evolve?But the demanding enterprise architect or CIO needs to know more than that the open source project has momentum. He or she has very specific concerns about:The content model behind Drupal: is it flexible enough to support yet-to-be-determined content types, while meeting performance requirements?How Drupal manages users, roles and permissions to both enable high degrees of user interaction while ensuring security and information privacy where appropriateDrupal’s technology stack: how will Drupal fit within the rest of my enterprise infrastructure and business application environment?What is the development environment for Drupal? How will my web and business application teams be able to enhance Drupal or connect web applications with other business systems like CRM or ERP?Will Drupal meet my requirements for web site performance and scalability?Where is Drupal going? With technologies evolving rapidly and new standards making richer and richer web applications possible, and the range of user devices expanding almost daily, how will Drupal grow in order to remain a vibrant web platform?
7How Drupal Manages Users AdministratorAuthenticated UsersAnonymousUsers[this slide builds]Drupal provides an elegant user management framework which makes new, interesting types of social engagement on the web possible.---Users can be “anonymous,” or they can have a profile on a Drupal site and become authenticated users. Authenticated users can be organized into groups, known as roles. As a simple example, anonymous users might be plain readers of public content on a Drupal site, while users in the “authors” role might be able to create new pages or blog posts on the site. Another group of users might be “editors.”Author permissions might only grant users with that role access to public content, plus the pages or posts they have themselves created.Editors, on the other hand, might have permissions giving them access to see all contributed pages and posts, and to update the content of those pages and posts. Furthermore, perhaps only editors have the right to set a custom field like “publication time,” which would specify when the content would go live on the web site.All of these are configurable by the site administrator, and completely customizable.The ability to create custom roles, and to define very specific access control permissions based on those roles, makes great social sites possible. It is simple to define a role such as “Visitor.” Visitors would like to comment on blog posts -- so they create a Drupal log-in, but that role’s permissions may give them only the right to add comments to blog posts. “Customers” might be granted a different custom role, which would entitle them to add content ratings to product pages. These ratings might be visible to “Product Managers,” but invisible to “Visitors.”Suddenly very rich interactive experiences can be offered to visitors, all in accordance with the access appropriate to them individually.Unlimited custom roles, permissions & viewsRolesauthorseditorsGroups of like usersPermissionsCreate PageEdit PageOperations allowed by roleViewsMy PostsAll PostsDetermined by permissions
8Drupal Architecturekey additional information about OO and Drupal:
11It’s All About the Modules Drupal “Core” Modules30 modules800 contributorsDrupal “Community” Modules7,000 modules5,000 contributorsTestingqa.drupal.org with 30k testsModule Extending“Hooks” enable developers to override module behaviors, customize with precisionDrupal is composed of functional components known as modules, and was designed from the get-go to support great extensibility. In fact, the Drupal community regularly “absorbs” contributed modules (created on top of CORE Drupal), making them part of Drupal’s next major platform release.Innovation in the Drupal community works like this:Individual community members identify new functional requirements for their Drupal sites, typically based on their own needs. He or she develop and contribute a new module to the project based on those needs.If others share this requirement, they will investigate and use the module, often contributing patches and bug fixes, along with new capabilities, to improve the module.The more popular a module becomes, the faster it improves in quality - to the benefit of everyone who uses it.If a module becomes popular, or valuable enough, it may be considered for inclusion in a future release of Drupal core.This virtuous cycle of informal, networked collaboration is what drives innovation in the Drupal community, and on the web.Drupal core consists of approx. 30 such modules, which have been created, managed, and maintained by approx 800 community contributors.On top of Drupal core, there are at this time over 7,000 contributed modules -- from approx contributors.Drupal.org hosts a testing environment with over 30,000 test to ensure the stability of core and contributed modulesAnd Drupal is designed around a hook system which makes it possible for your developers to “override” module behavior to meet your organizations custom needs.
12Drupal is Event Driven, Modular Modules “listen” for events to trigger hooks (PHP functions)This hook system - Drupal’s modular, open architecture, is the secret to Drupal’s power as a web application framework. Though originally released ten years ago, Drupal was designed architecturally from the strat around a model where modules “listen” for events... and executes code (or hooks) which are invoked upon those events.Hooks are capable of modifying data while it is being processed and carrying out other actions in response to certain conditions. Some of the more common hooks operate when a node loads, when a form is generated, or when someone saves user information.The important thing to understand about this model is it allows developers to modify the operations of Drupal in many small ways instead of having all that code written up in a single place. Drupal’s Hook system means a developer can add a module to Drupal to expand the functionality of the system, at any time, without needing to rewrite any code.
13Drupal is “Skinnable” via Themes Presentation layer separate from contentCustomize with HTML, CSS & PHPAcross multiple device formatsFor specific user roles, permissions, & contentDynamically respond to contentDrupal’s Theme system illustrates the power and benefit of Drupal’s modular design. Using CSS, HTML, and PHP, Drupal themes control how Drupal content is presented to users or clients of a Drupal site or application.Drupal’s theming system is powerful because it separates the presentation of content from the content itself in the database - modularity that gives site developers and administrators flexiblity so that:1) sites can have unique designs, coordinated with corporate brand guidelines and design standards2) themes can be created to serve content on the basis of requesting client type: if a smartphone or tablet device requests content, Drupal will select a theme and present the content in the format and layout appropriate to devices of that size and screen resolution.3) in addition, themes can be used in conjunction with roles and permissions to ensure that the right content and functionality is presented to the right users, based on their roles and permissions4) themes can also dynamically respond to changes in the content or to user input, or even Modify or replace text (for example the labels) and variables generated by modules
15Is Open Source Software (OSS) Secure? “Continuous and broad peer review, enabled by publicly available source code, supports software reliability and security efforts”This is one of the most frequent questions about any technology and open source is no different. However, with the adoption of open source becoming increasingly mainstream as a critical component with the enterprise, validation of the security of open source software is coming from the same place that validated most proprietary software products and platforms - namely, the US department of defense.Dave Wennergan, the CIO of the US Department of Defense, has clearly stated in 2010 that open source software is secure, thanks to the shared interest of the extremely large and dedicated community, and is approved for usage in some of the highest security environments in the world.David M. Wennergren Department of Defense CIO “Clarifying Guidance Regarding Open Source Software”
16Security in the Drupal Community Drupal security team has 35 membersRegularly published security advisoriesOpen Web Application Security Project Top Ten Vulnerabilities: Audited & PassedProof point:More info: drupalsecurityreport.orgTo ensure that Drupal meets the highest standards for web application security on an ongoing basisc, the Drupal project has a security team of 35 active members. Over the years, this team has continually strengthened Drupal’s core APIs by managing a disciplined process of testing and peer review of code, as well as the distribution of security advisories to the Drupal community. These advisories include, as appropriate, patches to modules, updated versions, or instructions on how to mitigate the security risk (temporary workarounds).The Drupal Security Report details how the Drupal project addresses web application security with their “Top Ten Most Critical Web Application Security Risks” including Injection, Cross-site Scripting (XSS) and others.---
17Enterprise Fit Using Standards External Application IntegrationXMLRPC (Drupal native)The Drupal Services ModuleSOAP (web services)AMFRESTNaturally, Drupal needs to fit within an enterprise environment including other critical applications. Drupal includes native support for XML-RPC, which allows software running on disparate operating systems, running in different environments to make procedure calls over the Internet. This allows Drupal to connect to other applications that might be in the same datacenter, like an ERP system, or over the internet to an application like salesforce.comIn addition, the Drupal services module adds support for other key protocols -- including SOAP, and ActionScript Message Format (AMF).Drupal also adheres to the principles of the “Representational State transfer,” or REST - providing RESTful services for loosely coupled application integration.
18Enterprise Fit Using Standards Database Abstraction LayerCMIS standard for integration with document management systems is available today for Drupal, which is of particular note for internal collaborative applications. -- in Drupal 7, support for RDFa will be standard, as will be support for a new database abstraction layer that will enable broader database support for drupal - including MSFT SQL server and oracle db support.
19Access, Authorization, and Authorization 368 ModulesWrite your own custom integration moduleWith regards to authentication support, Drupal supports the OpenID standard out of the box and modules exist to integrate with enterprise authorization protocols - including LDAP and Microsoft Active Directory, among others, so Drupal can operate within the authentication protocols and identity services that are standard within particular industries.
20Enterprise Content Migration Case study - The Examiner1M pages1M+ comments50k slideshows800k images300k user-created content tagsImplemented “Incremental Migration”No extensive downtime requiredFor many organizations, significant investment has been made in a legacy content management system -- or they have large quantities of content managed in raw HTML.Drupal has native support for content import and export, but the community has accomplished for more ambitious content migration feats than that.The Examiner, and online publication with over 1,000,000 pages of content... a top 100 web site in terms of traffic, and an environment with vast quantities of rich content like images and videos, and with high voumes of “referenced” content like comments and tags...The implemented an “incremental migration,” using core Drupal functionality in conjunction with the Migrate module. They were able to move this kind of volume from the legacy infrastructure to Drupal without long downtimes, and without instability during the partial migration ‘windows.’ Their learning was then contributed back to the community -- and will be included in Drupal 7.
21Multiple Language Support 71 Supported Languages(localize.drupal.org)Drupal’s modular architecture and multi site support, combined with the community’s creation of 71 translations of Drupal core -- make use of Drupal worldwide straight-forward. Many solutions have been created to optimize the translation of application resources, and to accelerate the deployment of complete sites in multiple languages.Drupal’s internationalization and localization capabilities are specifically areas that differentiate Drupal against both proprietary and open source CMS’. Corporations like Nike, Sony, Novell and countless public sector agencies around the globe have deployed Drupal for multi-lingual site deployments due to its strength in this area.
22Why Drupal for the Enterprise Flexible content modelCustom roles & permissionsEstablished security processesEnterprise web architectureProven scalabilityIn this presentation, we’ve discussed why the open source Drupal social publishing system is a good fit for enterprises across websites large and small. Drupal’s open, modular architecture and flexible content model give enterprise developers the freedom they need to build robust, interactive web experiences to engage their audience and grow their brand.Drupal’s native support for custom roles & permissions means that organizations can build compelling social websites that encourage participation. And Drupal has an establish security track record, powering some of the largest, most high profile sites on the web.Architects and site administrators can use Drupal in conjunction with leading web technologies to build massively scalable architectures to support high traffic web sites into the tens of millions page views and beyond.
23Learn More: Drupal TCO Whitepaper To learn more about the cost benefits and potential ROI that can be achieved by deploying Drupal, I encourage you to download our TCO for open source social publishing whitepaper, available on our website.Or contact us with questions at any time.