Agenda1. Content Management 2. Web Application Framework 3. Architecture principles 1. Modular 2. Event driven 3. Skinnable 4. Secure 5. Accessible 4. Enterprise integration 1. Authentication 2. Content Sharing: Documents 3. Data services 4. Application service 1. Scalable 2. Performance
3. Security compliance: NIST, FISMA, HIPPA 4. Multi-lingual 5. APIs 1. Menu 2. Database 3. Session handling 4. Filtering 5. Cachable 6. Batch processing 7. Module 8. Update 9. Unicode 10. File storage
11. Locale & Language
Content is managed as a central content type called a node. Nodes are extensible by decorating them with fields.
Content features: User accounts
Customizable access and application permissions Revisions
Customizable work flows
Custom content types: CCK in D6, Fields in D7 Webforms
Aggregation: Exporting & Importing
Web based UI for management and administration
Web Application Framework
A full web application frame for building web applications Strongest when the applications are content related
Drupal implements the Presentation Abstraction Control pattern, similar to the MVC pattern
Drupal was started 10 years ago. It is based on technical choices that were the best at the time.
PHP was the most effective web programming language at the time. (Facebook, Yahoo, etc)
Objects were not first class in PHP at the time. Drupal uses
many OO patterns, and makes increasing use of OO language features.
Drupal uses Aspect Oriented Programming through hooks. Principles: Modular, Event driven, Skinnable, Secure,
Drupal is modular so it is customizable and extensible.
There are some 8700 contributed projects on Drupal.org which are a testament to the importance of that modularity.
Drupal provides APIs to achieve control and override core,or contribute module behaviors.
The developer community sees the inability to customize as a bug.
Flexibility comes at a price. Loose coupling can lead to debugging difficulty issues.
Drupal's magically named hook functions interact with events as they are triggered.
Drupal's event listener pattern is key and is similar to OO methods.
Functions and templates that present output to the user, and can be implemented by themes.
Drupal's presentation layer is a pluggable system known as the theme layer. Each theme can take control over most of Drupal's output, and has complete control over the CSS.
Drupal's default template renderer is a simple PHP parsing engine that includes the template and stores the output.
Skilled themers can customize the xhtml output to get the markup they need to style a site.
Drupal provides functions to avoid common security issues Drupal philosophy is to escape or filter when appropriate Provides check functions on output to prevent cross site scripting attacks
The database abstraction layer avoids SQL injection attacks The db_rewrite_sql function is used to respect node access restrictions.
Drupal 7 aims to be compliant with WCAG 2.0:
1. Web Content Accessibility Guidelines (WCAG) 2.0 http:// www.w3.org/TR/WCAG20/
2. The Eleven Most Accessible Drupal 6 Themes
3. Accessibility Best Practices in Drupal Theming
Drupal has extensive integration abilities. These integrations are based on open standards and rely on a wide variety of
mature contributed modules and APIs. 1. Authentication
2. Content Sharing: Documents 3. Data services
Drupal supports two authentication APIs, Drupal's native authentication and OpenID.
Drupal has approximate 350 user access and authentication modules
The services module supports it's own authentication for
services including: XMLRPC, JSON, JSON-RPC, REST, SOAP,
Drupal supports content import and export.
Batch imports can be done with the migration suite. Content can be imported incrementally
Content is extractable from multiple database types Imports and Exports can be done with CSV files
Content can be imported a feeds, or nodes w/ aggregation
Documents can be shared with other content repositories via the Content Management Interoperability Services
Drupal natively exposes data in standard formats xHTML, RSS, XML-RPC, XML, JSON
Web application services
Web Services module supports:
XMLRPC, JSON, JSON-RPC, REST, SOAP, AMF, etc.
Individual Drupal sites are known to scale to 50M PVs/month Acquia has scaled sites to deliver over 5000 PVs/minute
Drupal can be scaled by segmenting services, caching, and using horizontally scaling service layers.
Search and logs can be deployed to external services
Caching: HTTP caching with reverse proxy, Memcache, Opcode caching, Page generation caches, Database caching are all
Load balancers combined with Web servers scale application delivery. Drupal can use read and write databases.
Monitoring and heuristics help to identify system bottlenecks
Performance snapshot tools: Page delivery - YSlow, Database - Maatkit, Drupal - Devel module. PHP-Cache grind
Drupal has been tuned to deliver over 5000 anonymous pages a minute
Large sites like economist and drupal.org deliver sites within 0.5 seconds
Drupal security team has 35 members and reviews reported vulnerabilities.
Regular core and contributed security announcements Drupal is audited by both governments and private sector. Vulnerabilities are reported to the security team and fixed. Drupal based systems are secured and deployed for federal sites, using FIPS 199, FISMA as moderate security
Drupal 6 has localization and internationalization in core. Default language is the fallback. Use translations to deliver users preferred language, or URL based translation.
Translation efforts for modules center at: localize.drupal.org a translation service.
Translation services plug directly into Drupal and perform the service
Contact for additional questions