The policies outlined below apply to all Drupal sites hosted by UMass Amherst IT. In conjunction to these policies, site developers should always attempt to adhere to both Drupal and general Web development best practices.
All IT hosted Drupal sites are required to maintain a Drupal.org supported version of Drupal. Drupal support is limited to the two latest major versions, with typically a 3-year gap between releases. As a result, Drupal sites will require migration to a new version of Drupal roughly every 3 to 5 years. Drupal's migration process requires significant developer resources and as such, needs to be properly planned and budgeted.
To assist with the migration process, IT will attempt to provide a copy of your site with Drupal's core and contributed modules upgraded to the next major version. It is the responsibility of the site's developer to update the presentation layer (theme, styling, layout) as well as address any bugs/issues that arise as a result of the migration.
IT cannot assist in migrating sites between multiple major versions. If you would like to jump a major Drupal release for your site, it is IT's recommendation that an entirely new site be developed.
Drupal sites are provisioned with many of the most widely used modules on Drupal.org, including:
- advanced help
- google analytics
- module filter
- nice menus
- page title
- shib auth
- shib provision
- views bulk operations
If your site requires any additional modules please request them from email@example.com. Any additional modules must, at a minimum, be hosted on Drupal.org, be actively maintained, and have significant community usage.
IT will update all contributed modules on your site, in response to security vulnerabilities. Additional updates are available upon request. Prior to your site's update, the site's administrator will receive a notification that an updated copy of your site is ready for review on the IT staging server. It is the responsibility of the site's administrator to ensure that module updates do not break site functionality, prior to being applied in production.
Drupal sites are provisioned with Shibboleth authentication (the University's single sign on). By using Shibboleth, users are able to log into the Drupal site using their IT NetID and password. IT also provides the custom UMass Authentication module to help configure your site and simplify the administrative interface.
Vendors without a valid IT NetID will be required to obtain one from IT Account Management.
To help speed the delivery of your site, IT also uses both Varnish and Memcache. Memcache is configured for all provisioned sites and provides an in-memory cache alternative to Drupal's standard database caching. Varnish is a Web application accelerator configured to cache content hosted on IT Web servers. If you have any questions on the implications of these caching mechanisms please contact firstname.lastname@example.org.
IT will perform a vulnerability scan of all sites prior to launch. Any vulnerability detected must be remediated prior to the site going live.
IT requires that all publicly available Web forms use a spam mitigation tool.