Mass hosting Drupal presents particular security, technical, network, integration, and other challenges that require specialized solutions.
There have been significant efforts by individual companies at providing provisioning systems, including Bryght’s Hostmaster platform and CivicSpace’s Civicspace On Demand platform.
This wiki page is an attempt to pull together a listing of the particular problems of mass hosting and what some existing pieces are.
Provisioning system
Details
Solutions needed to manage the creation, configuration, management, backup, and maintenance of client sites (files, databases, mail services, etc.)
Existing solutions
- CivicSpace Taskmanager system.
- Bryght’s Hostmaster and Hostmaster 2 projects.
- May First / People Link (we've worked in their system, don't know it all yet ben-agaric)
Related - Sympal, http://drupal.org/project/sympal_scripts
- Autopilot, http://drupal.org/project/autopilot
- Drupal Automated Staging Toolkit, http://drupal.org/project/dast
Install and update modular custom profiles
Details
Ideally, install systems will be built modularly in such a way that a given install profile can be composed of several pieces that can be combined in various ways, e.g., an ‘administration’ package that handles . A key part of this functionality is ensuring that new objects (nodes, users, etc.) can be created
Existing solutions
- CivicSpace’s “packages” system implements these features.
- Install Profile API, http://drupal.org/project/install_profile_api
Prevent PHP access
Details
While Drupal typically includes PHP access for admin users, in a hosted environment providing all clients with PHP access presents security issues.
Question
Rolling a Drupal site without the possibility of PHP snippets in Views arguments, Block visbility, CCK computed fields, etc, reduces the scope of what one can accomplish in Drupal -- does the mass hosting you envision simply exclude that functionality, or look to replicate it somehow? ~billfitzgerald
Existing solutions
- Paranoia module, http://drupal.org/project/paranoia
- D6 introduced the PHP module, partially addressing the presence of PHP, but the process is incomplete as block configuration is still in PHP.
- Patch to finish the isolation of PHP was not completed for D6, http://drupal.org/node/124158.
Theme design without access to PHP
Details
Custom Drupal theme design typically relies on (usually PHPTemplate) PHP files. Allowing clients to upload PHP files would be an unacceptable security risk.
Existing solutions
The Theme Factory module, http://drupal.org/project/themefactory, developed for CivicSpace On Demand, provides secure and fairly full featured theme design through Smarty.
Hide and require certain modules
Details
Often a hosted solution will need to require certain modules or hide them from client use (so that they cannot be turned off).
Existing solutions
System Mask module developed by CivicSpace, http://drupal.org/project/systemmask
Manage and track client registrations
Bryght has a module for this?
I think MayFirst's is built on Basebuilder (FOSS)
UI for site creation
Existing solutions
- CivicSpace AJAX site creation wizard.