Drupal News

Agiledrop.com Blog: Tips to Speed Up Your Drupal Site

Main Drupal Feed - Mon, 10/01/2018 - 13:07
In this post, I highlight some easy to follow tips for speeding up a Drupal website. READ MORE

OpenSense Labs: Leverage Open Source Security In Drupal

Main Drupal Feed - Mon, 10/01/2018 - 12:39
Leverage Open Source Security In Drupal Shankar Mon, 10/01/2018 - 18:09

Think of your best friend who keeps things to himself - a characteristic that would sometimes make it strenuous for you to understand if he is in distress. Juxtapose such a character with another friend who is an open book which makes it a downhill task to know what he is thinking and feeling. Such a correlation can be observed in this digital world where the security of open source software and proprietary software is constantly debated.


Dr. A.P.J Abdul Kalam, former President and renowned scientist of India, once reiterated that “open source codes can easily introduce the users to build security algorithms in the system without the dependence of proprietary platforms”. The security that open source software offers is unparalleled. Drupal, as an open source content management framework, is known for its provision of magnificent security for your online presence and is worth considering.

Getting to know open source software

It was in 1999 when Eric Raymond stipulated that more eyeballs can make the bugs look shallow. He coined the term “Linus’ Law” which was named in honour of Linux creator Linus Torvalds. Since then, it has been almost two decades for continuous usage of Linus’ Law as a doctrine by some to explain the security benefits of open source software.

Given a large enough beta-tester and co-developer base, almost every problem will be characterized quickly and the fix obvious to someone - The Cathedral and the Bazaar by Eric S. Raymond (Lesson 8)

Open source software consists of source code that is openly available for anyone to do inspection, adjustments or improvements. This code may comprise of bugs or issues that require to be flagged.

Furthermore, public availability means attackers could study and exploit the code that emphasises on inculcating code level security practices. Some of the common open source security practices constitute:

  • Governing an inventory of all software used. This data must consist of the version, hash value and the original source of the code.
  • Verification of the availability of security updates and bug fixes. This makes sure that the patch management processes are being done regularly.
  • Testing and scanning the source code. This is performed using code analysers, auditing tools, or a community like Drupal.
  • Make sure that open source applications are in compliance with the existing network architecture to avoid violations of any firewall or security policies.
Myth or fact: Is Open source software more secure than closed source software?

 

Whether it is the Heartbleed incident in 2014, where the vulnerability was discovered in OpenSSL. Or, the Microsoft Vulnerability Exploit in 2014, when credit card information of millions of Home Depot customers was compromised. Both open source and closed source software have a history of encountering security threats. But which one is more secure?

Closed-source software, also known as proprietary software, is only distributed to authorized users with private modification and republishing restrictions. On the flip side, OSS is distributed under a licensing agreement which makes it available for the general public to use and modify for no cost.

It is this ability to modify the code that forms the crux of the argument within the Linux community that open source is more safer and less susceptible to security attacks in comparison to closed source software Microsoft Windows.

OSS allows anyone to rectify the broken code. In contrast, closed source can only be fixed by the vendor. 

So, when more people are testing and fixing the code within the OSS community, open source gradually increases its salience on security over time. Although attacks are still discovered, it has become a lot easier to identify and fix bugs. Open source enthusiasts believe that they experience fewer exploits and their code receives patches more rapidly as there are a plethora of developers contributing to the project.

When digging deeper, the notion that open source platforms offer users the capability to keeping itself relevant with new and altering requirements underpins the argument for open source over closed. OSS does have a reputation of being more secure as the University of Washington states in a report.

Open source security in Drupal Source: AcquiaDrupal Security Team in action

The Drupal open source project has a dedicated team of volunteers who track security-related bugs and release updates. They help in:

  • Resolving security issues that are reported in a Security Advisory.
  • Offering help for contributed module maintainers in fixing security issues.
  • Offering documentation for writing secure code and safeguarding Drupal sites
  • Providing assistance to the infrastructure team for keeping the Drupal.org infrastructure safe.

Anyone, who discovers or learns about a potential error, weakness or a security threat that can compromise the security of Drupal, can submit it to the Drupal security team.

Process cycle

The process cycle of the Drupal security team involves:

  • Analysis of issues and evaluation of potential impact on all the supported releases of Drupal.
  • Mobilizing the maintainer for its removal if found with a valid problem
  • Creation, assessment, and testing of new versions
  • Creation of new releases on Drupal.org
  • Using available communication channels to inform users when issues are fixed
  • Issuing an advisory if the maintainer does resolve the issues within the deadline and recommending to disable the module thereby marking the project as unsupported on Drupal.org.

The security team keeps issues private until there is a fix available for the issue or if the maintainer is not addressing the issue from time-to-time. Once the threat is addressed and a safer version is available, it is publicly announced.

In addition, the security team coordinates the security announcements in release cycles and works with Drupal core and module maintainers. For any concern with the management of security issues, you can also ask security@drupal.org. 

Security features
  • You can enable a secure access to your Drupal site as it has the out-of-the-box support for salting and repeatedly hashing account passwords when they are stored in the database.
  • It also lets you enforce strong password policies, industry-standard authentication practices, session limits, and single sign-on systems.
  • It provides granular access control for giving administrators full control over who gets to see and who gets to modify different parts of a site.
  • You can also configure Drupal for firm database encryption in the top-notch security applications.
  • Its Form API helps in data validation and prevents XSS, CSRF, and other malicious data entry.
  • It limits the login attempts that can be made from a single IP address over a predefined time period. This helps in avoiding brute-force password attacks.
  • Its multilayered cache architecture assists in reducing Denial of Service (DoS) attacks and makes it the best CMS for some of the world’s highest traffic websites like NASA, the University of Oxford, Grammys, Pfizer etc.
  • Notably, the Drupal addresses all of the top 10 security risks of Open Web Application Security Project (OWASP).

Statistical reports

In the 2017 Cloud Security Report by Alert Logic, among open source frameworks assessed for content management and e-commerce, Drupal was reported for the least number of web application attacks.

Source: Alert Logic

Sucuri’s Hacked Website Report also showed that Drupal was the most security-focused CMS with fewer security vulnerabilities reported. It stood on top against leading open source CMSs like Wordpress, Joomla, and Magento.

Source: SucuriChallenges in open source security

Open source software has its share of challenges as well. Equifax’s 2017 breach was notable because of the millions of US consumers who were affected. For the digital transformation to transpire, developers are moving from perfect to fast using open source components as vital assets for swiftly adding common functionality. For letting developers move as swiftly as customers demand, security pros must address some fundamental challenges.

For the digital transformation to transpire, developers are moving from perfect to fast using open source components as vital assets for swiftly adding common functionality

The time between disclosure and exploit is shrinking. Today, there is enough information in the Common Vulnerability and Exposures (CVE) description of a vulnerability consisting of affected software versions and how to execute an attack. Malicious hackers can make use of this information and decrease the time between disclosure and exploit as was witnessed in the case of Equifax.

Identification of open source component vulnerabilities listed in the National Vulnerability Database (NVD) increased by 10% from 2015 to 2016 with a similar increase in 2017. For instance, in components from Maven packages, Node.js packages, PyPi packages, and RubyGems, published vulnerabilities doubled (see graph below).


Security pros must assume that prerelease vulnerability scans are not executed by open source developers. So, software composition analysis (SCA) and frequent updates to open source components will be the responsibility of the enterprise.

Conclusion

Open source security does pose a significant case for itself and can be a better option than a closed source or proprietary software. Also, it is a matter of preference looking at the organisational needs and project requirement, to choose between them for your digital business.

Drupal, as an open source content management framework, comes out as the most secure CMS in comparison to leading players in the market. At Opensense Labs, we have been perpetually offering digital transformation with our strong expertise in Drupal development.

Contact us at hello@opensenselabs.com for amazing web development projects and leverage open source security in Drupal 8.

blog banner blog image open source security Open Source closed source proprietary cms closed source cms open source cms closed source security Drupal 8 Drupal CMS drupal security open source cms vs closed source cms open source cms vs proprietary cms Blog Type Articles Is it a good read ? On

Don't Panic: A blog about Drupal: Recording a pod at DrupalEurope in Darmstadt!

Main Drupal Feed - Sun, 09/30/2018 - 17:50

Not only did DrupalEurope in Darmstadt a couple of weeks ago give me the opportunity to learn more about Drupal and meet old friends and community members - it was also the new start of coming back to doing a pod again.

The Drupal pod Drupalsnack has been on hold for a year when I wrote a book about old commercials found in comic books during the 60s, 70s, 80s and 90s. But when the book now is printed and can be found in stores - it's time to go back to recording a pod.

And the first episode is about DrupalEurope. Me and my podcast colleague Kristoffer took the opportunity to interview Michael Miles who came all the way from Boston, USA, to visit DrupalEurope. I also spoke to Baddysonja - Baddy Breidert - who has been the project manager, leading the masses in organising DrupalEurope, and Kristoffer stopped Dries in the hallway and interviewed him about all the news around Drupal.

All in all, it is great doing a podcast again, and this episode is in English since we did all the interviews in English. Next episode will be in Swedish again, which will be a relief. I consider my English to be quite good, but it is always easier to do a podcast in your native language.

Listen to the DrupalEurope episode of Drupalsnack by clicking here.

Mobile App Zymphonies Theme

Drupal Themes - Sat, 09/29/2018 - 19:35

Mobile App Zymphonies Theme, It is a unique, modern, beautiful, clean, minimal and elegant Drupal responsive theme. This theme has been designed for app landing page, app website, app showcase etc. Read more

Live Demo Advanced Themes

Mobile App Zymphonies Theme is developed using all latest technologies Drupal 8, Bootstrap v4 and Font Awesome v5 etc.

Follow us in Twitter & Like us on Facebook to get free/premium theme updates, Drupal tips, tricks & news

Theme designed & developed by Zymphonies.com

Features

  • Drupal 8 core
  • Bootstrap v4
  • Font Awesome v5
  • Clean Design
  • Mobile-first responsive theme
  • Custom menu bar
  • Light weight theme
  • Fully responsive design
  • Included Sass & Compass source file
    • Colors are stored in Sass variable
    • Well organized Sass code
  • Static home page banner image
Contact Zymphonies

Have Queries? Click here to contact Zymphonies

  • Free theme customization & additional features
  • Drupal custom theme development
  • Drupal website design & development
  • Drupal website migration

Sponsored by Zymphonies

hussainweb.me: Drupal Meetup Bangalore – September 2018

Main Drupal Feed - Sat, 09/29/2018 - 13:54
Another month, another Drupal meetup in Bangalore. This month’s meetup was held at Athenahealth office on Lavelle Road in Bangalore. Since the last month’s meetup was scheduled a week early, there was more than usual gap since the last meetup. This time, we had a full schedule and exciting sessions planned.

Ashday's Digital Ecosystem and Development Tips: 5 More Tips to Get the Most out of Drupal

Main Drupal Feed - Fri, 09/28/2018 - 20:00

Previously, we covered some simple tips that allow you to get more out of Drupal and I think we covered some basics. This time we are going to go a bit deeper to see what Drupal can really do. In the right hands, Drupal can be a very powerful tool for more than just content management. The following tips will take you through a few different topics to get more out of Drupal than ever before. Some of these tips are a bit more on the advanced side, but they are very useful.

Evolving Web: What's New in Drupal 8.6

Main Drupal Feed - Fri, 09/28/2018 - 19:57

Drupal 8.6 was released a couple weeks ago and it’s probably the most exciting release since Drupal 8.0. As you might know, new features are added with each minor release of Drupal 8 (e.g. between 8.5 and 8.6). At first, I thought that this would just change how we test and update our sites. But it’s amazing to see how many new, valuable features are being added in minor versions. These are the features that allow Drupal to constantly evolve and innovate, and keep everyone excited about using Drupal.

Also, minor releases that add features are a great reason to keep your Drupal site up-to-date with the latest minor version!

I tried out Drupal 8.6 the other day and here are some of the highlights. Note that some of these features (Media management, Workspaces) are provided by experimental modules. They are not ready to use in production yet, but are ready to be tested out in development and sandbox environments:

Media

As a Drupal site builder, the media features are a huge step forward. I watch a lot of content editors use Drupal and it’s clear that having media editing work smoothly greatly improves the content editing experience. From the Admin UX research I’ve worked on, better media management is one of the number one things that content editors want.

So, what does media in core provide? You can now add media (images, video, audio, etc) through the WYSIWYG editor and via a new media field. You can re-use media that’s already been added to the site, or upload new items. You can also manage the media via an overview page and add new media items directly without creating content.

Quickstar

Drupal 8.6 comes with a Quickstart command that lets you install Drupal on your machine with a limited number of requirements. This makes it really easy to test out Drupal without installing other software, configuring a VM, or finding a vendor that provides cloud hosting.

I think it’s great to have a feature like this out-of-the-box so that we can have a better experience for newcomers to Drupal. In fact, there’s already updated documentation on Drupal.org about how to install a quick version of Drupal.

Thanks to Matt Grasmick for putting this together!

Out-of-the-box Demo

At DrupalCon Nashville, I tested out the new Umami install profile, which provides a demo of Drupal out-of-the-box. When you install Drupal, you’ll now see the Umami as an option on the install profile step. Umami comes with content, content types, views, and a theme for a recipe website. I think this profile, along with the Quickstart feature will allow developers and site builders new to Drupal to easily test out and demo its features.

Migrate!

Migrate has been around since the first minor release of Drupal 8, it’s the module that allows you to pull content into Drupal 8 from previous versions of Drupal or external sources. Migrate is now a stable module, which means that it will be easier for developers to create custom migrations without worrying about changes to the underlying code. This will also make it easier to write documentation and blog posts about how to do things with Migrate.

There are some features around migrating multilingual content which have been set aside in a separate module (Migrate Drupal Multilingual). This module is an experimental module, as there is still some outstanding work to be done in this area.

Workspaces

You are probably wondering: what is « workspaces »? This is a new, experimental module that allows a site administrator to create a new, parallel version of the site content - e.g. a Staging workspace - that can be deployed to the live site in one go. In Drupal 8.5, content moderation was introduced to Drupal, providing a workflow for content to be drafted, reviewed, and approved by different types of users. Workspaces takes this to the next level, allowing entire sections of content to be staged before publishing.

More Under the Hood

Besides new modules, there have been other improvements made to Drupal under the hood. There have been updates to the experimental Layout Builder module. It is now possible to create blocks via the layout builder interface, which will not show up in the global list of blocks. The process of porting tests from Simpletest to PHPUnit is almost done. Nightwatch.js was added to allow for automated javascript testing.

What’s next?

There are lots of new features planned for Drupal 8.7 including support for JSON API in core, potentially a refresh of the default Drupal admin theme (Seven) and work on features like automatic upgrades. Looking forward to seeing what’s next with Drupal in that release, which will come out early next year. Watch the latest DriesNote here, from Drupal Europe for an overview of the Drupal roadmap and new development in the works.

You can get more information from the blog post on drupal.org and the Drupal 8.6 press release.

Let us know in the comments what’s your favourite part of Drupal 8.6!

+ more awesome articles by Evolving Web

OPTASY: Automatic Updates in Drupal Core? Top Benefits and Main Concerns With Drupal Updating Itself

Main Drupal Feed - Fri, 09/28/2018 - 15:21
Automatic Updates in Drupal Core? Top Benefits and Main Concerns With Drupal Updating Itself radu.simileanu Fri, 09/28/2018 - 15:21

Just imagine... automatic updates in Drupal core.

Such a feature would put an end to all those never-ending debates and ongoing discussions taking place in the Drupal community about the expectations and concerns with implementing such an auto-update system.

Moreover, it would be a much-awaited upgrade for all those users who've been looking for (not to say “longing for) ways to automate Drupal core and modules for... years now. Who've been legitimately asking themselves:

“Why doesn't Drupal offer an auto-update feature like WordPress?”

And how did we get this far? From idea to a steady-growing initiative?
 

hussainweb.me: How to get the current node in a block plugin in Drupal 8

Main Drupal Feed - Fri, 09/28/2018 - 07:27

I was trying to build a block plugin in Drupal 8 recently. The requirement was straight-forward. I would show these blocks on node pages of a certain type. Depending on the values in that node, the block content changes.

The requirements are straight-forward but there are a lot of things to consider in this scenario. [...]

Chocolate Lily: Managing Shared Configuration Part 7: Core Configuration

Main Drupal Feed - Thu, 09/27/2018 - 16:00

This is the seventh and (promise!) penultimate installment in a series presenting work on shared configuration that comes out of the Drutopia initiative and related efforts, beginning with Part 1, Configuration Providers.

In this series we've covered how to create and update reusable packages of configuration in Drupal, otherwise known as features.

In Part 6, we saw how the Features module can be used to package configuration that will be used by multiple different features into a "core" feature. An example is when multiple fields use the same storage. A core feature might provide a field_tags field storage, allowing multiple features to add a field_tags field to different content types. All the features that provide a field would require the core feature.

This approach helps to manage dependencies among different features, but it has at least two major shortcomings.

  • Any site that wants to install even a single feature that's dependent on the core feature will get all the core configuration--whether or not it's needed. For example, if the core feature provides five field storages but only one is required by the dependent feature, all five will still be created on the site.
  • Features from different sets or distributions will have conflicting dependencies. Say we have two different distributions, A and B. An event feature from distribution A requires the distribution A core feature, which provides the field_tags field storage. An article feature from distribution B requires the distribution B core feature, which provides an identical field_tags field storage. The event feature should theoretically be compatible with the article feature. But in practice they can't be installed on the same site, since an attempt to install both core features will raise an exception since configuration provided by the first-installed core feature will already exist on the site when the second is queued for installation.

In this installment we'll look at options for managing shared configuration that's required across multiple features--or multiple distributions.

YG Hotel

Drupal Themes - Thu, 09/27/2018 - 13:14

YG Hotel is modern Drupal theme developed to help you to create a stunning website for Hotels.

Features

  • Drupal 8 core
  • Bootstrap v4.0.0
  • Rooms
  • Explore Rooms
  • Events

Live Demo Download Demo Site

It is highly recommended to install the demo site and customize it to get the exact look. Here is the link for the documentation to install demo site

Demo login credentials : admin / admin@123

Thanks for checking out our theme. We can install the theme in your server for free!

Contact us for free installation


Other YG Business themes


Credits

Drupal theme by Young Globes

Morpht: Simple Social Service links for Drupal 8

Main Drupal Feed - Thu, 09/27/2018 - 11:46

There are couple of online tools, and integration modules to get sharing widget to your site. They rely on JavaScript and the security of your users is questionable. This article will show you how to create a simple yet flexible and safer service sharing widget without line of JavaScript.

Background

The main reason why not to use some of the tools like AddToAny is the security. This is often a case for government or other public facing project such as GovCMS. Sharing widget of these services is not connecting directly to the social service, but it is processed on their servers first. And they can track the user on through the web because of the fingerprint they made. Another reason is that the JS code is often served from a CDN so you don’t know when the code changes and how? Have they put them some malicious script? I don’t want this on my site. And clients often as well. :)

Thankfully each service provide a simple way how to share content and we will use that.

Final example

You can see the final result in action with different styling applied at our example GovCMS 8 demo page (scroll down to the bottom of page).

Site build

First we need to prepare the data structure. For our purpose we will need to create a custom block type, but it can be easily done as a paragraph too.

Custom block name: Social Share
Machine name: [social_share]

And throw in few Boolean fields. One for each service.

Field label: [Human readable name] e.g. “Twitter”
Machine name: [machine_name] e.g. “social_share_twitter” – this one is important and we will use it later.

Go to the manage display screen of the block (/admin/structure/block/block-content/manage/social_share/display) and change the Output format to Custom. Then fill in the Custom output for TRUE with the text you like to see on the link e.g. "Share to twitter".

Now we are able to create a new block of the Social share type and check some of these checkboxes. Users will see only the Labels as result.

Theming

The fun part is changing the output of the field from simple label to actual share link.
First we need to know how the final link looks like.
Links examples:

Facebook: http://www.facebook.com/share.php?u=[PAGE_URL]&title=[PAGE_TITLE] Twitter: http://twitter.com/intent/tweet?status=[PAGE_TITLE]+[PAGE_URL] LinkedIn: http://www.linkedin.com/shareArticle?mini=true&url=[PAGE_URL]&title=[PAGE_TITLE]&source=[BASE_PATH] E-mail: mailto:?subject=Interesting page [PAGE_TITLE]&body=Check out this site I came across [PAGE_URL]

To get it work we need a current page Page URL, Page title, and Base path. Only the page URL is directly accessible from TWIG template. The other two needs to be prepared in preprocess. Lets add these in the theme_name.theme file.

/** * Implements template_preprocess_field(). */ function theme_name_preprocess_field(&$variables, $hook) { switch ($variables['field_name']) { case 'field_social_share_twitter': $request = \Drupal::request(); $route_match = \Drupal::routeMatch(); $title = \Drupal::service('title_resolver') ->getTitle($request, $route_match->getRouteObject()); if (is_array($title)) { $variables['node_title'] = $title['#markup']; } else { $variables['node_title'] = (string) $title; } $variables['base_path'] = base_path(); break; } }

As we probably will have more then one service we should use the DRY approach here. So we create extra function for the variable generation.

/** * Preprocess field_social_share. */ function _theme_name_preprocess_field__social_shares(&$variables) { $request = \Drupal::request(); $route_match = \Drupal::routeMatch(); $title = \Drupal::service('title_resolver') ->getTitle($request, $route_match->getRouteObject()); if (is_array($title)) { $variables['node_title'] = $title['#markup']; } else { $variables['node_title'] = (string) $title; } $variables['base_path'] = base_path(); }

And we than call it for various cases. If some service will need more variables it will be easy to add it in different function. So we don’t process whats not required.

/** * Implements template_preprocess_field(). */ function theme_name_preprocess_field(&$variables, $hook) { switch ($variables['field_name']) { case 'field_social_share_facebook': _theme_name_preprocess_field__social_shares($variables); break; case 'field_social_share_twitter': _theme_name_preprocess_field__social_shares($variables); break; case 'field_social_share_linkedin': _theme_name_preprocess_field__social_shares($variables); break; case 'field_social_share_email': _theme_name_preprocess_field__social_shares($variables); break; } }

Now we have the Node title and Base path prepared to be used in field templates.

Enable twig debug and look in the markup for the checkbox. You will see couple of suggestions, the one we are looking for is field--field-social-share-twitter.html.twig.

As the output should be single link item it is safe to assume we can remove all the labels condition and the single/multiple check as well. On the other hand we need to ensure that if the checkbox is unchecked it will not output any value. That is particularly hard in TWIG as it doesn’t have any universal information about the state of checkbox. It has only access to the actual value. But since we don’t know the value of custom label we cannot use it. However there is a small workaround we can use. Remember we hav not set the FALSE value.
We can check if the field is outputting any #markup. The empty FALSE value will not produce anything, hence the condition will fail.

{% if item.content['#markup'] %}

Here is the full code for field template:

{% set classes = [ 'social-share__service', 'social-share__service--twitter', ] %} {% for item in items %} {% if item.content['#markup'] %} "http://twitter.com/intent/tweet?status={{ node_title }}+{{ url('') }}" title="Share to {{ item.content }}">{{ item.content }} {% endif %} {% endfor %}


For other services you need to adapt it. But it will still follow the same pattern.

And we are done. Now your block should return links to sharing current page to the service.

Pro tip:

So far we have not use any contrib module. But obviously your client would like to have some fancy staying applied. You can add everything in the theme, but that will be only one hardcoded option. For easier live of editors you can use Entity Class formatter module to easily add classes to the block from a select list. You can provide multiple select list for Size, Color, Rounded corners, Style etc.

Result

At this point we have the simple social share widget ready. We can select which predefined services will show in each instance and how will they look. E.g. On blog post you can have sharing for Twitter, Facebook and Email styled as small rounded icons. But with another instance of the block you can have only large squared LinkedIn icon + label shown on Job offering content type.

Further notes

After I wrote first draft of this article new module appeared which work in very similar way. Give it a try at Better Social Sharing Buttons. It will be quicker to get up ad running as it has predefined styles and services, but that can be a drawback at the same time. If I need different style, or extra service it can be harder to add it.

OpenSense Labs: Power Of Microservices Architecture In Drupal Development

Main Drupal Feed - Thu, 09/27/2018 - 11:45
Power Of Microservices Architecture In Drupal Development Shankar Thu, 09/27/2018 - 17:15

One of the reasons why The New York Times is able to catch up to its growing user base is its inclination towards technological advancements. That was evident when it leveraged the power of microservice architecture via a remodelled video publishing platform to scale with their newsroom demands. They also moved their infrastructure to the cloud which resulted in a stable and scalable email platform, powered by a suite of microservices, for sending emails to the readers.


Why are big enterprises like The New York Times leaning towards microservices? Microservices has grown exponentially and holds an astronomical future for the digital businesses. It will be interesting to see how traditional CMS like Drupal finds a place in the world of microservices. But before plunging into all that, one might wonder where did this ‘microservices’ thing originate from?

Tracing the roots in the UNIX world

New Relic has compiled an interesting and brief timeline of the evolution of microservices. Microservices has its roots in the Unix world that takes us back to more than three decades ago.

As a term, microservices was first documented in 2011 by Martin Fowler

Service-oriented architecture (SOA), a design principle where services are offered to other components by application components via communication protocol over a network, was all the rage decades ago. Due to a superabundance of failures and costly implementations, the SOA earned a poor reputation and took a backseat. Martin Fowler, among others, has said that microservices are a new spin on SOA.

As a term, it was first documented in 2011 by Fowler at a software architects’ workshop.

In 2012, a presentation was given by James Lewis at the 33rd Degree in Krakow which was titled “Microservices - Java, the Unix Way”. This delineated microservices as a means of building software more rapidly by dividing and conquering and used Conway’s Law to structure teams.

Since that time, the adoption of microservice architecture has grown and many organisations are going for microservices as their default style for building enterprise applications.

Understanding the terminology Source: LeanIX GmbH

What are microservices? Microservices are an architecture for splitting a monolithic application into smaller pieces. Each of those pieces offers a certain function through a well-defined and carefully handled API.

The collection delivers the same overall business value like the monolithic application with the difference being these independently working individual pieces in microservices. That means they can be updated swiftly without impacting an entire application.

“The microservice architectural style is an approach to developing a single application as a suite of small services, each running in its own process and communicating with lightweight mechanisms, often an HTTP resource API. These services are built around business capabilities and independently deployable by fully automated deployment machinery. There is a bare minimum of centralized management of these services, which may be written in different programming languages and use different data storage technologies”. - Martin Fowler

"A microservice architectural style is an approach to develop a single application as a suite of small services, each running in its own process and communicating with lightweight mechanisms, often an HTTP resource API".

Netflix is an unsurpassed example of microservices adoption. It moved from a traditional development model with several engineers producing a monolithic DVD-rental application to a microservices architecture. Small teams could focus on the end-to-end development of hundreds of microservices that work together to serve digital entertainment to millions of Netflix customers every day.

Source: LeanIX GmbH

The main difference between monolithic and microservices architecture, as can be seen in the depiction above, is that all the features and functionalities were under a single umbrella. That is, they were under a single instance sharing a single database. With microservices, each feature is allotted a different microservice, managing its own data, and performing a different set of functionalities.

How good or bad are microservices? Source: Logentries

The benefits of microservices are laid out below:

  • Autonomous deployments: You can update a service without having to redeploy the entire application and rollback or roll forward an update during mishaps. Fixing bugs and feature releases are much more manageable with fewer challenges.
  • Autonomous development: Building, testing and deploying a service would need a single development team leading to perpetual innovation and swift release cadence.
  • Small teams: Teams can lay their focus onto one service thereby simplifying the understanding of the codebase with the smaller scope for each service.
  • Isolation of faults: Downtime in one of the services won’t affect the overall application. This does not mean that you get resiliency for free.
  • Tech stack mixture: Technology that is deemed most fit for a service can be selected by the teams.
  • Scalability at granular levels: Independent scaling of services is possible.

Some of the challenges are outlined below:

  • Intricacy: More moving parts are there in microservice application than the equivalent monolithic application.
  • Development and testing: Developing against service dependencies would need a different approach and testing service dependencies is difficult particularly when the application is evolving rapidly.
  • The dearth of administration: The decentralised approach for building microservices may lead to numerous languages and frameworks thereby making it harder to manage.
  • Network congestion and latency: Usage of granular services can result in more inter-service communication. Chances are that if the chain of service dependencies gets too elongated, additional latency can be a challenge.
  • Data integrity: Data consistency can be a hurdle with each microservice responsible for its own data persistence.
  • Management: Correlated logging across services can become a formidable task.
  • Update issues: If not for a careful design, several services updating at a given time could result in backward or forward compatibility.
  • Team skill-set: As the highly distributed systems, microservices require a team with the right mix of skills and experience.
Taking Drupal into the context

Drupal is a monolith. How can it survive this trend of microservices? Drupal, being an amazing content management framework, provides a great content editing experience and has been pioneering digital innovation. With that being said, microservices architecture can be used for development and deployment of applications using Drupal. Let’s see how Drupal can put into the scheme of things.

Demonstration at DrupalCon Vienna 2017

A presentation held at DrupalCon Vienna 2017 demonstrated an effective way of integrating Drupal 8 in a microservices architecture.
 
Drupal 8 proved to be a useful content management framework for this implementing microservices architecture because of its:

  • Symfony components,
  • Composer to manage external dependencies,
  • and the magnificent results of the Web Services and Context Core Initiative (WSCCI).
     


It exhibited the delegation of asynchronous work from Drupal to a set of very reactive applications written in Go with some assistance of RabbitMq queues. Elasticsearch was leveraged as a common data storage between services and REST endpoints were exposed where the endpoints could notify back to Drupal.
 
Furthermore, methods of connecting websocket server to push and pull messages between services were shown. To run all these services in a controlled and replicable manner, services of Ansible and Docker were extracted.

Demonstration at Drupal Developer Days Lisbon 2018

Another session at Drupal Developer Days Lisbon 2018 delineated how the citizen portal of the city of Reykjavik (Iceland) was relaunched using Drupal and microservices.
 
With the incorporation of more than 100 web services ranging from simple services like registering a dog or renewing a driver’s license to the intricate services like the admissions of children to school or updating the residential address.


Powered by Drupal 8, this new portal integrates the services with a microservices architecture using JSON Schema as communication protocol. The microservices architecture was chosen to let centralised data collection and presentation in a single portal while simultaneously incorporating a heterogeneous landscape of services autonomously from one another.

Predictions ahead

Oracle’s Cloud Predictions 2018 report states that by 2020, the lion’s share of new applications will be powered by microservices architectures.

Open source has given a whopping push to the microservices architecture. Its several components support continuous integration and delivery pipelines, microservices platforms, containers, container management and orchestration, container registry service, and serverless capability.

Open source has given a whopping push to the microservices architecture

Adoption of cross-cloud containers like Docker and Kubernetes is on the upwards trajectory and developers consider an open cloud stack to prevent vendor lock-in.

Source: Market Research Future

According to a report on Market Research Future, the microservices architecture market is expected to reach $32.01 billion by 2023 with a Compound Annual Growth Rate (CAGR) of around 16.17% during the forecast period.

Another report on Research and Markets for the forecast period of 2017 to 2023 states that as far as the ‘Market Analysis’ is concerned, the rise in the cloud adoption is integral for microservices market. This is because the microservices architectures function on smaller and simpler services. Also, there is a high demand from North American companies as they have implemented it in e-commerce, financial, and travel services. This has helped in storing data and information cost-effectively and enhanced the efficacy, agility and scalability.

The report on Research and Markets has an interesting ‘Countries and Vertical Analysis’ vis-à-vis microservices. Most of the major players are in the American region with the prominent vendors covered in the report include the likes of Cognizant, IBM Corporation, Datawire, Salesforce, Infosys Ltd., MuleSoft Inc., and Software AG. Japan, the US and China are expected to witness a tremendous growth in microservices adoption.

Conclusion

Microservices architectures streamline the overall application development lifecycle leading to quicker testing, higher quality and more releases. Such an architecture can be hugely useful for efficient management of Drupal-based projects. Innovation has always been something Drupal is greatly supportive of. Adopting a microservice architecture for Drupal development is possible and is extremely fruitful.

Organisations should be wary of their digital business ecosystem and should understand the challenges that they might have to encounter during its adoption. Opensense Labs has been in the constant pursuit of bringing a positive change for our valued partners with our expertise in Drupal.

Contact us at hello@opensenselabs.com to know more about microservices architectures and its value to your organisational setup.

blog banner blog image microservices Drupal microservices Drupal 8 Drupal CMS Drupal and microservices UNIX Service-oriented architecture SOA Microservices architecture DrupalCon Drupal Developer Days monolithic monolithic architecture Blog Type Articles Is it a good read ? On

YG Aesthetic

Drupal Themes - Thu, 09/27/2018 - 09:57

what is it field

Drupal News Org - Thu, 09/27/2018 - 09:51

Information technologies are omnipresent, yet IT engineering remains a mystery to many. To most people, an IT engineer is a wizard behind the screen who makes sure computers work smoothly. To an extent, they might be right, but there is much more to the vocation than just installing a firewall and updating the OS.

And it is important to differentiate between career paths here, because the sector is so prolific and ever-changing, that knowing what exactly to expect from it is the key to becoming a happy IT engineer. Firstly, IT engineers may either specialize in software development or computer hardware engineering. The first includes computer programming and smartphone apps, and the latter – designing physical products.

what is it field

Drupal version: Drupal 4.5.x or older

Dyniva Admin

Drupal Themes - Thu, 09/27/2018 - 06:28

Great admin theme coming soon..

Matt Glaman: Tracking changes in Migrate with dynamic row hashes

Main Drupal Feed - Thu, 09/27/2018 - 06:00
Tracking changes in Migrate with dynamic row hashes Thu, 09/27/2018 - 01:00 mglaman

When it comes to Drupal and external data, I use Migrate. A lot. Like a lot, lot, lot. Many times this data is being imported over CSV files that are pushed to a server at some defined interval. Usually, the data can be derived directly from the CSV file itself, other times a custom process plugin derives data from other information. Drupal's Migrate system has two steps to check if new data should be imported or skipped. First, you can tell the migration source to track changes for each row. Then, if you are tracking changes, it hashes each row of data to see if it has been changed.

ActiveLAMP: Quick Setup with Composer Template for Drupal Projects

Main Drupal Feed - Thu, 09/27/2018 - 00:34

Pairing Composer template for Drupal Projects with Lando gives you a fully working Drupal environment with barely any setup.

Read more...

a-fro.com: Creating Paragraphs Entities for Dynamic Content

Main Drupal Feed - Wed, 09/26/2018 - 17:28

The paragraphs module has become a central ingredient for many component-based sites in recent years. However, our content strategy also often requires components that display dynamic content (think "Read Next", or "Also of Interest"). In this tutorial, I'll demonstrate how we've been solving this problem, by building paragraph bundles that serve as configuration entities that we can then use as arguments that we pass to a view via the Twig Tweak module. You can see a working version of the dynamic content component we'll be building in the "Up Next" card grid at the bottom of this tutorial. 

Commerce Guys: 2018: The Decoupled Summer of Drupal Commerce

Main Drupal Feed - Wed, 09/26/2018 - 15:00

We’ve had several great opportunities this summer to connect with the Drupal community and share our latest work on Drupal Commerce. We’ve been able to highlight specifically our efforts to progressively decouple Drupal Commerce on Drupal 8.

Drupal Camp Asheville 2018
Ryan Szrama gave a demo on Saturday, July 14, based on the Belgrade demo store that provided an overview of Commerce Cart API Flyout. We detailed this work in our recent blog post announcing the feature.

A fully decoupled Drupal Commerce experience—including support for complex forms like checkout—is something that Commerce Guys is committed to delivering by the end of 2019. Until then, our strategy is to progressively decouple the product catalog and shopping cart to help sites scale in addition to opening new user interfaces. In Ryan’s words, “We started with the shopping cart because that’s the obvious way to help large websites avoid a common bottleneck for performance.”

Watch Ryan’s session to learn more about the Commerce Cart API project and see the demo.

Decoupled Drupal Days 2018
Next, Matt Glaman presented his talk “The road to a headless Drupal Commerce future” at Decoupled Drupal Days in NYC.

The session reviewed the development of the Commerce Cart API in greater depth. It covers our research into the RESTful Web Services and contributed JSON API projects (potentially in core soon) as future dependencies that the Cart API can adopt. Matt demonstrated even more progress on the project since Ryan’s demo, including a fully decoupled React based front-end.

This talk put the progressively decoupled Drupal Commerce Add to Cart form and shopping cart on display for the community with the expressed desire that Drupal based merchants will have an out of the box experience rivaling other major e-commerce software platforms.

Drupal Europe 2018
Matt’s session at Drupal Europe covered our latest developments in the Commerce Cart API and Flyout as part of the dedicated eCommerce track. This was an iteration of the Drupal Drupal Days session, including any improvements and additions in the time between Drupal Europe and Decoupled Drupal Days.

If you’re interested in contributing to the roadmap for decoupling Drupal Commerce, connect with Matt to learn where to get involved or how to give us feedback from your implementations.

Pages