Voting starts in March for the Drupal Association Board election.
Tech Coast Angels is the largest angel investment organization in the United States. With over 300 members throughout Southern California, Tech Coast Angels' members have invested over $120 million in over 200 startup companies since their inception in 1997.
Since 2013, Exaltation of Larks has been working with Tech Coast Angels with their online systems, including an extensive Drupal web application that their members use as a deal flow tracker and document management system. Services we’ve provided include support, maintenance, security improvements, performance optimization, and mobile integration.
The web application that Tech Coast Angels uses allows its members to view startup companies' applications for funding, discuss each company's application, and collaborate with one another in researching each company, which then helps them make individual decisions on funding.
Tech Coast Angels was using Drupal before we came on the project. We see why they chose Drupal: there are several specific areas of the website project for which Drupal is an excellent fit. These areas include: user authentication, account management, roles and access control, custom dashboards, complex web forms for membership and funding applications, workflow management, and email notifications.
Exaltation of Larks began this project with a site audit to evaluate the quality and maintainability of the existing Drupal web application and server environment, with a focus on performance optimization and general best practices.
During the site audit, we found Drupal and several contributed modules had been modified from their original versions, which made feature development and regular maintenance such as updates much more complicated. Many of the modules were out of date and required security updates. Several modules were unversioned “development" versions, which made it more difficult to tell if updates were available and if applying any updates would break existing functionality.
With a go-ahead from Tech Coast Angels, we then performed a more in-depth review, which unearthed further security and misconfiguration issues to both the Drupal site and the server environment. We documented them and helped Tech Coast Angels prioritize which ones to tackle first.
First, we brought the modified codebase that had outdated versions — and unversioned development releases — back into mainstream Drupal core and contrib releases.
Many of the upgrades had to do with memory usage and resource management. Page load times were close to a minute for some pages that had thousands of queries. We focused on refactoring some of the code without loss of existing functionality. We moved a lot of the configuration from content-types and views into code using Features. We migrated the website to a current LAMP environment, which included upgrading MySQL from 5.1 to 5.5, which has many performance and memory management improvements. We adjusted MySQL cache parameters to improve performance, and reconfigured both MySQL and Apache to dramatically reduce memory usage, including configuring Apache to use far fewer modules than the original server had been using.
All web hosting is provided by Amazon Web Services (AWS), for which Exaltation of Larks is a delivery partner and infrastructure consultant. We configured the production server to be much more efficient so there was plenty of memory and CPU capacity in case of traffic spikes. The new EC2 server was optimized for more IO operations per second, which substantially reduced overall system latency. Extra costs for the heavy utilization server were easily offset by purchasing a reserved instance.
Performance improvements we made to both the Drupal application and the server environments significantly drove down costs by reducing the hardware requirements necessary to run the Drupal codebase in both staging and production environments.
We also worked on the security issues. There were two types of improvements needed: quick fixes and larger upgrades. Quick fixes to the Drupal web application included enabling Views caching and turning off unneeded modules on the production server. Among these modules were Locale, Devel, and String Overrides.
When initially working with the codebase, we found that it was an exceptionally complicated web application using several forms of access control for nodes, fields, menus, and groups. We used the ACL module to make them all play well together.
Other security upgrades included configuring file permissions so that Apache could not write to Drupal's PHP files; adding SSL and making it mandatory for all connections; responding to and addressing the Heartbleed vulnerability; and using MySQL accounts with the least necessary privileges for accessing MySQL databases. We also implemented a secure backup strategy that transfers site backups to Amazon S3.
Tech Coast Angels also enlisted Exaltation of Larks to help them create an iPhone app. We worked closely with their mobile developers: our task was backend integration. This presented an interesting challenge: Tech Coast Angels’ website used Drupal 6, but the Services module, which provides data in a format that a smartphone app could read, had been discontinued since its maintainers focused their efforts on versions for Drupal 7 and Drupal 8.
We decided to backport the Drupal 7 security fixes and new REST server features in the Services module to the Drupal 6 version. Working with Tech Coast Angels’ mobile application developer team, we used this backported version of Services to create an API that exposed the appropriate data to their iPhone app.
In the future, Exaltation of Larks and Tech Coast Angels plan to work together on a site redesign and an upgrade to Drupal 7. We continue to work with Tech Coast Angels on ongoing feature development and provide support and maintenance services.
Our custom PHP Filter Lock module is available to the Drupal community. We're working to have our Drupal 6 backport merged with the official Services module.
Other organizations involved:
Tech Coast Angels
Other team members:
Mike Panesis – Tech Coast Angels Board of Governors: Chairman
Over time, as many as 9 members of Exaltation of Larks have worked on this project. Our team was made up of a lead project manager, a backup project manager, an account manager, several senior developers, a system administrator, and a tech lead.