Drupal Agency in Zurich
Corporate system environments are becoming more complex every day. And users’ expectations of websites are rising: customers, potential customers and employees expect networked and integrated systems with the best user experience.
The current Drupal version 9 follows an API-first approach. By combining a flexible back end and a powerful user management, Drupal enables the fulfillment of these expectations. Complex system landscapes with ERP, PIM or CRM systems, can be seamlessly integrated into the website.
Since 2012, we have been using the open source content management system Drupal and developing scalable enterprise solutions in the cloud.
We have implemented these projects with Drupal
Ronal GroupRonal Wheels Uses Akeneo Integration to Power Its New Drupal Product Platform
Die PostMultilingual Feedback Platform for Employees
Traco PowerNew Drupal Website for Traco Power
Livit AGNew, user-friendly CMS for Livit AG
MobiliarGamification in Business – Mobiliar’s Interactive Manual for Employees
Modern web development with Drupal
The magic of Drupal happens under the hood. Here are some of the technical highlights of the platform.
Decoupled architectures are a big trend in web development. With a frontend framework like Angular JS, Vue.JS or React different peripheral systems can be easily integrated into a website.
Thanks to the integrated core APIs, Drupal is ideally suited for modern and flexible decoupled architectures. Whether GraphQL or REST APIs, both are supported out of the box.
Drupal and Kubernetes
Kubernetes is a portable, extensible, open source platform for managing containerized workloads and services. For very large and complex applications, this approach can simplify maintenance and increase capacity. However, the approach can also lead to high costs and the shift of maintenance overhead from development to operations.
It is not easy to bring Drupal and Kubernetes together because the concept of a CMS framework (i.e. Drupal), where community modules are added to increase functionality, actually contradicts the concept of microservice architectures. Likewise, database redundancy and high availability are not easy to achieve, which is actually one of the main reasons for using Kubernetes. We see the use of cloud database services as a solution instead of the database being in the Kubernetes cluster. A good article on the topic can be found here: https://www.jeffgeerling.com/blog/2019/running-drupal-kubernetes-docker-production
A lot has happened between Drupal 7 and Drupal 8. In particular, specific modules from the PHP framework Symfony have been integrated. Drupal has gained in professionalism, both in terms of development and performance, and continues to expand its position as an enterprise CMS. Drupal 9 continues on the same path.
Frequently asked questions about Drupal
What is the release plan of Drupal?
Below is the release plan as of 21.1.2021.
What’s new with Drupal 9?
Drupal 9 is the continuation of Drupal 8. There are no new features compared to the last version – so Drupal 9 can’t do more than Drupal 8. Of course, the version still brings advantages. The core is freshly cleaned up and optimized. Underlying frameworks from third parties are up to date. All in all, this brings an optimization that pays off in terms of simplicity, performance and security. With Drupal 9, the site is ready for the future. Not to forget: New features are only developed for Drupal 9, which limits the future viability of Drupal 8. Read our blog post «Was ist neu mit Drupal 9?»
How time-consuming are the updates of major versions of Drupal?
There is no backwards compatibility between version 7 and version 8. This means that migrating from Drupal 7 to Drupal 8 is time-consuming and requires a lot of customization. Jumping from Drupal 8 to Drupal 9 (and also to Drupal 10) is much easier because backward compatibility is ensured and only a few code elements need to be adapted. This is more like updating minor versions than a major version update.
What about performance?
Drupal offers excellent performance for your project. Drupal 9 has a sophisticated caching system that significantly improves performance on several levels. Once configured and activated, caching runs completely automatically and significantly increases loading speed.
Caching basically means that a copy of a page is created, which is displayed many times faster the next time the same page is called up. But what if content has been changed in the meantime or if the page contains elements that vary on their own? To this end, Drupal 9 offers developers a comprehensive toolset to cache as much content as possible without sacrificing dynamic content.
Specifically, Drupal 9 is characterized by the following features:
- Precise cache invalidation;
- Precise cache variation;
- Rendering-Pipeline (BigPipe);
- Server-side placeholders for dynamic content;
- Client-side placeholders for dynamic content;
- Full asset dependency information;
What are your security best practices?
The security of your website largely depends on simple best practices that your developers should follow when programming custom modules and themes. These include obvious things like using Twig as the template engine, properly configuring user roles and permissions, and – most importantly – keeping Drupal core and modules updated.
In our company, security is a big issue. Our developers adhere to a strict checklist, which includes the following points:
- Cleaning up the front end to avoid masking of secure markup;
- Cleaning database output to prevent XSS attacks (cross-site scripting);
- Using the Database Abstraction Layer or database abstraction layer to avoid SQL injection attacks;
- Using a custom table prefix;
- In Using read-only storage classes in production environments;
- Disabling unnecessary functionalities and modules;
- Ensuring that no user role has more privileges than intended;
- Not using role names as usernames (such as “Admin” for administrators).
There are numerous detailed guidelines for safe programming. We are particularly convinced by the compilation on drupal.org, which we would like to recommend to all developers.
During development, we check and test all these aspects on an ongoing basis. Before we hand over a website to the client, we also perform a comprehensive security audit.
Other factors we take into account include:
- Installing security updates as soon as they are available;
- Reviewing ratings and relevant user reviews before we install a module;
- Installing and using security modules (Duo Two-Factor Authentication, Login Security, Password Policy, Paranoia, Security Review and others).
We follow the security reports for the Drupal Core and complementary modules very closely. We only consider modules that have been tested by the Drupal Security Team and are considered secure. Of course, we avoid modules that have had security issues before or that have repeatedly been the target of hackers.