The SBSI Approach

There are as many approaches to web development as there are web developers.  Many are just generalized “me too” approaches; others – like SBSI – focus on specific aspects of web services as their primary “niche”.  SBSI’s primary emphasis is Maintainability – more specifically, Enterprise-class web sites provisioned with a highly capable and useable suite of administrative mechanisms (or “Wizards”) that allow the Customer to fully control the content and presentation of their site in real-time.  For example, maintenance mechanisms are implemented in such a way as to allow the designation of any number of “content administrators”.  Each administrator can then manage – via the World Wide Web - a specifically delineated part (or parts) of the web site but they are not able to modify content controlled by others.

It is important to note that this emphasis on maintainability does not cause a reduction of emphasis on the other core design elements.  All of these elements are fully met in the SBSI solution.  However, beyond simply accomplishing the spirit and intent of each of those elements, SBSI has placed significant focus on reducing the effort and expense required for Customers to mange their own Users and content.  A significant component of this reduction involved selecting and integrating highly effective User mechanisms for User and content management (requiring little or no training).

Accomplishing this in an effective and economical manner required SBSI to take a “clean sheet” view of web site design - effectively allowing SBSI to select from the “best of breed” technologies, techniques, and methodologies as the World Wide Web evolved (and continues to evolve).  One key decision point is the issue of “Open Source” vs. “Commercial Solution”.  As with any other technologies, the World Wide Web development community is strongly divided on this question.  SBSI has– as a company – spent extensive time researching and evaluating all aspects of this question and unequivocally and unapologetically falls in the Open Source camp.  As a result, the prime architectural standard is to “use Open Source material whenever and wherever it meets the requirement, to license available Commercial Solutions only if appropriate Open Source solutions do not exist, and to develop new code as a last resort”.  This allows SBSI to economically satisfy an otherwise very demanding set of requirements.

As indicated above, a clean sheet design view model is used.  As a result of applying Enterprise-class thinking, SBSI overall design approach approximates “mainstream” Enterprise-class solutions, but makes it available to Customers that typically could not afford such an approach.  This resulted in the following five (5) key elements of “the SBSI Approach”:

Hosted Solutions – Providing Integrated Enterprise Services requires the installation, configuration, and integration of a specific set of specialized commercial components, as well as very specific configuration of several non-commercial components.  While it is certainly possible to install solutions on Customer-owned and operated hardware, it would rarely (if ever) be in the Customer’s long-term financial interest to do so.  As a result, it is assumed that SBSI will provide and maintain all required components and elements - effectively delivering the hosted sites’ content and services from SBSI-owned and operated hardware, resident in our Network Operations Center (NOC), and maintained by staff developers and engineers.  Everything required to handle growth and maintenance is provided as the User-base evolves and matures, and ensures availability, reliability, security, and technology-refreshment throughout the life of the Contract.

Server-Centric Processing – An often-overlooked fact of Community web site design is that Users will utilize the site from the widest possible client platform base imaginable.  Users can be expected to connect using machines ranging from 90 MHz Pentium 1s to today’s most current PCs, and with an equally wide variety of memory configurations.  In addition, Users may connect at bandwidths from 56 kbs all the way up to T1 speed.  This means that an effective solution must accommodate Users at the lowest end of this spectrum and still deliver the same general performance experienced by the Users at the top end of the spectrum (because it is a truism that Users with cheap, slow machines nevertheless expect high-end performance).  SBSI has found that the only truly effective way to accomplish this is to perform the bulk of processing associated with page presentation at the web server.

Mainstream web site design typically results in the opposite situation.  In order to reduce the load on the web server (and thereby increase the number of Users that can be accommodated with less expensive hardware), web developers typically send a large amount of unnecessary information to the client (i.e, browser) with each page, requiring the client to determine which part it can use and ignore the rest.  The transmission of such un-useable data, coupled with the attendant local client-side processing, adds significantly to the ultimate page presentation time – particularly in machines with slower processors, less memory, or slower connections.

Conversely, the SBSI Approach is to determine – based on information ascertained regarding each individual User’s current connection speed and computer/browser capability – the precise “right” set of information for each User, and to send only that information to that client.  Extraneous or un-usable information is filtered out or otherwise withheld before transmission, resulting in faster, more consistent page presentation and less sensitivity to the peculiarities of individual platforms.  SBSI has determined that - given properly selected hardware and properly designed software – the significant increase in User satisfaction far outweighs the minor additional load placed on the web server.

Integrated Enterprise Services utilizing Best-Fit Components – As described previously, the SBSI Approach is based upon a carefully selected and tightly integrated suite of Open Source, Commercial, and SBSI-built components.  These components – bundled into our “Master Enterprise Definition” (MED) – allow SBSI to bring the full power of each component to bear without regard to its source implementation (which incidentally includes C, C++, PHP, Perl, and Java).  SBSI has selected those components that represent the “Best-Fit” with the overall approach and core design elements.  In essence, each peacefully coexists with other elements of the MED, provide a superior feature set, are easily configurable, demonstrate robustness under load, require little (or preferably nothing) in the way of additional development or maintenance tools or resources, and provide a “feature-to-price-ratio” that ensures it is a superior buy for the Customer-base.

Maintenance Focus – The key focus of the SBSI Approach is to emplace features that enable the Customer to effectively and efficiently perform both content and User management and administration.  In virtually all studies, the number one complaint by Users is the “staleness” of information on web sites.  In a telling corollary, the number one complaint of web site owners/administrators is that they do not have access to the necessary mechanisms to update and maintain their content in a timely and cost effective manner.  SBSI recognized this deficiency over five years ago and initiated the development of the MED to address this specific need.  Virtually every aspect, component, and element of the SBSI Approach is related to – or is impacted by – this focus.

Security Integration – Effective security mechanisms must be designed in from the beginning.  Providing Customer personnel with the ability to manage and administer their own content and Users via the World Wide Web requires the implementation of strong access control mechanisms to ensure that only the appropriate individuals can modify such information.  SBSI architects determined that standard web server authentication is far too limited and unwieldy for effective use.  As a result, SBSI developers designed and implemented an authentication and access control mechanism containing the full suite of security features required to support such mechanisms.  This core component provides access control for functionality, directories, pages, and data – and even permits access control to the sub-page level, a level of control unique to SBSI.  Each User’s access is granted and administered individually, and Users can be made members of an unlimited number of “Permission Groups” – each of which can control access to specified applications, directories, pages, and data.  Further, “read”, “write”, and “execute” permissions are administered independently, allowing Authentication Administrators to control not just who can view content, but also who can maintain and administer that content.

However, no security mechanism is perfect and no hosting organization can absolutely guarantee the integrity of a web server.  A sufficiently determined “hacker” can – with enough effort – gain access to a publicly-accessible server, even through a dedicated firewall.  Once inside, the typical action is to announce this “victory” by altering (or “defacing”) some of the website’s pages.  In order to preclude such mischief, the SBSI MED maintains (through the SBSI-developed Websync component) a “digital fingerprint” of all files in a separate secure location.  This fingerprint is essentially a small but unique digital representation of the content of a web-based file and is structured such that no two different files will ever have the same fingerprint.  The key feature of this mechanism is that changes to a file will cause its fingerprint to change as well.  SBSI leverages this feature to provide automatic intrusion detection and correction of defaced pages.  In essence, all files are scanned periodically to compare their current digital fingerprint with the one on record.   A difference indicates a successful intrusion, and when detected causes a standard sequence of damage correction actions.  First, the responsible administrative personnel are automatically notified of the event (so that they can determine and implement the appropriate actions to prevent recurrence, such as changing the sites root password).  Second, the system will automatically “sequester” any defaced file, replacing each with the last known good copy (effectively returning each file to its “pre-defacement” state).