The Managed Website Environment

The SBSI Approach is based upon a carefully selected and tightly integrated suite of Open Source, Commercial, and SBSI-built components. These components - bundled into our "Master Enterprise Definition" (MED) - allow SBSI to bring the full power of each component to bear without regard to its source implementation (which incidentally includes C, C++, PHP, Perl, and Java). SBSI has selected those components that represent the "Best-Fit" with the overall approach and core design elements. In essence, each peacefully coexists with other elements of the MED, provide a superior feature set, are easily configurable, demonstrate robustness under load, require little (or preferably nothing) in the way of additional development or maintenance tools or resources, and provide a "feature-to-price-ratio" that ensures it is a superior buy for the Customer-base. In order to demonstrate the depth and breadth of the MED, following is a list of a few of the key elements:

• Operating System: Linux (Open Source)
• Web Server: Apache (Open Source)
• Relational Data Base Management: MySQL (Open Source)
• Server Scripting: PHP (Open Source)
• IntraServer Data Synchronization: WebSync (SBSI)
• Authentication and Access Handling: SBSI Authentication (SBSI)
• Page Presentation Management: Common Site Environment (SBSI)
• Administrative Site Management: AdminCentral (SBSI)
• Content Management: Wizards (SBSI)
• Content Editor: Phoundry (Commercial)
• Chat: Digi-Chat (Commercial)
• Post: Digi-Post (Commercial)
• Ecommerce: Fishcart (Commercial)
• Email Server: IMAP (Open Source)
• Site Search: mnoGoSearch (Open Source)
• Dynamic Navigational Menuing: Milonic (Commercial)
• Browser & Connection Capability Recognition: Browserhawk (Commercial)
• Online Website Statistics: awStats (Open Source)

Maintenance Focused - the key focus of the SBSI Approach is to emplace features that enable the Customer to effectively and efficiently perform both content and User management and administration. In virtually all studies, the number one complaint by Users is the "staleness" of information on web sites. In a telling corollary, the number one complaint of web site owners/administrators is that they do not have access to the necessary mechanisms to update and maintain their content in a timely and cost effective manner. SBSI recognized this deficiency over five years ago and initiated the development of the MED to address this specific need. Virtually every aspect, component, and element of the SBSI Approach is related to - or is impacted by - this focus.

Security Integration - Effective security mechanisms must be designed in from the beginning. Providing Customer personnel with the ability to manage and administer their own content and Users via the World Wide Web requires the implementation of strong access control mechanisms to ensure that only the appropriate individuals can modify such information. SBSI architects determined that standard web server authentication is far too limited and unwieldy for effective use. As a result, SBSI developers designed and implemented an authentication and access control mechanism containing the full suite of security features required to support such mechanisms. This core component provides access control for functionality, directories, pages, and data - and even permits access control to the sub-page level, a level of control unique to SBSI. Each User's access is granted and administered individually, and Users can be made members of an unlimited number of "Permission Groups" - each of which can control access to specified applications, directories, pages, and data. Further, "read", "write", and "execute" permissions are administered independently, allowing Authentication Administrators to control not just who can view content, but also who can maintain and administer that content.

However, no security mechanism is perfect and no hosting organization can absolutely guarantee the integrity of a web server. A sufficiently determined "hacker" can - with enough effort - gain access to a publicly-accessible server, even through a dedicated firewall. Once inside, the typical action is to announce this "victory" by altering (or "defacing") some of the website's pages. In order to preclude such mischief, the SBSI MED maintains (through the SBSI-developed Websync component) a "digital fingerprint" of all files in a separate secure location. This fingerprint is essentially a small but unique digital representation of the content of a web-based file and is structured such that no two different files will ever have the same fingerprint. The key feature of this mechanism is that changes to a file will cause its fingerprint to change as well. SBSI leverages this feature to provide automatic intrusion detection and correction of defaced pages. In essence, all files are scanned periodically to compare their current digital fingerprint with the one on record. A difference indicates a successful intrusion, and when detected causes a standard sequence of damage correction actions. First, the responsible administrative personnel are automatically notified of the event (so that they can determine and implement the appropriate actions to prevent recurrence, such as changing the sites root password). Second, the system will automatically "sequester" any defaced file, replacing each with the last known good copy (effectively returning each file to its "pre-defacement" state).

As you can see, SBSI has spent a good deal of time focusing on the Maintenance and Security aspects of our customers websites. The Master Environmental Definition or MED as we call it allows us to use all kinds of different applications from Open Source to Commercial to home grown varieties that all exist comfortably and get vital support from the MED. We allow our customers maximum flexiblity with regards to the content and access functionality while SBSI maintains and secures the site.