By flaviovs on

Hi folks.

When designing an intranet website, one may choose to use an instance of Drupal for the intranet separate from the main company Drupal website. In fact, this is how I've seen being done most of time, using Drupal or not.

Specifically with Drupal, there's another alternative which is to use some ACL modules and theme tweaks to integrate users, templates etc. within the main company website so that users have a single point of access, whereas by providing their credentials (e.g. Drupal user name and password), they can login and access the "intranet" (template changes a bit, a new "intranet" menu appears etc.). The intranet is the website, so to speak.

We're in the process of designing a intranet website for one of our customers, and got stuck in deciding if we should use a separate Drupal or not. Being such a fundamental decision, I decided to forward the discussion here to measure how the Drupal community takes this issue in general.

The list below contains the pros and cons we already idientified for the separate instance alternative (just reverse the logic to somewhat get pros and cons for using a single Drupal instance):

Using separate intranet and website instances — pros

  • Simplified user administration — for example, employers that won't manage the company website won't ever need to have an account there.
  • As a consequence, role management is greatly simplified.
  • There's no risk for someone to publish on the website those intranet content that are not meant to go public, either accidentally or not.
  • Less complexity, less management, less coding — no need for ACL modules, ACL lists, theme switching, etc.
  • Website and intranet can be made to run on different servers. This address some issues that are hard to solve with the integrated solution, for example having sensitive company data stored on servers outside the company.

Cons

  • Employers who are going to manage the company website will have to have two separate Drupal accounts — one on the intranet and another on the website (though this may be mitigated by using some remote login module)
  • Roles must be assigned on each website separately
  • Intranet content that should go public must be manually copied from the intranet to the website (though it just occured me that perhaps there may be some module that do this task already, a là remote publishing using blogapi)

So my question is: what's your take on this? Which pros and cons do you see to build a separate (or integrated) Drupal intranet? In your opinion, which alternative is the best? Why?

Hope to hear your opinion. Thanks in advance.

Comments

WorldFallz’s picture

WorldFallz commented

I'm itching to try to do this with the http://drupal.org/project/domain module the next time I encounter this scenario. I think it has the potential to be the ideal solution.

metastate’s picture

metastate commented

I've had to make this decision recently myself. I decided to build the two sites together, with one Drupal installation. It is for a smaller organization, with only a few people responsible for managing both areas of the site. Therefore, I wanted to make it as easy as possible for them to manage. Having one login to edit content on both "sites" is much simpler and less hassle for the end user I think.

Also, having to maintain one code base instead of two is easier for me and cheaper for my client (they are a non-profit). Upgrades will be done across both sites and new features can be added to both at the same time.

I was seriously considering doing a multi-site installation but was a bit scared off by some of the issues I saw people having, especially with upgrading. Plus, I wasn't confident in my ability to set up the databases to share user tables, which is a priority for me.

The public side of the website is very small and simple - just basic static pages (for now anyway). The intranet/private side of the website will consist of a number of custom content types and will have different levels of access to content based on user roles. The main goal of the intranet is for staff to share information (nothing too high security), submit company forms, etc.

My biggest difficulty so far in combining the two sites under one Drupal installation has been deciding how to set up the access control for the site. Good planning is crucial and I have spent a lot of time researching different ways to utilize access control: content type, taxonomy, url, or a combination of these. I want it to be easy for my client to add content to either area and avoid mistakes of content getting posted to the wrong place, but I also want to allow for flexibility in content being posted in both areas of the site, if need be.

I am still in the researching/planning stage - I start development in about a month - and will try to keep you posted on decisions I've made, problems I've come across, etc. Interested in hearing other people's opinions/experiences.

metastate’s picture

metastate commented

Hmmm... Now that I have looked at the Domain Access module a bit, that might be a good way to go! Particularly because of the Domain Toggle sub-module. Will have to look into it some more.

pabloid’s picture

pabloid commented

I'm approaching the same scenario and I was thinking about using one installation.
Metastate or Flaviovs can you post back your experience?
Was Domain Access a good solution?
I have the problem that some public website content should be displayed in the intranet too.
Thanks

metastate’s picture

metastate commented

I haven't started development on this project yet and I need to run some tests before making a decision. Domain Access might be an option if it plays nicely with other access modules. Each individual piece of content in the intranet section of the site will have two different levels of restricted access. So I want to be sure I avoid any conflicts using multiple access modules on the site.

One option you might want to look at is Taxonomy Access Control. You can setup a taxonomy with the terms "Private" and "Public" and classify each piece of content on your site that way. Then you set permissions so that all users can view Public content and only people with certain user roles can view content tagged as Private.

flaviovs’s picture

flaviovs commented

@pabloid, we rolled out our intranet using a separate database in a multisite Drupal install. Since each site will have half dozen roles, setting up permissions right would require a enormous amount of thinking and work, so we abandoned the single Drupal idea.

Also, one thing that had great impact on our decision is that on the intranet we wanted to have a private filesystem, whereas on the public site theres no need to control access to files. So setting up public file access on the intranet was not an option, but changing the website o use private files would be overkill and likely to cause performance issues. Perhaps if one has some experience with modules that allow sites to have public and private files, then this may not be an issue, but we simply didn't had time to research such modules (I don't even know if one exists).

FVS - https://dmarcpal.com - https://send2t.com

WorldFallz’s picture

WorldFallz commented

just an fyi, there are some modules that address the public/private files issue (ie private_upload, private_download, etc) but I prefer the method described at http://drupal.org/node/189239.

And for d7 filefield replaces the core 'upload' module and you can have both private and public files!