Tom Canavan

In today’s Joomlasphere you have a wealth of options, that includes many fine extensions and services companies that can help build out your Joomla!® website.

One challenge for administrators of ANY software in use is the natural upkeep required. Sometimes upkeep takes the form of simple maintenance, other times that upkeep involves a great deal of urgency due to security reasons.

When we talk ‘security’ in the Joomla!®  space, we often think of patching or removal of malware placed by hackers.

However, that is only one part of ‘security’.  As an example, in the enterprise business space, security indeed is focused heavily on preventing hacking, as an element of security. But there are many elements beyond removal of hacks or patching when we identify what we mean by ‘security’.

The idea of ‘uptime’ and ‘availability’ as in being available for use are also part of a good ‘security’ plan.

In the enterprise space we would refer to the acronym of ‘CIA‘ to describe a better security model. The acronym is described as follows:

Confidentiality this refers to the principle of access controls, ensuring those who should have access to resources has such access. And those who should not are restricted.  For example making sure that authorized users are the only one’s who can access the administrative portion of your websites would be an example of ‘confidentiality’.

Integrity provides the knowledge that if information (data) has been modified then the administrator will know.  For instance a corrupted database, would be an example of lack of integrity, and in a Joomla!® site we would know immediately.

Availability Ensures that we can access systems and resources when needed.  For example, a server powering off would affect “availability”

Take the real world scenario of adding or updating your website’s extension or core files. Let’s say for example, that you download the latest and greatest, extension. While it’s likely to have been thoroughly tested, it was not tested in YOUR environment.  Problems could happen and should be addressed. Furthering our example, let’s say that new extension, updated on your site, suddenly brings your site down – the affect is no different than if you were hacked. The AVAILABILITY of your site is affected.

Rochen offers Joomla!® powered website administrator’s a powerful, and free, management toolset known as Joomla!® Utilities. This multi-featured tool suite is integrated directly into the cPanel® for your web hosting account.

Rochen’s ‘Enterprise Solutions Group’ sat down recently, with Chief Developer, Thomas Whitecotton to gain insight into Joomla!® Utilities.

Interview with Thomas Whitecotton, Chief Developer At Rochen:

ESG: Thomas, thank you for taking time away from Rochen Product Development to speak with our clients through this blog post.  One of the utilities here at Rochen that came out of your group is Joomla! ®  Utilities.  What is it specifically?

TW: Joomla!® Utilities is an exclusive tool set available to Rochen customers. It offers a variety of features to our hosting clients to save time and energy by making managing your Joomla!® Installations easier.

Administrators have 1-click installations of Joomla®, 1-click upgrades to the latest versions and can migrate their Joomla!® Websites from another hosting provider to Rochen very easily.

Usually a migration is tedious and time consuming, but is simple and fast with Joomla!® Utilities.

The toolset gives you the ability to apply security tweaks, fix incorrect file and directory permissions that tend to show up from poor administrative or development practices as well.

ESG: Let’s drill down a bit on the feature set. It includes, as I understand it 10 key attributes:

  1. Migration to Rochen from any other host
  2. Allows you to do a full fresh installation
  3. Hosting Reseller accounts have a Global, single pane of glass view of ALL Joomla!® installations’ in their reseller account
  4. One click update of Joomla!® Core Files.
  5. Quickly clear out the TMP directory for space recovery
  6. Set File and Directory permissions site wide
  7. Applies Security tweaks for MAXIMUM protection
  8. Ability to reset a lost admin password
  9. Ability to CLONE site – merge changes back to production
  10. Delete any installation and immediately remove all files

Those are some much needed and handy features. Focusing in on just a few, tell our readers about the “Ability to CLONE a site..”

TW:  With the CLONING feature, our hosting clients have the ability to establish a mirror version of their site to do testing and development. It’s possible that if changes applied in production could harm the site with no easy way to roll back the changes.

While setting up a duplicate test site with just traditional Joomla!® is simple, the challenge is how to you merge changes back to production

Let me discuss how we solved that using the following operational scenarios to merge “back” or move into production, all the changes.

  • Sections with basic options, which let you choose what portions of the site, such as Templates, User Data, and Posts & Content, will be retained from Live or Staging (cloned) Site.
  • Sections with extra options, which let’s you specify if Live or Staging has the most up to date data for each section, whether you want to keep new data in live and keep new data in staging.
  • Tables with basic options are more granular and work at the database level, offering a la cart selection of tables individually to use from Live or Staging.
  • DB Tables with extra options, which let you, specify if the Live or Staging database has the most up-to-date data for each table, whether you want to keep new data in live and keep new data in staging.

This puts the full control back into the web developer’s hands.  Even if a mistake is made, it’s quickly and easily rolled back.

ESG: Can you give us a couple of scenarios where the CLONE tool would be put to work?

TW:  In the first scenario, or option 1, let’s say for example you have 150 registered users in your site; the administrator CLONES the site to do some work, update, testing or some other task involving change.

You add a “test-user” into the CLONE for the duration of the update/test. Or perhaps remove all of the users you brought over and only use the test-user.

When it comes time to merge the changes back [to production], you choose which database set to keep in production. You use either the data from – Staging or from live.

Comparing that with Option 2, you can choose Live [production], but also opt to keep the “test-users” from the cloned site and migrate them to the production Site.

There is a lot of power and complexity going on behind the scenes to make this simple and easy to use.

ESG: There are a few security options built into the tool set.  Sometime back Joomla!® (similar to the how WordPress has done for years), changed the database prefix  to in effect obfuscate, or hide, the database information from the world. Traditionally the default prefix was ‘ JOS_’ unless a change to it was made.

How does the tool handle this say during installs and migrations?

TW: Changing the prefix, is one of those important security measures that is often missed…  With our utilities the database prefix can be changed at the time of install. As a matter of fact, the installer recommends that the prefix be changed specifically for security purposes, while Joomla!® does make this change in current versions, this has been available from our Joomla!® Tool set since the very early revisions.

ESG: Sounds like terrific tool for Rochen hosting clients.  Where can they learn more?

TW: That’s available on our website at : http://rochenhost.com/cms-utilities/joomla-utilities

ESG: What else is on the horizon?

TW: Well we have several new things in development that will be a huge advance for our hosting clients, you’ll just have to check back with us as we get closer.

ESG:  Well I’m sure our readers will be excited to hear about more about it.. Thomas, it’s been a pleasure thank you for taking your time out of product development to speak with us.

TW:  Thank you , it’s been good sharing about our work.

 ###

Tom Canavan is a member of Rochen’s ‘Enterprise Solutions Group’ focused on creating customized and complex hosting solutions.