Provisioning a New Drupal Site

  • Faculty & Staff
  • Visitors & Others

In order to begin developing a new Drupal site it is important to first follow some provisioning guidelines. Regardless of whether or not your new Drupal site will be developed on SAS Computing hosts, you must first conduct a Security and Privacy Impact Assessment, or SPIA, evaluation of the new site. To begin a SPIA evaluation please contact the information security group. The SPIA process will help determine if extra security and privacy protective measures should be put in place for your new Drupal site. Once you have initiated the SPIA evaluation, you can either begin development on third party development servers that comply with SAS configuration guidelines and our approved modules. Be sure to review the security and style guidelines before you begin work to save having to change the site once it is developed. If you wish to develop your site on our test environment please contact the ISUS group at Once we set up a new site for development you will be given shell access for customizations. Bear in mind that a valid PennKey is required for this access.


Developers may choose one of two methods for which to develop new Drupal sites. Each method requires different considerations:

Non-Penn Hosted Dev Environment

If a developer so chooses he/she/they may host their own development environment. SAS Computing can provide documentation as to the current version of the software stack supporting Drupal (including MySQL, Apache, PHP, Drupal, modules, etc.). Development environments should be made to match these specifications as closely as possible to avoid deployment problems.

If developers choose to maintain their own dev environments then no access to Penn systems will be required. Once the project is complete, the developer can deliver the MySQL database and the required templates, themes, and module code to Penn staff for deployment.

Penn Hosted Dev Environment

SAS Computing maintains a development server that mimics our live server in almost every way. Drupal code is synchronized to this development environment directly from the live server. This development environment is a multi-site Drupal installation so it closely replicates the live server.

In order for an outside developer to get shell access to the development server they will be required to get a PennKey. Only PennKey holders will be given accounts to the development environment. Without first obtaining a PennKey, development on our testing server is impossible. Please initiate a PennKey request as soon as possible if you intend to utilize the Penn hosted development environment.

Access to the Penn development environment is granted via SSH (which supports SFTP). Developers will be given access to their home directory and the 'sites' directory for the site they are developing. Shell access will allow developers to interact with MySQL using the account assigned to the Drupal site. No additional ports or software will be opened or installed on the testing environment for database access (no PHPMyAdmin or remote port 3306 access). It is possible to tunnel connections over SSH so a remote developer could access the MySQL database using GUI tools from their local environment by tunneling the connection.


During development and for the purposes of testing, new Drupal sites will be installed on a development environment that mimics the production environment. All changes and updates to code, as well as development, should be finalized on the testing environment. Once code is deemed stable it will be ported to Virgo by SAS Computing staff only after a thorough security audit. In order to speed this transition, as well as to insure the safety and security of all sites on the testing environment it is important to adhere to all security guidelines at every stage of development.