Fortune 200 Pharmaceutical Company
Six Feet Up spearheaded a large web redevelopment project for a prominent Fortune 200 pharmaceutical company, involving over 30 resources, and resulting in a new website tailor made to the requirements of their global business. The project covered the redevelopment of a destination website for healthcare professionals designed to answer their questions about the company's products. The site took a multi-prong approach, allowing visitors to satisfy their information needs through various channels, such as print, email, downloads and hardcopy requests. The project also aimed to help internal users (staff and various medical liaisons) to easily retrieve information using a more personalized view of the content, and fulfilling customer requests from the repository.
Six Feet Up developed the desired solution based on the open source content management system Plone. We assisted the client in importing several thousands files – complete with their respective metadata and various mapping components – out of the legacy SharePoint system and into Plone. The new system included a strong registration and authentication component, a series of custom content types, strict content management rules, various fulfillment options, a Solr search component and a critical audit trail, as detailed below.
The project began with an initial Planning and Discovery phase. The client had a collaborative decision-making process and their project team included close to 20 members representing various business interests, technical groups and medical needs. The Six Feet Up team spent several weeks listening to each department's desires and concerns, capturing and then carefully documenting them to create a comprehensive set of requirements.
We developed user stories followed by a site map so as to lay out the information architecture and understand how content would be organized. This critical step yielded a comprehensive set of interactive wireframes that the project stakeholders interacted with to simulate how end-users would interact with the application. This got everybody on the same page and helped align expectations.
While the wireframes were being refined, we developed UML diagrams to document the overall system architecture and to serve as technical reference points to the various resources working on the project.
All of this discovery work served to surface issues, allowed us to fully understand the customer's needs for their site, and led to the finalization of design elements. The result was a detailed project plan with a comprehensive Gantt chart, and time estimates. Following this stage, the development work began.
Operating in a highly regulated environment, this major pharmaceutical group needed a hosting system that offered superior security without sacrificing power or extensibility.
Six Feet Up provided high availability hosting for this project for over 4 years, with an uptime of 99.97% or higher, and no single point of failure. Six Feet Up designed the final hosting architecture, which consisted of a total of 19 pieces of hardware. The hosting environment was configured by Six Feet Up for failover with redundant Internet connections, private cloud storage of replicated data and full disaster recovery services.
The new hosting infrastructure was running 3 layers:
1. A web front-end layer running Nginx, Varnish and HAproxy
2. An application layer running the open source CMS Plone
3. A database layer using PostgreSQL as well as large binary object storage on ZFS for storage
Six Feet Up set up HAproxy as the load balancer, and Varnish for caching on the front-end.
The system ran out of two geographically separated colocation facilities, and ZFS was used for data replication to the disaster recovery environment. FreeBSD’s CARP ensured failover for both the web front-end and the database layers. Six Feet Up managed its own BGP and routing to handle up to 4 network service providers.
Finally, the team leveraged PGP encryption to manage the verification of thousands of physician records, as well as encrypting backups to ensure the personal details were safe at rest.
Six Feet Up integrated Plone with Solr, the open source enterprise-grade search engine, so that the search results could be specifically tailored to the client's needs. Plone comes with search out-of-the-box, but does not easily allow for custom indexing rules, spell-checking or synonyms. Solr gave Six Feet Up the control we needed to make sure the search results were relevant. In order to integrate Solr with Plone, a new product called SolrIndex was created. This gives developers an easy way to replace out the standard search index with a Solr-backed one.
In addition to Solr, other search customizations were added:
- The number of results allowed to return is customizable by site administrators in order to address regulatory constraints.
- The system orders search results based on relevance, content type, title or last modified date.
- The system ensures that a specific content type is always returned first in the search results list.
- Administrators can control which metadata is deemed more relevant for search result order.
- An advanced search interface gives site visitors the ability to filter down their results.
- The system provides a limited set of filters for specific user types.
- Users can perform full-text searches of files, such as PDFs and Microsoft Office documents.
- Search result screens can let users view, download, print or order physical items, see document previews and bookmark items. Healthcare professionals can also save their queries.
- Administrators have control over the values displayed in drop-down filter lists through customizable significance/weighting parameters which correspond to metadata on the documents in the repository.
This massive project required a CMS that could support a complex, hierarchical metadata structure combining a controlled vocabulary with the opportunity to introduce divergent keywords. The CMS also needed to support version control, archiving and rollback. It had to formally separate content and structure, and conform to W3C (WAI) accessibility standards. Six Feet Up powered the new site with the open source Plone content management system because it matched most of the client's needs out of the box.
Custom Content Types
Six Feet Up developed a series of custom content types containing various metadata, some of which designed to manage the inventory of both physical resources and digital copyrights.
One of the key features of the project was allowing site administrators to bundle content together into kits that contained a hierarchy of primary and supporting documents. We customized the system to support a variety of complex rules related to the display and availability of those kit items. For instance, primary documents were to always appear in search results above related supporting documents. If it was mandatory for users requesting a document to also get associated primary documents, the system automatically bundled those documents into a kit when the supporting document was requested. Business rules also included the need to automatically remove kits containing a source content item that was deleted or archived.
In addition, workflows were developed to change the visibility of these documents within the search results based on the role of the user. Documents could be private, publicly available for anyone to see, published for logged-in users to see via search results, or in a series of other states for internal review processes.
The system developed by Six Feet Up was backed by close to 20 custom audit reports allowing the client to meet their compliance requirements in case of an FDA audit. The reports also provided valuable business metrics allowing the client to adjust its online strategy. All system activity was logged into a relational database (the open source RDBMS PostgreSQL) in order to allow for ease of dynamic reporting.
Reporting features included:
- Drill-down filters such as date, document metadata, user roles, content types and more.
- Ability to turn system activity into usable metrics for administrators, such as views into how many users of different types utilize the system.
- Access to detailed views of how the search system was used, including search results returned at a specific point in time (admins can see what versions of documents were returned, etc.)
- Security audits, such as failed logins and account status.
- Downloadable CSV exports of the results from each report for further analysis in a spreadsheet software.
Using PostgreSQL also allowed Six Feet Up to leverage advanced features, such as:
- Robust data integrity.
- Strong procedural language support, to allow custom business logic to run inside the database.
- Recursive queries, to be able to link user activities to specific actions on the site.
- Case-insensitive searching and sorting.
- Hot standby and streaming replication, to ensure the database can remain available despite hardware failures.
Workflows and Permissions
Registration, Authentication and Authorization
Six Feet Up customized Plone's default content workflow to address the client's need to control website access for both external users and over a dozen internal roles. These workflows allowed administrators to approve or deny newly-requested accounts, or to activate/de-activate existing accounts. We also leveraged custom "chained" workflows so that users could be dealt with individually rather that being treated as members of a single class. For example, external users could be logged in or not, their account could be automatically "locked" after multiple incorrect login attempts, and they could be either "verified" or not depending on whether their identity had been validated by the client's process.
The registration process, customized to support both internal and external users registrations, included an automated nightly process to verify the professional status of healthcare professionals via third-party data services. Again, the "chained" workflow allowed the system to flag non-verified users in the system as such, without deactivating their accounts prior to review from an administrator.
The system provided over 15 roles, allowing administrators to control permissions for almost every aspect of system use, including:
- Managing users and groups permissions
- Creating, editing and removing documents and metadata
- Managing document workflows
- Altering the site architecture (e.g., creating new folders, moving documents, etc.)
- Managing the history of documents and revert changes
- Controlling which fulfillment methods are available to specific users (e.g.: certain roles can download items, but not email or request a hard copy)
- Restricting access to each report available in the system based on users' role (e.g., one role may see all search reports, but not reports about user data)
Fulfillment and Support
The client requested that healthcare professionals be presented with multiple options when it came to fulfilling specific documents or sets of documents. Visitors were able to bookmark, print, email, download or request a hard copy of the files they were interested in. They were able to either retrieve individual files one at a time, or send multiple files to a wishlist for fulfillment later on.
Should site users not be able to find the information they were looking for, they also had the option of contacting the company's customer support hotline. Site visitors could either email the company's hotline, call a customer representative, or request a callback.
This massive project was a success from many standpoints:
- Migrating data from Sharepoint into Plone eliminated the need to re-key, while maintaining the associated metadata.
- Business managers enjoyed greater capabilities to manage content and control access to data.
- The highly customized search features provided healthcare professionals with highly relevant search results while allowing the client to meet their business and legal requirements.
- The client was able to fulfill their auditing requirements required by Federal Law.
- Six Feet Up's enterprise-level hosting services ensured the client's mission-critical application was available at all times.
The success of this project is a great example of the power of open source to meet the needs of both administrators and end users, even in a highly-regulated enterprise environment.