LiveWhale CMS

Content management for storytellers

FAQ

When was your company founded?

White Whale is a web design and development firm founded in 2000 by Jason Pontius as a sole proprietorship. We have grown slowly and steadily since then; the company was incorporated in July of 2004.

 

How many employees do you have?  

White Whale has nine employees, of whom five work primarily (or exclusively) on the LiveWhale CMS.

 

How many are support staff?

All our staff provide occasional CMS support, but our Director of Product Support (Laura McCord) is the front line dispatcher.

 

How many are engineers or developers?

5

 

Please describe specific roles within this group.

  • Technical Director

  • Lead Developer

  • Front-end Developer

  • Director of Product Support

 

When was the CMS first offered?

2007

 

When was it most recently updated, and what is the frequency of updates and patches?

Major version releases are performed yearly with minor patches performed as needed.

 

Can you provide a complete version history?

Yes; just let us know your preferred level of detail.

 

Can you provide bug tracking and feature request history?

Yes, the project is maintained in a github repository where bug tracking and feature requests are tracked.

 

Please detail the roadmap for future development of the CMS.

We try to tailor our roadmap to the needs of our customers.  It is our preference that LiveWhale evolve organically and deliberately, based on an ongoing conversation with our developer community.

We (and our community of client developers) are generally happy with the current state of LiveWhale’s toolset, and we don’t have major new functionality additions on our 2014-15 roadmap.  Our priorities for the next year include refining and enhancing LiveWhale’s user experience for content editors using mobile devices; developing built-in compatibility with a range of responsive CSS frameworks; and adding to the list of third-party systems and products that LiveWhale integrates with.  And finally, we are working with some of our clients’ Alumni Relations offices to tailor aspects of our CMS for the needs of alumni.

 

How many organizations are currently using the CMS?  

19 

 

How many were using the CMS in each of the previous three years?

We’ve added 3-4 clients per year since 2011.

 

How many of these are higher ed institutions?

17

 

How many new clients have deployed the CMS in the past year?

Four

 

What is the licensing model?

A LiveWhale license allows for the following:

  • Unlimited users, groups, and websites;

  • Access to all application source code and developer tools;

  • Access to LiveWhale’s Developer Forum;

  • Support documentation and examples for extending LiveWhale’s built-in functionality;

  • Unlimited email tech support;

  • Free CMS upgrades (managed by our staff in collaboration with yours).


Your LiveWhale license allows you a number of other instances of the LiveWhale CMS for either load balancing or development, and each of these instances may handle an unlimited number of local or remote LiveWhale-powered hosts. However, all such instances and hosts must be a part of your institution or primary stakeholders or additional LiveWhale licenses must be purchased.

 

What is the publishing model?

Changes are made “live” to web content on a page-by-page basis, or on the back end by publishing to a database and dynamically including CMS content (like stories, events, photo galleries, social media feeds and more) on front end webpages, with a robust caching system to improve performance and ensure stability.

In order for content to naturally flow to various parts of the frontend web site on demand, but to simultaneously support high availability and performance, LiveWhale employs a buffer between the CMS and the web site to combine appropriate functionality from both the traditional push and pull models of publishing.

 

What systems are supported? (OS, Web, Application, Database servers)

LiveWhale uses the very popular LAMP (Linux, Apache, MySQL, PHP) stack.

 

What are the hardware and software requirements?

For LiveWhale 1.6.1+, the recommended version of PHP is 7.x, however full support is provided for 5.6. The version of MySQL required is 5.1+. We strongly recommend that you install Node.js version 0.8.0 or greater. Node.js allows us to auto-compile LESS files, which greatly speeds css authoring.

 

Does the CMS support intranet publishing?

Yes, although we’d like to learn more about specifically what you have in mind.  LiveWhale integrates seamlessly with whatever single sign-on product you’re currently using, making it easy to create login-only sections of the site with protected information.

 

Is there a cloud-hosting option?

Yes, all LiveWhale products are available as hosted solutions, which we offer in partnership with Rackspace.

 

Can the CMS operate partially on site and partially in the cloud?

The CMS supports various APIs for presenting dynamic content on a remote site where the CMS does not live. However, the majority of CMS-provided services would typically take place on the server hosting the web site.

We do have customers who host the LiveWhale CMS themselves, and use third party cloud hosting services (like Amazon S3) for resources like images and PDF files (if that’s closer to the intent of your question).

 

If operated on-site, is vendor support available for software updates and maintenance?

CMS upgrades and tech support are free of charge and included in your contract.  We expect that server software installation and direct server maintenance will be handled on your end, though we’re happy to provide advice and help as needed.

 

What is the recommended system architecture?

There is no preference among common LAMP environments (Ubuntu, CentOS, Redhat, etc.)  A range of these environments are in use across our client base.

 

Is load-balancing supported for production servers?

Yes, LiveWhale does support a load balanced configuration, which many of our client institutions have set up successfully.

 

Can the CMS utilize a CDN?

The CMS provides optional built-in CDN functionality. External CDNs can
also optionally be used for manually hosting site template resources.

 

How is content promoted from staging/authoring to production?

Users create content on the production server, but new content is saved as “Hidden” by default.  It can be promoted to “Live” via a simple dropdown click.

Web pages can be immediately published to live (by appropriately authorized users) or saved as drafts.

 

Synchronization methods and scheduling options.

Most content types can be scheduled for future publication.  There’s a field in the content editing interface allowing users to set go-live and expiration dates for stories, photo galleries, forms, and more.

 

How are conflicts/discrepancies mitigated?

We aren’t entirely clear about the meaning of this question, but here are a few details about error handling.  LiveWhale’s page editor enforces standards-based XHTML (or HTML5) on page save.  Broken links and other page errors are automatically and passively detected by the CMS, and users can see notifications of page errors both on the back end (via system notifications) and the front end (where a tab indicates that a page has errors).

 

Does the system use caching, acceleration, or other performance improvement mechanisms?

Yes, LiveWhale is finely tuned for speed using performance analysis tools like XDebug and benchmarking tools like Apache Benchmark. It makes use of a special cache layer which is designed to achieve high performance without sacrificing the functionality that older caching models do. In addition to this, LiveWhale makes use of strong client side browser caching to create the lowest possible load on your server.

LiveWhale’s cache layer acts as a buffer between your web pages and the CMS itself. This means that if the CMS goes down or a resource, such as a database, becomes unavailable, your web site will continue to serve cached content just fine. If this happens to be the case, LiveWhale will quietly log the issue in the server log. The cache layer will also talk to the CMS and make sure that fresh content is passively and continually pushed so that it remains up to date for your web server to serve, and users never have to worry about publishing their content manually.

 

What are the recommended system configuration settings for disk space, memory, tuning, etc.?

LiveWhale’s requirements are lightweight and suitable for the typical modern
hardware packages. Stored media (images) should be considered during configuration.

 

What system monitoring mechanisms are available?

We offer official system monitoring for cloud hosting clients only. The system monitoring involved is the same that Rackspace provides as the hosting partner.

 

Does the system generate alerts for specific conditions? Please provide examples.

We are alerted by the Rackspace monitoring services for issues related to the hosting environment. Additionally the CMS will provide dashboard alerts to admins in regards to critical configuration issues.

 

What actions are logged by the system? How are these logs managed?

The CMS logs end user activity to an activity manager which is viewable by users granted access to it. Errors and warnings in the CMS are logged at the system level and are viewable both within the CMS GUI and within the file system log files.

 

Are there conditions that can cause the CMS to become non-responsive?

The CMS is fundamentally designed to avoid becoming non-responsive under heavy traffic, software failures, etc. which are within the normal purview of the application itself.  Of course, hardware failures can cause CMS outages.  

 

In the case of system outages, we have an official method of requesting emergency support, which alerts the LiveWhale support team immediately via text message.

 

Can the CMS be extended through vendor-supported plugins or modules?

Yes, the CMS is designed to be extended with user-created modules. Several customers make use of contributed modules, some of which are collected on our developer site (http://developer.livewhale.com/garden/).

 

Can we extend the system via our own custom plugins or modules?

Absolutely.  Many of our customers use the CMS as a framework for development.

 

What APIs are exposed for developers? Can you provide an itemized list?

The CMS supports a wide range of APIs for development. This includes plugin development for certain functionality components (custom login schemes, custom REST requests, etc.), application development for deployment of web applications and site customizations, widget development for dynamic content presentation, and site design development such as theming.

 

Is there a common API container? (xml, json, etc.)

The CMS supports a variety of containers for API usage, depending on the context, including XML, JSON(P), RSS, ICAL, HTML.

 

What are the supported authentication options?

The CMS supports internally managed password logins, LDAP, Google, and SSO integration out of the box. Support is available for developing custom authentication schemes.

 

Does integration with external authentication require anything beyond a credential check?

Integration with external authentication (LDAP, SSO) involves a simple handshake via the authentication model before then authorizing the user for CMS-specific permissions as managed within the CMS.

There are no requirements on the external authentication scheme aside from the ability to pass a credential check.

 

How many current CMS installations are using SAML?

We currently have 6 instances utilizing SAML.

 

Is the internal user management role-based?

Yes.

 

Does a proxy feature exist, allowing a system administrator to access the site as another user?

System admins can “switch” to any group in the system and are thereby provided access to the content managed by other users, however they will still retain their own “identity” for the purposes of activity logging.

 

How is the CMS tested for security vulnerabilities? Please provide details on identified vulnerabilities and remedies.

White Whale has a strict policy on security, and therefore LiveWhale is designed to address a variety of such issues. These include session hijacking and fixation, SQL injection attacks, form spoofing, and other malicious practices. 

Sensitive data is encoded before database storage takes place. A robust and configurable input filter is designed to sanitize input from a number of exploits. Server structure is considered to conform to security standards, and security features of the underlying platform are taken advantage of for optimal deployment of the CMS on your system. Session files are stored within the LiveWhale installation directory and not in a location accessible by other accounts on a shared server. Whitelist control for the use of iframe and script tags is available. 

We routinely test against vulnerabilities, including ones not directly related to the CMS (Heartbleed, etc.) in our development environments.

We strongly advise the use of SSL/HTTPS enforcement for all CMS logins, and support is provided for a strict mode to enable for this functionality.

 

Are any CMS installations using an external web application firewall?

Not that we know of.

 

What options are available to limit user-provided HTML elements?

The CMS by default enforces strict input filtering, which in some cases can be relaxed in a configurable way to accommodate additional allowed elements.  In the WYSIWYG editing process, users have access to a list of styles (CSS classes) and formats (h2, h3, p, etc) that is configurable.

 

Are there any issues running the CMS entirely over SSL?

No.  That’s the setup we recommend.

 

Will you host a sandbox for testing?

Yes.

 

Is commercial training available for the CMS? For end-users? Developers and system administrators? Trainers?

Yes, the basic LiveWhale fee includes one day of on-site training from one of LiveWhale’s developers. If at anytime you want to schedule additional training, we also offer online training sessions.

 

What documentation is provided, and how is that made available?

We actively maintain online help and developer documentation at http://gethelp.livewhale.com and http://developer.livewhale.com

 

How are support requests submitted and escalated?

Support requests can be submitted through support@livewhale.com, chat, Twitter direct messaging to @livewhale, or 888-WHALE-08.

 

What are the support desk operating days/hours?

We offer free unlimited email tech support as part of the basic LiveWhale license.  Support requests are accepted during your normal business hours in any US timezone. We return all non-emergency support requests within 24 hours.

Emergency support requests may be made by email to support@livewhale.net, by phone at (888) WHALE-08, or by Twitter direct message (@livewhale).  Emergency requests left via message (by phone or Twitter DM) made between 8am and 10pm US Eastern time will be addressed within two hours.   Immediately after a software upgrade we respond to emergency requests within 30 minutes, 24 hours a day.  (These terms are from our standard Service Level Agreement.)

 

How active is the CMS customer community? Are there support forums? How frequently are questions asked and answered?

We have an active LiveWhale community that participate in our users and developers forum. Our community frequently reach out to each other for advice on policies, code contributions, and LiveWhale ideas.

 

Is there an annual conference for CMS users?

Yes