Liferay Buyers Guide

cheeseflapdragonInternet and Web Development

Dec 7, 2013 (5 years and 2 months ago)


Buyers Guide
A Business Primer And Buyer’s CheCklist
for PortAl, Content, And CollABorAtion
Table of Contents

executive summary ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������� 1
Business Primer: enterprise Portals, Content and Collaboration - trends, opportunities, and solutions ������������������������������������������������������������������� 3
Portals, Content, Collaboration ������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������� 3
Trends: Increasing Business Value While Reducing Costs and Risks ����������������������������������������������������������������������������������������������������������������������������� 4
Development & Product Simplification ������������������������������������������������������������������������������������������������������������������������������������������������������������������������������� 4
Unification of Presentation Strategies ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������� 4
Unification of Content, Portals , and the Application Platform ����������������������������������������������������������������������������������������������������������������������������������� 4
Unification of Departmental and Enterprise-wide Software ���������������������������������������������������������������������������������������������������������������������������������������� 4
Unification of Developer Strategies and Technologies �������������������������������������������������������������������������������������������������������������������������������������������������� 4
Opportunities & Growth: The Future of Web Content and Application Delivery ������������������������������������������������������������������������������������������������������� 5
New Capabilities and Development ������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������� 5
New Cost Savings ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������� 6
New Expectations ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������� 6
Solutions: Top Reasons Enterprises are Choosing Liferay Portal ������������������������������������������������������������������������������������������������������������������������������������ 7
Key Business Benefits �������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������� 7
Product Differentiators ������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������� 7
Global Liferay Ecosystem of Developers, Users, and Partners ������������������������������������������������������������������������������������������������������������������������������������ 7
Industry Acclaim ������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������� 8
Open Source Leadership ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������� 8
Case Studies ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������� 8
Buying Checklist for evaluating Portals, Content and Collaboration solutions ���������������������������������������������������������������������������������������������������������������� 9
Buyer Evaluation Criteria �������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������� 9
Buyers Checklist �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������10
liferay resource Guide ������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������ 24
Product Resources ������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������ 24
Product Details �������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������� 24
Product Download ������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������� 24
Plugins������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������ 24
Documentation ������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������� 24
Community Content ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������� 24
Liferay Events and Webinars ������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������ 24
Services Resources ����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������� 24
CE vs� EE �������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������� 24
Pricing Options & Indemnification �������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������� 24
Liferay Professional Services ������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������ 25
Liferay Partner Network ��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������� 25
Competitive Review ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������26
industry references and Glossary ���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������26
Enterprises are increasingly evaluating their corporate infrastructures
to see how they may benefit from open source� This has been
driven by a combination of tangible business needs for competition
in today’s web-centric business environment and the recognized
limitations of proprietary technologies in being able to meet
these needs� While several key infrastructure pieces are still
supported by expensive and often operationally “heavy” platforms,
open source use has become popular for components residing
within the presentation layer, notably surrounding portals, content,
and collaboration functionality�
Notably, when evaluating such solutions that directly impact
organization productivity and processes, several topics have
been top of mind: social collaboration and networking (and how
it impacts the traditional EAI use case), rich interfaces, RESTful
and Web architectures, and the empowerment of end users, are
just a few� Enterprises have also been ever more cognizant of the
need to balance total costs against time to productivity while
ensuring extremely high reliability�
Once simply viewed as free software, open source products are
now enjoying accelerated adoption within the enterprise thanks
to four key factors: the maturity of open source products today;
the innovation offered by community- and collaboration-driven
development methodologies; the wide availability of services
and support for open source products that are comparable to,
if not better than, those available for their proprietary competitors;
and the promised reductions in the total True Cost of Ownership�
Historically, proprietary products have succeeded by innovating
faster and marketing better than their competition� However,
with market consolidation, the growth of industry “giants” that
dominated specific markets, and recent slowdown of the global
economy, proprietary software vendors are now building their
product roadmaps against an ever-shrinking pool of competitors,
thus resulting in declining innovation�
Conversely, open source products develop in a highly competitive
ecosystem in which only the best products win; those that foster
the fastest learning curves and deliver the most improved
productivity with the most innovative and compelling features,
gain popularity and adoption� Others do not� The public and
community-centric nature of the open source ethos has also
fostered a unique merit-based environment in which only the
most motivated and talented developers thrive and receive
recognition for their contributions�
In the past, the term “open source” was widely associated with
simply being lower cost while enterprise software was understood
to be scalable, reliable, and available with mission critical support
and an established partner ecosystem� The reality is, however,
that today’s open source leaders are contending with and
out-performing commercial competitors in mission critical,
high-scalability use cases� Open source has become a relevant
and strategic part of platform planning�
To fulfill a growing demand for simpler and more fiscally-viable
options for the masses, open source development has accelerated
at an impressive rate, not only matching the features of expensive
proprietary products, but oftentimes offering them in a
lighter-weight and more flexible form�
With this rapid innovation, influential technical and business
ecosystems have grown up around the most successful and
in-demand open source products� Typically, these open source
products are headed by a core team (the original creators and
other stakeholders) that take the lead on product strategy and
coordinate the aggregation and refinement of contributions
from the community� With oversight on product roadmap,
feature requests, and market need, these same leaders are able
to respond to demand by building highly capable support and
services units, often pulling from the large pool of proven talent
from the community itself� Thanks to the global nature of open
source development, these support and services teams start-up
on a global scale, providing rapid and expert responses from the
product’s developers rather than from call center employees with
little depth of knowledge on a product�
tRUE coSt
More than ever, proprietary product vendors are employing the
concept of “product chaining” in their development, whereby
one product necessitates the use of another product from the
Executive Summary
same company� These vendor lock-in strategies have perpetuated
the dominance of a few key players, which, consequently, kept
complex and expensive pricing an uncontested norm�
However, as open source vendors matured and rose in importance
within the enterprise, they began to innovate software business
and pricing models as well� The enterprise software market has
been impacted by offers of flexible pricing options such as
annual subscriptions, lower cap-ex pricing, and unlimited use
pricing� As a whole, open source players offer reductions in
initial licensing costs, lower support fees and training costs, and
greater ease of development thanks to the use of open standards
and newer technologies�
This document provides decision makers a list of tools for
evaluating future purchases for their infrastructure�
i� Business Primer -- an overview of the major issues
affecting the portal, content and collaboration market�
ii� Buyers Checklist -- a worksheet for evaluating each
infrastructure layer�
iii� Liferay Evaluation Guide
iv� Industry References and Glossary
Collaboration continues to see new innovations in services and
methodologies� Most are variances on how information can be
contributed, found, shared, and re-purposed� A now familiar
branch of web-based collaboration is social networking, which,
when implemented in line with enterprise and organizational
policies, creates a new paradigm for collaborative services�
Subsequently, today’s enterprise software products must allow
an organization to define its own social “network” (with end
user defined groups and roles within) that can be constrained
or augmented by formal organizational policy (e�g�, adding a
company business unit to a social group or disallowing end users
with specific roles to share data outside their organizational level)�
The addition of collaborative capabilities to portals allows a new
dynamic for web development� For example: an employee can see a
new posting from the Engineering department about a new product
launch� The employee could then quickly add new content for
customers using the built-in content management system (CMS),
check the schedule for the project in the forums section, add a new
discussion about marketing activities for the launch and set up tasks
or events in the group calendars� Allowing a user to accomplish all
these activities within the same system defines a new standard for
web site development where formal content and end user driven
content and activities are combined�
Enterprises are increasingly turning to portal, content and
collaboration products to enhance their infrastructures with
new, organizationally-pervasive services� This combination of
functionality, when executed well, can provide far-reaching
impact on an organization and its processes�
Portals have grown to satisfy multiple demands within an enterprise
such as business integration, user personalization, role-based content
delivery, content management, mobility, and collaboration� However,
in doing so, many portal implementations run the risk of becoming
overly complex and expensive as they require additional integration
with other applications to offer the extent of functionality needed�
To mitigate costs and complexity, newer portal players must offer
more out-of-the-box capabilities in highly-demanded functional
areas such as content management and collaboration� With fewer
costs and less time needed for integration and custom feature
development, users can focus their energy on more strategic
efforts like business logic and solution design�
In recent years, content management strategies have trended
towards the decentralization of content repositories� While
there is understood need for a single, centrally controlled system,
today’s multi-departmental and multi-regional enterprise also
requires the flexibility of allowing different business units to
1) create and manage their own content; and 2) define approval
processes within their team or organization�
New software must provide innovative means of meeting this
for agility with features such as delegated content management
and authorization, while still allowing all end users to access
decentralized, group-created content from a single interface�
Business Primer: Enterprise Portals, Content and
Collaboration - Trends, Opportunities, and Solutions
Enterprise software must be reliable, must simplify and streamline
development processes, and must curb start-up and long-term
costs while providing innovative new features to end users�
While a winning combination of this criteria is rare, all should
be reviewed when evaluating portal, content and collaboration
technologies that can significantly affect overall organization
productivity and the achievement of business goals�
Development & Product Simplification
Development tools and methods are affecting web application
delivery� Understandably, the market favors simpler tools and
methodologies conducive to rich user experience and provide
ease of extensibility and integration with other technologies�
The simplicity of a software product ensures lower costs, higher
reliability, and increasing ability to meet growth strategies� Instead
of complex, monolithic systems, enterprises seek products that
are ideally both light-weight and feature-rich� Historically, the
term “light-weight” was used synonymously with “simplicity” to
describe products that have a smaller installation size and are
faster to download and easier to install, but with fewer capabilities�
However, with the open source market’s use of newer and faster
development tools, frameworks and components, today’s enterprises
have access to products that allows them to quickly evolve with
business needs while remaining light-weight, with built-in
expansion mechanisms, like micro-kernel architecture and plugins�
Unification of Presentation Strategies
There is continual growth of new applications and services within
an enterprise� A truly effective portal infrastructure should allow
new features and services to be continually added into the existing
infrastructure� It must provide authentication, authorization and
role-based content delivery (RBCD)� RBCD defines that each person
accessing the portal sees and has access to only the content that
they are authorized to view� It is what permits an enterprise to
offer one unified view without compromising content security
or user experience� It also improves user productivity, reduces
software maintenance costs across applications, and increases
the reuse of code, content, and policies�
A unified presentation layer using portals also allows for the
creation of “micro-sites” whereby a single portal instance can host as well as,,
and� Additionally, multiple portals can be
deployed across a portal fabric in which each portal can leverage
a common set of data, content, application services, identity
services, and portlets�
Unification of Content, Portals , and the Application Platform
In the past, portal software was used for only a portion of the web
experience (e�g�, an employee portal or dashboard) alongside a
number of other disparate products performing other functions�
Application platforms were used to build individual applications
(e�g�, using an application server to build a trouble ticket automation
application integrating to an existing system)� The simplification
of software has led to a new strategy to unify infrastructures and
Unification of Departmental and Enterprise-Wide Software
Enterprise-wide projects and departmental projects are often
supported by different sets of software� For example, many
companies use an IBM, Oracle, or BEA portal for enterprise-wide
implementations and use SharePoint® at the departmental level�
Likewise, they will leverage major content repositories for
enterprise-wide content while leveraging open source repositories
for the departmental requirements�
Quite significantly, recent trends show corporations looking to
service both enterprise-wide solutions and departmental solutions
with one product to allow for code and feature reuse and to share
the costs of unlimited licensing across a larger pool of users�
Unification of Developer Strategies and Technologies
Developer technology changes have also fractured enterprise software�
For many years, Microsoft and Java technologies have contended
for favor� Now, developers are faced with an ever-growing list of
technologies and development languages to choose from: Java
developers can choose between Spring and EJB, between SOAP
and REST, between Java and PHP/RUBY, between DOJO Toolkit
and Microsoft Web Wizard, and maybe even between Eclipse
and Dreamweaver� IT teams make these choices when planning
their application infrastructure, but with the understanding
that choosing one technology may exclude it from innovations
available in others�
However, because portals aggregate content at the presentation
layer, they allow multiple technologies to be used in the application
layer, thereby giving an enterprise access to the benefits of each�
1� Static (everyone will see the same data, e�g�, a calendar of
events on,
2� Personalized (each individual will see data unique to
themselves, e�g�, a personal calendar),
3� Role-based (a group will all see the same data, e�g�, a
workgroup calendar)
4� Socially aware (similar to role-based while allowing the end
user to define the group and roles within that group)
As more static, personalized, role-based and socially aware
applications are added to the portal, the productivity of the end
users grows exponentially� In the future, end users will gain even
more power and productivity through the ability to customize or
define new applications for their network�
Workgroups, Teams, and Organizations
Applications address different data, business logic, and levels
of authorization and personalization� Classic applications are
built with a static business logic connected to data available to
anonymous users (i�e�, a web page or website like
or authenticated users (i�e�, once logged-in)�
New applications can now be specialized given a user’s roles
(i�e�, the ability to grant additional features or access to managers
or administrators) and can extend such rights to an entire enterprise
and all its different users� Users can be granted access to applications,
features, and content within applications based on their role
(customer, partner, employee, manager, administrator)
Additionally, these applications can be defined within the
context of a user’s social network: A social network is a set of
groups defined by an end user� The user can define a group and
then define applications available to this group� The user can also
integrate its network with a formal identity policy� For example,
others users may or may not make changes or invite others to
this work group unless they have been given a formal role as a
community leader�
Application Development
As the power of end users grow, developers must build
applications with them in mind� Hence, portals that can support
the addition of applications have become a platform of choice
for enabling future end user capabilities� Portals also provide a
set of services that can be used to build these new capabilities
Products like Liferay Portal also allow the various web technologies
in different programming languages to be aggregated by a single
presentation layer to the end user� Rather than force a development
team to choose some technologies over others, unification via a
portal interface opens up new possibilities for development�
oppoRtUnItIES & GRoWth: thE FUtURE oF WEB
contEnt AnD AppLIcAtIon DELIvERY
New Capabilities and Development
Today’s enterprise must consider the extensibility and long-term
viability of the IT investments being made� Not only should a
solution address present-day business pain points, it should also
evolve with the needs of the enterprise to equip it for future growth�
This may include custom development, scaling to accommodate
growing user bases, or the addition of new functionality�
Market demands for this type of exceptional business agility
and flexibility have pushed product development teams to take
a more modular approach to software design� Notably, the
open source players have been able to embrace and lead this
approach, leveraging their use of open standards and an ease
of customization that is distinctively fostered by open source
development methodologies� More notably, portal products,
faced with the challenge of aggregating existing content and,
now, dealing with future needs, must offer an array of options
conducive to growth�
Productivity and User Empowerment
Roles and Authorizations
Portals such as Liferay allow users to build applications that are
role-aware� Infrastructures leveraging these aspects have seen
great improvement of end user productivity� The growing trend is
to allow end users greater control in building and sharing content
and applications� Where content was once only available after
being created by web designers those with special permissions,
end users can now create content on their own with blogs, wiki or
other self-publishing methods� They can find, download or upload
documents or other content� Individuals can even build forms
based applications and define who can access or view results�
Portals provide a great platform for enabling both role-based
content delivery (you have access to apps/content based on your
role within the system) and social networking� Applications can be:
New Expectations
With the maturity of lighter weight enterprise portals, infrastructures
are trending toward a single web presentation standard that:
• supports both enterprise-wide and departmental applications
• supports both web and java development
• supports and simplifies both SOAP and REST for integration
with external processes, while combining user services at the
presentation layer across multiple deployments (e�g�, a single
page from a SOAP or RESTful web service; search across
multiple content stores; the leveraging of portlets, gadgets,
and widgets across multiple portal instances)
• easily integrates with proprietary software, legacy systems,
and content stores
• connects to multiple content stores (internal and external alike)
with cross-repository search mechanisms
• integrates new mashups with leading web social services
(e�g�, Google, Twitter,
• includes basic web content management and collaboration services
• includes social networking and workflow capabilities
A single effective standard allows an enterprise to support
departmental deployments alongside centralized services� It
reduces costs and expands the reuse of third party products
and customized solutions across the enterprise�
The standard leveraged must also include several key features
that accelerate the benefits of any content, portlets, widgets,
gadgets, or applications developed� These include:
• web content management
• role-based content delivery
• integration with existing identity management systems
• social networking and enterprise-wide collaboration
• user-driven communities and content
With these new portal capabilities, enterprises are then able to
effectively power external websites, leveraging web and enterprise
content alongside portlets, gadgets and widgets built from SOAP/
REST services� Portals will also be used to build presentation layer
architectures or “Portal Fabrics” where business and presentation
layer logic are separated, and where end users are granted greater
capabilities to build new content, define the networks in which
they operate, and build new applications�
Combined, these capabilities will allow a wide level of use across an
enterprise while adding new capabilities to end users to increase
their productivity while greatly reducing complexity and costs�
and portlets� For example, “presence” can be pulled into portlets
to allow them to know the online status of users; and the “RSS”
functionality is one that can be embedded in portlets like blogs�
A good portal that can leverage open source technologies,
like Liferay, allow for an added degree of flexibility during the
application development process, supporting various tools and
programming languages such as PHP, Ruby, and OpenSSO�
Open source software in general has also been responsible for
significant advancements to the development process through
technologies like Spring, AJAX, Ruby, Groovy, PHP, and REST;
tools like Eclipse and Netbeans; and new innovative tools based
on social activity and human workflow (e�g�, allowing end users to
define a form and an approval process for each form submitted,
such as with an expense reporting tool)�
Liferay’s Alloy UI is a great example of a new open source product
built on others� It is a UI framework that combines the best of CSS,
HTML and JavaScript� While open source players are able to move
quickly and innovate quickly, larger heavyweight portal players are not
supporting their products in the same way and have fallen behind�
New Cost Savings
Flexible Pricing Options
The growth of open source has noticeably changed the competitive
landscape� Flexible pricing options available from many open source
vendors are improving initial project and annual recurring costs�
Subscription pricing, CAPEX Perpetual, Unlimited, and other pricing
models have reduced annual costs as well as the costs required to
add new open source projects into an existing budget�
Open Source Investment and Community Participation
Open Source vendors promise cost savings, but also increased
input from those that invest in their products� Leveraging
applications built from open source allows companies to take
part in the products’ communities� Enterprises should look
to influence roadmaps/feature decisions as well as standards
support, integrations, migration toolkits, and partnering
strategies� Training, documentation, forums, wiki content and
other ancillary information is also available for enterprises to
use as well as contribute�
Key Business Benefits
Smart investment
Users get the most flexible and dynamic technology at the
lowest TCO and highest ROI� While other portals make you pay
for additional features, Liferay Portal comes with over 60 out of
the box portlets, over 20 themes, and a number of developer
tools to work with� We provide you with as many resources as
possible to accomplish whatever it is that you need to do
(web publishing, collaboration, social networking, administration, etc�)
at no additional cost�
Moreover, as Liferay Portal is the only enterprise portal leader on
the market with no software or hardware agenda, you are not
bound to using a particular IT stack and invest in only what you
need for the life of your portal project�
Easy adoption
The product is light-weight and can be installed quickly in any IT
environment� An award-winning user interface, familiar desktop
conveniences and easy navigation makes Liferay Portal extremely
simple to use and adopt by all users in your organization�
Agility for the future
Liferay Portal evolves with your organization� If you require new
functionality, tools can be added with just a few clicks� For example,
an intranet built on Liferay Portal can evolve into an extranet that
reaches outside partners� An organization powering a website
with Liferay Portal can easily add social features to capitalize on
the power of its online community�
Product Differentiators
Flexible and Agile Platform
Liferay Portal is a light-weight SOA platform with support
for web services, industry standards (JSR-286, JSF-314, etc),
multiple programming languages (Java, Ruby, PHP, Python), and
a hierarchical system of communities and organizations� Liferay
also has its own Social API that provides the essential elements
and framework for enabling real-time communication and social
networking within an enterprise�
Services, Portlets, and Tools
Liferay Portal ships with over 60 portlets for content management,
collaboration, social networking, administration and more, at no
additional cost� Developer tools are included as well as well as
access to a public repository of plugins contributed to by a global
community of over 11,500 developers�
Ready for Mission Critical Applications
• Highly scalable, supporting more than 5,000 concurrent
transactions (3�3K simultaneous users) per server
• Real-world performance of millions of page views and over
1�3 million users
• Clusterable configuration for high availability
• Implements top ten OWASP-recommended security practices
• Options for Terracotta, Oracle RAC, and other scalability solutions
• Deployable to the Cloud and available as SaaS
Global Liferay Ecosystem of Developers,
Users, and Partners
Business Community
In its 11th year of development, Liferay Portal has become the
defacto standard for open source portals in the enterprise� The
company offers enterprise subscription and support, public and
private training, and consulting and implementation services with
offices in the United States, Brazil, China, Germany, Hungary, India,
Malaysia, and Spain� Liferay, Inc� also boasts a thriving business
network of certified partners and resellers in six continents�
Developer Community
Participants in the community include the Liferay staff and board
of governance, volunteer committers and contributors, and other
partners and users� The board of governance establishes and
enforces community rules while coordinating and implementing
decisions that affect the entire community� Committers are
allowed to directly contribute code into Liferay Portal source
code while contributors’ code passes through a review and
approval process before it is added to the product� Partners are
able to work with Liferay community for the development of
ancillary products available to Liferay customers such as services,
integrations and plugins�
• Over 24,000 community members
• 11,400 active forum participants
• Largest single portal knowledge base with over 120,000
forum posts
• An estimated 250,000 implementations around the world
Industry Acclaim
Liferay Portal has been the recipient of many awards and industry
recognition, including:
• Inclusion in Gartner’s Magic Quadrants for Portal
and Social Software
• InfoWorld’s Best of Open Source Software (BOSSIE)
Award for Best Portal
• Memberships in multiple committees for major industry
standards such as JSR-286, JSF-314, OASIS WSRP, and CMIS
Open Source Leadership
Not only do Liferay’s technologies comply with all major industry
standards, the company helps to define new ones: Liferay Portal
is compliant with all key industry standards (JSR-286, JSF-314,
JSR-170, WSRP and JBI) and participated as a member of the
“Portlet 2�0” specification committee� It is also a founding
member of Open Source For America (OSFA), a collaborative
effort to raise awareness in the U�S� Federal Government about
the benefits of open source software�
Case studies
Liferay Portal is an active part of operations in organizations
across all industries, worldwide� Among an estimated 250,000
deployments of Liferay are marquee clients and users, including:
• Allianz Australia used Liferay Portal to create its My Allianz
portal to deliver online self-service for customers� It provides a
consolidated view of each user’s Allianz products and enables
them to transact new business, view existing policies and make
payments online�
• sesame Workshop used Liferay to power an interactive website
( with extensive rich-media content
stores, as well as for an employee portal and dashboard�
• This Emmy Award-winning website is interactive, with
hundreds of flash-based games and activities; nearly 3,000
classic and current Sesame Street videos; and age (role)
sensitive applications like “PlaySAFE,” which prevents young
children from navigating away to other sites on their own�
• World Vision is using Liferay Portal to power KnowledgeBase,
a collaboration platform that has revolutionized the way
its international team of relief and humanitarian workers
correspond and communicate�
• Cisco systems chose Liferay Portal to create The Cisco
Developer Community Portal, an online, collaborative
environment in which developers can easily locate resources
for their solutions, assist each other in developing solutions,
and reach out to Cisco resources for assistance� This portal
uses Liferay’s built-in tools, including wikis, blogs, message
boards, and social networking capabilities like activity tracking
and network building�
Please email for more information about our users�
Several criteria must be reviewed during a thorough product
evaluation process� Specifically, an organizations must understand
its corporate strategy for costs, risk, control, end user capability
and allowable heterogeneity� This section provides a brief overview
of each and includes a sample buyer’s checklist for the evaluation
of available platforms�
Costs: Portal, content, and collaboration solutions are available in
a wide range of prices� Established stack players such as IBM,
Oracle, and Microsoft have highly expensive platforms and complex
maintenance and support pricing structures, but often compete
with a wide network of partners� However, open source platforms
offer a much wider network of specialists thanks to use of open
standards and development methodologies� A focus on simplicity
and integration has also increased their use within enterprises
focusing on cost reduction�
risk: Organizations need to understand their acceptable risk levels
for long-term cost sustainability (increased costs over time),
integration capabilities (ability to integrate with same vendor and
other vendors products using acceptable standards), product
chaining risk (one product requiring the use of other products from
the same company), as well as end user adoption and satisfaction�
Control: Companies often need to strike a balance between
centralized and distributed control to streamline decision-making
and maintain a level of team responsiveness� Highly complex
systems, more acceptable to centralized IT (allowing 1 tool for
everything) are often too expensive, too complex, and inflexible
for departmental use� New trends in open source, allowing highly
scalable, lighter weight solutions are often more capable at
serving both needs�
Buying Checklist for Evaluating Portals, Content and
Collaboration Solutions 
end user Capabilities: Solutions that are difficult to use are not
highly successful� Conversely, the solutions that are intuitive and
meet basic needs of the enterprise in which they are deployed
enjoy adoption� This is especially true for solutions reaching a
diverse audience of users such as portals and collaboration tools�
heterogeneity: The need to strike a balance between central and
departmental systems has brought forth new enterprise architectures
that leverage multiple systems� Corporations with large, expensive,
and well established systems are now augmenting these systems
with lower cost, open source alternatives at the departmental level�
However, even with expanding infrastructures, companies can still
reduce maintenance and support costs if they can successfully
facilitate the review and enforcement of organizational needs for
product and content management at a high level�
poRtAL, contEnt AnD coLLABoRAtIon pLAtFoRM EvALUAtIon LoW hIGh
1 2 3 4 5 totAls
site design: The system shall provide a platform which simplifies the development of web
content and sites especially when aggregating content from multiple sources�
navigation: The system shall provide a framework to simplify the development of an
entire web site of web page content (e�g�, tab vs menu navigation, site map, login)�
Anonymous vs Authenticated users: The system shall allow the easy development
of web content that can be defined for anonymous and authenticated users (e�g�, is general information, while myaccount�company�com will give
personalized content to the end user�)
Printing: Support for printer-friendly versions of pages�
mobility: The system should allow views from multiple client types including
thin, rich, thick clients�
Account management: They system shall include out of the box the ability for end users
to self register a new account, to manage attributes associated with their account (e�g�,
picture, phone, email address), and the ability to reset a lost password�
multiple language support: The system shall allow developers, administrators and content
owners the ability to support multiple languages within the same site� Users shall have the
ability to select their preferred language and the system shall have ability to auto-detect
users preferred language�
Cloud deployments: The system should support the deployment within a cloud
infrastructure including deployment, maintenance, monitoring�
Page Construction: The system should simplify the development of web pages leveraging
themes, access rules, and web components�
Web Components: The system shall support multiple methods for development of web
components (e�g�, portlet, widget, gadgets, and multiple CMS)�
site Construction: They system will support the development of an entire site based on
individual web pages, allowing linking between pages via simplified URLs�
Web Component development: The system should support multiple user types, (e�g�, Task
Workers, Practitioners, Experts, Developers)� The system should include support for web
component development that can be reused easily by lower skilled users, including the
use of Wizards that allow users to easily configure prebuilt web components�
themes: The system should allow the development of multiple themes where a single theme
can be used across all pages created or where different themes can be used for different
pages (themes include the look and feel of site, header, footer, colors, fonts, styles, etc�)
(A)synchronous Page updates: Pages must support synchronous and asynchronous
updates and content updates�
drag and drop: Pages can be developed that support drag and drop of portlets, widgets,
gadgets as well as other design elements�
role Based Content delivery: The system should allow administrators the ability to define
web content and assign it to a specific set of users, roles, groups, or organizations� Users
shall have ability to be assigned to multiple roles�
The following checklist can be used to evaluate various platforms for portal, content and collaboration use cases� The table can be used
to develop a set of requirements by understanding how each level is found critical to a specific enterprise use case� Not all features
within the table are required for all implementations�
Personalization: The system should support attribute based personalization where the
users display is determined according to administrator defined rules according to attributes
set for the user based on activities or profile attributes (e�g�, content displayed within an
advertising Portlet is based on past selections by this user), as well as individual
personalization based on actions the user has set themselves to customize their display
(e�g�, arranging desktop, adding/deleting web components, setting web component attributes)�
user definable Attributes: Developers shall be able to build applications (portlets/widgets
/gadgets) which can operate on a set of user defined attributes� Users shall be able to add
these applications to their pages and then set the attributes which are saved for future
sessions� (e�g�, a weather Portlet that is configured to show weather for zip code 51521)�
selectable Content: Administrators, site designers and developers shall be able to define
new content that can be added to a selectable catalog of content available to end users�
End users, once authenticated, shall be able to select various content and add it to the
personalized view of their page�
Web Cms: The system should include a built in web CMS allowing WYSIWYG creation,
editing, approval, publishing of content�
single sign on: Once a user is logged into the system, the system should provide a view
to all integrated content and applications and provide single sign on (or integrate with
3rd party Single Sign On applications) to linked content� (e�g�, a click on an item in a
dashboard Portlet will handle SSO to external web application)�
default vs Personalized Web Content: Administrators and site designers can define
content that will be the default view for all users� Users who login can then personalize
their web pages by arranging content, selecting new content, deleting content, changing
themes, and setting attributes for individuals applications (portlets / widgets / gadgets)�
The system shall allow users to easily update their account, personalization, communities
and personalizations�
Public, Group and Private information: Users should be able to access, create and interact
with information shared publically, with a specific group or help private to the user�
delegated Administration: The system shall allow administrators to be assigned to various
organizations, roles, groups - and shall allow end users to self-delegate authority to their
account or specific applications (ability to approve workflow tasks)�
subscriptions and Alerts: Developers shall have the ability to define alerts and allow
individuals the ability to subscribe to alerts to various applications� (e�g�, users can
subscribe to a document sharing Portlet to receive alerts whenever a document is
updated�) They system shall additionally include and support the development of RSS
feeds for various applications, (e�g�, a newsfeed Portlet having a subscribeable RSS feed)�
mico sites: The system shall support the development of multiple “web sites” from a
single system, and are hosted within the same
system as different micro sites� Each micro site should have its own defined themes,
content, applications, users, and roles�
Communities: The system should additionally allow end users the ability to create
community pages and to add members and content�
Bookmarkable url: URL’s shall be simple, descriptive and shall be bookmarkeable by browsers�
friendly url alias: The system should support the development of human readable
friendly URL’s for web pages and easily support the development of multiple aliases
per web page, e�g�, and
solutions pointing to same page�
Collaborative services: The system should additionally include a set of basic collaboration
services for web content, document sharing, blogs, wiki, chat, polls, messaging and
calendaring (or integration to external chat server)�
social network: They system should allow the end user the ability to create a social
network of other users, allowing users to find, connect, and collaborate with their chosen
group of individuals�
social Collaboration: The system should additionally allow individuals the ability to
leverage collaborative services specific to their social network such as tags, forums, wikis,
blogs, reservations, ranking, shared bookmarks, presence, chat, internal messaging�
social object Control: Users should have fine grained control over social objects
contained within the system�
poRtAL totAL
(BloGs/forum/Wiki/CAlendAr/Polls/messAGinG/ChAt) 1 2 3 4 5 totAl
Collaborative services: The system shall provide several applications with the system
which can be configured for use by users depending on the site design� These services
include the ability for end users to define and share content, messages, polls, and events�
Collaboration Admin: System shall allow administrators the ability to configure and
control which social media features and functionalities are accessible to individuals users�
Blog: System shall provide blog post capabilities and features for end users� Users shall be
able to draft, publish and edit blog postings for their account�
Blog WysiWyG: Users shall be able to create/edit blog posts using a rich text editor�
Blog storage: Users shall be able to leverage content stored within the CMS and DMS
including pictures, text and media into their blog posts�
Blog Archive: System should support the ability to store and retrieve historical content
associated with a blog�
Blog edit: Users shall have the ability to edit the content of a blog after it has been
published to the web�
Blog template: System shall support the use of templates for layout/ theming of blogs�
Blog syndication: System should allow blog content to be accessed via a common
syndication method (e�g�, XML/RSS)�
Blog subscription: System should allow end users the ability to manage the subscriber’s
who have elected to subscribe to his/her blog�
Blog Comment: System shall allow individuals to post a comment to a blog post�
Blog Comment View: System shall allow users to select comments to be available or not
for their postings�
Blog ratings: System shall allow users to select whether ratings are to be available or not for
their postings�
Blog Comments/ratings View: System shall allow users to monitor and remove
comments and ratings made by others�
Blog Pingback: System shall allow user to link to a blog post via deep
links, trackbacks, pingbacks�
Blog Appropriate flag: System shall allow users to flag or report a blog post/comment
that may be viewed as inappropriate, illegal, or deemed in violation of communications
forum: System shall provide ability for a user to instantiate a new instance of a discussion
thread� System should provide ability for a user to author a new thread on a discussion forum�
forum: Users shall have ability to preview a discussion forum thread prior to it being
posted� Users shall have ability to commit changes, updates and publish a thread for all
discussion forum members to see�
forum history: System shall store historical content associated with a discussion forum�
forum moderation: System should allow forum moderators to manage postings,
comments, and threaded discussions� System should allow discussion forum moderators
to manage individual forum postings�
forum search: Users shall have ability to search content within a central content
repository/content library that can be used in a discussion forum�
forum reply: Users shall have ability to author a reply to an existing discussion or forum
thread or blog comment�
forum rate: Users shall have the ability to rate content in a discussion forum thread
forum inappropriate flag: Users shall have the ability to flag or report a discussion forum
thread/content that may be viewed as inappropriate, illegal, or deemed in violation of
communications policies�
Calendar: System shall provide basic calendar and integration to external calendar to
allow individual and group calendars�
Group Calendars: Support for multiple group calendars - view only and editable by
group members�
Polls: The system shall have the ability to include polls and surveys on the site in general
or an individual sub-site�
Polls user Creation: Polls should be easy to define by end users or site designers�
Poll results: Users should be able to view the cumulative results for a poll after voting�
Chat: The system should include a chat portlet for inter-system messaging with other
users of the system while online�
Chat external system: The system should include the ability to integrate to external
instant messaging system� Interface allows user to view and chat with individuals online�
Wiki: The system shall include a method for allowing users to publish content online via a
wiki with all basic functions of a wiki built within a site page�
1 2 3 4 5 totAl
search feature: The system shall provide a search capability for end users to find any
content and application data within the system�
search engine: The system shall support an included search engine providing search to end
users for all content within the system or provide full integration to 3rd party search system�
simple and Advanced search: Users shall have ability to perform simple and advanced
searches for content and data� Simple searches include Boolean and natural language�
Advanced searches include added criteria such as document type, author, date ranges, etc�
restricted search: Users shall only be able to see search results for content they are
authorized to access or to subscribe to access�
saved search: Users shall have the ability to save previous web queries�
search result Categories: System shall categorize search results across multiple content
types, e�g�, content, blogs, forums, document management system (meta tags as well as
document content)�
Contextual search: System should provide support for contextualized search based on
information related to where the user has navigated to and where the search was performed
search taxonomy: Administrators should have ability to create (manually or
programmatically) or import an existing taxonomy
search taxonomy hierarchical: The System should provide administrators the ability to
create hierarchical taxonomies�
search taxonomy relevancy: The System should provide administrators the ability to
manage & optimize the ranking and relevancy scores that determine search results for
search security: System should enforce security options on content when providing search
results� Users should not see search results for content they are not authorized to view�
search reports: System should have ability to generate reports and analytics on the use
and results from search activity�
external search optimization: All content and application data shall be available to
external search engines�
seo methodology: System shall allow and administrator documentation shall detail
Search Engine Optimization guidelines for browser titles, meta descriptions, keywords,
content, and images�
SEARch totAL
contEnt MAnAGEMEnt SYStEM (cMS)
1 2 3 4 5 totAl
Content Creation and management: The system shall allow the easy development, editing,
auditing and deletion of content within the system from a central location by users with
assigned roles (e�g� content contributors, content owners and content approvers)�
3rd Party Cms: Support for publishing content from existing WCM within pages, (e�g��,
portlet/widget/gadget content, theme elements)�
site design: System should allow individuals to segregate the management of all aspects
within the system, sites, pages, and page components�
Content templates: Shall provide the development and easy use of templates for sites,
pages, components to simplify the development of new content�
eforms: Should allow easy authoring of online forms by content owners (e�g�, “contact us”
form or “survey form” for collecting data)� Data from the forms can be stored in a simple
table for later reporting or access by other applications�
role Based Content editing: Creation, editing, approval, publishing of content must support
role based permissioning� Administrators should be able to define multiple role types�
multiple simultaneous roles: Shall allow a specific user to hold multiple roles
and content permissions�
in Page editing: System shall provide CMS editing 100% within a browser interface for
contributors/users without requiring client software, ActiveX controls, or applets�
WysiWyG editing: Shall include a WYSIWYG text editor for content� Text editor must
have the ability for content contributors to add images, and internal and external links to
both content and images, apply styles and other standard formatting functionalities�
definable field requirements: Shall provide ability to require that a content element must
conform to some controls (input required, must be a number)�
edit Preview: Shall allow content editors to preview how their content will appear in
production without publishing it�
staging: Shall support a staging environment where content of entire pages can be
viewed in the same way as presented to the visitor
Cms Workflow: System shall provide workflow for the following activities: Content
Creation, Editing, Approval, Publishing�
Administrator defined Workflows: Administrators shall have ability to define workflow roles
and standard workflows for use by content creators� (specific steps, transitions, actors)�
rule Based Workflow: The system should provide rule-based workflow which is the ability
to apply other situational criteria such as time of day
Conditional Workflow: The system should support the ability to do conditional workflows�
multi-step Workflow: The system shall have the ability to have multiple steps in a workflow�
meta data: System shall allow user-defined metadata for content creation�
Automatic metadata: System should automatically generate metadata or suggestions for
Creator, Editor, Owner/publisher, Dates (create/update/published), Version, etc�
meta data restrictions: System should allow administrators to restrict metadata selection
depending on user roles�
delegated Administration Work reassignment: Shall allow administrators or content
owners to delegate or reassign work from one user to another�
delegated Administration Workflow override: System shall allow administrators and sub-
administrators the ability to publish content with override of the regular workflow
task email Alerts: System should be able to notify authors of task status via e-mail or
others methods such as task work chart, SMS, etc�
Content editing trail Audit: System should allow administrators the ability to review an
audit trail of content as it moves through the content management workflow�
Content timeout Alerts: Should allow definition and setting of timed notifications to
content owners to review if content is still relevant, required and accurate�
Automatic Archive setting: Should allow scheduling to automatically remove/archive content
Content reuse: Shall allow reuse of content in multiple areas of the site without storage
duplication� For example, if a set of pages from a particular department were classified as
news information, those pages could appear in a site wide news area as well�
Automatic Publish date: Support for automatic publishing based on a content owner
scheduled date�
Content rollback: Shall support content rollback�
Push to edge services: Should allow content to be pushed to a remote “edge server” for
local caching or buffering�
real time Publishing: Publish in real-time without affecting the availability of the WCM�
cMS totAL
1 2 3 4 5 totAl
document repository: Shall provide support for a document repository supporting
multiple content types�
Checkin and Checkout: The system shall support the ability to check in and out documents�
Bulk load: System should allow bulk upload and download of document to/from the
document repository�
role Based doc management: System shall restrict access to view, edit, create documents
based on user role, org, group, community�
document Administration: System shall allow content owners and administrators to
create, manage, remove a document from the document repository�
document Change Workflow: System will support document workflows for publishing,
editing and deleting documents�
document meta data: Users shall have the ability to define metadata related to a
document in the repository�
document delegated Admin: Users and admins shall have the ability to delegate access
to view, edit, create documents in the repository to another user�
document Alerts: System will allow users to subscribe to alerts based on activity related
to a document (i�e� posting, editing, viewing)�
document timeline Alerts: System will provide the ability to generate events based on
the amount of time that a document has been in the document repository
(i�e� <30 days, >90 days)�
document meta revision history: Document should show revision history and provide
access to past versions�
document Audit trail: System shall provide the ability to maintain an audit trail of activity
related to documents in the repository (i�e� who, what, when)�
document history reports: Administrators will be able to generate internal reports
showing activity of the document repository�
1 2 3 4 5 totAl
user identity management: The system shall provide a web based user interface for user
account creation, management, suspension, deletion�
Access modes: The system shall support both anonymous and authenticated access�
self registration: System shall allow users to self register� Self registration should leverage
methods such as CAPCHA to reduce fraudulent accounts�
Password reset: The system must provide a mechanism for setting initial passwords and
resetting forgotten passwords�
idm Administration user mirroring: The system should provide the ability for an
administrator to impersonate an individual in order to diagnose problems�
org/role/Community identity management: System shall allow the creation,
management, suspension and deletion of organizations, roles, communities and the
membership of users within each�
Bulk identity management updates: They system shall support bulk updates to user, org,
role, community data including bulk moves of individuals from one organization to other�
3rd Party identity management: The system shall support integration and real-time
authentication against an existing identity management system or enterprise directory
(AD/LDAP), including automatic synchronization to external identity mgmt systems�
identity support: System should support NTLM, CAS (Central Authentication Service) ,
JAAS (Java Authorization and Authentication Service)�
Pki and digital Certificates: System should be able to support Public Key Infrastructure
(PKI), digital certificates or signatures�
sAml: System should be able to support Security Assertions Markup Language (SAML)�
existing Authentication: System should support the use of an existing external user
repository, e�g�, LDAP Directory Service, ActiveDirectory�
role Based Access: The system shall restrict access to system data and functionality
based on a user’s role�
minimal Access Controls: The system shall provide the user with only the minimum
necessary authority to access content and applications dependent of login level�
multi-factor Authentication: The system should have support for multi-factor authentications�
multi-level Access Control: The system should support the use of multiple levels of
security� A user should be required to submit credentials at the maximum requirement
according to a given page view� If a user who is currently authenticated at a lower level
(e�g�, LDAP username/password) originally accesses a page with content requiring higher
levels of access, the system will not present the content, but will present a window for
higher credentials (e�g�, Radius) and then present the page�
Authentication Passing: The system shall be capable of passing user credentials and
profile information to other applications�
single sign on: The system shall support “Single Sign On” functionality�
3rd Party single sign on: System shall support the integration of popular Single Sign-on
Servers like LDAP, NTLM, OpenID, OpenSSO, Josso�
federated idm: The system should support FIM (Federated Identity Management) -
allowing users to leverage multiple identity authorities�
Authentication encryption: The system must encrypt all authentication credentials when
transmitting over insecure links�
Authentication storage: The system must not embed usernames and passwords in plain
text within executables, scripts or stored procedures�
1 2 3 4 5 totAl
system security: The system shall systems to implement strong security polices and
provide systems for monitoring internal and external violations�
encrypted dB Password Passing: Username and password information shall be encrypted
when passed from portal to the databases�
ssl support: The system should provide selective or optional SSL (SSL can be applied to
specific pages, not all or none)�
Cookie expiration: If cookies are required for authentication, then the system should be
configurable to delete the cookies after a session has ended�
Cookie data: The system must not place sensitive information in cookies
security Assessment: A vulnerability assessment as well as security best practices toolkit
should be available�
secure remote Administration: The system should provide secure support for remote
administration, management, and monitoring�
naming Convention: Applications should avoid using Universal Naming Convention (UNC)
paths to access network resource
source Code security Practices: The system must assure that source code does not reveal
sensitive information through hidden form fields or excessive use of comments� User
visible source, like HTML, should be free of comments or commented code that might
reveal internal workings of the server side code and security mechanisms�
in transit security: The system must ensure that safeguards are in place that prevent
malicious or inadvertent changes to data in-transit or off-line (man in the middle, replay,
offline reporting DB, etc�)
url security: The system shall not place user credentials or session ID information in URLs
Application environment data: The system must not embed or hard-code any application
or environment information in unencrypted format
fully Qualified Path filenames: The system must use only fully qualified absolute path
and filenames
Post method: The system must use the POST method when HTML forms are submitted
with sensitive information
Audit: (Point of Access): Each item in the audit log must minimally contain the associated
point of physical access
Audit: (Simultaneous Login): Simultaneous login using the same user IDs must be tracked�
Audit: (Sensitive Information Access): Successful access to Sensitive security resources
must be tracked�
external data: Any externalization of data (e�g� backups and data transports) will be encrypted�
hiPAA: (Data Access Notification): The system must be able to notify the user when
personally identifiable information and/or protected health information (as defined by
HIPAA) is accessed�
hiPAA: (Encryption): The system must be able to support encryption as required by HIPAA
secure Communication: The system must use encryption (e�g� SSL/TLS) in all
communication channels (web, database, backups) and also for the transmission of files
and electronic reports to/from clients and other services�
encrypted data objects: The system should allow administrators and developers to
specify attributes that must be encrypted before they are stored or transmitted�
Page Cache: The system must not cache Web pages containing sensitive information
new user security setup: The system should provide the ability to initiate procedures and
workflow tasks associated with security procedures when a new user is created or updated�
Audit: (Security Activity): The system should allow audit trails and reports of creation or
changes to access controls and data access�
Global timeout: An individual’s logout or timeout (automatic logout after administrator
defined time period of inactivity) will force logout from all other systems�
real time: (Session and Activity Monitoring): The system should allow configuration of
tools to allow real time monitoring of session or activity for individuals�
Browser/system Cache deletion: Previous session logins should be hide able for future
logins from same system/browser�
database Change security: The system must ensure that no database changes are made
through unapproved mechanisms (no ad hoc SQL updates) that might circumvent business,
audit, or access control rules (unauthorized users, users in the wrong database, etc�)�
deployment security: All parameters supporting the deployment process should be
passed either as command line options or retrieved from a secured data source�
Auth failure notifications: Specific authentication failure information should be
unavailable to end users�
1 2 3 4 5 totAl
existing infrastructure integration: The system shall provide easy integration with existing
infrastructure (DB, Application Container, Scalability, Security Infrastructure, IdM, etc�)�
existing services: The system shall provide easy integration with existing applications
through multiple mechanisms, iframe, screen scrape, API, SOAP, REST, etc�
system APis: System should provide availability of APIs and Web Service interfaces in all
major modules (authoring, templates, workflow, repository, publishing)�
service oriented Architectural Guidelines: The application must support a Service
Oriented Architecture (SOA) employing rigorously partitioned presentation, business
process, business logic, system integration, data access, and data storage layers�
soAP: Web service interfaces should support the SOAP 1�2 or later standard protocol�
security: Web service interfaces should be secured according to the OASIS WSS 1�1 or
later standard�
rest: The system shall support the integration with REST services and should provide
RESTful interfaces to Portlet or system features�
sharepoint integration: The system should support access to information available in
distributed Sharepoint sites� This should include access to tasks, bookmarks, and doc
Google docs integration: The system should integrate with Google Docs such that it has
the ability to open and store documents from Google Docs repository� They system will
handle Single Sign On to Google for users and will allow check-in/check-out of documents
within the Google Repository�
email/Calendar: A connector to email and calendaring systems should be available,
including Notes, Exchange, Google, iCal/IMAP�
Content managementt systems: System should provide integrations with leading
third-party Content Management Systems and should support integration to content
repositories using JCR (Java Content Repository, JSR-170) and CMIS�
instant messaging services: The system should support standard integration to leading
instant messaging services from AOL, Google, Yahoo, MSM, Lotus Sametime and Jabber�
search: The system should support integration with multiple external search engines� The
integration should allow all content within the system to be indexed by the third party engine
and allow the users to enter search queries within the web pages included in the system�
data Access layer: The Data Access layer must use open standards, such as JDBC and ODBC�
Complex datatypes: The system should support a Data Access layer to retrieve and store
complex data objects and/or complex behavior such as date-relational updates and
optimistic locking�
system function documentation: Complete documentation of the system interfaces and
methods shall be available�
IntEGRAtIon totAL
1 2 3 4 5 totAl
Production Architecture: Basic installation for development and QA testing shall be
easily accomplished�
system installation documentation: The system must include documented installation
procedures that include all necessary system and application settings�
Architectural distribution: System should support the physical distribution of various
modules to simplify scalability and failover�
Clustering: Installation for clustered, mission critical support shall be easily accomplished�
Geographical distribution: The system must be designed to support geographically
diverse deployment to multiple sites�
Availability and failover: Support for cache replication and failover�
Cluster failover: System shall allow fail over of process and session data�
database failure: The system must attempt to reconnect to the database cluster without
user interaction whenever a broken or corrupt connection is detected�
human readable url: System should support generate human readable URLs to
published contents�
database replacement: The system should provide flexibility in the data layer to
exchange database engines with minimal impact to the application�
database documentation: The system should include table and data layout
documentation, including data descriptions for all fields in tables and interface files�
internationalization: The system should support all requirements for accessibility and
internationalization including support for double-byte languages�
Customization: Customization changes must not required database schema changes�
database Connection Pooling: The system should support the use of database
connection pooling�
Concurrent localizations: Shall support multiple concurrent localizations�
Access, Administration debug logs: Multiple levels of logs shall be available for access
trail, administration and debug�
installation Backout: The system should provide the ability to back out a failed deployment�
upgrade in place: The system must support migration of data and upgrade of software in place�
rolling upgrades: The system should support rolling upgrades, allowing upgrade of
components one at a time, e�g�, updates of Identity Mgmt Layer, then Portal Instance 1,
then Portal Instance 2�
Automatic deployment: The system must support the ability to automatically deploy
without direct intervention from development or testing staff� It should not be necessary
to manually create, copy, or edit directories or files�
Automatic upgrade in Place: The system should be able to support automated “upgrade
in place” migration paths from one version to another� Minor and Revision upgrades
should fully support automated upgrade in place features� Major revisions should support
sequential upgrade in place features, but do not specifically need to support automated
upgrades that skip major versions�
network Address update: The system must be architected to permit changes to network
addresses without impacting the interface configuration�
multi-threading: The system should take advantage of multi-threading/multi-processing
where appropriate�
Abnormal load: The system shall be able to gracefully handle abnormal load conditions,
including accepting and completing all use demands, and then return to normal operation�
system downtime: Minimum maintenance downtime requirements�
Backup and restore: The system must provide the ability to execute backup
and recovery procedures�
Partial Backup and restore: The system should support both full and partial backup
and restore of system applications, application data, themes, user database, and system
configuration data�
unavailable Backend services: The system should be able to operate normally if
integrated systems are unavailable (e�g�, if a calendar server is down and page is accessed
with calendar portlet)�
Version dependency: Content, Portlet, widget, gadget data should not be system version
dependent� All system upgrades should support existing application data�
Business logic: The system should not encode business logic in the database�
Client support: The system should support a broad range of client browsers and user
1 2 3 4 5 totAl
system Administration interface: The system shall provide a browser-based interface
to configure and manage system aspects (e�g�, start/stop instances, cluster creation,
configure/view log files, URL aliases, user/group administration and system
management services)�
Administration Cli: The system shall additionally provide a command line interface for
most administration functions�
local and remote Administration: The system should provide the ability to manage the
system from both local or remote access�
system monitoring: The system shall allow system monitoring per instance and for the
entire system�
3rd Party monitoring: They system should provide a base set functionality and shall
provide full integration to third party monitoring tools�
system health: The system should support the continuous measurement of system and
application health including resource consumption and application access�
log, Audit: Every item in the audit log must contain the date and time of the event,
the name of resource accessed, the success/failure of event, and the user ID of the user
performing the event�
log, Access and Activity: Activity logs should be configurable and complete for audit,
performance and security requirements�
log, Activity duration: All activities must be traceable for the duration of the request or
activity and should be associated with the user who is performing the activity�
log Configuration Change: All changes to identity elements including the addition of
users, disabling or deleting of users, assignments to and out of roles must be tracked�
log, Access failures: Invalid or unsuccessful user authentication attempts and
unsuccessful data or transaction attempts must be tracked�
log, security: Audit logs shall be logically and physically secured to prevent inappropriate
and unauthorized access�
log, Passwords: Passwords must not be captured in audit logs�
log, reports: The system must provide a mechanism to retrieve and report information
on logged events�
log, max, Average transaction times: The system should support the tracking of
max concurrent transactions and concurrent users, average/max transaction time,
transactions per second�
system reports: The system should allow custom reports to be developed for various user
defined roles (e�g�, user account administrator)�
Click stream Analysis: The system should support click stream analysis of individual behavior
within the system and the ability to provide this behavior data to third party applications�
user Administration: Administrators and users should be able to add,delete,change and
suspend users and organizations, group, role, community membership�
Page definition and layout: Administrators should have the ability to define pages
including content, layout, attributes, access requirements and meta data�
theme Administration: Administrators should be able to define themes per page,
community site�
template management: Administrators should be able to create, manage and edit
templates and their deployment�
Portlet intercommunication: Administrators should be able to configure portlet-to-portlet
interactions� This can include context awareness, content sharing, or event handling�
Version: The system should allow administrators to validate the version and patch levels installed�
1 2 3 4 5 totAl
development Platform developer toolkit: The system shall include a complete developer
toolkit for all aspects of development including documentation and training for leveraging
capabilities associated within the system�
tooling support: The system shall include support, documentation, training and any
necessary developer kits supporting popular open source development tools such as
Netbeans and Eclipse�
Content, Application, Page, Authorization, rules and theme separation: System shall
allow modular development of an application as a set of Themes, Pages, Page Behaviors
(authorization and interoperability rules within a page), Content and Web Components�
The system shall allow easy additions of new Web Components and updates to themes,
pages and behaviors�
developer support: The system shall provide features to support development including
tracing, debugging and error tracing�
development lifecycle: The system shall allow content, themes and applications to be
developed separately and quality tested within one deployment to be easily migrated to a
production deployment�
Accessibility and internationalization support: The system shall support all methods to
support the development of themes, content and applications that support all accessibility
standards and internationalization�
Web Component intercommunication: Web Components should be able to
intercommunicate when placed on the same page (e�g�, clicks within a catalog portlet
display results in a larger portlet)� Simple methods should be available to wire multiple
components together�
theme development: System should support standard web development methods for
building rich themes which can be used across multiple web pages�
multiple skill level development: The system shall provide multiple methods for developing
content, behaviors and applications, such as developer tooling (Java, �Net, PHP, Ruby, Ajax,
Html) vs Web Based Rapid Application Development or Command Line Interface�
Portlet, Gadget, Widget support: System should provide support for development of
themes, pages and web components with multiple application languages and frameworks�
mashup development: System should support and provide tools to develop Mashups�
html, Css and AJAX support: The system should simplify the development of content
and applications which leverage HTML, CSS and AJAX�
Java support: The system shall support the development of themes, web components,
interactions and behaviors using Java EE components (JSP, Servlet, EJB)�
.net support: The system should allow development with or integration to Microsoft
�NET 3�0 technologies, including Windows Communication Foundation and Windows
Workflow Foundation�
PhP/ruby/Groovy support: The system should be able to support the development of
web components with PHP/Ruby/Groovy and other rich application development styles�
multiple Content type support: System shall support the use of text, images, dynamic
content, audio, video within web components, themes and pages�
integration support: System shall support SOAP and RESTful integrations with external
systems� The system shall additionally support WebDAV and ATOM Protocols�
interface - Application separation: The system shall include and allow development of
service interfaces which permit the introduction of new interface protocols with little or no
impact to the application environment�
Business rules Application development: They system should include, or integrate with
a 3rd party, Business Rules Engine which can define the behavior of web components or
page behavior� Rules must be editable from online configuration tool without the need to
modify application source code�
sms support: Developers should be able to develop applications and behaviors that
support SMS inbound or outbound messages�
device detection: Device detection should support the development and access to
content and applications from multiple device (mobile) types, browsers and languages�
mobile development: Users should be able to manage their mobile preferences for
content and layout template�
DEvELopMEnt totAL
1 2 3 4 5 totAl
support options: Multiple support levels should be available, from access to code, access
to patches, web support, telephone support, highest level of mission critical support�
telephone support: Telephone support should be available with definable support levels
of agreement (SLA) with defined response and resolution times�
Web Based support: Support options should include access to open, close, edit trouble
tickets via a web interface or email� Individuals should be able to define issues and receive
email support and advice� Web based support should include a guaranteed response time�
multiple Customer Contacts: The support options should allow multiple individuals from the
customer to contact support for technical support and to be able to open trouble tickets�
emergency support: Customers should additionally be able to have a guaranteed
response time for emergency situations�
Patch updates: Support should include hot patches, regular patch updates and
consolidated patches for each supported version�
future feature input: Customers should have input to the prioritization of features in
future versions and have ability to sponsor feature development�
Customer Portal: Customers should have access to a centralized customer portal that allows
access to downloads, patches/service packs, product and technical documentation, training
schedules, customer reference documentation as well as alerts and product bulletins�
diagnostic tools: The system shall provide documented diagnostic tools, methods and
procedures to isolate trouble and simplify support�
support Authentication level: System recover process must not require support
personnel a greater level of operating system or database access than is standard�
SUppoRt totAL
1 2 3 4 5 totAl
Community size: The product should have a large and growing developer community�
Partner network: The product should be supported by a Certified SI partner network�
isV network: The product should have a growing ISV network delivering applications for
the product line�
reference texts: The community should be supported by multiple third party reference texts�
documentation: The product should have extensive documentation and training materials
available produced by the product eco-system�
Community Collaboration: Community members should have access to multiple methods
for collaborating and sharing ideas and information, (e�g�, user groups, user conferences,
forums, wikis, social networking site groups / forums)�
Eco-SYStEM totAL
coMpAnY AnD pRoDUct pRIcInG
1 2 3 4 5 totAl
flexible Pricing: The company should provide flexible pricing and licensing options such
as license plus annual maintenance and upgrade fee, annual subscriptions and Unlimited/
Enterprise Wide Licensing Agreement pricing�
Product Costs: The system is available at highly resonable prices� This includes all modules
required for enterprise wide use and reliability�
installation Costs: The system can be installed, configured and integrated into existing
infrastructure at highly resonable prices�
flexible Billing: The company should provide simple and flexible billing programs (e�g�,
annual, semi-semi-annual, quarterly billing, VISA and Purchase Order payments)�
integration Availability: The company should actively encourage, discover and promote
to customers, information on integrations and ancillary applications developed to work
with the system�
Product Alerts: The company should provide an infrastructure to ensure customers
receive ongoing access to product alerts for patch updates, security alerts, and general
administrative alerts�
Professional services: Professional services as well as recommended and certified partners�
Price Protection Programs: Customers should also be presented with price protection
programs in order to protect from renewal license increases (e�g�, multi-year contract, max
annual fees, etc�)
strong revenues: The company should have strong revenues supporting a mature
organization that includes engineering, support, training and documentation, services,
business development, marketing/sales�
coMpAnY totAL
Liferay offers a number of resources to simplify evaluation and
use of its products� These resources are designed to quicken the
pace of learning at varying degrees of depth to support users of
all skill levels�
Product Details
Evaluators of Liferay Portal should review our website for
concise descriptions of features, benefits, case studies, and
technical specifications:
Evaluators may also wish to review the list of included portlets�
Please contact for more information�
Product Download
Liferay Portal Community Edition is available for free download here:
Please contact sales for a trial of Liferay Portal Enterprise Edition�
Liferay offers two repositories of software plugins� Community
Plugins are contributed by our worldwide open source community�
Official Plugins are files and add-ons (themes, layouts, portlets,
etc�) to our core Liferay technology contributed, tested, and
approved by the Liferay core development team�
Lifecasts are video tutorials that can be viewed online or
downloaded for later study:
Product documentation, whitepapers, and reference papers are
available online and in print:
Community Content
Liferay boasts a large and vibrant open source community that
actively add to a store of product development knowledge on via Liferay’s official blogs, forums, wikis, and
issue tracker� Users and evaluators of Liferay can leverage these
resources to evaluate and support Liferay installations and also
participate in the activity to impact future product development�
Liferay Resource Guide
Liferay Events and Webinars
Annual Liferay Symposium events are hosted around the world,
where developers, business leaders and partners meet the
product’s core engineering and business leaders to discuss new
innovation and the market’s demand�
Additionally, regular live webcasts are presented on both
technical and business topics�
Please see our calendar of past and future events:
CE vs. EE
Customers evaluating Liferay Portal should review the differences
between Liferay Portal CE and Liferay Portal EE in terms of
additional features, incident resolution support, and available
services� A comparison table is available here:
Pricing Options & Indemnification
Those choosing to implement Liferay Portal EE should review
their options for Service Level Agreements (SLAs) and the
available indemnification options�
Three levels of service (Basic, Gold, and Platinum) include varying
access and privileges for software updates, professional services,
incident resolution support, training discounts, End of Service Life
(EOSL) policy, and indemnification�
Three pricing options are currently available: Annual Subscriptions,
“License + Updates and Support”, and Unlimited Subscription�
Basic customers are only eligible for annual subscriptions
(per server pricing) while “License+Updates and Support” has
a one-time fee per server plus an lower annual fee per server�
The unlimited subscription allows unlimited use by the customer
based on an annual fee� Please email for more
the latest pricing information�
Liferay Professional Services
Liferay’s professional services team provides a range of services to
EE customers, including enterprise support, training, and consulting�
• enterprise support is available in Basic, Gold and Platinum
levels� See pricing sheet for details on SLAs�
• Public training courses available around the world include:
· Liferay Developer Training
· Portal Administrator Training
· System Administrator Training
Complete course descriptions and calendar are available at:
• Consulting services from Liferay, Inc� are offered by the
very people who design our products� Our consultants work
alongside your team to create customized solutions that
address every aspect of the application lifecycle� Several
consultative offers are available:
· installation Assistance
· Assistance with installation, deployment, and configuration
· migration Assistance
· Assistance with migration from any portal to Liferay Portal
· Assistance with migration of applications onto Liferay Portal
· Custom solutions
· Creation of customized solutions to meet specific client
· system Analysis and design
· Analysis of end-user needs and business requirements
· Assistance with software design
· front-end theme design
· Creation of front-end themes to reflect client branding
· Code Validation
· Validation service for client portal development projects
· Minimization of troubleshooting  
· Architecture Assistance
· Insurance of best practices approach to portal development
· Provision of detailed plans for recommended enhancements
· Performance tuning & scalability
· Recommendation of hardware and software environment
for organization needs
· Liferay Portal performance optimization
· Set-up of clustered environments for maximum scalability
and fault tolerance
Liferay Partner Network
Liferay’s Partner Network consists of Service, Technology and
Solution Partners� See: for a
complete list�
• liferay service Partners (US and International) provide a full
offering of professional services and support for Liferay Portal�
You can rely on certified Liferay Service Partners in your area
to provide the Liferay expertise you need�
• liferay technology Partners provide complementary solutions
for Liferay Portal in various application spaces, including
operating systems, directory services, enterprise content
management, and more�
• liferay solution Partners have embedded Liferay Portal into
their products and created additional features to address
particular solutions (such as learning management) or industries�
Liferay competes well against the major software vendors as well as all lighter weight and open source platforms�
Lower Total Cost of Ownership
Lighter Weight: Improved cost/reliability
Simpler Architecture
Open Source Community
Web CMS built in
Included Social Networking, Collab Services
Supports Java, PHP, AJAX, Flash, etc�
Leading Community
Broad Partner Network
Included Portal Capabilities
• Industry Standards
• Personalization, Content Aggregation
• Micro-sites
Richer Functionality
• Included Web CMS, Collab, Social
• Supports Gadget, Widget, Portlet
Broad Platforms Specific Features
Application Tiers Presentation, business logic, data access, and data storage layers supporting the application architecture�
Authentication The process of attempting to verify the digital identity of the sender of a communication such as a
request to log in� The sender being authenticated may be a person using a computer, a computer itself
or a computer program�
Authors Content contributors using WCM backoffice for entering content
Backoffice WCM interface used by contributors for managing content
Beta Testing A test of a computer product that is done in a real environment (outside of the vendor’s control),
prior to release of the product commercially� Typically, the client picked for Beta testing is running the
product on a smaller scale� Any bugs identified can be resolved prior to final release�
Branding A name, logo, slogan and or design scheme associated with a product, service or company� Generally
it is easily recognizable�
Common Network
Central access point for entry into the system� There may be multiple physical devices/locations
supporting a Point of Presence but access must be controlled through a single network identifier that
remains consistent for the consumer� The network destination must also remain static regardless of
system administration, business continuity, or disaster recovery procedures�
Component Object Model COM; Microsoft’s framework for developing and supporting program component objects�
Concurrent Users Users executing the same process at the same time�
Configurable A relative arrangement of parts and elements which together provide a functional process� In
software, the application is written to permit modification of different elements, thresholds,
components, and so forth, by the user community�
Content type Model of content, defining by fields to be completed by contributors, independently from how they
will be presented
CSS See Error! Reference source not found��
DAM “Digital Asset Management”, platform for managing media to be used in various places (document,
site, offline advertising…)
Data Access Layer Abstraction layer between the application and data storage leveraged to retrieve and store complex
data objects and complex object behavior�
Data Control System A system that primarily accepts or rejects incoming files, directs ‘approved’ files to the appropriate
sub-system and performs a final verification on outgoing files�
Data Log A database record with a user stamp, time & date stamp when the record is processed�
Data Storage Layer Provides a shared repository for persistent operational and functional data�
Deployment Action of migrating a computer application (or application version) from a development or QA
environment to a production environment� “Failed Deployment” back out targets the effort and
resources required to return to the original application if the installation of the new software fails�
Document Object Model
A programming interface specification being developed by the World Wide Web Consortium (W3C);
lets a programmer create and modify HTML pages and XML documents as full-fledged program objects�
Down Time Latency The period of time that a machine, system or application is offline or not functioning, usually as the
result of a system failure or routine maintenance�
Electronic Communication Communication of information via web services, email, or a fax�
Environmental Pre-requisites In this RFP, refers to the hardware and software required to run the application efficiently�
Frontoffice Web sites deployed from WCM backoffice
Industry References and Glossary
Installation Procedure
Provides instructions for installing the product and performing all software and hardware
configuration necessary for starting and running the software� Includes information on the product as
well as any relevant information and procedures for supported hardware and software platforms�
Integration Testing The phase of testing where individual software modules are combined and tested as a group� This is
typically done after unit testing has occurred� The purpose is to verify functional, performance and
reliability requirements�
Least Privileges Approach The “least privileges approach” security principle requires that a user is granted the minimum
privileges needed to perform tasks associated with their job function and responsibilities�
Link A connection between places, persons, events or things�
Maintain Data Implies the ability to add new records, modify existing records and delete existing records�
Multi-Lingual Interface Allows all customer-facing components availability of presentation in multiple languages� The
language setting is defined independently by each user accessing the system and is not inherently
assumed by other users using the same application�
Performance Testing Performance testing is performed to determine how fast some aspect of the system performs under
a particular workload� It can serve to validate and verify other quality attributes of the system, like
scalability and reliability�
Presentation Logic layer The interaction point for incoming user requests�
RSS “Really Simple Syndication”, Internet standard for defining how content should be exchanged
(essentially XML format on HTTP channel)
Scalability A desirable property of a system, network or process, which indicates its ability to either handle
growing amounts of work in a graceful manner or to be readily enlarged�
Schedule Management See Time (Schedule) Management�
Scope Management Primarily concerned with defining and controlling what is and is not included in the project�
Search Ability
(Across Online Help)
Ability to search the online help provided with the software for words and phrases
entered by the user�
Searchable Keyword Index A keyword index, such as in a document or a help file, that includes a search utility or field�
Security Certificates Information that is used by the Secure Sockets Layer (SSL) protocol to establish a secure connection�
A security certificate contains information about its ownership, issuer and valid dates, and an
encrypted “fingerprint” that can be used to verify the contents of the certificate� In order for an SSL
connection to be created, both sides must have a valid security certificate�
Service Level Agreement
A formal negotiated agreement that defines the relationship between 2 parties, typically a service
provider and a recipient� Included components may be:
Services to be delivered
• Performance, Tracking and Reporting
• Problem Management
• Legal Compliance and dispute resolution
Service Oriented Architecture
The underlying structure supporting communications between services� In this context, a service is
defined as a unit of work to be performed on behalf of some computing entity, such as a human user
or another program� SOA defines how two computing entities, such as programs, interact in such a
way as to enable one entity to perform a unit of work on behalf of another entity�
Single Sign On (SSO) An access control method that authenticates a user’s credentials once to give the user access to
the resources of multiple software systems� SSO eliminates the need for the user to enter further
authentications when switching from one application to another�
SOA See Service Oriented Architecture (SOA)�
• Customer duties and responsibilities
• Security and confidential info
• Termination of agreement
SSO “Single Sign On”, concept for unifying identification and authentication of visitor using several secured
applications which are not designed to work together
SSO See Single Sign On (SSO)�
Stored Procedure An operation that is stored with the database server� Typically, stored procedures are written in SQL�
Structured content Content contributed from a content type entry form
Sub-Administrator A client’s employee designated to manage user-access for all of a client’s user community�
System Testing Testing conducted on a complete integrated system to evaluate the system’s compliance with specific
requirements� System testing should require no knowledge of back-end design or code logic�
Systemic Transition Process to systematically and seamlessly move existing components, tables, parameters and other
required elements that have been updated at the initial implementation of the software package, to
any new version of the same package�
Template Presentation model to be used on content type in order to generate output (HTML page, PDF…)
Time (Schedule) Management The processes required to accomplish timely completion of the project�
Unit Testing Testing used to validate that the individual units of source code are working properly� A unit is the
smallest testable part of the application�
Universal Naming Convention
A PC format for specifying the location of resources on a local-area network (LAN)� UNC uses the
following format: \\server-name\shared-resource-pathname
Unstructured content Any content entered into the WCM backoffice outside from content type entry form, e�g� images,
flashes, videos, documents, binary files…
User Acceptance Testing or
Acceptance Testing (UAT)
Testing used to obtain confirmation by a subject matter expert (SME), preferably the owner or client
of the object under test, that the modification or addition meets mutually agreed-upon requirements�
In software development, UAT is one of the final stages of the project and often occurs before a client
accepts a new system�
Visitors Persons consuming published content on sites (Internet, Intranet…)
“Web Accessibility Initiative”, Internet standard for designing HTML page to be accessible by people with disability
Web Component A portion of a web page, usually a Portlet, Gadget, Widget�
WCM “Web Content Management”, platform for managing content to be deployed on web site (internet,
intranet…)� Actually, Pollen or Broadvision 1-to-1 Content� WCM is excessively replaced by CMS
(Content Management System)�
World Wide Web Consortium
The W3C is an industry consortium that seeks to promote standards for the evolution of the web and
interoperability between WWW products by producing specifications and reference software�
XML Extensible Markup Language; a flexible way to create common information formats and share both
the format and the data on the World Wide Web, intranets, and elsewhere�
liferAy, inC. is the provider of leading enterprise open source portal and collaboration
software products, used by major enterprises worldwide, including Allianz, AutoZone,
Benetton Group, Cisco systems, lufthansa flight training, the french ministry of defense,
and the united nations. liferay, inc. offers professional services, technical support,
custom development and professional training to ensure successful deployment in the
most demanding it environments.
© 2010, Liferay, Inc. All rights reserved.