Duke Chapel standing over campus building

Category: Web

Building a Website

Sites are complex digitals spaces that have multiple moving parts. They are an intersection of evolving digital standards that can have very steep learning curves. It takes multiple teams of people to keep sites running securely and smoothly. Accessibility, security, design, and development are areas that most communicators must have a basic understanding of in order to produce an effective digital product.

Building a site at Duke may seem a little daunting but the guide below can act as a starting point for building secure, accessible, on-brand sites for your organization.

Domains – What is the url?

Internal

  • Third-level domains: (requires University Communications approval)
    trinity.duke.edu, publicaffairs.duke.edu
  • Fourth-level domains:
    labs.trinity.duke.edu, project.chemistry.duke.edu
    does not require ONC approval
    Managed through system administrators

External

Web Accessibility – Who can see it?

Everyone. Everyone should be able to access a public site at Duke. Duke’s Web Accessibility Initiative exists to ensure people with a wide range of abilities have equal access to Duke’s web content. It is the central resource for information, guidelines, and Duke’s official web accessibility guidelines.

Common Integration Areas – Can it work with…?

Integration with enterprise systems depends on the application and format. Please contact the applications support teams directly for more integration.

Web Security – Is it safe?

Security is CRITICAL. If a site is deemed to be a security risk (through a breach or lack of appropriate security or versioning upgrades) the IT Security Office reserves the right to take a site offline until that site is cleared to be restored.

You should be aware of the following security policies and guidelines:

  • Data Classification Standard. Duke has defined three classes of information: Sensitive, Restricted and Public.
  • Web Hosting Policy. Guidance and options for those managing websites at Duke.
  • Acceptable Use. Establish and promote the ethical, legal, and secure use of computing and electronic communications for all members of Duke University and its affiliated entities.

Service Level Agreements – How can I keep it up?

–What does maintenance really mean?

Once a site is launched and past its QA period, sites typically move into “maintenance”. Maintenance can refer to the general updates of the site but the most critical component is the upkeep needed to keep the environment (infrastructure) up-to-date. Restated: the platform (Drupal/WordPress), as well as the hosting space, require regular attention and updates to keep them from becoming a security risk.

If you’re working with a vendor: Any work being done through a contract organization – internal or external – requires a minimum service-level agreement of 10 hours per year. Due to the changing nature of the web and the need for version and security upgrades on our preferred platforms, site owners need to identify some portion of their budget and calendar for updates and patching. Without this, sites are subject to vulnerability and attacks. Should a security breach occur, the security office may remove the affected site until it can be confirmed as no longer a risk. IT organizations such as OIT and DHTS cannot be held responsible for sites and actions that they did not create nor participate in.

Web Site Development – How do I make it?

Self Service Site Options – Sites@Duke

Duke Sites@Duke platform is WordPress build that offers a robust set of easy-to-use tools, including Duke-related themes and a Duke URL. The service also provides user and group management through the Duke NetID authentication system.

Duke’s WordPress service provides an easy way for Duke faculty, staff and students to set up a website or blog using predefined design templates (themes) and plugins that users can choose to enable within their sites as they see fit. There is no charge to users.

Semi-custom Using Existing Themes

There are several administrative themes or templates available as a base for Duke sites. The semi-custom options are offered through the Central Web Services group and through some preferred vendors. Use of an existing theme will ensure compliance with Duke brand and is usually a more cost-effective solution for groups with limited budgets.

Custom internal – Duke Web Services, Trinity Technology Services, and the other web development groups across campus

Custom websites can be developed using internal and external resources. With custom site development a bidding process is required. (See Working with Vendors) After obtaining 3 bids (one of which MUST be from an internal service provider if the service is offered within Duke) you will also need to coordinate hosting and domains. (see below). Any custom work still has an expectation to meet the overall Duke brand and online experience. We encourage you to invite the Marketing office into your project as a liaison with your project, the service provider and broader Duke.

External Vendors

The abundance of work across Duke can’t be met by the in-house resources alone. We utilize vendors from around the area including some in other areas of the country and abroad. The following guidelines have been developed to streamline the process of working with external vendors. (See Working with Vendors)

Hosting – Where Does it Live?

Providers within Duke

  • OIT maintains a centralized web hosting environment that provides virtual servers (VMs) to both OIT supported services as well as applications and services supported by the departments and schools across Duke University. To meet the needs of a majority of OIT’s VM requests and to provide a consistent offering, a set of standard offerings and processes has been created and details can be found at the following links:
  • DHTS Centralized frameworks are based on the following technologies and platforms:
    • External Web Sites: DRUPAL Content Management Platform (Linux, Apache, MySQL and PHP based). Some of our old sites are in Xoops CMS until we migrate away to DRUPAL
    • Intranet Sites: Mocrosoft Sharepoint 2010 (Windows Server, IIS, MS SQL Server and .NET based)
    • Contact the DHTS web services group for more information.
  • Your school/dept/unit
  • External (requires Web Governance Group approval)
  • External vendors need to host through Duke

Types of Hosting

  • Sites@Duke: free
  • Virtual Machine: custom
    • Compliance with Duke’s security standards
    • Automatic OS updates/upgrade
    • Help with Shib and site set up
    • Backups and monitoring
    • DNS assistance
  • External (requires WGG review): really custom

Costs

  • $500-$700 (annual OIT average) May be subsidized through departmental agreements

Web Resources at Duke

Alert Bar

Syndication technology allows for a web bar to appear automatically on websites across the university to highlight emergency news and other alerts. The alert bar accommodates two levels of information. Level 1 alerts, represented by a red bar, will be used for emergencies and will link to the DukeALERT website for additional information. Level 2 alerts, represented by an orange bar, will be used for important messages such as pending severe weather or a gas leak in a building. Download instructions for adding the DukeALERT bar to your website.

Web Fonts

Web fonts are a great way to enhance your site. They provide a more creative license in our communication materials and allow more flexibility and scalability across devices. Because they are vector based they render with crisp edges, clean lines and deep color.

Fonts affect load times as well as your sites’ aesthetic. Don’t use more than 2-3 fonts per site as this will negatively impact your sites’ performance. Since they play such a vital role in a consistent brand execution, refer to the university’s brand system for current font systems and use.

As always, our legacy fonts of Interstate and Garamond are available by request. See University Logos and Fonts in the Brand Guide.

SEO

A website has no value if no one can find it. Therefore, a critical component of any online strategy is search engine optimization (SEO). SEO is by no means an exact science. There is no single action or technique a website owner can employ to ensure his or her site will rank well. By following a basic set of principles for good web content design, the chances of achieving favorable rankings greatly increases.

Use this checklist.

Domain Names

Domain names require approval from the Office of Public Affairs. As a general rule, try to stay away from long, cumbersome spellings or ambiguous acronyms. Use fourth level domains if possible to show associations between units and schools.

Domains obtained by third party organization are the responsibility of the purchaser and should not utilize the duke brand without permission. Read the Duke Domain Request Policy and follow the link at the bottom of the page to complete the request form.

Analytics

Duke’s preferred platform for measuring web site traffic is Google Analytics. If you are unfamiliar with Google analytics or need help getting started, check out Google’s tutorials.

Accessibility

Duke sites and applications must accommodate a baseline level of accessibility to ensure our content reaches as many people as possible.  Duke aims to meet the WCAG 2.0 AA standard. The Web Content Accessibility Guidelines (WCAG) are driven by the larger international standards organization for the internet, the W3C. These standards, published in 2008, are based on 4 key principles: Perceivable, Operable, Understandable and Robust. Within these standards are 3 levels on conformance. A, AA, AAA.

It is important to note that web accessibility is accommodated through both the back-end development of a website AND the content that website houses. PDF’s are a big culprit of accessibility violations and it is critical that our communications professional know and understand the pitfalls of the web accessibility from all angles. Duke also has dedicated resources for educating and addressing web accessibility. Please visit the Duke Web Accessibility site for more information.

Service Level Agreements

Any work being done through a contract organization – internal or external – requires a minimum service-level agreement of 10 hours per year. Due to the changing nature of the web and the need for version and security upgrades on our preferred platforms, site owners need to identify some portion of their budget and calendar for updates and patching. Without this, sites are subject to vulnerability and attacks. Should a security breach occur, the security office may remove the affected site until it can be confirmed as no longer a risk. IT organizations such as OIT and DHTS cannot be held responsible for sites and actions that they did not create nor participate in.

Security

Duke websites present a very viable risk to the university and can provide an avenue of attack against other Duke systems. There is a direct relationship between website compromises and unpatched web environments and associated servers. In an effort to improve the security of all Duke’s websites, the IT Security Office (ITSO), Office of Information Technology (OIT) and University Communications have developed guidance and options for those managing websites at Duke.

Website Best Practices

A little goes a long way. Though there are a lot of industry standards with regards to mark up, responsive design, SEO, etc, here are general considerations to keep in mind when taking on a new project: (From Bean Creative)

  1. Go responsive — all design is responsive design. Your content needs to be accessible whether the user is on a mobile device with a 5″ screen or a desktop computer with a 30″ screen.
  2. Offer mobile-first design, with progressive enhancement for larger screens
  3. Optimize accessibility to create a user experience that is fully accessible to all viewers — everything from supporting people with disabilities to serving up clear images for devices that support 3x+
  4. Emphasize UX with good typography, leveraging the increasing number of web-specific typefaces and typekits, like Google Web Fonts, Adobe Typekit, etc.
  5. Focus on long-form content as opposed to click-thru content
  6. Provide CLEAR, real time feedback during form interactions. Don’t force users to guess the formatting needed, and consider small additions like auto tabbing between fields and formatting as you type to be super user-centric

Favicons and App Icons

The Garamond “D” makes is a great option to use as the favicon for a website or the home screen icon for your app. Download the full favicon pack or use the icons hosted below.

Powered by WordPress & Theme by Anders Norén