Your SlideShare is downloading. ×
0
Adobe Flash Platform for the Enterprise
Adobe Flash Platform for the Enterprise
Adobe Flash Platform for the Enterprise
Adobe Flash Platform for the Enterprise
Adobe Flash Platform for the Enterprise
Adobe Flash Platform for the Enterprise
Adobe Flash Platform for the Enterprise
Adobe Flash Platform for the Enterprise
Adobe Flash Platform for the Enterprise
Adobe Flash Platform for the Enterprise
Adobe Flash Platform for the Enterprise
Adobe Flash Platform for the Enterprise
Adobe Flash Platform for the Enterprise
Adobe Flash Platform for the Enterprise
Adobe Flash Platform for the Enterprise
Adobe Flash Platform for the Enterprise
Adobe Flash Platform for the Enterprise
Adobe Flash Platform for the Enterprise
Adobe Flash Platform for the Enterprise
Adobe Flash Platform for the Enterprise
Adobe Flash Platform for the Enterprise
Adobe Flash Platform for the Enterprise
Adobe Flash Platform for the Enterprise
Adobe Flash Platform for the Enterprise
Adobe Flash Platform for the Enterprise
Adobe Flash Platform for the Enterprise
Adobe Flash Platform for the Enterprise
Adobe Flash Platform for the Enterprise
Adobe Flash Platform for the Enterprise
Adobe Flash Platform for the Enterprise
Adobe Flash Platform for the Enterprise
Adobe Flash Platform for the Enterprise
Adobe Flash Platform for the Enterprise
Adobe Flash Platform for the Enterprise
Adobe Flash Platform for the Enterprise
Adobe Flash Platform for the Enterprise
Adobe Flash Platform for the Enterprise
Adobe Flash Platform for the Enterprise
Adobe Flash Platform for the Enterprise
Adobe Flash Platform for the Enterprise
Adobe Flash Platform for the Enterprise
Adobe Flash Platform for the Enterprise
Adobe Flash Platform for the Enterprise
Adobe Flash Platform for the Enterprise
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Adobe Flash Platform for the Enterprise

1,756

Published on

This presentation was given at Adobe MAX 2010 in Los Angeles.

This presentation was given at Adobe MAX 2010 in Los Angeles.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,756
On Slideshare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Questions for audience:
    Who has integrated Flex with SSL/TLS?
    Who has integrated Flex with SSO?
    What SSO product did you integrate with?
    Who has called SOAP web services from Flex?
    .NET server?
    Java server?
    PHP server?
    Other server?
    Who has called other types of web services from Flex?
    Who gets involved in server-side façade issues?
    Who gets involved in client-side Flex issues?
    Who does both client-side and server-side?
    Who is involved in BI?
    Who has already integrated with a dashboard or portal using Flex?
    Who intends to do so in the next 12 months?
  • http://www.slinnbooks.com/FDSCD/
  • Is this true for Loader.load(), URLLoader.load(), UrlRequest, SWFLoader.load() and WebService.loadWSDL()?
  • Schema-Oriented Enterprise Web Services with Flex and AIR (v2)http://www.youtube.com/watch?v=ubuq79GDhQw
    0:28 Overview
    1:26 Multi-schema diagram
    2:56 Axis
    3:40 VOMassager explanation
    4:13 VOMassager demo
    7:00 Value objects
    8:00 Reference classes
    WSDL Introspector for Adobe Flexhttp://www.youtube.com/watch?v=YzSoweoormg
    90 second demo of how to use the WSDL introspector
  • Transcript

    • 1. The Adobe Flash Platform in the Enterprise Mike Slinn http://micronauticsresearch.com http://slinnbooks.com "You can't always get what you want … (but) you get what you need." -- Rolling Stones
    • 2.  Independent software contractor firm  Focus on the Adobe Flash Platform for enterprise computing • Application development  System integration  Troubleshooting  Evaluations  Distributed system architecture and implementation • Desktop clients • Service interaction considerations • Server facade • Middleware  We are not designers, but we work with them Micronautics Research Corporation Focus
    • 3. About Mike Slinn  Principal at Micronautics Research Corporation  Recognized in US Federal court as a software expert  Author of "Flex Data Services, Eclipse and Java" http://slinnbooks.com  Author of DZone reference card " Getting Started with LiveCycle Data Services ES“  Blog at InsideRIA  Twitter: mslinn
    • 4. Topics Covered In This Presentation  Enterprise Computing and Integration  Visualization for Business Intelligence  SSL/TLS  Single Sign-On  Web Services  Enterprise-Wide Data Services Layer  Distributed Computing Advice
    • 5. Herschel Telescope Final Integration Integration
    • 6.  Integration includes the planning for and the act of customizing a standard package and performing other activities so the package can interact with other packages, processes, data and services  Integration might mean one or more of: • User interface integration (integration on the desktop or mobile device) • Service / process integration • Synchronous or asynchronous (tight coupling or loose coupling) • Data integration  Portals are a form of UI integration, and are relatively inexpensive  Application, process and data integration • Mashups are lightweight/inexpensive • Heavyweight/deep: supply chain integration, product lifecycle integration, etc.  Deep integration costs often exceed license costs. Enterprise Computing is All About Integration
    • 7.  Let’s use SAP ECC 6.0 as an example, • License costs range from $500K to $100M • Integration costs are often 2-3x license costs • Yearly maintenance ~20%  RICEFW – Legacy Integration Checklist for SAP • Reports – writing • Interfaces – mapping one system’s data to another’s • Conversions – data format conversions • Enhancement / Extensions – modifying default behavior • Forms – UI definition and implementation • Workflow – setting up cascading processes to be triggered by events Example: SAP ECC
    • 8. Enterprise Software Futures (Gartner)  2010 enterprise software spending in North America forecast to increase 8.5% to $110.8B (mostly in first half of 2010) • Will grow to over $143.6B in 2014  Asia/Pacific (excluding Japan) is expected to have the fastest growth in software revenue of all the regions in 2010 (13%) • Momentum is expected to continue through 2011 • China and India are #1 and #4 in APAC • Japan is not looking promising • Australia (#2) and South Korea (#3) are only spending on maintenance contracts  Europe, Middle East and Africa (EMEA) will see a 3.4% decline this year. • However will increase from $66.8B in 2009 to $76.8B by 2014 • Western Europe will recover slowly • Eastern Europe, Middle East and Africa will grow more strongly http://www.gartner.com/it/page.jsp?id=1437613
    • 9. Visualization for Business Intelligence
    • 10. Visualization for Business Intelligence  Flex has a terrific capability for interactive charts and graphs  Dashboards are/should be doorways into immersive data experiences  The best visualizations have interactive graphics with user feedback like video games  Personalization and sharing views are important  See my YouTube videos on Business Intelligence with Flex
    • 11. Business Intelligence & Flex Skill Sets  “BI” is a big budget team effort  Skill sets for Flex developers and BI report builders (people) are different • BI report builders are often glorified DBAs • Creating Flex component for BI requirements requires advanced Flex developer skills  BI widgets are Flex components that hook into a data bus  Widgets are driven by report output (historical data)  BI report builders can easily be taught how to place Flex widgets into a dashboard • No problem for them to pipe data into pre-existing widgets
    • 12. Distributed Computing Advice
    • 13. Distributed Computing Advice  Server facades should be designed and channel characteristics should be specified after RIA requirements are known  RPC is relatively slow and does not scale  Messaging over streaming channels gives best scalability and responsiveness • (Flex data management service is built from messaging)  Proxy servers come in various flavors • Can solve some types of difficult problems with ease  Use AMF whenever possible instead of SOAP, JSON, REST, etc  POST has very low overhead, except if deserialization is required  Lazy loading is key when a large client-side model is necessary  Flash 10.1 enables RIA to RIA streaming (Chatroulette for the enterprise!)
    • 14. Flex Data Services Channel Designer Free for personal use! http://www.slinnbooks.com/FDSCD/
    • 15.  Integration options abound, however architectural principals for integrating RIAs to servers holding large data sets are not commonly understood by most enterprise architects • Poor integration choices can destroy interactivity – if a user has to wait several minutes between clicks they won’t use an application, and “RIA” becomes a misnomer • For example, RPCs do not scale well • Read my book for more! • Poor integration choices can cause excessive queries against Teradata, Netezza, Vertica, ParAccel, and Greenplum – which are expensive • If this is your team’s first time, find a hands-on consultant with lots of experience Warning
    • 16. SSL / TLS TLS is just a more recent version of SSL
    • 17. SSL/TLS Integration – Flash Player  Flash Player uses the browser or O/S HTTP stack • Direct socket connections via SSL require special skill • Use WebService, HTTPService, URLLoader and SWFLoader whenever possible • Flash security model complicates connections to multiple servers if some use SSL and some do not • Be sure to serve the SWF via SSL • Proxies are extremely helpful, and when used correctly mitigate these issues • More later • Flex data services Proxy also improves Flash Player’s POST and GET support
    • 18. SSL/TLS Integration – AIR  AIR 2.0 has SSL socket support beyond what Flash Player provides • Uses default O/S HTTP stack when available (Mac, Windows) • Uses CURL HTTP stack under Linux • No unexpected behavior or HTTP method limitations • Entire HTTP stack is not exposed, but I have not found any functionality lacking  Enterprises have been slow to adopt AIR • This is merely inertia • There is no technical reason why this must be so
    • 19. SSL/TLS Integration – AIR  AIR 2.0 has SSL socket support beyond what Flash Player provides • Uses default O/S HTTP stack when available (Mac, Windows) • Uses CURL HTTP stack under Linux • No unexpected behavior or HTTP method limitations • Entire HTTP stack is not exposed, but I have not found any functionality lacking  Enterprises have been slow to adopt AIR • This is merely inertia • There is no technical reason why this must be so  Spread the word: AIR apps are more capable than browser-based apps!
    • 20. TLS/SSL Recommendations  Serve web pages containing Flex applications from SSL  Use a reverse proxy like Apache Squid to simplify access, or  Use a translating proxy like Adobe BlazeDS or LiveCycle Data Services ES to mitigate more problematic issues such as • Streaming data • Unsupported HTTP methods • Unsupported web service WSDL
    • 21. Single Sign-On
    • 22. Identity Access Management Standards  Security Assertion Markup Language (SAML) • Enables single sign-on  eXtensible Access Control Markup Language (XACML) • Pronounced “X-akamull”, “X-A-C-M-L” or “zakamull” • Provision user accounts with appropriate privileges and manage entitlements  OAuth – authorize a service to access data in another service without disclosing credentials  OpenID – user authorization
    • 23. Single Sign-On  Single Sign On means that RIAs must access multiple server sub- domains via SSL  Recommendations in previous section are important  Two common SSO strategies, both work fine with Flash Player and AIR: • Homogenous Infrastructure (every application‘knows’ about SSO) • Proxy (transparent to application)  Most authentication mechanisms can be used, even though they are not explicitly mentioned in Adobe’s documentation: • OSF DCE • Kerberos / Active Directory • PKI • Oath • Etc…
    • 24. SSO - Cookies  Cookies are by far the most common mechanism to support SSO  Cookies contain information that indicates the domains and subdomains for which they will be accepted  Modern web browsers do not present cookies from one domain to another • Cookies issued by a domain are commonly set up to propagate to subdomains  After authenticating, the application should include the cookie in the response that contains the authentication token in all future requests • Web browsers do this automatically • The name of the cookie varies between SSO implementations  For development, make entries in a local DNS or /etc/hosts for each test node, so they appear to be part of the authenticated domain
    • 25. SSO – Server-Side Redirects  Server-side redirects are used by virtually all SSO mechanisms  The HTTP stack handles redirects, so they are transparent to the Flash Player and AIR
    • 26. SAML  An XML-based standard for authentication and authorization • Identity provider - handles logon • Service provider - receives logon information  URLs encode SSO requests  SSO is implemented via server redirects
    • 27. SAML Transaction Steps
    • 28. XACML  XACML can provision user accounts with appropriate privileges and manage entitlements  XACML Version 2.0 (OASIS 2005) • Policies are defined by Rules. • Rules and Requests use Subjects, Resources and Actions. • A Subject element defines the entity requesting access. • The Resource element is a data, service or system component. • An Action element defines the type of access requested on the Resource.  Adobe Mosaic supports XACML • Mosaic tiles are selectively enabled by user entitlements • SunXACML provides Mosaic support for v1.0 and v1.1
    • 29. OAuth  Authorize a service to access data in another service without disclosing credentials  A shared secret is embedded in the client, which is fine for server to server communications.  However, for RIA clients and desktop applications: • Be sure to encrypt OAuth credentials and take care that the entire decryption algorithm is not readily accessible • Twitter’s decision to use OAuth was unwise
    • 30. Web Services Also see my presentation on Enterprise Flex Web Services
    • 31. Types of Web Services  SOAP web services are stateless • a.k.a. "Big" or “Heavyweight” web services • Very powerful • Do not design them into a system unless necessary • Flex WebService component  REST can be stateful • Flex HTTPService component, or • URLLoader, URLRequest and URLRequestHeader • as3httpclientlib, resthttpservice • Flash Player does not support all HTTP methods  JSON easy to use with Flex (as3corelib)  Cloud computing is also referred to as web services (out of scope)
    • 32.  Enterprise integration APIs are mostly SOAP  SOAP in public APIs is decreasing Public API Trends Differ from Enterprise API Trends
    • 33. SOAP Web Services Standards  W3C WSDL  W3C SOAP  W3C XML Schema (a.k.a. XSD)  W3C XML  A 'profile' is a specific set of versions of the above standards  WS-i Basic Profile v1.0: WSDL 1.1, SOAP 1.1 and XML Schema 1.0  Flex SDK and Flex/Flash Builder support the WS-i Basic Profile v1.0, and add support for legacy RPC-encoded web services  Flex SDK can also handle WSDL 2.0 and SOAP 1.2 namespaces  SOAP web services are very complex, I do not know of any implementation anywhere that supports all flavors and options  All implementations are therefore a subset
    • 34. SOAP Faults  Flash Player and AIR pass SOAP faults to the Flex framework when HTTP status codes 4XX or 5XX are set.  Flex framework (WebService) ignores SOAP faults  If possible, modify the server to set HTTP status code 2XX when issuing SOAP faults so the Flash/Flex application can detect and handle the problem. • A translating proxy can also modify the HTTP status code
    • 35. Dynamic WSDL URI and Endpoints  Do not hard-code the URI in your Flex program, or you will need to edit and recompile for deploying to each environment (dev, test, q/a, live)  We often use an XML configuration file, loaded at runtime from the server • Mechanism for a deployed web application to learn about web services • The Flex application inspects the URL from which it was loaded, and • Dynamically loads a configuration file from the server that specifies the web services to access
    • 36. Web Services Code Generator vs. Runtime  Client models require strong types  For a RIA to be able to decode response data to strong types, there needs to be a mechanism to generate the ActionScript code for the type definitions  At runtime a decoder is required that converts the SOAP response to value objects of the correct type
    • 37. Flex SDK Components  No code generator in the SDK  WebService  ObjectProxy  The Flex SDK has had few changes since v3.x with respect to web services, in terms of supporting additional standards, bug fixes and features.  Important undocumented SDK packages • mx.rpc.soap • mx.rpc.wsdl http://opensource.adobe.com/svn/opensource/flex/sdk/trunk/frameworks/projec ts/rpc/src/mx/rpc  Most known bugs have been deferred
    • 38. Flex/Flash Builder Support for RPC Web Services  Apache Axis code generator • FB3/FB4 both use Apache Axis2 v1.3 • Supports SOAP v1.1 and WSDL v1.1 • Apache Axis2 only supports doc/literal and rpc/literal • FB Axis port adds support for rpc/encoded. • Generates lots of code • Includes deprecated Flex 2 classes • Value objects • Runtime encoders and decoders • Runtime supports more edge cases than Flex SDK • Duplicates Flex SDK functionality but in a different way • Some Flex docs do not apply to generated code • Many known bugs are deferred • Closed source • FDT and IntelliJ do not have SOAP value object generators  The biggest enhancement in FB 4 is the data wizard, which wraps VOs so they can be subclassed.
    • 39. Rule-based Mapping of SOAP to ActionScript Type  Flex SDK and Axis generator do not support polymorphic collections  I have customized the Flex SDK’s runtime SOAP support  I like to use a rule-based approach to map SOAP types to ActionScript VOs and collections  Ordered set of regular expressions map fully-qualified SOAP types to fully-qualified ActionScript packages or classes  Specific rules are listed first; more general rules follow typeMaps.push(/.*Type42Out.Entity/, "com.xyz.MyService.Entity"); typeMaps.push(/.*.(.*)/, "com.xyz.MyService.$1");
    • 40. Schema Orientation vs. Service Orientation  Enterprise web services often have more than one schema • For example, Tibco's modeling is schema-oriented, not service-oriented  Shared schemas may not be fully expressed in any given service  Value objects must be created from consolidated schemas  Value objects must be recreated when schemas evolve  A change to a schema may affect multiple services  I wrote a custom tool using AIR for a client that replaces the FB Axis generator
    • 41. AIR SOAP Code Generator  Schema-Oriented Enterprise Web Services with Adobe Flex and AIR http://www.youtube.com/v/ubuq79GDhQw?version=3  WSDL Introspector http://www.youtube.com/v/YzSoweoormg?version=3
    • 42. Enterprise-Wide Data Services Layer
    • 43. Enterprise-Wide Data Services Layer Notes  Client-side data models should be built from ActionScript value objects  Consolidated WSDL schemas provide a consistent client-side model  Various code generators are available to map remote types to client types  Active models with adaptors should drive views  Lazy loading is important • Deserialization happens on the Flash Player’s main thread • Don’t let the RIA freeze up  Several data management service implementations exist  Narrowcasting is another useful technique (see my book)
    • 44. Thank you! "Flex Data Services, Hibernate and Eclipse" http://slinnbooks.com Mike Slinn Micronautics Research mslinn@micronauticsresearch.com Image courtesy Ellen Joseph

    ×