2. MOBILE ARCHITECT
โฃLove Distributed Systems
โฃEntropy Reducer
โฃPayment systems
โฃR&D Work
โฃB2E and Commercial Banking Apps
Experience
โฃ Front Office Trading Systems
โฃ Messaging Middleware Integration
โฃ Big Systems
โฃ C/C++/C#/Java
MORE
โฃ @akohli https://slideshare.net/akohli
series 2, episode 22, โDaddy Pigโs Officeโ http://
www.channel5.com/shows/peppa-pig/episodes/daddy-pigs-office
3. TODAY
Why Node
What we want to do
Node as the underpinning of real world or electronic asset interaction
Backing our interactions, eventing services
Not so much about monolith deconstruction
What we did
Initial proxy and protocol
Our performance and scalability testing
7. WHY NODE?
โ Node
โข Asynchronous Eventing Model
โข We live in an async nonblocking
world
โข Ideal for mobile and sensor
applications
โข Everyone knows Javascript, right?
โข Community
โข Diverse protocol and lots of
modules
โข Rapid development and
Expediency
8. HOMOLOGATED
or how we can use it in a big
company
โข Node is approved for
internal usage
โข Less Yak Shaving than other
solutions
โข different at least
โข good internal community
beware of dog, staff only
9. โWalmart has had good success with HAPI
and Nodeโ
- @adam_baldwin
โNode is good. Iโve heard good things
- @ eoinbrazil
about HAPIโ
11. ENTERPRISE MOBILE APPLICATIONS
โข Plurality of systems, services
โข web resources
โข web sites
โข Connectivity challenges
โข direct
โข mediated
โข Security
โข AuthN
โข AuthZ
โข Data Encryption at rest
12. Security Pass
Sensors Employee Devices
The Physical World
THE REFLEKTOR
Security Services
AuthZ
AuthN
โฆ
Eventing
Engine
Bridge
Payment
Services
Access
Services
Printing
Services
the Reflektor
Bridge and New Services
App Services and
Resources
20. NTLM AUTHENTICATION
Enterprise
authentication
protocol
(Microsoft).
!
NTLM
requires
all
phases
to
take
place
across
a
single
HTTP
connection.
!
NTLM
messages
are
sent
and
received
as
request
headers.
!
The
serverโs
response
from
the
NTLM
type
3
message
is
the
requested
content.
!
This
authentication
process
must
be
completed
for
every
requested
resource,
unless
an
open
connection
is
maintained.
21. WORKING
Implementation Challenges
โข Storage of password on mobile device is prohibited,
but is required in the authentication process.
โข Persistent connection not available.
โข Latency issues โ 3 requests for every web resource.
Solution
โข Ported from Apache Java implementation to Node.js.
โข Hashed username / password pair stored on device,
transmitted to server for authentication rather than raw
password.
โข hmac_md5(username, md4(password))
โข NTLM message calculation split between client app and
proxy server.
โข Defaults used and optional parameters omitted โ
simplified messages.
โข Observed desktop browsers wait for a 401 before
beginning the authentication process. Pre-emptively
sending the username / password hash eliminates the
initial 401 response.
Process is reduced from 3 direct requests to a single
client request, mapped to 2 proxy requests.
26. MODIFYING FLOD
โข modified server to pull our decorated response
timing information
โข modified reporting/logging to include this
information
โข hope to contribute back to mainline
27. ENVIRONMENT
Machine OS Type Processor Cores Memory
Int Server RHEL 6.4 VM Xeon
2.6GHz 2 4GB
Prod Server
Windows
Server
2k8r2
VM Xeon 1.8
Ghz 4 6GB
Dev Mac Mini Full i5 2.5 GHz 2 8 GB
โข HTTP 1.1 no Keep-Alive, request payload is json
โข Client iOS ObjectiveC;Server is Node + Hapijs (with Some Good Monitoring)
28. SCENARIOS
โข Closed network, direct connection,
Mac to Mac
โข Client server on a redhat VM,
loopback. Redhat VM
โข Redhat client to Windows Server via
network, Redhat to Windows
โข via Mobile network/wifi could only
support 100 transactions/s because
of latency
Req/s Response
(ms)
Mac to Mac 1000 2000
Redhat VM 1000 8500
RH to
Windows 1000 30, 000
External 100 17, 000
29. RESULTS
โข Consistent proxied service response
โข ~20ms Mac โ Mac
โข ~250ms RHEL โ Windows Server
โข Gateway service < 50 ms
โข We need better concurrency, request servicing
โข Infrastructure adds significant overhead
35. EXPERIENCE
โข Enterprise and Legal approvals hard
โข We are ahead of Ops, so waiting for VMs and infrastructure
to catch up - software, machines, and network
โข Some bits of node need tightening - especially around
security and password storage
โข Still learning and it is fun!
36. SCALABILITY PACKETS
โข Pile of VMs to auto-scale
โข Need elastic environment with a smart load
balancer and configuration management
โข Great Details on Best practice
โข https://gist.github.com/hueniverse/7686452
39. NOUN PROJECTS THANKS
Smartphone designed by James Fenton from the Noun Project
!
Creative Commons โ Attribution (CC BY 3.0)
Identification designed by Mark Shorter from the Noun Project
Ibeacon designed by Stรฉphanie Rusch from the
Nount Project
!
Creative Commons โ Attribution (CC BY 3.0)
Arduino designed by uizin from the Noun Project
!