This document summarizes Mike Slinn's presentation on using the Adobe Flash Platform in the enterprise. It discusses enterprise computing and integration topics like visualization for business intelligence, SSL/TLS, single sign-on, web services, and enterprise-wide data services layers. It provides recommendations for distributed computing and integrating Flash and AIR applications within enterprise systems.

1. The Adobe Flash Platform in the Enterprise
Mike Slinn
http://micronauticsresearch.com
http://slinnbooks.com
"You can't always get
what you want … (but)
you get what you
need."
-- Rolling Stones

2.  Independent software contractor firm
 Focus on the Adobe Flash Platform for enterprise computing
• Application development
 System integration
 Troubleshooting
 Evaluations
 Distributed system architecture and implementation
• Desktop clients
• Service interaction considerations
• Server facade
• Middleware
 We are not designers, but we work with them
Micronautics Research Corporation Focus

3. About Mike Slinn
 Principal at Micronautics Research Corporation
 Recognized in US Federal court as a software expert
 Author of "Flex Data Services, Eclipse and Java" http://slinnbooks.com
 Author of DZone reference card "
Getting Started with LiveCycle Data Services ES“
 Blog at InsideRIA
 Twitter: mslinn

4. Topics Covered In This Presentation
 Enterprise Computing and Integration
 Visualization for Business Intelligence
 SSL/TLS
 Single Sign-On
 Web Services
 Enterprise-Wide Data Services Layer
 Distributed Computing Advice

5. Herschel Telescope Final Integration
Integration

6.  Integration includes the planning for and the act of customizing a
standard package and performing other activities so the package can
interact with other packages, processes, data and services
 Integration might mean one or more of:
• User interface integration (integration on the desktop or mobile device)
• Service / process integration
• Synchronous or asynchronous (tight coupling or loose coupling)
• Data integration
 Portals are a form of UI integration, and are relatively inexpensive
 Application, process and data integration
• Mashups are lightweight/inexpensive
• Heavyweight/deep: supply chain integration, product lifecycle integration,
etc.
 Deep integration costs often exceed license costs.
Enterprise Computing is All About Integration

7.  Let’s use SAP ECC 6.0 as an example,
• License costs range from $500K to $100M
• Integration costs are often 2-3x license costs
• Yearly maintenance ~20%
 RICEFW – Legacy Integration Checklist for SAP
• Reports – writing
• Interfaces – mapping one system’s data to another’s
• Conversions – data format conversions
• Enhancement / Extensions – modifying default behavior
• Forms – UI definition and implementation
• Workflow – setting up cascading processes to be triggered by events
Example: SAP ECC

8. Enterprise Software Futures (Gartner)
 2010 enterprise software spending in North America forecast to
increase 8.5% to $110.8B (mostly in first half of 2010)
• Will grow to over $143.6B in 2014
 Asia/Pacific (excluding Japan) is expected to have the fastest growth in
software revenue of all the regions in 2010 (13%)
• Momentum is expected to continue through 2011
• China and India are #1 and #4 in APAC
• Japan is not looking promising
• Australia (#2) and South Korea (#3) are only spending on maintenance
contracts
 Europe, Middle East and Africa (EMEA) will see a 3.4% decline this
year.
• However will increase from $66.8B in 2009 to $76.8B by 2014
• Western Europe will recover slowly
• Eastern Europe, Middle East and Africa will grow more strongly
http://www.gartner.com/it/page.jsp?id=1437613

9. Visualization for Business
Intelligence

10. Visualization for Business Intelligence
 Flex has a terrific capability for interactive charts and graphs
 Dashboards are/should be doorways into immersive data experiences
 The best visualizations have interactive graphics with user feedback
like video games
 Personalization and sharing views are important
 See my YouTube videos on Business Intelligence with Flex

11. Business Intelligence & Flex Skill Sets
 “BI” is a big budget team effort
 Skill sets for Flex developers and BI report builders (people) are
different
• BI report builders are often glorified DBAs
• Creating Flex component for BI requirements requires advanced Flex
developer skills
 BI widgets are Flex components that hook into a data bus
 Widgets are driven by report output (historical data)
 BI report builders can easily be taught how to place Flex widgets into a
dashboard
• No problem for them to pipe data into pre-existing widgets

12. Distributed Computing
Advice

13. Distributed Computing Advice
 Server facades should be designed and channel characteristics should
be specified after RIA requirements are known
 RPC is relatively slow and does not scale
 Messaging over streaming channels gives best scalability and
responsiveness
• (Flex data management service is built from messaging)
 Proxy servers come in various flavors
• Can solve some types of difficult problems with ease
 Use AMF whenever possible instead of SOAP, JSON, REST, etc
 POST has very low overhead, except if deserialization is required
 Lazy loading is key when a large client-side model is necessary
 Flash 10.1 enables RIA to RIA streaming (Chatroulette for the
enterprise!)

14. Flex Data Services Channel Designer
Free for personal use!
http://www.slinnbooks.com/FDSCD/

15.  Integration options abound, however architectural principals for
integrating RIAs to servers holding large data sets are not commonly
understood by most enterprise architects
• Poor integration choices can destroy interactivity – if a user has to wait
several minutes between clicks they won’t use an application, and “RIA”
becomes a misnomer
• For example, RPCs do not scale well
• Read my book for more!
• Poor integration choices can cause excessive queries against Teradata,
Netezza, Vertica, ParAccel, and Greenplum – which are expensive
• If this is your team’s first time, find a hands-on consultant with lots of
experience
Warning

16. SSL / TLS
TLS is just a more recent version of SSL

17. SSL/TLS Integration – Flash Player
 Flash Player uses the browser or O/S HTTP stack
• Direct socket connections via SSL require special skill
• Use WebService, HTTPService, URLLoader and SWFLoader whenever
possible
• Flash security model complicates connections to multiple servers if some
use SSL and some do not
• Be sure to serve the SWF via SSL
• Proxies are extremely helpful, and when used correctly mitigate these issues
• More later
• Flex data services Proxy also improves Flash Player’s POST and GET support

18. SSL/TLS Integration – AIR
 AIR 2.0 has SSL socket support beyond what Flash Player provides
• Uses default O/S HTTP stack when available (Mac, Windows)
• Uses CURL HTTP stack under Linux
• No unexpected behavior or HTTP method limitations
• Entire HTTP stack is not exposed, but I have not found any functionality
lacking
 Enterprises have been slow to adopt AIR
• This is merely inertia
• There is no technical reason why this must be so

19. SSL/TLS Integration – AIR
 AIR 2.0 has SSL socket support beyond what Flash Player provides
• Uses default O/S HTTP stack when available (Mac, Windows)
• Uses CURL HTTP stack under Linux
• No unexpected behavior or HTTP method limitations
• Entire HTTP stack is not exposed, but I have not found any functionality
lacking
 Enterprises have been slow to adopt AIR
• This is merely inertia
• There is no technical reason why this must be so
 Spread the word: AIR apps are more capable than browser-based
apps!

20. TLS/SSL Recommendations
 Serve web pages containing Flex applications from SSL
 Use a reverse proxy like Apache Squid to simplify access, or
 Use a translating proxy like Adobe BlazeDS or LiveCycle Data Services
ES to mitigate more problematic issues such as
• Streaming data
• Unsupported HTTP methods
• Unsupported web service WSDL

21. Single Sign-On

22. Identity Access Management Standards
 Security Assertion Markup Language (SAML)
• Enables single sign-on
 eXtensible Access Control Markup Language (XACML)
• Pronounced “X-akamull”, “X-A-C-M-L” or “zakamull”
• Provision user accounts with appropriate privileges and manage
entitlements
 OAuth – authorize a service to access data in another service without
disclosing credentials
 OpenID – user authorization

23. Single Sign-On
 Single Sign On means that RIAs must access multiple server sub-
domains via SSL
 Recommendations in previous section are important
 Two common SSO strategies, both work fine with Flash Player and AIR:
• Homogenous Infrastructure (every application‘knows’ about SSO)
• Proxy (transparent to application)
 Most authentication mechanisms can be used, even though they are
not explicitly mentioned in Adobe’s documentation:
• OSF DCE
• Kerberos / Active Directory
• PKI
• Oath
• Etc…

24. SSO - Cookies
 Cookies are by far the most common mechanism to support SSO
 Cookies contain information that indicates the domains and
subdomains for which they will be accepted
 Modern web browsers do not present cookies from one domain to
another
• Cookies issued by a domain are commonly set up to propagate to
subdomains
 After authenticating, the application should include the cookie in the
response that contains the authentication token in all future requests
• Web browsers do this automatically
• The name of the cookie varies between SSO implementations
 For development, make entries in a local DNS or /etc/hosts for each
test node, so they appear to be part of the authenticated domain

25. SSO – Server-Side Redirects
 Server-side redirects are used by virtually all SSO mechanisms
 The HTTP stack handles redirects, so they are transparent to the Flash
Player and AIR

26. SAML
 An XML-based standard for authentication and authorization
• Identity provider - handles logon
• Service provider - receives logon information
 URLs encode SSO requests
 SSO is implemented via server redirects

27. SAML Transaction Steps

28. XACML
 XACML can provision user accounts with appropriate privileges and
manage entitlements
 XACML Version 2.0 (OASIS 2005)
• Policies are defined by Rules.
• Rules and Requests use Subjects, Resources and Actions.
• A Subject element defines the entity requesting access.
• The Resource element is a data, service or system component.
• An Action element defines the type of access requested on the Resource.
 Adobe Mosaic supports XACML
• Mosaic tiles are selectively enabled by user entitlements
• SunXACML provides Mosaic support for v1.0 and v1.1

29. OAuth
 Authorize a service to access data in another service without disclosing
credentials
 A shared secret is embedded in the client, which is fine for server to
server communications.
 However, for RIA clients and desktop applications:
• Be sure to encrypt OAuth credentials and take care that the entire
decryption algorithm is not readily accessible
• Twitter’s decision to use OAuth was unwise

30. Web Services
Also see my presentation on Enterprise Flex Web Services

31. Types of Web Services
 SOAP web services are stateless
• a.k.a. "Big" or “Heavyweight” web services
• Very powerful
• Do not design them into a system unless necessary
• Flex WebService component
 REST can be stateful
• Flex HTTPService component, or
• URLLoader, URLRequest and URLRequestHeader
• as3httpclientlib, resthttpservice
• Flash Player does not support all HTTP methods
 JSON easy to use with Flex (as3corelib)
 Cloud computing is also referred to as web services (out of scope)

32.  Enterprise integration APIs are mostly SOAP
 SOAP in public APIs is decreasing
Public API Trends Differ from Enterprise API Trends

33. SOAP Web Services Standards
 W3C WSDL
 W3C SOAP
 W3C XML Schema (a.k.a. XSD)
 W3C XML
 A 'profile' is a specific set of versions of the above standards
 WS-i Basic Profile v1.0: WSDL 1.1, SOAP 1.1 and XML Schema 1.0
 Flex SDK and Flex/Flash Builder support the WS-i Basic Profile v1.0,
and add support for legacy RPC-encoded web services
 Flex SDK can also handle WSDL 2.0 and SOAP 1.2 namespaces
 SOAP web services are very complex, I do not know of any
implementation anywhere that supports all flavors and options
 All implementations are therefore a subset

34. SOAP Faults
 Flash Player and AIR pass SOAP faults to the Flex framework when
HTTP status codes 4XX or 5XX are set.
 Flex framework (WebService) ignores SOAP faults
 If possible, modify the server to set HTTP status code 2XX when
issuing SOAP faults so the Flash/Flex application can detect and
handle the problem.
• A translating proxy can also modify the HTTP status code

35. Dynamic WSDL URI and Endpoints
 Do not hard-code the URI in your Flex program, or you will need to edit
and recompile for deploying to each environment (dev, test, q/a, live)
 We often use an XML configuration file, loaded at runtime from the
server
• Mechanism for a deployed web application to learn about web services
• The Flex application inspects the URL from which it was loaded, and
• Dynamically loads a configuration file from the server that specifies the web
services to access

36. Web Services Code Generator vs. Runtime
 Client models require strong types
 For a RIA to be able to decode response data to strong types, there
needs to be a mechanism to generate the ActionScript code for the type
definitions
 At runtime a decoder is required that converts the SOAP response to
value objects of the correct type

37. Flex SDK Components
 No code generator in the SDK
 WebService
 ObjectProxy
 The Flex SDK has had few changes since v3.x with respect to web
services, in terms of supporting additional standards, bug fixes and
features.
 Important undocumented SDK packages
• mx.rpc.soap
• mx.rpc.wsdl
http://opensource.adobe.com/svn/opensource/flex/sdk/trunk/frameworks/projec
ts/rpc/src/mx/rpc
 Most known bugs have been deferred

38. Flex/Flash Builder Support for RPC Web Services
 Apache Axis code generator
• FB3/FB4 both use Apache Axis2 v1.3
• Supports SOAP v1.1 and WSDL v1.1
• Apache Axis2 only supports doc/literal and rpc/literal
• FB Axis port adds support for rpc/encoded.
• Generates lots of code
• Includes deprecated Flex 2 classes
• Value objects
• Runtime encoders and decoders
• Runtime supports more edge cases than Flex SDK
• Duplicates Flex SDK functionality but in a different way
• Some Flex docs do not apply to generated code
• Many known bugs are deferred
• Closed source
• FDT and IntelliJ do not have SOAP value object generators
 The biggest enhancement in FB 4 is the data wizard, which wraps VOs
so they can be subclassed.

39. Rule-based Mapping of SOAP to ActionScript Type
 Flex SDK and Axis generator do not support polymorphic collections
 I have customized the Flex SDK’s runtime SOAP support
 I like to use a rule-based approach to map SOAP types to ActionScript
VOs and collections
 Ordered set of regular expressions map fully-qualified SOAP types to
fully-qualified ActionScript packages or classes
 Specific rules are listed first; more general rules follow
typeMaps.push(/.*Type42Out.Entity/, "com.xyz.MyService.Entity");
typeMaps.push(/.*.(.*)/, "com.xyz.MyService.$1");

40. Schema Orientation vs. Service Orientation
 Enterprise web services often have more than one schema
• For example, Tibco's modeling is schema-oriented, not service-oriented
 Shared schemas may not be fully expressed in any given service
 Value objects must be created from consolidated schemas
 Value objects must be recreated when schemas evolve
 A change to a schema may affect multiple services
 I wrote a custom tool using AIR for a client that replaces the FB Axis
generator

41. AIR SOAP Code Generator
 Schema-Oriented Enterprise Web Services with Adobe Flex and AIR
http://www.youtube.com/v/ubuq79GDhQw?version=3
 WSDL Introspector
http://www.youtube.com/v/YzSoweoormg?version=3

42. Enterprise-Wide
Data Services Layer

43. Enterprise-Wide Data Services Layer Notes
 Client-side data models should be built from ActionScript value objects
 Consolidated WSDL schemas provide a consistent client-side model
 Various code generators are available to map remote types to client
types
 Active models with adaptors should drive views
 Lazy loading is important
• Deserialization happens on the Flash Player’s main thread
• Don’t let the RIA freeze up
 Several data management service implementations exist
 Narrowcasting is another useful technique (see my book)

44. Thank you!
"Flex Data Services, Hibernate and Eclipse"
http://slinnbooks.com
Mike Slinn
Micronautics Research
mslinn@micronauticsresearch.com
Image courtesy Ellen Joseph