In the enterprise, creating application services introduces many decisions to be made around security. Deploying those services to the cloud brings about another level of implications, especially if a company is looking at public or hybrid cloud solutions for hosting those services. HP offers a cloud security service to assist clients with these decisions as part of the HP Cloud Consulting Services offering. However, Amazon's consumer space seems to be at the complete opposite end of the spectrum.
If you haven’t heard, Amazon has introduced a new specialized tablet today called the Amazon Kindle Fire. It is meant to deliver services like those offered through the classic Kindle, as well as services like movies, apps and games from Amazon. Towards the bottom of the product page you will find an overview of the product’s new browser, Amazon Silk.
The Silk browser is based on WebKit, but takes an interesting approach to other browsers in the way that it connects to the Internet. Amazon has a video explaining their "Cloud-accelerated browser". It partially relies on Amazon Web Services to enable “Split-Browser” technology. This essentially allows the AWS to act as a cloud-based proxy server. Given this I started wondering about privacy, and as I looked at the Frequently Asked Questions I found this:
Amazon Silk optimizes and accelerates the delivery of web content by using Amazon’s cloud computing services. To do this, the content of web pages you visit using Amazon Silk may be cached to improve performance and certain web address information will be collected to help troubleshoot and diagnose Amazon Silk technical issues.To learn more about what information we may collect, how long that information may be stored and how we might use that information, please see the Amazon Silk Terms and Conditions.
I then moved to the T’s and C’s page and found this additional information:
Amazon Silk also temporarily logs web addresses known as uniform resource locators (“URLs”) for the web pages it serves and certain identifiers, such as IP or MAC addresses, to troubleshoot and diagnose Amazon Silk technical issues. We generally do not keep this information for longer than 30 days.You can also choose to operate Amazon Silk in basic or “off-cloud” mode. Off-cloud mode allows web pages generally to go directly to your computer rather than pass through our servers. As such, it does not take advantage of Amazon’s cloud computing services to speed-up web content delivery.
…
All text you enter in Amazon Silk’s address bar is sent to a default search engine. The initial default search engine is selected by Amazon Silk, and we may change the default search engine in the future without notice to you. If you would like, you may choose to use a different search provider as your default search engine. The privacy policy of the selected default search engine applies to information sent to it.
Amazon still promises to "negotiate a direct connection" if you are using a secure transport like SSL, but it seems they will still be collecting data about the use of the site. Google tried using similar technology running on the client, called Google Web Accelerator, but eventually discontinued the product.
I find it interesting that Amazon is choosing lack of privacy as the default option. Although it seems in the consumer space the recent trend is to cut privacy (see recent changes in Facebook or Google+) to keep services cheaper. At HP we continue to consider your enterprise's privacy and security a top priority.
Another Microsoft .Net code example has been taking some criticism as of late. I read some blog posts and the cooresponding comments from a couple of well known and respected developers, Ayende and Rob, and I think they are being a bit harsh on the example set. To be fair, many of their points would actually be valid if they were looking at an enterprise application. However, in this case I feel they are taking this code out of its context.
The requirements for this solution are to show architectures and patterns. I feel the solution does that when you review it within the context of the book, N Layered Domain Oriented Architecture Guide with .Net 4.0, which both bloggers did not originally reference in their posts (possibly because they were unaware of it).
The intentions of the book and the code samples are to provide guidance and some examples around how patterns "can" be implemented. It is not the intention to show how to properly do DDD or to document how a bank runs it business. There are plenty of books out there that can do those things. I don't think the authors are expecting anyone to open up the project and refactor it into their own application (although I am sure there will be some that try).
It takes a good bit of experience and knowledge to know when you might need a pattern. I really appreciate the work these guys have done in trying to provide some guidance around the complex enterprise patterns that are being pushed out of many blogs.
I was recently tasked to come up with some recommendations on how to improve the speed of a web application for a client. The task was created because of the perceived slowness of the application when users were running the application over a cellular network. While there are usually code based optimizations that can be done I first set out to look for a simple change that could be implemented and would produce a huge impact.
Enterprise application development often entails writing applications that run over the web using a protocol called HTTP. The most prevalent client of this protocol is the web browser. Most devices, like laptops, phones and printers, have at least one web browser installed. Applications are built to send content to a web browser so that the content can be displayed to the person requesting it. The problem with this content is that it resides on a resource that can be very far away from the device with the browser. Depending on the bandwidth (i.e. How much data can travel per second) some content can take a long time to get from the resource it is stored on to the device that wants it.
The content sent by an application can be static or dynamic. The static variety can take advantage of caching where the content is retrieved only once and then it is stored closer to the web browser for a defined period of time. The dynamic variety is much harder to cache, because of the variability in the content and how often it should be refreshed. Caching can make the user experience much better when a user repeatedly visits a site. The problem with that approach is that many people won't bother coming back if the initial experience is poor. This experience becomes a major factor with devices that rely on cellular networks to transmit data.
My client had some pages that required a large amount of data to be downloaded. For a comparative example, let's look at a large page from Wikipedia's long page section. The content from Wikipedia is dynamic as people update it constantly. As an example let's say a page is 2,088,219 bytes long. Below is an approximation of how long it would take to download the page depending on the bandwidth. Note the time it takes for the user to load this page on a network with a poor connection. As you can imagine the users of the client's application were annoyed when a page took almost three minutes to load a page.
| Home (30 Mbps) | Strong Wireless (1 Mbps) | Weak Wireless (100 Kbps) |
| <1 second | 16.7 seconds | 167 seconds |
When I looked at the request/response exchange using Fiddler, I noticed that the page was taking less than two seconds to process and that the perceived slowness was simply due to the time spent downloading the page. The other thing I noticed brought a smile to my face because I knew I could make a change that would instantly make the user's experience better.
The application I was looking at happened to be running on Windows and using IIS as the web server. Supported versions of IIS have a feature that is disabled by default, called compression. Provided the client web browser supports it, this feature will take the content and shrink it before it sends it to the client. Provided the server CPU isn't frequently above 80%, turning it on provides spectacular results. Looking at the Wikipedia example from earlier, compression set at level "9" will result in the data being almost 90% smaller (267,932 bytes) and will also result in the user's experience being almost 90% faster.
| Home (30 Mbps) | Strong Wireless (1 Mbps) | Weak Wireless (100 Kbps) |
| <1 second | 2.14 seconds | 21.43 seconds |
I highly recommend looking at your web sites and applications to see if you can apply compression to your site. Your mobile users will thank you.
When developing enterprise applications you need to consider the networking environment they need to access. Applications that only use internal enterprise networks present challenges as you have to play in their sandbox, after all they own the network. Many of those concerns can be overcome by contacting the right people. It would seem that applications which access the broader Internet would be easier to deal with given the perception of openness on the Internet and the standardization of specifications like HTTP/1.1.
There has been no shortage of stories about governments' intrusive role in the Internet around the globe like China's Great Firewall or the Egyption ISP shutown. Even in the US there are stories of the government restricting access to content, implementing cyber-threat countermeasures and trying to maintain Net Neutrality. Although, Net Neutrality really has less to do with government and more to do with corporations trying to restrict and monetize access to the Internet. However, my recent experience shows some Internet Service Providers (ISP) have already started.
While developing an enterprise application I needed to indicate to the user whether or not the computer was on the internal enterprise network. To do this I decided to have the application perform a web request to another resource (i.e.. computer) that I knew was always available only on the client's network. It did exactly what I wanted to in the client's office. However, when I brought my computer home to test the application I was shocked to find that the application showed that it successfully connected to the server.
I consider the Internet to be anything outside of my house, including my Internet Service Provider (ISP). As such I expect the Internet to be open and follow the HTTP/1.1 specification. However my ISP, Verizon FiOS, rolled out a "feature" a couple years ago that breaks the HTTP/1.1 specification. The specification states that if a requested resource cannot be found then a return code of "404 - Not Found" should be sent back to the requestor. When I used Fiddler to trace the return codes I noticed that the response ended up being "200 - OK" meaning the server was found. However, as you can see in Figure 1 the initial resource I was looking for wasn't found, but instead of 404 return code, my ISP returned a 302 (which should be a 307, but that's another issue). The 302 return code tells the requestor that the requested resource has moved to a new location and the requestor should look there instead. The problem with this is that resource hasn't moved, it is simply not available because it doesn't exist on the Internet.
| Result | Protocol | Host | URL | Body |
| 302 | HTTP | my application FQDN | / | 0 |
| 302 | HTTP | wwwwz.websearch.verizon.net | /wwwwz.websearch.verizon.net/search?qo=my application FQDN... | 0 |
| 307 | HTTP | goto.searchassist.com | /goto.searchassist.com/find?p=paxfire&s=my application FQDN... | 0 |
| 200 | HTTP | find.searchassist.com | /find.searchassist.com/landing.jsf?p=cnksver&q=my application FQDN... | 48,875 |
Apparently Verizon starting doing these redirects to help users when they mistype a URL and then extended it to redirect 404 responses. I can see using this to reduce overall costs by cutting the number of support calls. However, I think this was first and foremost an opportunity to generate ad revenue. Whatever the reason, it breaks the way the open Internet is supposed to work in my opinion, so I decided to turn off Verizon's redirect "feature".
Microsoft released a new version of IIS called IIS Express 7.5. It allows you to run a scaled down version of IIS 7.5 on Windows XP and greater. For example, IIS 5.1 ships with Windows XP Pro, but not Windows XP Home. Yet you can still run IIS 7.5 on Windows XP Home. However, please note their may be some features that do work in earlier version of Windows due the changes in architecture.
IIS Express 7.5 does not run as a service and does not require administrative privileges to run. The short term goal was to make it work with WebMatrix, but the long term plans are to replace the ASP.Net development web server (i.e. Cassini) with this product for use within Visual Studio 2010. If you want to try it out, but you don't want to use WebMatrix, you can try using IIS Express 7.5 in Visual Studio 2010 RTM with some effort or you can download the beta of Service Pack 1 for Visual Studio. The product can also be used without Visual Studio or WebMatrix, but You must have the .Net framework 4.0 installed prior to installing IIS Express 7.5.
If you plan to use Visual Studio 2010 RTM, then I recommend creating a shortcut to "C:\Program Files\IIS Express\iisexpress.exe" or "C:\Program Files (x86)\IIS Express\iisexpress" if you are running a 64-bit edition of Windows. Once you establish your site information (see these instructions) you can make changes to the shortcut to align with your project in Visual Studio 2010.
