2. MOBILE ARCHITECT
‣Love Distributed Systems
‣Entropy Reducer
‣Payment systems
‣R&D Work
‣B2E and Commercial Banking Apps
Experience
‣ Front Office Trading Systems
‣ Messaging Middleware Integration
‣ Big Systems
‣ C/C++/C#/Java
MORE
‣ @akohli https://slideshare.net/akohli
series 2, episode 22, “Daddy Pig’s Office” http://
www.channel5.com/shows/peppa-pig/episodes/daddy-pigs-office
3. TODAY
Why Node
What we want to do
Node as the underpinning of real world or electronic asset interaction
Backing our interactions, eventing services
Not so much about monolith deconstruction
What we did
Initial proxy and protocol
Our performance and scalability testing
7. WHY NODE?
✔ Node
• Asynchronous Eventing Model
• We live in an async nonblocking
world
• Ideal for mobile and sensor
applications
• Everyone knows Javascript, right?
• Community
• Diverse protocol and lots of
modules
• Rapid development and
Expediency
8. HOMOLOGATED
or how we can use it in a big
company
• Node is approved for
internal usage
• Less Yak Shaving than other
solutions
• different at least
• good internal community
beware of dog, staff only
9. “Walmart has had good success with HAPI
and Node”
- @adam_baldwin
“Node is good. I’ve heard good things
- @ eoinbrazil
about HAPI”
11. ENTERPRISE MOBILE APPLICATIONS
• Plurality of systems, services
• web resources
• web sites
• Connectivity challenges
• direct
• mediated
• Security
• AuthN
• AuthZ
• Data Encryption at rest
12. Security Pass
Sensors Employee Devices
The Physical World
THE REFLEKTOR
Security Services
AuthZ
AuthN
…
Eventing
Engine
Bridge
Payment
Services
Access
Services
Printing
Services
the Reflektor
Bridge and New Services
App Services and
Resources
20. NTLM AUTHENTICATION
Enterprise
authentication
protocol
(Microsoft).
!
NTLM
requires
all
phases
to
take
place
across
a
single
HTTP
connection.
!
NTLM
messages
are
sent
and
received
as
request
headers.
!
The
server’s
response
from
the
NTLM
type
3
message
is
the
requested
content.
!
This
authentication
process
must
be
completed
for
every
requested
resource,
unless
an
open
connection
is
maintained.
21. WORKING
Implementation Challenges
• Storage of password on mobile device is prohibited,
but is required in the authentication process.
• Persistent connection not available.
• Latency issues – 3 requests for every web resource.
Solution
• Ported from Apache Java implementation to Node.js.
• Hashed username / password pair stored on device,
transmitted to server for authentication rather than raw
password.
• hmac_md5(username, md4(password))
• NTLM message calculation split between client app and
proxy server.
• Defaults used and optional parameters omitted –
simplified messages.
• Observed desktop browsers wait for a 401 before
beginning the authentication process. Pre-emptively
sending the username / password hash eliminates the
initial 401 response.
Process is reduced from 3 direct requests to a single
client request, mapped to 2 proxy requests.
26. MODIFYING FLOD
• modified server to pull our decorated response
timing information
• modified reporting/logging to include this
information
• hope to contribute back to mainline
27. ENVIRONMENT
Machine OS Type Processor Cores Memory
Int Server RHEL 6.4 VM Xeon
2.6GHz 2 4GB
Prod Server
Windows
Server
2k8r2
VM Xeon 1.8
Ghz 4 6GB
Dev Mac Mini Full i5 2.5 GHz 2 8 GB
• HTTP 1.1 no Keep-Alive, request payload is json
• Client iOS ObjectiveC;Server is Node + Hapijs (with Some Good Monitoring)
28. SCENARIOS
• Closed network, direct connection,
Mac to Mac
• Client server on a redhat VM,
loopback. Redhat VM
• Redhat client to Windows Server via
network, Redhat to Windows
• via Mobile network/wifi could only
support 100 transactions/s because
of latency
Req/s Response
(ms)
Mac to Mac 1000 2000
Redhat VM 1000 8500
RH to
Windows 1000 30, 000
External 100 17, 000
29. RESULTS
• Consistent proxied service response
• ~20ms Mac ➔ Mac
• ~250ms RHEL ➔ Windows Server
• Gateway service < 50 ms
• We need better concurrency, request servicing
• Infrastructure adds significant overhead
35. EXPERIENCE
• Enterprise and Legal approvals hard
• We are ahead of Ops, so waiting for VMs and infrastructure
to catch up - software, machines, and network
• Some bits of node need tightening - especially around
security and password storage
• Still learning and it is fun!
36. SCALABILITY PACKETS
• Pile of VMs to auto-scale
• Need elastic environment with a smart load
balancer and configuration management
• Great Details on Best practice
• https://gist.github.com/hueniverse/7686452
39. NOUN PROJECTS THANKS
Smartphone designed by James Fenton from the Noun Project
!
Creative Commons – Attribution (CC BY 3.0)
Identification designed by Mark Shorter from the Noun Project
Ibeacon designed by Stéphanie Rusch from the
Nount Project
!
Creative Commons – Attribution (CC BY 3.0)
Arduino designed by uizin from the Noun Project
!