websocket perspectives and vision for the future
DESCRIPTION
HTML5DevConf 2013 presentation in San FranciscoTRANSCRIPT
Frank Greco - @frankgreco Director of Technology, Kaazing
WebSocket Perspectives and Vision for the Future
© 2013 Kaazing Corporation
§ Brief Background on WebSocket § What Really is WebSocket and What it is Not § Layered Approach to Web Protocols § The Web beyond the Browser - XaaS § Use Cases and Demos
Outline
© 2013 Kaazing Corporation
Me…
§ Director of Technology @ Kaazing § Chairman NYJavaSIG (javasig.com) § Largest Java UG in North America
7,500+ members § Chair NYHTML5
§ Email: [email protected] § Twitter: @frankgreco § Yell: “Hey Frank!”
© 2013 Kaazing Corporation
Welcome HTML5 (aka The New Web)
§ Users are Demanding more from Apps § UI/UX Requirements are more sophisticated § Browser Enhancements and Evolution § API Explosion § Web no longer just about Documents… even partial or
pseudo documents
The New Web is a Programmatic Foundation for Rich, Reliable and Really Cool Apps
© 2013 Kaazing Corporation
Welcome HTML5 (aka The New Web)
§ Users are Demanding more from Apps § UI/UX Requirements are more sophisticated § Browser Enhancements and Evolution § API Explosion § Web no longer just about Documents… even partial or
pseudo documents
The New Web is a Programmatic Foundation for Rich, Reliable and Really Cool Apps
But…
© 2013 Kaazing Corporation
§ Designed for document transfer – HTTP - Short-lived Request / Response interaction
§ Bidirectional, but half-duplex - Traffic flows in only one direction at a time
§ Stateless - Large amounts of metadata resent for each request
We Live in a Real-Time World… HTTP?
Yes, HTTP 2.0 will be better, but the Web was not originally designed for “real-time”, event-based services…
© 2013 Kaazing Corporation
Some things age well…
TCP
HTTP
© 2013 Kaazing Corporation
…and some things don’t
Oldies Hits - AJAX and the Comet Pollers - 2006
© 2013 Kaazing Corporation
WebSocket
• “Real-Time”, bi-directional connectivity • IETF Protocol - RFC 6455 – Dec 2011 • W3C API • Easily add event-based capability to web apps • Avoids polling (and resource consumption) • Avoids HTTP meta-data overhead • Shares port with HTTP (80/443) • Peer protocol to HTTP (both use TCP)
© 2013 Kaazing Corporation
§ IETF Formal Protocol (RFC 6455) - Event-driven JavaScript API - Full-duplex communication protocol
§ W3C API – Candidate Recommendation - http://www.w3.org/TR/websockets/
§ Integrates HTTP addressing - ws://yourcompany.com/collaboration_svc
- wss://anothercompany.com/marketdata_svc
§ Traverses firewalls, proxies, routers securely § Text and Binary § Leverages Cross-Origin Resource Sharing (CORS)
WebSocket Standards
© 2013 Kaazing Corporation
But Why WebSocket?
It’s the Most Important API in HTML5! • Facilitates other protocols • Puts the web in a better place…
“Connectedness” – Always On… not partially on. Connect to People, Services, Work, Play, Buying/Selling, Collaboration, Entertainment, Navigation, Music, Politics, Philosophy, Devices, etc, etc, etc…
© 2013 Kaazing Corporation
The WebSocket Handshake
© 2013 Kaazing Corporation
WebSocket Frames
§ Frames have a few header bytes § Data may be text or binary § Frames from client to server are masked
(XORed w/ random value) to avoid black hats with old proxies
§ Use TLS in production – avoids a lot of issues…
© 2013 Kaazing Corporation
Java API for WebSocket - JSR 356 § Creation of WebSocket Java components to
handle bi-directional WebSocket conversations § Handling WebSocket events § Creation and consumption of WebSocket text and
binary messages § Allows for WebSocket protocols and content
models for an application § Configuration and management of WebSocket
sessions, like timeouts, retries, cookies, connection pooling
§ Specification of how WebSocket application will work within the Java EE security model!
§ Official Java SE WebSocket API in the works…
© 2013 Kaazing Corporation
What WebSocket is Not
• It is not a New AJAX AJAX was a lovable hack
• It is not a Push mechanism WebSocket is full-duplex, bi-directional
• It is not a Messaging system It’s an agnostic wire protocol It’s a low-level transport API
• It is not a Replacement for HTTP HTTP is still great for static,
cacheable info
© 2013 Kaazing Corporation
Legacy HTTP vs WebSocket
For Real-Time, Event-based Web Communication…
Seems like a no-brainer for most apps…
© 2013 Kaazing Corporation
HTML5 WebSocket API
Make sure WS is open before usage… J
© 2013 Kaazing Corporation
HTML5 WebSocket API
Dealing with WebSocket is like dealing with TCP. It’s a streams-based model. You need to understand how to handle streams-based data over the wire. e.g., How do I do publish/subscribe?
But…
© 2013 Kaazing Corporation
What is Missing?
Where is the Application-level Protocol? • Who handles retries? • How do we handle publish/subscribe semantics? • How do we handle market data, last value cached, ? • Is guaranteed delivery possible (trades)? • What if the client is not active? • How do we handle [fill in with favorite semantics] • What about partials? • Who’s responsible for entitlements? How do I
manage that? • etc…
© 2013 Kaazing Corporation
WebSocket
TCP
JMS XMPP AMQP B2B FTP VNC mktdata etc
Browser and Native Applications
WebSocket Gateway
Internet
WebSocket Gateway
Whoa… Its just like TCP! Huzzah!
But wait… Protocol Layering is Possible!
© 2013 Kaazing Corporation
Anything Else Missing?
Other Considerations for the Real-World…
• Need to handle multiple WS versions • Need to handle multiple (and legacy) browser versions • Can’t have business logic in the DMZ • Have to work in multiple DMZs • AuthN/AuthZ has to work multiple times • High-availability topology • Concerns about open ports with back-end service • Services architecture needs to be consistent • Native, HTML5 and hybrid environments • Integrate easily with non-messaging services • XaaS integration – the Web beyond the browser • Bandwidth management • etc… All things you need for a real enterprise app
© 2013 Kaazing Corporation
Publish/Subscribe over the Web – an Example
Java Message Service (JMS) over
WebSocket
A 60-second Tutorial
In case you haven’t heard of JMS…
Messaging more resilient than RPC point-to-point, especially for composite services. Many companies rely on ESBs
© 2013 Kaazing Corporation
Java Message Service (JMS)
• Java EE Message Oriented Middleware • JMS 1.0 2001, JMS 1.1 2002, JMS 2.0 (Feb 26, 2013) • Asynchronous Messaging vs. RPC • Loosely coupled vs. Tightly coupled • Pub/Sub, Topics, Queues • Transactions, Reliable
© 2013 Kaazing Corporation
Basic Inside-the-Firewall JMS (Java to Java)
conn = createConnection(); sess = conn.createSession(); topic = jndiContext.lookup(topic); pub = sess.createProducer(topic); pub.send(“hey Frank”);
conn = createConnection(); sess = conn.createSession(); topic = jndiContext.lookup(topic); sub = sess.createConsumer(topic); sub.setMessageListener(this); … public void onMessage(Message m) { String s = m.getText(); … do stuff… }
conn = createConnection(); sess = conn.createSession(); topic = jndiContext.lookup(topic); sub = sess.createConsumer(topic); sub.setMessageListener(this); … public void onMessage(Message m) { String s = m.getText(); … do stuff… }
conn = createConnection(); sess = conn.createSession(); topic = jndiContext.lookup(topic); sub = sess.createConsumer(topic); sub.setMessageListener(this); … public void onMessage(Message m) { String s = m.getText(); … do stuff… }
msg broker
© 2013 Kaazing Corporation
Now… JMS API for JavaScript - example
connFactory = new StompConnectionFactory(…url…); connection = connFactory.createConnection(…) session = connection.createSession(…); var myTopic = session.createTopic("/topic/myTopic"); topicProducer = session.createProducer(myTopic); topicConsumer = session.createConsumer(myTopic); topicConsumer.setMessageListener(onMessage);
1 2 3 4 5 6 7
© 2013 Kaazing Corporation
JMS API for JavaScript
8. Send messages
9. Process messages: the message listener
function: onMessage()
var onMessage = function(message) { if (message.getStringProperty(MESSAGE_PROPERTIES.userId) != userId) { $("#slider").val(message.getText()); $("#pic").width(message.getText()); } };
var doSend = function(message) { message.setStringProperty(MESSAGE_PROPERTIES.userId, userId); topicProducer.send(null, message, DeliveryMode.NON_PERSISTENT, 3, 1, function() sendFromQueue(); }); };
© 2013 Kaazing Corporation
Higher Level APIs (over WebSocket) for JavaScript
So if you can layer application protocols and APIs over WebSocket, what do you have? • Easier WebSocket programmability • Event-driven applications over the web • Event-driven APIs over the web • Not necessary to open non-standard ports • Web infrastructure now truly “disappears” • Reduction in complexity • Further opportunities to innovate • Mobile + cloud + HTML5/WebSocket • Internet/Web of Things • New world awaits!
© 2013 Kaazing Corporation
WebSocket Projects, OSS, Vendors
• Kaazing • Node.js/socket.io/SockJS/engine.io • ActiveMQ • Tomcat • Jetty • Oracle Glassfish • Java EE – JSR 356 • Play Framework • Rabbit MQ • JBoss • IIS/ASP .NET 4.5 • PHP, Objective-C, Ruby, Python, C/C++, JVM-langs… • Many more…
© 2013 Kaazing Corporation
WebSocket Examples
© 2013 Kaazing Corporation
Futures
What’s next for WebSocket?
© 2013 Kaazing Corporation
New Computing Model
Clouds
A Mobile App is easier to port to Desktop A Desktop App is a challenge to port to Mobile
© 2013 Kaazing Corporation
Industry View of Cloud Stack
Hardware
Infrastructure as a Service IaaS
Platform as a Service PaaS
Software as a Service SaaS
© 2013 Kaazing Corporation
More Accurate View - Cloud Services Stack
Hardware
Compute/Network/Storage
Development, Delivery, Management, Security,
Messaging, Integration, Testing, …
Applications
© 2013 Kaazing Corporation
Web APIs
§ APIs from everywhere § Over 9,000 public APIs and even more Mashups - programmableweb.com/apis/directory - Amazon, Facebook, LinkedIn, AT&T, Google, Microsoft,
NYTimes, Orange, SalesForce, Telefonica, Twitter, Visa, Vodafone, Yandex
§ Enterprise and B2B APIs § Over time, more will be event-based – NoREST? § Services… Services… Services…
© 2013 Kaazing Corporation
Open APIs
Most Popular Google Maps, Twitter, YouTube, Flickr, Amazon eCommerce, Facebook, Twilio, …
© 2013 Kaazing Corporation
Event-based XaaS
Monitoring as a Service Integration as a Service
Enterprise Messaging as a Service
WAN Optimization as a Service
Governance as a Service
Database as a Service
Analytics as a Service
EAI as a Service
CDN as a Service
Trade Clearance as a Service
Windows Desktop as a Service
Sentiment Analysis as a Service
Auditing as a Service
Telephony as a Service
Data Center as a Service
Network as a Service
Risk Analytics as a Service
Backup as a Service
Security as a Service Notification as a Service
Identity as a Service Testing as a
Service
© 2013 Kaazing Corporation
New Computing Model
Cloud Cloud
Pub/Sub
Cloud
Enterprise
Storage
Notifications
Transactions
Monitoring Email Docs
Cloud VNC Desktop Cloud Cloud Sentiment
Analysis Risk Management
websocket
websocket
websocket
websocket
websocket Wealth Management
Collaboration
© 2013 Kaazing Corporation
Inter-Cloud Connectivity
Enterprise
service
Enterprise Service Bus
service service
External Cloud
Service Bus
service service service
iPaaS
Internet Service Bus
websocket
websocket
Sentiment Analysis as a Service
Risk Management as a Service
Compliance as a Service
Telemetry Aggregation as a Service
© 2013 Kaazing Corporation
Other Interesting Directions….
• HTTP 2.0 and WebSocket • WebSocket extensions: compression, mux, etc • TCP <-> WebSocket <-Net-> WebSocket <-> TCP • Embedded WebSocket (telecom, tv, car, etc) • WebRTC signaling, etc • MMO Gaming • Big Data event processing (risk management, et al) • Real-time Ad exchanges • More types of cloud services – Real time XaaS • Internet/Web of Things
© 2013 Kaazing Corporation
Web Trading Systems
FX Trader Application – front office demo.kaazing.com/forex
High msg rate, small payload requirements…
© 2013 Kaazing Corporation
Mobile Mobile Computing
demo.kaazing.com/racer
© 2013 Kaazing Corporation
Prezing – Web-Collaborative Presentation Tool
© 2013 Kaazing Corporation
LabView UI replicated to Browser in Real-time
Data Acquisition – courtesy of Bergmans Mechatronics
LabView browser
© 2013 Kaazing Corporation
Monster Truck as a Service
github.com/dpwspoon/kaazingPi
Controlling an RC car remotely via Web Messaging!