websocket perspectives and vision for the future

Frank Greco - @frankgreco Director of Technology, Kaazing

WebSocket Perspectives and Vision for the Future

© 2013 Kaazing Corporation

§  Brief Background on WebSocket §  What Really is WebSocket and What it is Not §  Layered Approach to Web Protocols §  The Web beyond the Browser - XaaS §  Use Cases and Demos

Outline


Me…

§  Director of Technology @ Kaazing §  Chairman NYJavaSIG (javasig.com) §  Largest Java UG in North America

7,500+ members §  Chair NYHTML5

§  Email: [email protected] §  Twitter: @frankgreco §  Yell: “Hey Frank!”


Welcome HTML5 (aka The New Web)

§  Users are Demanding more from Apps §  UI/UX Requirements are more sophisticated §  Browser Enhancements and Evolution §  API Explosion §  Web no longer just about Documents… even partial or

pseudo documents

The New Web is a Programmatic Foundation for Rich, Reliable and Really Cool Apps


Welcome HTML5 (aka The New Web)

§  Users are Demanding more from Apps §  UI/UX Requirements are more sophisticated §  Browser Enhancements and Evolution §  API Explosion §  Web no longer just about Documents… even partial or

pseudo documents

The New Web is a Programmatic Foundation for Rich, Reliable and Really Cool Apps

But…


§  Designed for document transfer – HTTP -  Short-lived Request / Response interaction

§  Bidirectional, but half-duplex -  Traffic flows in only one direction at a time

§  Stateless -  Large amounts of metadata resent for each request

We Live in a Real-Time World… HTTP?

Yes, HTTP 2.0 will be better, but the Web was not originally designed for “real-time”, event-based services…


Some things age well…

TCP

HTTP


…and some things don’t

Oldies Hits - AJAX and the Comet Pollers - 2006


WebSocket

•  “Real-Time”, bi-directional connectivity •  IETF Protocol - RFC 6455 – Dec 2011 •  W3C API •  Easily add event-based capability to web apps •  Avoids polling (and resource consumption) •  Avoids HTTP meta-data overhead •  Shares port with HTTP (80/443) •  Peer protocol to HTTP (both use TCP)


§  IETF Formal Protocol (RFC 6455) -  Event-driven JavaScript API -  Full-duplex communication protocol

§  W3C API – Candidate Recommendation -  http://www.w3.org/TR/websockets/

§  Integrates HTTP addressing -  ws://yourcompany.com/collaboration_svc

-  wss://anothercompany.com/marketdata_svc

§  Traverses firewalls, proxies, routers securely §  Text and Binary §  Leverages Cross-Origin Resource Sharing (CORS)

WebSocket Standards


But Why WebSocket?

It’s the Most Important API in HTML5! •  Facilitates other protocols •  Puts the web in a better place…

“Connectedness” – Always On… not partially on. Connect to People, Services, Work, Play, Buying/Selling, Collaboration, Entertainment, Navigation, Music, Politics, Philosophy, Devices, etc, etc, etc…


The WebSocket Handshake


WebSocket Frames

§  Frames have a few header bytes §  Data may be text or binary §  Frames from client to server are masked

(XORed w/ random value) to avoid black hats with old proxies

§  Use TLS in production – avoids a lot of issues…


Java API for WebSocket - JSR 356 §  Creation of WebSocket Java components to

handle bi-directional WebSocket conversations §  Handling WebSocket events §  Creation and consumption of WebSocket text and

binary messages §  Allows for WebSocket protocols and content

models for an application §  Configuration and management of WebSocket

sessions, like timeouts, retries, cookies, connection pooling

§  Specification of how WebSocket application will work within the Java EE security model!

§  Official Java SE WebSocket API in the works…


What WebSocket is Not

•  It is not a New AJAX AJAX was a lovable hack

•  It is not a Push mechanism WebSocket is full-duplex, bi-directional

•  It is not a Messaging system It’s an agnostic wire protocol It’s a low-level transport API

•  It is not a Replacement for HTTP HTTP is still great for static,

cacheable info


Legacy HTTP vs WebSocket

For Real-Time, Event-based Web Communication…

Seems like a no-brainer for most apps…


HTML5 WebSocket API

Make sure WS is open before usage… J


HTML5 WebSocket API

Dealing with WebSocket is like dealing with TCP. It’s a streams-based model. You need to understand how to handle streams-based data over the wire. e.g., How do I do publish/subscribe?

But…


What is Missing?

Where is the Application-level Protocol? •  Who handles retries? •  How do we handle publish/subscribe semantics? •  How do we handle market data, last value cached, ? •  Is guaranteed delivery possible (trades)? •  What if the client is not active? •  How do we handle [fill in with favorite semantics] •  What about partials? •  Who’s responsible for entitlements? How do I

manage that? •  etc…


WebSocket

TCP

JMS XMPP AMQP B2B FTP VNC mktdata etc

Browser and Native Applications

WebSocket Gateway

Internet

WebSocket Gateway

Whoa… Its just like TCP! Huzzah!

But wait… Protocol Layering is Possible!


Anything Else Missing?

Other Considerations for the Real-World…

•  Need to handle multiple WS versions •  Need to handle multiple (and legacy) browser versions •  Can’t have business logic in the DMZ •  Have to work in multiple DMZs •  AuthN/AuthZ has to work multiple times •  High-availability topology •  Concerns about open ports with back-end service •  Services architecture needs to be consistent •  Native, HTML5 and hybrid environments •  Integrate easily with non-messaging services •  XaaS integration – the Web beyond the browser •  Bandwidth management •  etc… All things you need for a real enterprise app


Publish/Subscribe over the Web – an Example

Java Message Service (JMS) over

WebSocket

A 60-second Tutorial

In case you haven’t heard of JMS…

Messaging more resilient than RPC point-to-point, especially for composite services. Many companies rely on ESBs


Java Message Service (JMS)

•  Java EE Message Oriented Middleware •  JMS 1.0 2001, JMS 1.1 2002, JMS 2.0 (Feb 26, 2013) •  Asynchronous Messaging vs. RPC •  Loosely coupled vs. Tightly coupled •  Pub/Sub, Topics, Queues •  Transactions, Reliable


Basic Inside-the-Firewall JMS (Java to Java)

conn = createConnection(); sess = conn.createSession(); topic = jndiContext.lookup(topic); pub = sess.createProducer(topic); pub.send(“hey Frank”);

conn = createConnection(); sess = conn.createSession(); topic = jndiContext.lookup(topic); sub = sess.createConsumer(topic); sub.setMessageListener(this); … public void onMessage(Message m) { String s = m.getText(); … do stuff… }



msg broker


Now… JMS API for JavaScript - example

connFactory = new StompConnectionFactory(…url…); connection = connFactory.createConnection(…) session = connection.createSession(…); var myTopic = session.createTopic("/topic/myTopic"); topicProducer = session.createProducer(myTopic); topicConsumer = session.createConsumer(myTopic); topicConsumer.setMessageListener(onMessage);

1 2 3 4 5 6 7


JMS API for JavaScript

8.  Send messages

9.  Process messages: the message listener

function: onMessage()

var onMessage = function(message) { if (message.getStringProperty(MESSAGE_PROPERTIES.userId) != userId) { $("#slider").val(message.getText()); $("#pic").width(message.getText()); } };

var doSend = function(message) { message.setStringProperty(MESSAGE_PROPERTIES.userId, userId); topicProducer.send(null, message, DeliveryMode.NON_PERSISTENT, 3, 1, function() sendFromQueue(); }); };


Higher Level APIs (over WebSocket) for JavaScript

So if you can layer application protocols and APIs over WebSocket, what do you have? •  Easier WebSocket programmability •  Event-driven applications over the web •  Event-driven APIs over the web •  Not necessary to open non-standard ports •  Web infrastructure now truly “disappears” •  Reduction in complexity •  Further opportunities to innovate •  Mobile + cloud + HTML5/WebSocket •  Internet/Web of Things •  New world awaits!


WebSocket Projects, OSS, Vendors

•  Kaazing •  Node.js/socket.io/SockJS/engine.io •  ActiveMQ •  Tomcat •  Jetty •  Oracle Glassfish •  Java EE – JSR 356 •  Play Framework •  Rabbit MQ •  JBoss •  IIS/ASP .NET 4.5 •  PHP, Objective-C, Ruby, Python, C/C++, JVM-langs… •  Many more…


WebSocket Examples


Futures

What’s next for WebSocket?


New Computing Model

Clouds

A Mobile App is easier to port to Desktop A Desktop App is a challenge to port to Mobile


Industry View of Cloud Stack

Hardware

Infrastructure as a Service IaaS

Platform as a Service PaaS

Software as a Service SaaS


More Accurate View - Cloud Services Stack

Hardware

Compute/Network/Storage

Development, Delivery, Management, Security,

Messaging, Integration, Testing, …

Applications


Web APIs

§  APIs from everywhere §  Over 9,000 public APIs and even more Mashups -  programmableweb.com/apis/directory -  Amazon, Facebook, LinkedIn, AT&T, Google, Microsoft,

NYTimes, Orange, SalesForce, Telefonica, Twitter, Visa, Vodafone, Yandex

§  Enterprise and B2B APIs §  Over time, more will be event-based – NoREST? §  Services… Services… Services…


Open APIs

Most Popular Google Maps, Twitter, YouTube, Flickr, Amazon eCommerce, Facebook, Twilio, …


Event-based XaaS

Monitoring as a Service Integration as a Service

Enterprise Messaging as a Service

WAN Optimization as a Service

Governance as a Service

Database as a Service

Analytics as a Service

EAI as a Service

CDN as a Service

Trade Clearance as a Service

Windows Desktop as a Service

Sentiment Analysis as a Service

Auditing as a Service

Telephony as a Service

Data Center as a Service

Network as a Service

Risk Analytics as a Service

Backup as a Service

Security as a Service Notification as a Service

Identity as a Service Testing as a

Service


New Computing Model

Cloud Cloud

Pub/Sub

Cloud

Enterprise

Storage

Notifications

Transactions

Monitoring Email Docs

Cloud VNC Desktop Cloud Cloud Sentiment

Analysis Risk Management

websocket

websocket

websocket

websocket

websocket Wealth Management

Collaboration


Inter-Cloud Connectivity

Enterprise

service

Enterprise Service Bus

service service

External Cloud

Service Bus

service service service

iPaaS

Internet Service Bus

websocket

websocket

Sentiment Analysis as a Service

Risk Management as a Service

Compliance as a Service

Telemetry Aggregation as a Service


Other Interesting Directions….

•  HTTP 2.0 and WebSocket •  WebSocket extensions: compression, mux, etc •  TCP <-> WebSocket <-Net-> WebSocket <-> TCP •  Embedded WebSocket (telecom, tv, car, etc) •  WebRTC signaling, etc •  MMO Gaming •  Big Data event processing (risk management, et al) •  Real-time Ad exchanges •  More types of cloud services – Real time XaaS •  Internet/Web of Things


Use Cases and Demos

Peter Moskovits [email protected], @pmoskovi


Web Trading Systems

FX Trader Application – front office demo.kaazing.com/forex

High msg rate, small payload requirements…


Mobile Mobile Computing

demo.kaazing.com/racer


Prezing – Web-Collaborative Presentation Tool


LabView UI replicated to Browser in Real-time

Data Acquisition – courtesy of Bergmans Mechatronics

LabView browser


Monster Truck as a Service

github.com/dpwspoon/kaazingPi

Controlling an RC car remotely via Web Messaging!


Questions?

[email protected]

websocket perspectives and vision for the future

Technology

kaazing corporationand

kaazing corporationanything

kaazing corporationbut

kaazing corporationjava

websocket protocols

websocket jsr

web apps

kaazing chairman nyjavasig