KWICies #002 – To B2B, or Not B2B, That’s a Question?

 On-demand App-to-App Cloud Connectivity

“Innovation distinguishes between a leader and a follower.” ― Steve Jobs

“Life doesn’t imitate art, it imitates bad television.”― Woody Allen

Free “Enterprise”
In the Information Technology (IT) world, the word “enterprise” is bandied about quite often. First, I really have no idea how to bandy about. If it involves incense and oils, I may have an idea, but let’s talk about enterprises instead.

If you do some serious digging, you’ll find out an enterprise is a federation, in other words, a collection of related business units with a common goal of profitability. It is an aggregate, dynamic yet unified entity that provides a product or service to benefit customers in return for revenue and profit. You’ll probably hear “enterprise” loosely and actually incorrectly used interchangeably with “company” or “business”.

Federation of Plan Its
As most of us are well aware, the success of this type of federation is very dependent on its network of vendors, service providers, partners and even the IT systems of its customers. In other words most enterprises rely on their supply chain network (tip: instead use “cooperative cloud ecosystem” at your next evening event with tragically hip baristas to get smiling nods of approval). This cooperative ensemble usually includes information management, purchasing, inventory, manufacturing, process-flow, logistics, research/development, distribution and customer service. This is true regardless whether you are a large retailer, a telecom provider, an investment bank or a television network.

This means a spectrum of enterprise applications needs connectivity with other applications and services. Trading systems, real-time inventory, big data analytics, complex event processing, systems monitoring and management, mobile notifications, social media sentiment analysis, et al, increasingly require traversal across multiple organizational boundaries. And today, many of these applications reside in IT systems off-premises within a cloud provider outside of the traditional firewall.

A Storm in Any Port
So the success of the “enterprise” now depends on a federation of organizations, integrating multiple external applications over multiple firewalls opening multiple ports (and maintaining friendships with your poker-playing buds in the InfoSec group).   It is an atmosphere where the art of negotiation becomes more critical rather than mandating localized governance. And it’s an environment that clearly demonstrates and reinforces why agility and technology standards are truly useful.

Summarized, an enterprise is in the B2B2B2B2B2B [take a breath] B2B2B2B2B2B business with A2A2A2A2A2A connectivity needs.

Make it Sew
The usual answer for application-to-application (A2A) connectivity is a traditional Virtual Private Network (VPN), which has been around since the mid-90’s, i.e., before Clinton/Lewinsky and stained blue dresses. Heck, VPNs were invented in a time when Google didn’t even exist, Amazon was called Cadabra, and Altavista was your Google.

Over the past decade, VPNs have done an excellent job of connecting data centers, cloud infrastructures and other large networks. Large cloud vendors such as Amazon even offer virtual private clouds (VPC) along with hardware Gateways to create a VPN. There are clear use cases for traditional VPNs.

But there are some significant downsides to traditional and cloud-based VPNs for modern, on-demand A2A communication.

  • The on-boarding process can be onerous especially between external organizations, despite the straightforward technology setup.
  • They typically allow low-level potentially dangerous access especially if home computers are used to access corporate assets.
  • VPN Access control usually uses the hard-to-manage, black list model.
  • They present huge surface areas with many attack vectors for hackers to exploit.
  • VPN vendor hardware and software are not always interoperable or compatible. A particular VPN architecture may not be suitable across multiple VPN vendors.
  • They are not easy to manage in an agile, constantly changing federated environment.
  • VPNs may require additional infrastructure for mobile devices that experience disconnects, cross-application network connection retries, additional security, etc.
  • Even one VPN can be quite difficult for a business unit to deploy, maintain and understand the security issues. In a business-driven cloud services world, this reduces agility for the revenue generators in an enterprise.
  • VPN products typically offer poor user experiences.
  • TCP and Web VPN requirements are not necessarily the same. This drives up costs. In terms of security,
  • Do legacy VPNs fit in a multi-cloud, on-demand, microservices world?

Certainly feels time for a makeover, doesn’t it?

Standard Orbit with KWIC
As I mentioned in the last KWICies, the web standards bodies (IETF and W3C) blessed the WebSocket standard back in 2011. And right after those standards came out, we saw simple web push applications with WebSocket replacing Comet/Reverse-AJAX on some websites.  But we need to recall, WebSocket is not just a formally standard API; it is also an application protocol similar to HTTP.  It provides on-demand, fat pipe connectivity that’s web-friendly.  Think about that for a few milliseconds (btw, which is about the same time a message can flow over a WebSocket across the web).  It’s a full-throttle, TCP-like connection that is web-friendly.   And it’s an excellent foundational substrate to use for agile A2A for the modern enterprise. This is the basis of KWIC and why its perfectly suited for today’s A2A connectivity.

“I have spent my whole life trying to figure out crazy ways of doing things. I’m telling ya, as one engineer to another – I can do this.”  -[any non-Googlian guesses?]

Frank Greco

Posted in cloud | Tagged , , | Leave a comment

KWICies #001 – Life in the Fast Lane

The Evolution of Cloud Connectivity

“Intelligence is based on how efficient a species became at doing the things they need to survive.” ― Charles Darwin

“My theory of evolution is that Darwin was adopted.” ― Steven Wright

Yesterday
In case you missed it, the first phase of cloud computing has left the building. Thousands of companies are in the cloud. Practically all organizations regardless of size already have production applications in a public, off-premises cloud or a private cloud. Yep. Been there, done that.

And the vast majority of these applications use the classic “SaaS-style” public cloud model. Someone develops a useful service and hosts it on Amazon Web Services (AWS), Microsoft Azure, IBM Cloud Marketplace, Google Cloud Platform (GCP) or one of several other cloud vendors. Accessing this external service is typically performed via a well-defined API. Typically this API invocation is made using a simple REST call (or a convenient library wrapper around a REST call). This request originates from a web browser, native app on a mobile device or some server-side application and traverses the web. Using only port 443 or 80, it connects through a series of firewalls to the actual service running in the external cloud environment. The request is serviced by a process running in a service provider’s computing environment and returns a result to the client application.

 

kwic-1
Conventional SaaS-style Access

 

Only the Beginning
However this scenario greatly simplifies a real-world example of accessing a service. Quite honestly, this is a very basic, hello-world cloud connectivity model.

Today’s enterprise is a federation of companies with vast collections of dynamic services that are enabled/disabled frequently with ever-changing sets of authentication and access control. To survive in this environment, a modern enterprise needs to develop an intimate yet secure ecosystem of partners, suppliers and customers. So unlike the rudimentary connectivity case, the typical production application is composed of many dozens and perhaps hundreds of services, some internal to an enterprise and some residing in a collection of external cloud infrastructures or data centers. For example, the incredibly successful Amazon ecommerce website performs 100-150 internal service calls just to get data to build a personalized web experience.

Many of these external services that exist either in an external cloud vendor or another company’s data center often need to reach back to the originating infrastructure to access internal services and data to complete their tasks. Some services may even go further and also need access to information across cloud, network and company boundaries.

This ain’t your father’s cloud infrastructure.

 

Get off My Cloud
A particular use case is when a service running in a cloud environment, e.g., AWS, needs to authenticate access to this service. One solution is to provide a duplicate or subset of the internal authentication credentials (usually housed in some LDAP repository, e.g., Active Directory) directly in the public cloud. However this is redundant and brings potentially dangerously insecure authentication-synchronization and general data management issues. Unsurprisingly this scenario of accessing internal authentication or entitlements information residing in an internal directory turns out to be quite common for practically all service access.

Another example involves powerful cloud-based analytics or business intelligence services. In many cases such off-premises analytics-as-a-service providers need access to internal real-time data feeds that reside on the premises of a customer. That customer may not want to put that private real-time stream into the cloud environment for a variety of reasons, e.g., security, unnecessary data synchronization, additional management, etc.

The architectural solutions for both of these use cases involve either negotiating with the enterprise customer to create a REST API and deploy a family of application servers (extremely complex and highly improbable), or more typically, setting up a virtual private network (VPN) to achieve a real-time, “fat-pipe” connection.

 

kwic-2
Old-School Approach to Application Connectivity

 

Nothing Else Matters
While the technical aspects of setting up a legacy-style VPN are relatively straightforward, there is often a lengthy period of corporate signoffs and inter-company negotiations that precede the technical work.  For some companies this period of time can be many weeks. For some other large corporations, getting approvals for yet another VPN can take several months. This painfully long lead-time negatively impacts business agility and the all-important time-to-revenue.

In addition, VPN access is at the low-level TCP layer of the network stack. Despite various access control systems, the open nature of a VPN represents a security risk by potentially providing unauthorized (and authorized) users free-reign to many internal enterprise services. Also, VPN implementations vary. Some are proprietary and may cause potential issues when interfacing among various VPN vendors, especially VPNs that extend access to mobile devices.

 

What a Wonderful World
Ideally you would want to completely eliminate any legacy VPN requirement to significantly reduce unnecessary friction from the sales and deployment process. And you’d want an agile, on-demand connection that connects Application-to-Application (A2A) via a “white list” approach. To help future proof your infrastructure and accelerate operations, a container deployment approach based on the popular Docker would be more than useful and attractive to your developers.

 

Do You Believe in Magic
As of December 2011, the Internet standards bodies (IETF and W3C) formally approved a mechanism for a persistent connection over the web without using any additional ports and consequently maintaining your friendships in the InfoSec group. This standard is called “WebSocket” and effectively is a “TCP for the Web”.

Like most innovations being used for the first time, WebSocket was initially used as a mere replacement for inelegant browser push (AJAX) mechanisms to send data from a server to a user.

But by using the WebSocket protocol and its standardized API as a powerful foundation for wide-area TCP-style distributed computing, we get a phenomenally powerful innovation.    Enhancing basic WebSocket functionality with the necessary enterprise-grade security and reliability envelope, applications can now easily and most importantly securely access services on-demand through the firewall.   This type of enhanced approach to WebSocket avoids the awkward conversion of any enterprise application protocol to coarse-grained HTTP semantics.  Performance is rarely an issue with WebSocket.

 

kwic-3
WebSocket for App-to-App (A2A) Communication

 

This LAN is Your LAN
If you’re looking for a way for an external cloud application to access an internal, on-premises service in an on-demand Application-to-Application manner, the Kaazing Websocket Intercloud Connect (KWIC… yep, yet-another caffeine-induced acronym) provides this functionality. It’s based on the open-source Kaazing Gateway and works with any TCP-based protocol. You can see an example of KWIC used for LDAP access in the AWS Marketplace (if you don’t need support, KWIC is totally free…).

Frank Greco

Posted in cloud | Tagged , | Leave a comment

Real-Time Tic Tac Toe Light

I had the great privilege of being a speaker at HTML5 Developer Conference in San Francisco recently.  It was the second HTML5 Dev Conf I have presented at, with the first one being October 2013.  This time, I paired with Frank Greco to present a session entitled “WebSockets: Past, Present and Future”.  Frank took the stage for the first half of the session, and I followed up with some hands-on Internet of Things (IoT) demonstrations that were integrated with Kaazing Gateway.

Introducing the Tic Tac Toe Light

My personal favorite demonstration was a project I called the “Tic Tac Toe Light”.  I called it this because the custom-built enclosure houses nine (9) Adafuit NeoPixels in a three-by-three (3×3) grid.  The enclosure, made using foam core board and a hot knife, also contained an Arduino Yun.  I have grown to be a big fan of the Arduino Yun for real-time IoT/web projects.  The board is the same profile as an Arduino Uno, but includes integrated wireless (802.11 b/g/n), an ATmega32u4 (similar to the Arduino Leonardo), and a Linux system on a chip (SoC).

image02    image01

image03

Using a web-based user interface, attendees of the HTM5 Dev Conf session could use their laptop, tablet or smartphone to control each NeoPixel (RGB LED) in the enclosure.  At the same time, the web user interface kept in sync with all the attendees selections – across all screens.  The Arduino Yun was also listening on a real-time connection for color change messages, which is how it knew what lights to change to what colors.

Why Kaazing Gateway

I think the bigger question here is “Why real-time?”  Although I do not know the exact count, I would say that the session had nearly 200 attendees.  The ATmega32u4 has a clock speed of 16 MHz with 32 KB of RAM.  If all those attendees were selecting light colors at anywhere near the same time using HTTP, the Arduino would be crushed under the load.  In a real-time scenario however, there is but one connection, and about twenty (20) bytes of data for each color change.  The end result was a far more scalable solution.

image00

And it had to scale too!  The lights on the Tic Tac Toe box were blinking wildly for the duration of the time I had it plugged in (before I had to move on to my next demonstration).

Can you imagine the user experience over HTTP, even if the 16 MHz chip could handle the load?  You would select a color, and at some interval later, the color would be set.  That lag however would leave you wondering “Was that my color selection?”  This as compared to an instant response using Kaazing Gateway, even over conference wireless.  Not to mention keeping all the other connected users in sync.  The additional HTTP polling load for that would make the whole project come to a crawl (or just crash).

What Next

The 3×3 grid was actually happenstance – I happened to have ten (10) NeoPixels on hand in my component drawer.  I wanted a square, so 3×3 it was.  This led to the name of Tic Tac Toe.  But then I started to wonder.  What if this was the physical manifestation of two players in an actual game of tic-tac-toe?  Or even better yet, maybe artificial intelligence (AI) on the server was playing the other side in real-time!

This is where I would like to take the project next.  If you want to see the code for the project, you can hop on over to my GitHub account where I have posted more details, as well as code itself for the Arduino Yun and the web client.  The fabrication plans are also posted there should you want to take on a project like this yourself.  If you have any questions, feel free to hit me up on Twitter, or drop a comment below.

Credits

Thanks Matthias Schroeder for the Vine video of Tic Tac Toe in action during the session.

Posted in Events, html5, IoT | Tagged , , , | Leave a comment

KAAZING Leads Education in Modern Web and Mobile App Development

KAAZING was the first organization delivering formal, instructor-led HTML5 and WebSocket training globally back in 2008. Since then, we have trained thousands of web developers and engineers on the latest best practices and techniques for building state of the art Web and mobile applications.

Today, we still remain very active in educating the web development community at all skill levels. Earlier this year, we launched two new intermediate to advanced level courses for web developers focused on new best practices and techniques for modern Web and mobile app development using open-source tools, and developing secure, real-time networked Web and mobile applications.

Richard Clark, Head of Global Training at KAAZING, will be teaching a 1-day beginner level JavaScript course at the HTML5 Developers Conference in San Francisco on May 19 from 9am-4pm. This course is called Leveling up in JavaScript. For more information and to register, click here. http://html5devconf.com/training.html – clark-leveling

For those looking to learn core foundational web development skills, you can pick up the fundamentals of JavaScript in less than a day. This course is for those who want to go beyond static design and into the world of interactive programming. Once you know how JavaScript works, you can take advantage of it to make your web pages and apps come alive.


richard-clarkRichard Clark is the Head of Global Training at KAAZING. He is an experienced software developer and instructor. He has authored commercial web applications and blends the practical knowledge of a developer with extensive experience as an instructional designer and trainer. Richard has taught for Apple and Hewlett-Packard, written immersive simulations, developed multiple high-performance web applications for the Fortune 100, and published Apple iOS applications. He is an evangelist for new technologies with a focus on their practical uses.

Posted in Uncategorized | Leave a comment

Why Should The Internet Of Things Be Central To Your IT Strategy?

Not since the Web began has there been an era of disruption like the one ushered in by the Internet of Things. An IoT connected world is fast becoming a reality that promises to link our homes and business and improve efficiency. 

By the year 2020, the number of Things connected to the Internet will be 6X the number of humans. With the explosive growth of connected things, an IoT world brings both tremendous risks and enormous opportunities.

Join KAAZING and Gigaom Research for “The Internet of Things: Making it Happen in Your Business,” a free analyst roundtable webinar on Tuesday, April 22, 2014 at 10:00 a.m. PT.

Our expert panelists, Craig Foster, freelance analyst, writer and consultant, Rich Morrow, founder / head geek, quicloud LLC and Jonas Jacobi, Co-Founder & President, KAAZING will discuss the risks and benefits of implementing a secure IT strategy to help you adopt and leverage the Internet of Things in your business.

This webinar will introduce a spectrum of IoT use cases through current examples that will help you identify the process and technology changes required to support IoT-based initiatives.

Prepare your business to succeed in an IoT connected world. Learn what our experts have to say and gain valuable insights on how to make the IoT central to your IT strategy. Register now. http://goo.gl/C3D1fj 

Posted in Featured | Leave a comment

KAAZING Is Expanding, And So We Are Moving…

Unless you have been hiding under a rock since January 1st, you will have noticed that KAAZING in 2014 has entered a period of rapid expansion.

Whether it is measured in terms of participation in industry events worldwide, high-profile customer wins, bold new hires, or improvements to and additional flavors of the KAAZING Gateway, the company is visibly, energetically and relentlessly expanding in lockstep with the explosive growth of the Internet of Things.

No surprise then that we have also out-grown our current office space. Which is why on February 10, 2014, we are re-locating our Worldwide HQ.

While remaining in the heart of Silicon Valley, our new headquarters will henceforth be in San Jose – in the America Center, hailed when completed in 2009 as one of the “greenest” office projects in the Valley, back when LEED-certified office projects were still a rarity.

They say that moving on is not about never looking back, it’s about taking a glance at yesterday and noticing how much you’ve grown since then. All at KAAZING have been doing exactly that. We loved Mountain View, where the company was born and raised. But we are ready for this bigger and better facility, where Zingers will henceforth have access to a fitness center. The new location also provides easy access to jogging and bike trails.

“It’s all about growth and execution,” said Vikram Mehta, KAAZING’s CEO. “We’re a hot business in a hot industry. The move gives us the space to execute better, faster, and with a larger team.”

Mehta noted that the entire Enterprise IT & Infrastructure industry has already been asked to update its records with KAAZING’s new information and added that the company “looks forward to seeing all our partners and associates at our new location.”

kaazing-office

Here is our new address (pictured to the left):

Kaazing Corporation
6001 America Center Drive, Suite 250
San Jose, CA 95002

Our phone numbers have not changed:

T +1 (877) KAAZING
T +1 (877) 522-9464
F +1 (650) 960-8145

Posted in Featured, Kaazing, Release, Uncategorized | Leave a comment

Extreme HTML5 Video Interactivity: Sending WebSocket Messages with Popcorn.js

One of our most popular demos at Kaazing is using a Web browser on a smartphone to control a physical toy truck from continents away. The truck has a Raspberry Pi attached to it, connecting to a WebSocket server, and listening to control command messages: drive forward or backward, turn left or right, or turn headlight on and off. You can learn more about the project in our Remote Controlling a Car over the Web. Ingredients: Smartphone, WebSocket, and Raspberry Pi blog post.

The most interesting way to demonstrate the truck is by having a remote person control the truck, and join in over a video conference. Here’s the recording of us doing just this. Fast forward to 4:08 for the truck demo.

Now, there are certain circumstances, when running Skype, or other live video chat apps is not an option. You may be off the grid, or simply not have anybody handy controlling your truck remotely.

To address this challenge, we wanted to create a self-contained environment where the same dialog and experience can be presented, but without all the above mentioned dependencies. To achieve this, we decided to record a video of someone operating the remote control that the presenter could use as the “Skyped-in” portion of the presentation. There are a number of ways we could hack this, for example by pretending to control the car by emulating the controls in the room. How cool would it be to instead have the recorded video actually trigger the remote controls using WebSocket messages? Instead of a real person controlling the car in real time, we could have the video control the car in real time.

First, we recorded the video. In the video, David Witherspoon operates the remote control. (Aside: David is a software engineer at Kaazing who, along with colleague Prashant Khanal, was instrumental in dreaming up and building the truck). David followed the script of the dialog very precisely. Knowing the script was not sufficient, we had to do it with exact timing, as it was specified to be run during the actual demo.

After processing the video, I embedded it in a web page, and overlaid the video with a live video feed of the presenter’s laptop camera. This is an important step to make the experience more realistic; after all, every video conference does this.

Here’s the HTML code:

	<head>
		<script src="http://popcornjs.org/code/dist/popcorn-complete.min.js"></script>
		<script src="http://demo.kaazing.com/lib/client/javascript/StompJms.js"></script>
		<script>document.addEventListener( "DOMContentLoaded", function() {doConnect();}, false );</script>
		<link rel="stylesheet" href="css/truck.css"</style>
	</head>
	<body>
		<video id="selfVideo" autoplay width="256"></video>
		<video id="truckVideo" width="1024">
			<!-- <source src="videos/PeterTruck.mp4" type="video/mp4"> -->
			<source src="http://localhost/videos/DavidTruck.mp4" type="video/mp4">
		</video>
	</body>
	<script src="js/truck.js"></script>	

And here is the JavaScript code:

var errorCallback = function(e) {
console.log('Reeeejected!', e);
};

// Not showing vendor prefixes.
navigator.getUserMedia  = navigator.getUserMedia ||
              navigator.webkitGetUserMedia ||
              navigator.mozGetUserMedia ||
              navigator.msGetUserMedia;

var video = document.getElementById ("selfVideo");

if (navigator.getUserMedia) {
  navigator.getUserMedia({audio: false, video: true}, function(stream) {
    video.src = window.URL.createObjectURL(stream);
  }, errorCallback);
} else {
  video.src = 'somevideo.webm'; // fallback.
}

The simple CSS snippet ensures that the presenter’s “self” video overlays the remote person’s (recorded) video.

#selfVideo
	{position:fixed;
	top:30px;
	left:30px;}

Also, browsers are required to prompt for permission before Web apps can start using the built-in camera. First, you have to select Allow, for the “little video” in the top left corner to appear. Here’s what the permission request bar looks like in Chrome:

usecamera

And here’s the end result:

popcornvideo

Whenever my actor friend in the main video uses his remote control, we must trigger a corresponding WebSocket message. The messages are sent by the Web app hosting the video at the exact time when the control is touched in the video. I used popcorn.js, an open source media library, to get the timing right:

Popcorn.js is an HTML5 media framework written in JavaScript for filmmakers, web developers, and anyone who wants to create time-based interactive media on the web. Popcorn.js is part of Mozilla’s Popcorn project.

I created an array with the timing and the messages that needed to be sent. The timing is measured in seconds.

var davidTruckMsgs = [
[33,"frontlight;on"],
[35,"frontlight;off"],
[36,"frontlight;on"],
[38,"frontlight;off"],
[42,"steering;right : thrust;off"],
[43,"steering;left : thrust;off"],
[44,"steering;right: thrust;off"],
[45,"steering;left : thrust;off"],
[48,"steering;off : thrust;forward"],
[50,"steering;off : thrust;backward"],
[51,"steering;off : thrust;forward"],
[52,"steering;off : thrust;backward"],
[86,"steering;left : thrust;forward"]
];

Then, we have to schedule the WebSocket messages, as defined in the array specified above. Note: The above array is called davidTruckMsgs, and down below we iterate over the truckMsgs array. As you can see in the completed source code, I have multiple arrays for various videos/actors. Whichever is the one used at the moment is referenced as truckMsgs later on.

for (var truckMsg in truckMsgs) {
  var obj = truckMsgs[truckMsg];
  pop.cue( obj[0], makeCallback( obj ) );
}
pop.play();

The makeCallback function invokes the actual logic sending the WebSocket message. If you’re wondering why this is all needed in the first place, check out this question on Stack Overflow.

function makeCallback(obj) {
    return function() {
    	doSend(session.createTextMessage(obj[1]));
    };
}

For usability, I added pause/continue functionality whenever the main video is clicked. This gives the presenter more control, allowing him/her to preload the page with the main video paused on it.

vid = document.getElementById ("truckVideo");
vid.addEventListener ('click', function() {
     vid.paused ? vid.play() : vid.pause();
});

For the WebSocket communication we used the JMS edition of the Kaazing WebSocket Gateway, allowing us to leverage simple pub/sub messaging concepts. With the help of popcorn.js, from the HTML5 web app we publish WebSocket messages to a so called topic, and whoever is interested in (read: subscribed to) it will receive it.

This way the video is driving the truck, simply by having the WebSocket messages sent out properly timed to the pre-recorded video.

Here’s the end result. Isn’t it awesome?

You can see the entire source code on github.

Posted in IoT, JMS, Kaazing, Uncategorized, WebSocket | Tagged | 3 Comments