Post on 07-Jul-2015
description
The Rise of BaaSA Utopia for Client-Side Developers
This is a comment.
1Saturday, March 15, 14
State of the UnionHow client-side applications are built today
2Saturday, March 15, 14
CLIENT SIDE APP APIs
Web Server
Hosting Tooling
DATA MANAGEMENT
USER MANAGEMENT
BUSINESS LOGIC
BUSINESS LOGIC
* your backend serves up data that your client-side code uses to render the different views* when your view needs to change the client-side code makes a request to the backend to re-render the view via xhr or websocket* talk to the backend to perform any action or to talk to third-party api's
3Saturday, March 15, 14
• your backend serves up data that your client-side code uses to render the different views• when your view needs to change the client-side code makes a request to the backend to re-render the view via xhr or websocket• talk to the backend to perform any action or to talk to third-party api's
How often do you change your backend to support the needs
of your client side app?
4Saturday, March 15, 14
How often must you upgrade your back-end to extend your application?
Constantly.* data and access controls (all the security) lives inside the backend so in order to extend your application you have to build out new routes
5Saturday, March 15, 14
• data and access controls (all the security) lives inside the backend so in order to extend your application you have to build out new routes
The chasebegins
6Saturday, March 15, 14
The communication nightmare kicks-off, the standard formation in most companies is that the client-side guys handle the users world and the back-end guys write the backend. Now, to make a change that the back-end doesn't support means that you have to coordinate with them to build out the feature.
So instead of focusing on building an amazing application for your customers, you end up spending time working with the back-end team and their schedule.
So what do we settle for?
APIs
DATA MANAGEMENT
Storage
7Saturday, March 15, 14
The communication nightmare kicks-off
Every application has unique requirements
DATA MANAGEMENT
USER MANAGEMENT
HOSTING
SECURITY
8Saturday, March 15, 14
Blog:• Comments, users and posts• Each post has a user and many comments• You want to order the posts by date and select a range of them, perhaps you also want to filter by category• Similar, for comments, you want to order by date and select a range of them• For users, you need some sort of authentication and user management system• For creating posts, you want some type of user admin role
Let’s face reality, we’ve been reinventing the wheel
And it’s a fracking head-ache.
9Saturday, March 15, 14
This approach has consequences
10Saturday, March 15, 14
Repeating the same pattern over and over (creating an API to wrap the data structure) and creates additional risks
This approach has consequences
• Tightly coupled to the server
10Saturday, March 15, 14
Repeating the same pattern over and over (creating an API to wrap the data structure) and creates additional risks
This approach has consequences
• Tightly coupled to the server
• Inflexible
10Saturday, March 15, 14
Repeating the same pattern over and over (creating an API to wrap the data structure) and creates additional risks
This approach has consequences
• Tightly coupled to the server
• Inflexible• Expensive
10Saturday, March 15, 14
Repeating the same pattern over and over (creating an API to wrap the data structure) and creates additional risks
This approach has consequences
• Tightly coupled to the server
• Inflexible• Expensive
• Incomplete
10Saturday, March 15, 14
Repeating the same pattern over and over (creating an API to wrap the data structure) and creates additional risks
This approach has consequences
• Tightly coupled to the server
• Inflexible• Expensive
• Incomplete• Limited extensibility
10Saturday, March 15, 14
Repeating the same pattern over and over (creating an API to wrap the data structure) and creates additional risks
This approach has consequences
• Tightly coupled to the server
• Inflexible• Expensive
• Incomplete• Limited extensibility• The list as you know,
does not end here
10Saturday, March 15, 14
Repeating the same pattern over and over (creating an API to wrap the data structure) and creates additional risks
Imagine for a moment, the ultimate back-end.
One that could fuel any & every feature.
11Saturday, March 15, 14
Ian Livingstone
@ianlivingstone
VP Engineering, GoInstant
12Saturday, March 15, 14
We’re obsessive about this problem.
13Saturday, March 15, 14
Started as co-browse, started transitioning BaaS because we found we needed every component, and none existed.
14Saturday, March 15, 14
The question that keeps us up at night?
14Saturday, March 15, 14
The question that keeps us up at night?
What would this ultimate backend look like?
14Saturday, March 15, 14
The Vision: BaaS
15Saturday, March 15, 14
The Vision: BaaSOne really really awesome round wheel, we all share.
15Saturday, March 15, 14
CLIENT SIDE APP APIs
Web Server
Hosting Tooling
DATA MANAGEMENT
USER MANAGEMENT
BaaS
BUSINESS LOGIC
16Saturday, March 15, 14
CLIENT SIDE APP APIs
Web Server
Hosting Tooling
DATA MANAGEMENT
USER MANAGEMENT
BaaS
BUSINESS LOGIC
16Saturday, March 15, 14
CLIENT SIDE APP APIs
Web Server
Hosting Tooling
DATA MANAGEMENT
USER MANAGEMENT
BaaS
BUSINESS LOGIC
16Saturday, March 15, 14
CLIENT SIDE APP APIs
Web Server
Hosting Tooling
DATA MANAGEMENT
USER MANAGEMENT
BaaS
BUSINESS LOGIC
16Saturday, March 15, 14
Ok that looks awesome
Let’s make it a reality!
17Saturday, March 15, 14
Connectivityweb sockets and xhr-polling we have the technology to create "full-duplex" connections even in older browsersthis gives us a mechanism for pushing data between server and client
18Saturday, March 15, 14
• web sockets and xhr-polling we have the technology to create "full-duplex" connections even in older browsers• this gives us a mechanism for pushing data between server and client
Data Management* already exists just needs an API built for it on the client* support querying* transactions* all json types
19Saturday, March 15, 14
• already exists just needs an API built for it on the client• support querying• transactions• all json type
User Management
* built on-top of the data model* standardized by convention * id * groups (or roles) built in* extensible to store extra data required
20Saturday, March 15, 14
• built on-top of the data model• standardized by convention
• id• groups (or roles) built in
• extensible to store extra data required•
Security & Access Control* having data on client means there are a lot of security concerns* access control layer around who can read and write data based on their id and groups* input validation to guarantee data integrity* output sanitization to prevent different forms of injection attacks* enforced on server via schema of some form
21Saturday, March 15, 14
• having data on client means there are a lot of security concerns• access control layer around who can read and write data based on their id and groups• input validation to guarantee data integrity• output sanitization to prevent different forms of injection attacks• enforced on server via schema of some form
Tooling* API is a black box you won’t control* tooling is *really* important* even with less surface area, there will still be bugs* so what type of tooling do we need?
22Saturday, March 15, 14
Data Tooling• Ability to view the data• Ability to export and import backups• Ability to run arbitrary queries on the data• Audit logs for monitoring how data changes• Schema visualizer◦ Exploring how access controls are enforced◦ Testing input validation and output sanitization
• Available via Web UI and CLI
23Saturday, March 15, 14
• Ability to view the data• Ability to export and import backups• Ability to run arbitrary queries on the data• Audit logs for monitoring how data changes
• Schema visualizer• Exploring how access controls are enforced
• Testing input validation and output sanitization• Available via Web UI and CLI
Organizational Tooling• Support for multiple collaborators• Support for multiple environments• Varying access controls based on environment• Ability to perform data migrations
24Saturday, March 15, 14
• Support for multiple collaborators• Support for multiple environments• Varying access controls based on environment• Ability to perform data migrations
Hosting* to truly remove the operational burden, we also need to provide static application hosting* but it can't just host static html, css, js -- it needs to be living and breathing as well* schema provides access control to routes and redirect controls
25Saturday, March 15, 14
• to truly remove the operational burden, we also need to provide static application hosting• but it can't just host static html, css, js -- it needs to be living and breathing as well• schema provides access control to routes and redirect controls
All together now
26Saturday, March 15, 14
CONNECTIVITY
All together now
26Saturday, March 15, 14
CONNECTIVITY
DATA MANAGEMENT
All together now
26Saturday, March 15, 14
CONNECTIVITY
DATA MANAGEMENT
USER MANAGEMENT
All together now
26Saturday, March 15, 14
CONNECTIVITY
DATA MANAGEMENT
USER MANAGEMENT
SECURITY
All together now
26Saturday, March 15, 14
CONNECTIVITY
DATA MANAGEMENT
USER MANAGEMENT
SECURITY
TOOLING
All together now
26Saturday, March 15, 14
CONNECTIVITY
DATA MANAGEMENT
USER MANAGEMENT
SECURITY
TOOLING
HOSTING
All together now
26Saturday, March 15, 14
We’ve found some obvious advantages
27Saturday, March 15, 14
We’ve found some obvious advantages
✓crowd source quality
27Saturday, March 15, 14
We’ve found some obvious advantages
✓crowd source quality✓specialization
27Saturday, March 15, 14
We’ve found some obvious advantages
✓crowd source quality✓specialization✓scale
27Saturday, March 15, 14
We’ve found some obvious advantages
✓crowd source quality✓specialization✓scale
✓ reliability
27Saturday, March 15, 14
We’ve found some obvious advantages
✓crowd source quality✓specialization✓scale
✓ reliability✓extensibility
27Saturday, March 15, 14
We’ve found some obvious advantages
✓crowd source quality✓specialization✓scale
✓ reliability✓extensibility✓ lower cost
27Saturday, March 15, 14
28Saturday, March 15, 14
“The whole is greater than the sum of its parts.”
– Aristotle
28Saturday, March 15, 14
Data Synchronization
* evolved from BaaS movement* user a modifies data, automatically updates the view of user b* possible because of the full-duplex connection and event subscriptions* subscribe to “change” events in data model* server pushes new data and client-side api trigger event listener* by leveraging this pattern you now have “real-time” out of the box, you don’t have to manage this! It’s given to you!* show code example of what this looks like!
29Saturday, March 15, 14
Offline Support* now we have this mechanism for forcing our view to re-render* with this we can update the view of the application when the user reconnects (from sleep mode, or connects to wifi, etc.)* all the data transferred to the client from the server is cached so we can have read-only offline mode support out of the box*
30Saturday, March 15, 14
Shared Integrations
31Saturday, March 15, 14
In this utopia, how long would it take to build the application of your
users dreams.
Better question,how much time could you save?
32Saturday, March 15, 14
Baas TodayThis utopia will be built,
one brick at a time
33Saturday, March 15, 14
Talk through current solutions available
The Players
34Saturday, March 15, 14
In Conclusion
• Client-side developers waste time and money on infrastructure
• BaaS will fundamentally change how client-side applications are developed
• The work is alreadyunder-way
• It’s an extension of the platform movement
35Saturday, March 15, 14
Join the BaaS movement
An intersection of developer productivity and the platformization
revolution
36Saturday, March 15, 14
Q&A
37Saturday, March 15, 14