Wednesday, May 30, 2012

How Enterprises are leveraging Mobile Cloud Computing?


This article is a descriptive version of the Slide deck i presented at Cloud Connect, India on May 24th, 2012.

Mobile App development is big business and everyone from graduate students to large corporations are making huge investments. The key to good app development - is engagement and architecture. One of the ways to keep users engaged is to keep data fresh at all times, which requires a strong mobile backend that is both scalable and always on. This requires cloud. let's see in this article how some enterprises are leveraging Cloud for mobile applications to provide dynamic, feature rich applications without breaking the bank. This article will be beneficial for enterprise product managers, technology and innovation leaders, mobile app architects and anyone interested in understanding how cloud computing can deliver unique experiences to end users with minimal cost and time investment. We will see how to architect a mobile cloud application for an enterprise in a case based approach, What are the characteristics of this application, What are the unique challenges and intricacies that Enterprise requirements brings into the table for Mobile cloud Architectures? What are the best practices that need to be adopted? How we can solve those using AWS or other clouds?


Now lets set the context of this presentation by answering the question What is Mobile Cloud Computing ? According to Wikipedia "Mobile cloud computing is the usage of cloud computing in combination with mobile devices. In this article we are going to see how companies are designing their mobile apps with cloud as backend ?, Why they are choosing cloud as their backend in comparison to Traditional hosting platforms ? What are some of the important criteria one should know while selecting a cloud provider? what are the best practices one should adopt ?

Planet of the Apps and Mobile cloud- Appnomy Facts
  • iTunes App Store 570K+ approved apps , Android Market 300K+ apps
  • iPhone owner has 50+ apps Android owners have 35+ apps
  • Over 300,00 mobile apps have been developed in three years
  • One in four mobile apps once downloaded is never used again
  • Cellular subscriptions worldwide: 6 billion
  • Market for cloud-based mobile apps is expected to grow 88% from 2009 to 2014 -Juniper Research
  • More than 240 million business customers will access cloud computing services via mobile devices by 2015 - ABI Research
  • IDC/Appcelerator conducted a research survey on what are the top new or existing cloud -based services that users are planning to connect or extend . The outcome of the research findings is attached below:


From the above data and pointers it is clear that mobile cloud computing is emerging and will play a significant role for applications designed in future.
Now lets try to understand the mobile cloud computing in detail through a case based approach.

About the Case :
Case Name : Mobile Cloud for an Airline/Travel company
Description: (Characteristics of the Mobile app) 
Mobile App developed by the X-Enterprise was a trending app @ Android / iPhone stores. The app was downloaded and used by millions of users around the region.The Mobile app communicates with the backend systems using JSON over HTTP/S protocol. The mobile app has a constantly growing user base and it drives huge traffic during sales promotion periods. Heavy spikes and valley traffic pattern are observed in the server infrastructure during the sales promotion period.The Mobile app heavily depends upon the backend for processing and information storage. Also this Mobile app is not an isolated app and it communicates to various other enterprise systems through the backend infra. This adds extra integration complexity while architecting this solution.  


Sample Screen Shots of the Mobile App:


























Now lets see what are the problem scenarios and challenges this case presents to the enterprise.
The enterprise launches a big sales promotion every quarter and during these period massive visitor concurrency is observed from the mobile app. The content will be accessed from multiple devices and data should be fresh and accessible always between devices. Since the Load Volatility nature of this application is very high, massive utilization and under utilization patterns are observed in the backend infra. Provisioning the mobile backend infrastructure before every promotion with such highly elastic demands takes weeks of time/efforts for the IT ops team.


If the backend infrastructure and systems can be auto scaled according to the elastic needs of the traffic then significant cost leakage can be avoided by the company.
Identity access, Encryption, SSL, Authe/Autho, DMZ, Firewalls and VPN's are some of the security requirements which the mobile application has to meet for protecting the data.

Because of the above elastic and scalable requirements, the customer chose cloud based backend as an obvious choice in comparison to traditional infrastructure. 

Now let us explore the solution approach taken in detail:

Step1 : Choosing the Right Cloud provider for the Mobile Backend is the toughest part in this whole exercise. Some of the essential points to be compared during this exercise are :
  • Public vs Private Cloud 
  • IAAS vs BAAS
  • In Public Cloud : AWS vs Azure vs Rackspace
  • Adherence to the use case requirements
  • Cloud provider security
Public vs Private Cloud : Since the enterprise wants to reduce the IT ops expense, Scale infrastructure without Capex, avoid leakages and save costs, no Problem with Multi-tenancy, Public cloud provider was an obvious choice in this case compared to private cloud.
IAAS vs BAAS : Whether to adopt Infrastructure As a Service (or) Backend As a Service architecture for this case. We have heard about IAAS like AWS, Rackpace etc, but what is BAAS? The most recent trend in Mobile app development has been "Backend as a service." Companies and startups have recognized the need of the average developer for support when it comes to server stacks and storage, data migration middleware managements. These services make possible things like authentication, push notifications, in-app purchases and other services that consumers take for granted. There are a lot of new back-end services available like Parse,Kinvey,StackMob,appMobi etc in this segment. Though these BAAS systems will take care of your Mobile app scalability, HA, Elasticity headaches they are not very matured meeting the enterprise integration and security standards. IAAS was the choice.

Why AWS (over others)?
AWS has Global Infrastructure: AWS currently operates at 7 regions around the world and they are constantly expanding their infrastructure as I write this article. Following diagram illustrates their current regional infrastructure:




























AWS has Variety:
  • AWS has SDK's for android and iOS. The SDK's provides library , code samples and documentation for developers to build connected mobile applications using Amazon Web Services.
  • AWS supports wide variety of protocols like JSON, BSON, TCP, SOAP, REST, HTTP/S, RTMP used in Mobile Applications
  • Developers have the flexibility to chose the language of their choice for Mobile Server side development :Java, Python, PHP, Ruby,.Net, Node.JS
AWS has Adherence to customer requirements :
  • Enterprise wanted their Entire setup inside a Virtual Private Cloud with VPN integration to their Existing Data centers (branch office concept)
  • Enterprise wanted Static IP's of the EC2 VM's to be registered in the 3rd party Service gateways
AWS has cost flexibility: AWS offers flexible cost options through On Demand, Reserved and Spot Instances

Note:Click here to know more about Amazon Web Services

Step 2: Securing the Mobile Cloud Application

Security is the main concern for any Enterprise deploying their mobile backend solution on cloud. Now let us see how this point can be addressed in our AWS solution
AWS Meets Enterprise Security Standards:
AWS is one of the most secure cloud providers in the public cloud industry. They have following certifications : SOC 1 Type 2 (formerly SAS-70), ISO 27001,PCI DSS for EC2, S3, EBS, VPC, RDS, ELB, IAM ; FISMA Moderate Compliant Controls, HIPAA & ITAR Compliant Architecture. AWS cloud meets the following Physical security guidelines in their infrastructure 
  • Datacenters in nondescript facilities 
  • Physical access strictly controlled 
  • Must pass two-factor authentication at least twice for floor access 
  • Physical access logged and audited
In terms Hardware, Software and Networks following practices are adopted by AWS
  • Systematic change management 
  • Phased updates deployment 
  • Safe storage decommission 
  • Automated monitoring and self-audit 
  • Advanced network protection
For more details refer AWS Security White Paper Available at http://aws.amazon.com/security
Let us see how some of the security aspects are addressed in this solution




  • Encrypt the communication between Mobile and Backend infra in AWS 
  • Setup the Entire Mobile backend application inside Amazon Virtual Private Cloud. Amazon VPC is a isolated section of the Amazon Web Services (AWS) Cloud where we can launch AWS resources in a virtual network that we define. 
  • Create DMZ's using public and private subnets inside the Amazon VPC
  • Create Access Control rules, port and IP range access restrictions between each layer of the application using AWS Security Groups
  • Harden the OS (AMI) used by EC2 instances
  • Terminate the SSL in the Web Layer with back end authentication, create Load Balancers with Multiple Elastic Network Interfaces for segregating between private/public networks
  • Create Identity Access Management (IAM) users, rights and policies in AWS console
  • Secure the integration between AWS and other enterprise data centers using Amazon VPN
  • Encrypt the data stored in S3 and Database
  • Encrypt the data stored in NFS/GlusterFS (through TrendMicro's SecureCloud)
  • Perform Log Analysis(Web,App,GlusterFS etc) using Splunk
Step 3: Managing the External Integrations


  • Extend the Enterprise DC network IP range in the Amazon Virtual Private Cloud. This enables seamless communication between Enterprise Internal systems and AWS cloud. Systems in AWS Cloud will now act as a seamless extension to your existing DC infrastructure systems. Example: The Mobile backend and internal DNS talks to the Active Directory, SMTP, CRM etc deployed inside the Enterprise DC over the VPN tunnel in same NW range.
  • VPN Integration: Multiple VPN connections from the single Amazon VPC can be attached to multiple customer gateways located in multiple geographies (simulating "branch office" architecture) of the Enterprise. This VPN integration enables secured communication between your existing DC's and AWS, using this enterprises can safely transfer their critical data in/out of AWS cloud. 
  • Consecutive AWS Elastic IP’s of the Application Servers are Whitelisted in 3rd Party Service Gateway’s. This is a very critical point for an enterprise  on choosing a cloud provider. Not many Public cloud providers can provide this feature in their infrastructure. This point if overseen will lead to last minute integration problems with 3rd party gateways of your infra, customers, suppliers etc
  • Logs were pushed to S3 from inside VPC through the Elastic IP and not through NAT EC2 instance.
  • Mobile communicates to the AWS Cloud Backend using JSON /HTTP protocol
Step 4: Scaling the Mobile Cloud backend

The backend application was architected using simple multi-tiered Java, MySQL stack. The application had file storage, Cache and other layers which are commonly found on any enterprise system. Let us see how scalability was addressed in this solution: 






Auto Scaling Web/App EC2: Scale out/down of Web/App EC2 elastically depending upon the traffic was done using Amazon Auto Scaling/custom programs. Amazon Auto Scaling of the Web/App EC2 layer was configured based on the CPU utilization levels. Auto Scaled EC2 instances were automatically attached with the ELB. The ELB uses VPC/PIP and not Elastic IP to Load Balance Web/App EC2 under it. The scale out was done across Multiple-AZ's inside Amazon VPC.
RDS MySQL was set on Multi-AZ mode with RDS Read replica's inside VPC. Since the application was read intensive and at times it needs read scaling, the Read Replica's were scaled out using custom scripts based on the need. HAProxy was used for Internal Load balancing between Read Replica's and Web/App Tier. Note: AWS has recently introduced internal Load balancing inside VPC through ELB;can be used for this purpose
AWS Building blocks like S3, ELB, Route53, CloudWatch were used in the architecture. These building blocks are inherently fault tolerant and highly scalable.(Example: ELB keeps expanding the LB EC2 instances in its layer dynamically depending upon the traffic).Usage of these appropriate building blocks enhances the overall scalability of the application.
Points to remember while scaling :
  • Ensure adequate IP addresses are available for your ELB and Web/App EC2 to auto scale inside your AWS VPC
  • Since the Web/App EC2 needs Elastic IP for 3rd Party Gateway white listing, a custom program and discovery API was developed to achieve this.
  • Connection Pool parameters (Max connection) has to carefully configured in the Tomcat in Auto Scaling Scenarios and in RDS MySQL. Badly configured connection parameters will end up with "max connections exceeded" scenario.
  • Logs have to be periodically synchronized to S3 for analysis. Logs can be shipped through Elastic IP or NAT instance. In our case, since the Web/App EC2 already had Elastic IP's the former route was taken.
  • Nagios Monitoring and Auto scaling will creep new problems for IT ops because of Auto Discovery and Noise created by EC2 Terminations. We managed to solve it. (Consult with us !!) 
Note: Click here to know more in depth about Amazon Auto Scaling


Step 5: Building High Availability for the Mobile Cloud

High Availability (HA) is a important architectural parameter for such a mission critical application. HA was built on multiple layers and levels on this application. Lets explore :






Amazon inherently fault tolerant and Highly available building blocks are used at DNS(Route53), Load Balancing(ELB), Monitoring(CloudWatch), Storage(S3) in this architecture
Multiple Web/App EC2's are deployed, in event an EC2 instance becomes unhealthy, the traffic is still served by other healthy EC2 instances in Web/App Layer. This avoids Single point of failure. The web session information is synchronized in the MemCached for statelessness.
Web/App EC2's are deployed across Multiple Availability zones inside a Amazon VPC region. This reduces the dependency of AZ location(DC) failures.
RDS MySQL is deployed in Multi-AZ mode, so that in event of Master DB Server failure, The Active standby will take over in ~minutes RTO from another available AZ. The Read Replica's are also deployed in multiple Availability Zones for read scalability as well as High Availability.

Note: Click here to know more in depth about architecting solutions overcoming outages in AWS

Step 6: Refining the IT ops


  • Log Analysis through Amazon Elastic MapReduce (custom) or splunk (SAAS)
  • Monitoring using CloudWatch(Standard and Custom Metrics), Nagios and PingDom
  • Launch and Deployment using Puppet and Golden AMIs
  • Backups using RDS Backup, Automated AMI Snapshots, Periodic backups to S3


Before and After Comparisons:





If you need help in AWS consulting or mobile cloud app development contact Harish11g.aws@gmail.com



2 comments:

Anonymous said...

You could check out http://api.shephertz.com Backend as a Service for Mobile, Web, Social, TV and Gaming Apps

James said...

Great blog and seems good source of information about Cloud Computing for Business . The blog helped me a lot.

Thanks for sharing the post....

Need Consulting help ?

Name

Email *

Message *

DISCLAIMER
All posts, comments, views expressed in this blog are my own and does not represent the positions or views of my past, present or future employers. The intention of this blog is to share my experience and views. Content is subject to change without any notice. While I would do my best to quote the original author or copyright owners wherever I reference them, if you find any of the content / images violating copyright, please let me know and I will act upon it immediately. Lastly, I encourage you to share the content of this blog in general with other online communities for non-commercial and educational purposes.

Followers