Vorlesung Web Services Und Workflows

Our Lessons Learned Building a Backend-as-a-Service A Technical Deep Dive

Felix Gessert [email protected] 09.05.2017, Netlight @baqendcom Web Application Needs Non-Functional Requirements

Modern“Over design 30 percent of web Fast Page Loads development teams deliver projects Engaginglate UX or over-budget.” Automatic scalability Survey by New Bamboo

Fast time-to-market High availability Common Web Architektures The 3-Tier Stack

Blocks delivery of website Must ensure Subject to latency high availability Render Data HTML, CSS, JS, ...

User Action Update

Client Requires business Server Database logic in the server Needs to be scalable Common Web Architektures Problem: • User Management The 2-Tier Stack • Access Control • Server-side Business Logic Progressive client- • Latency and scalability still an side rendering issue Still latency-critical Render Database-as-a-service Client Cloud DB HTML, CSS, JS

Data

Update

Client-side business logic

Angular React Vue.js DynamoDB Elasticache MongoDB Common Web Architektures The 2-Tier Stack

Business Logic Browser HTML, CSS, JS Static Data Website Files

Update Cloud APIs (e.g. comments)

Angular React Vue.js DynamoDB Elasticache MongoDB The Serverless Paradigm Backend-as-a-Service FaaS and BaaS

Many different services Function-as-a-Service and APIs (AWS Lambda) Authentication Scalable code excution

Private DB Gateway Business Code

Cloud DB Notifications Backend-as-a-Service Overview Must be fast, scalable and highly available

Unified API and docs

Reusable features Backend-as-a-Service BAAS OVERVIEW How Backend-as-a- Service works Backend-as-a-Service Feature Sets

API for application features Data Real- Query, Backend Users, File Access Storage Time Search Code OAuth Storage Control

Hosting and Delivery

REST API and JS SDK Frontend GET /app.html GET /js/main-34da93.js GET /css/main-9ad7ca3.css Compatible with:

GET /app.html GET /js/main-34da93.js GET /css/main-9ad7ca3.css

dash Frontend GET /app.html GET /js/main-34da93.js GET /css/main-9ad7ca3.css

db.Page.load('main') .done(...);

db.Page.find() .descending('published') .limit(3) .resultList(...);

GET /img/pic005.jpg GET /img/pic017.jpg GET /img/pic022.jpg Backend-as-a-Service Comparison of Service Models

Backend-as-a-Service Platform-as-a-Service Infrastructure-as-a-Service

• Fast time-to-market • Full control of backend • High flexibility and full control • Low maintenance • Tools for deployment • Build software from scratch • Often limited in and maintenance • High maintenance overhead expressiveness,, scalabilityscalability • Limited in platform or performance control Presentation is loading The Latency Problem

Average: 9,3s Loading…

-20% Traffic

-9% Besucher

-1% Umsatz Performance affects many Business KPIs ...what causes slow page loads? State of the Art Two Bottlenecks: Latency and Processing

High Latency

Processing Overhead Network Bandwidth vs. Latency

I. Grigorik, High performance browser networking. O’Reilly Media, 2013. Netzwerk Bandbreite vs. Latenz

2× Bandwidth = Same Load Time

½ Latency ≈ ½ Load Time STATE OF THE ART How to improve web performance? https://www.ampproject.org What Others Do: AMP /docs/reference/spec.html Google‘s Accelerated Mobile Pages

How AMP works: • Stripped down HTML + AMP tags (e.g. img)  rendered asynchronously by AMP runtime • CSS must be inlined + <50 KB + • No custom JS (except in iframes) • Only static sizes  no repaints • Cached in Google CDN, as long as it is crawled the next time  only suited for static media, e.g. news

How to apply these techniques for any website? Solution: Global Caching Fresh Data From Distributed Web Caches

Low Latency

Less Processing New Caching Algorithms Solve Consistency Problem

0 1 1 0 1 0 0 1 New Caching Algorithms Solve Consistency Problem

F. Gessert, S. Friedrich, W. Wingerath, M. Schaarschmidt, und N. Ritter, F. Gessert, F. Bücklers, und N. Ritter, „ORESTES: a Scalable Database-as-a-Service „Towards a Scalable and Unified REST API for Cloud Data Stores“, in 44. Architecture for Low Latency“, in CloudDB 2014, 2014. Jahrestagung der GI, Bd. 232, S. 723–734.

F. Gessert, M. Schaarschmidt, W. Wingerath, S. Friedrich, und N. Ritter, „The F. Gessert und F. Bücklers, „ORESTES: ein System für horizontal skalierbaren Zugriff auf Cache Sketch: Revisiting Expiration-based Caching in the Age of Cloud Data Cloud-Datenbanken“, in Informatiktage 2013, 2013. Management“, in BTW 2015. 7 Year F. Gessert und F. Bücklers, Performanz- und Reaktivitätssteigerung von OODBMS F. Gessert und F. Bücklers, Kohärentes Web-Caching von Datenbankobjekten im vermittels der Web-Caching-Hierarchie. Bachelorarbeit, 2010. 0 1 1 0 1 0 0 1CloudResearch Computing. Masterarbeit & 2012. Development M. Schaarschmidt, F. Gessert, und N. Ritter, „Towards Automated Polyglot W. Wingerath, S. Friedrich, und F. Gessert, „Who Watches the Watchmen? On Persistence“, in BTW 2015. the Lack of Validation in NoSQL Benchmarking“, in BTW 2015.

S. Friedrich, W. Wingerath, F. Gessert, und N. Ritter, „NoSQL OLTP Benchmarking: A F. Gessert, „Skalierbare NoSQL- und Cloud-Datenbanken in Forschung und Survey“, in 44. Jahrestagung der Gesellschaft für Informatik, 2014, Bd. 232, S. 693– Praxis“, BTW 2015 704.

F. Gessert, N. Ritter „Scalable Data Management: NoSQL Data Stores in W. Wingerath, F. Gessert, S. Friedrich, N. Ritter „Real-time stream processing for Big Research and Practice“, 32nd IEEE International Conference on Data Data“, Big Data Analytics it - Information Technology, 2016 Engineering, ICDE, 2016

F. Gessert, W. Wingerath, S. Friedrich, N. Ritter “NoSQL Database Systems: A Survey F. Gessert, N. Ritter „Polyglot Persistence“, Datenbank Spektrum, 2016. and Decision Guidance”, Computer Science - Research and Development, 2016 Parse Baqend Kinvey

2.6 s 0.3 s 3.9 s Typical Speedup: 15x T R Y T H I S Impact of Global Caching benchmark.baqend.com

Baqend 0,3s 2,1s 1,8s Baqend 2,6s 0,3s Baqend 0,2s 1,6s Azure 1,5s 4,2s 0,8s 1,9s Parse 1,6s 3,2s Firebase 2,7s Frankfurt 5,3s Kinvey 3,8s 6,6s Apiomat 4,4s Tokyo California Baqend 0,3s 6,3s 4,7s 6,5s 10,0s 9,3s Sydney

THINKS USE CASE How do these techniques work for a high-traffic shop? Performance Case Study Thinks Online-Shop Shop

< 1 Second Page Loads Concurrent Expected: Users • 3,5 Mio. TV Viewers • 4 Weeks for Development & Tests 7.8% 3% • >300K Visitors Conversion Server Rate Usage High Cache Hit Peak Load of over Rate: 99% 20.000 requests per second

Logo in TV screen: sudden spike At high load micro- caching is very effective

>3.2 Gigabit/s How does this work? Dynamic Caching in Detail

Has Time-to-Live (expiration) purge(obj) 푘 False-Positive 푘푛 Hash- 푛 − 푘 = ln 2 ⋅ ( ) Rate: 푓 ≈ 1 − 푒 푚 Functions: 푚 With 20.000 entries and a 5% false positive rate: 11 Kbyte Browser CDN Cache Consistency: Δ-Atomicity, Read-Your-Writes, Monotonic Reads, Monotonic Writes, Causal Consistency hashA(oid) hashB(oid) hashA(oid) hashB(oid)

Flat(Counting Bloomfilter) 0 1 1 1 1 0 32 1 4 10 Our Network Optimizations In Baqend SSL SSL

Fast Persistent Connections Handshake Client CDN Server

- Early SSL Termination - Caching at Internet Exchange Points - OCSP Stapling - Backend Failover & Stale-on-error - Session Resumption - Automatic Skalierung - Warm Backend-Connections - DDOS Protection HTTP/2: Why HTTP/2? • Multiplexing over 1 TCP connection (no head-of-line blocking) Typical Improvements • Request Pipelining • Server Push • Header Compression

HTTP HTTPS

3,22s 4,03s

HTTP HTTPS with CDN with CDN and h2

0,44s 0,35s SCALING A BAAS How to achieve scalability? Backend Performance Best Practices

Load Balancer Application Server Database

 Load Balancing  Stateless Sessions  Horizontally scalable  Auto-scaling  Minimize shared state databases (e.g. “NoSQL”)  Failover  Efficient Code & IO  Replication  Sharding  Failover Backend Architecture Baqend Cloud

Backend-as-a-Service API: AccessInclusion throughof allHTTP Web CachesData, Queries, UserScalable Login,Databases etc.

Content-Delivery- Network Backend Architecture Baqend Cloud

CDN Baqend Cloud on on

Content-Delivery- Network Client Route 53 SSL DNS

HTTP/2

Websockets

HA Proxy Varnish Baqend DB Client

Data

Updates Metadata Files ELB ElastiCache S3 Storage

Logging Updates Updated Query

Storm Query Matching

Pub/Sub Pub/Sub

Management and Orchestration Server

Manager Swarm Nimbus Zookeeper Overview Optimizations

Consistent Browser Caching HTTP/2 & SSL

Fast CDN-Invalidations APIs for SPAs

High Availability Automatic Scaling DDoS Protection

Other Optimizations

Scale & Optimize Images Load Javascript async. Minify JS & CSS Use Resource Hints BAQEND OVERVIEW How do I use Baqend? Including Baqend Getting Started

Loads the JS SDK including the Bloom filter logic

DB.connect('my-app'); Connects to the backend & loads the Bloom filter

DB.News.load('2dsfhj3902h3c').then(myCB); DB.Todo.find() .notEqual('done', true) .resultList(myCB); Load & query data using the Bloom Try this: www.baqend.com/tutorial.htmlfilter + Browser Cache Development On Baqend Dashboard CLI REST & SDK

Create Schema, Config- Develop, deploy and test Website logic: load site, get urations, Browse Data, etc. frontend und backend Code data, login, etc. IN DEPTH How are the Baqend BaaS APIs used? Baqend JS SDK For Web & Hybrid

Browser Node.js Ionic & Cordova React Native • Completely ES6- and TypeScript-compatible • Support for Maps, Sets, Arrays • Models can be ES6-classes • Promise-based • Abstracts from Caching logic, intelligent Object-Identity • Powerful Query-Builder • Automatic Change- and Dependency-Tracking Data Modelling Combining Schemaful & Schemaless

TodoList Object { id : "mylist", name : "Todo Liste", owner : { name : "Johnny", Embedded ager : 12 Object } }

TodoList Object Owner Object { { id : "mylist", Reference i d : "2333790852", name : "Todo Liste", name : "Johnny", owner : "2333790852" ager : 12 } } • Types: Boolean, Integer, String, DateTime, Time, Date, GeoPoint, List, Map, Set, JSON-Object, JSON-Array • References, embedded types & inheritance CRUD Data APIs

Insert & Delete var event = new DB.Event({id : 123, title : "Party"}); event.insert(); event.delete(); Updates Query event.title = "Grillen"; DB.Todo.find() event.save(); .matches('name', /^My Todo/) .equal('active', true) .lessThanOrEqualTo('activities.start', new Date()) Read .resultList(...) Db.Todo.load(123); From CRUD to REST/HTTP Cache Hierarchy

Cache-Hit: deliver dataReturn data with caching DB.Posts.load(GETid) /dbJavaScript/posts/{id} Cache-Miss orHTTPrevalidationinformation: forward(Browser TTL, CDN request TTL, ETag, LM)

Miss Miss Client- Miss Miss Proxy Miss (Browser-) ISP Caches CDN Cache Caches Reverse- Caches Proxy Cache Orestes Hit

Guarantee: Data never older Guarantee: 200ms for Updated by Updated byglobalthe invalidations than the Bloom filter Cache Sketch server REST API Access from all platforms

• Stateless and scalable • Realized in Java/Jetty • ~15k RPS on Commodity Hardware • Formalized in Swagger Specification • Language bindings can be generated • Browsing through REST API and its resources User Management Login, Registration, OAtuh

• Simple registation and login • Via Email validation • Via OAuth-Providers • User can have roles • Acess rights on user and role level • User-schema is extensible DB.User.login('[email protected]','PW') • Sessions, for returning users, too .then(() => { //Hey we are logged in again console.log(DB.User.me.username); //'[email protected]' }); Access Control Authorization

User Baqend Database

PUT db/posts/{id} db.posts.update(…, User-Token [Allow-Deny- JSON Object Conditions])

schema-level ACL object-level ACL Checked via token Backend Code Trusted Business Logic • Callable Methods • For microservices and custom web APIs Backend Handler Hooking Into Updates

• Handler: OnUpdate, OnDelete, OnInsert, OnValidate • Node.js code, same SDK

function onInsert(DB, obj) { var post = new DB.Post( {message : "New Data: " + this.name + "."}); post.save(); }

Create Object

User Baqend Database Problem: Concurrency

Lost Update

doc.counter = doc.counter = doc.counter +1 doc.counter +1

Write Write Load Load doc doc Document Document doc doc

http://profi.co/all-the-limits-of-parse/ Concurrency in Baqend Safe Updates

Optimistic Concurrency Control:

doc, Etag: 22 Version Check  Atomic Update/Rejection doc If-Match: 22

Partial Updates: Others: push, pop, set, remove, etc. commutative

doc.inc(‘counter‘,1) doc.inc(‘counter‘,1) Concurrency in Baqend Multi-Object Transactions

• Optimistic ACID-Transactions (the missing NoSQL-feature) • Status: soon part of the SDK (currently in the REST-API)

Begin Transaction 1 Bloom Filter REST-Server Cache Reads Cache Client 2 REST-Server Cache DB Commit: readset versions & writeset 3 REST-Server Read all Committed OR aborted + stale objects Writes 5 validation 4 prevent conflicting validations Coordinator LIVE QUERIES Going Real- Time Going Real-Time Query Caching & Subscribing

Real-Time How to detectQuerieschanges to queries(Websockets: ) „Give me the most popular products that are in stock.“ Create Fresh Caches Update Delete Fresh Bloom filter 0 1 1 01 1 01 0 1 Server

Pub-Sub Pub-Sub

InvaliDB on Storm

Programming Real-Time Queries JavaScript API

var query = DB.Tweet.find() .matches('text', /my filter/) .descending('createdAt') .offset(20) .limit(10);

Static Query

query.resultList(result => ...);

Real-Time Query

query.resultStream(result => ...); Baqend Streaming Queries Real-Time Architecture

App Server

Pub-Sub Pub-Sub

Keeps data up-to-date 6 1 InvaliDB Filter Queries: Distributed Query Matching

Subscription Two-dimensional partitioning: • by Query • by Object → scales with queries and writes

Implementation: Write op • Apache Storm & Java • MongoDB query language • Pluggable engine Match!

62 SERVICE WORKERS How to accelerate leagacy systems? New Standard: Service Workers What they do:  Proxy any HTTP request  Offline Cache for „progessive web apps“

Progressive Web App SW.js Media HTTP Text

Websites Internet Backend Service Workers + Baqend Caching Baqend Worker:  Redirect requests to Baqend for faster delivery by including a snippet  Update of cached data: refresh of stored data against origin

Config: what to intercept? Domain Experts Legacy Purge Refresh Website Handler H2 SW.js Media Bloom filterPublic Beta in 3 weeks Pull Text Cache Files, API

Websites Internet & CDN Baqend Legacy System commerce.codetalks.de commerce.codetalks.de Loaded Through (Rails) Baqend Worker DEMO In action: makefast.baqend.com Lessons Learned Building a Scalable BaaS

Frontend Network Backend

 Single-page applications  Caching in the CDN and  Horizontal scaling with are fast for navigation browser stateless web servers  Good Tooling for  Dynamic data should also  NoSQL databases optimizations (Inlining, be cached  Cloud-hosted Above-the-fold,  Minimize latency, SSL  Load-Tests important Minification, etc.) and HTTP tuning  Failover and autoscaling

[email protected] @baqendcom Further Reading Resources Web Performance in a Nutshell: HTTP/2, CDNs and Browser Caching High Performance Website Hosting with SSL and HTTP/2 Made Simple The AWS and MongoDB Infrastructure of Parse: https://medium.baqend.com/ Lessons Learned NoSQL Databases: a Survey and Decision Guidance

1. Start a free app

2. Check out the starter kits and tutorials

https://www.baqend.com/ 3. Develop web application >10x Faster Loads Ziel mit InnoRampUp For a web without Automatic loading times. Scaling www.baqend.com @Baqendcom Faster Development