Five web standards to adopt when developing for the Cloud
Migrating to the cloud makes a developers work much easier. It allows for doing away with many cumbersome processes, and makes many tasks seamless. However, a successful shift to cloud requires some fundamental changes in approach, most notably the adoption of web standards.
Fat clients such as desktop applications and web-based delivery are the popular methods to deliver software to end users. The cloud, however, is changing that. A big reason why people embrace the cloud is the convenience of anywhere access. In today’s multi-digital world, this means access from a wide variety of devices, extending from the office desktop to the tablet, and from the netbook to the smartphone. This renders desktop clients, or even delivery via the traditional browsers that does not work across all operating systems, or on all devices, obsolete.
2. Opt for a Single Sign-On Authentication
Preparing for the cloud requires a shift away from a bunch of incompatible disconnected authentication systems to a single sign-on approach. One of the advantages of migrating to the cloud is freedom from managing in-house application servers, operating systems, and hardware. Freedom from managing an infrastructure for identity is a natural extension of such an approach.
The way forward is to base authentication and authorization on a single web-oriented and cloud based single sign-on system, such as SAML, or OAuth. This would enable easy synchronization, and application of standards. This, in turn would ensure compatibility with multiple cloud vendors, and provide flexibility to change from one cloud partner to another, if required.
3. Adopt Service Oriented Architecture (SOA)
Service oriented architecture (SOA) is a flexible set of design principles with the functions made possible by a complex software program distributed among a set of “services” or discrete software modules. The realization of the software’s capabilities depends on the integration of such services.
Adoption of SOA allows moving services around in the cloud as appropriate. Instead of migrating the whole program to another cloud provider, it would be possible to migrate only specific services, thereby optimizing the available options, and increasing the robustness of the entire program. Adopting an SOA approach prevents lock-in and losing the flexibility to migrate, when the existing cloud vendor creates point-to-point pathways.
4. Select Cloud-Friendly Programs and Services
When moving to the cloud, it is necessary to adopt programs and standards popular there. Failure to do so may mean lack of support, difficulty in migration, and overall inflexibility. For instance, Microsoft .Net, while remaining a popular platform for traditional server based applications, is simply unsuited for the cloud. For the cloud, Ruby and Java offer a much wider level of support, at considerably lower expense.
Again, for conventional applications, JavaEE’s 20 layers of Zip files are very popular. With Java EE, the code compiles in five seconds, and takes three minutes to package. In the cloud, WAR files are more popular though.
Popular applications such as Gmail and Facebook have made AJAX popular. With AJAX, it becomes possible for the web application to send and retrieve data from a server, as a background function, without such process interfering with the display of the page, or user activity. The seemingly instantaneous response times have now become a practical requirement for many applications. The popularity of AJAX has also resulted in the popularity of Spring, an application development framework for enterprise Java.
5. Adopt Secure Coding Practices
Desktop and server applications can get away with vulnerabilities, as the firewall would protect them, to a certain extent. With cloud, there is nowhere to hide. Developers have no option but to take security seriously. Secure coding practices, and rigorous testing to check for vulnerabilities should become an integral and indispensable part of the development process.
Another important requirement to ensure the security of cloud-hosted applications is to opt for HTTPS. Encrypted options such as VPN or HTTPS are a must-have to prevent snoopers from intercepting the traffic between the client and the cloud server.
Both HTTPS and VPN provide a secure bi-directional medium to exchange data. VPN is configured at the operating system level, and it’s security is between the client and server operating system, rather than the client and server applications. Such a set-up may raise problems, especially when the client then acts as a bridge to link together two VPN, which, ideally should be isolated from each other. There could also be collusions in address space. HTTPS is more secure and commonplace compared to VPN. It offers reliability, confidentiality and authentication. It detects active alterations reliably, and offers mutual client-server authentication.
The checklist to prepare for the cloud is nothing special. It is actually what every developer should anyway be doing to ensure a lean, agile, robust, and secure programs, with flexibility to boot.