![Close [x]](http://dw1.s81c.com/i/c.gif){kind=small}
Traditional client- and server-side software technologies connect using a software solution called a socket. As industry has moved from static, thick clients to mobile, thin clients, the use of sockets has not changed. However, sockets have morphed over the years and thus have grown in complexity. As a result, most struggle to understand the technology, let alone possess a thorough understanding of how sockets are used in the enterprise or how they are used when coupled with mobile and cloud technologies.
This article provides an understanding of what sockets are, what types of sockets are available for your application, the pros and cons of using sockets in mobile and cloud solutions, and how cloud service providers support sockets.
Sockets connect client-side software to server-side software using a combination of
an Internet protocol (IP) address or a Domain Name System (DNS) address and port
number. A prevalent example of this coupling is in web mail (for example,
www.acmewidgets.com:2095), where the colon
(:) is the delimiter between the DNS address and the
port number. Sockets allow a session-level connection for data transfer or executing
transactions.
Sockets are used to establish sessions between the client and server to execute transactions or data transfer. When enterprises deploy or consume sockets, they may use different types of sockets and different protocols predicated on the application type, security requirements, and the skill set of the development team. Socket types include Internet, stream, raw, and domain sockets. Internet and stream sockets are the most popular because of their ease of use, their architecture, and the prevalence of web and application servers in contemporary data centers.
As far as Internet sockets go, HTTP–based sockets are the first pick for thin client or web-based systems, particularly for those applications that do not require enhanced security through encryption. Note also that HTML version 5 (HTML5) introduces WebSockets to the equation, which is analogous to Internet sockets on steroids. (See Resources for a link to more information.) When additional security is required, the enterprise should choose a stream socket. Although Internet sockets are popular these days because of the proliferation of thin client applications, stream–based sockets are popular, as well.
The most prevalent stream–based socket is based on the Transmission Control Protocol (TCP) stack and is used often for thick client applications. (Note that TCP is occasionally used for thin client connections, as well.) When additional security is required for socket connections, a Secure Sockets Layer (SSL)/Transport Layer Security (TLS)–based solution set is also available. SSL/TLS is used in conjunction with HTTP over SSL (that is, HTTPS) via public key infrastructure (PKI) for securing data in motion. Note that SSL/TLS is often required when dealing with sensitive data, such as personally identifiable information, protected health information, cardholder data or payment, banking, or brokerage data. Those organizations that need more flexibility in their client–server connections should consider raw sockets.
Raw sockets do not rely on a specific transport mechanism; therefore, packets sent over a connection using raw sockets include a header as well as the "raw" packet itself. These sockets are often used by network appliances — namely, firewalls and routers — that leverage both the Internet Control Message Protocol and the Internet Group Management Protocol. Internal systems are occasionally coded while using raw sockets because of their versatility; therefore, these sockets can be used in the context of a private, internal cloud. Those enterprises that use UNIX® systems have another option for socket use: domain sockets.
Domain sockets include Interprocess Communication (IPC) protocols. IPC is a socket often used for legacy platforms like UNIX, and although some may consider the need to connect mainframe systems to mobile or cloud environments inconsequential, the need may arise and therefore requires a mention. Regardless of the socket used, all sockets have a basic structure to their development and use, which the next section covers.
The system architecture or platform, security requirements, and programming languages you used for that platform help drive what type of socket you should use. Furthermore, the choice of using application programming interfaces (APIs) versus internally developed sockets also drives the structure of the socket. Case in point, if an enterprise were to use a cloud-based Linux®, Apache, MySQL, and PHP (LAMP) stack for server-side processing on the Amazon Elastic Compute Cloud (Amazon EC2) platform, it would most likely employ Internet-based sockets. In contrast, if the developer wanted to find a socket–based API to use with mobile client-side sessions from an Apple iPad running Apple iOS 5, a logical choice would be the Twisted framework, which uses stream–based sockets (see Resources for a link).
Twisted uses a socket structure that reflects its stream- and event-based architecture; therefore, much like the Windows® TCP/stream–based sockets (that is, WinSock), a diagram of its structure would reflect its reliance on callbacks from the client (see Figure 1).
Figure 1. WinSock client-server interaction
From a code standpoint, you can get a better understanding of the structure of a
socket by reviewing domain sockets created using the C
programming language for a UNIX mainframe platform. Listing 1
provides a visual interpretation of how domain–based sockets are structured using
C on UNIX.
Listing 1. Domain-based sockets in C in UNIX
struct sockaddr_out
{
short int sout_family;
unsigned short int sout_port; /*Remember firewall rules*/
struct out_addr sout_addr; /*Router too*/
unsigned char sout_zero [8];
};
|
The pros and cons of using sockets
The type of socket you choose may affect the application's quality of service (QoS) from a positive or negative standpoint, as sockets maintain the session state from the client side and server side. Thus, many sockets assist in maintaining the transactional integrity of applications. However, sockets also maintain the confidentiality and integrity of a transaction when used in conjunction with PKI encryption.
Encryption assists organizations in protecting data, but it also adds overhead that can negatively affect the user experience through QoS. Sockets can also be difficult to develop or configure; therefore, the organization's development staff must have an enhanced skill set. Finally, different technologies dictate which sockets you can use, so the requirement to use sockets on a specific platform may limit your options.
There are pros and cons to using sockets, although each socket type brings specific strengths and weaknesses. Internet–based socket APIs are bundled within most of the popular application server stacks (for example, the Microsoft® .NET Framework, Apache Tomcat, IBM® WebSphere® Application Server), although these types of sockets bring limited security and transactional integrity to the equation. Session-based socket APIs introduce security and enhanced transactional integrity to the table, and they are included with most application servers. However, they are resource intensive and therefore may affect QoS. Raw sockets introduce versatility in exchange for an enhanced level of complexity and a lower level of security. Finally, domain–based socket APIs introduce extensibility for UNIX environments, though they are limited to certain platforms and therefore may see minimal support from service providers and API developers.
How cloud providers support sockets
Cloud computing is a rebranding, if you will, of the old application service provider (ASP) model. However, true cloud offerings have additional nuances from ASPs — namely, resource pooling, on-demand utilization, multitenancy, and rapid elasticity. Cloud service providers offer services based on different cloud service and deployment models.
Cloud service models are methods in which an organization can use the cloud predicated on business requirements, such as Infrastructure as a Service (IaaS), Platform as a Service (PaaS), or Software as a Service (SaaS). Cloud consumers have the greatest flexibility with IaaS and the least with SaaS. However, with the flexibility found in IaaS comes the cloud consumer's requirement to administer, monitor, and manage the environment. So, IaaS consumers build the (virtual) server starting at the operating system layer. For PaaS, the consumer builds the database, application, and business rules and loads the data. For SaaS, the consumer only has to load the data into the prebuilt application.
Cloud deployment models include public, private, hybrid, and community clouds. One example of a public cloud model is Google App Engine, in which the application and data are stored in one of Google's data centers. In this model, the consumer in essence has a floor in the Google "high-rise" apartment. Most large organizations will leverage the cloud internally as a private cloud. One example of a private cloud is an organization that uses cloud nuances (for example, resource pooling, on demand, multitenancy, or rapid elasticity) within its own data center for information processing. Organizations can have a private cloud within a provider's facility, as well. Examples include Terremark's customers as well as those who use Amazon Virtual Private Cloud (Amazon VPC). Examples of hybrid consumers include pharmaceutical companies like Pfizer, which uses a private model to store its research and development data, sends the data securely (via SSL/TLS) to a public cloud for computations, and then sends the data back to the private cloud. In essence, a hybrid model uses the best of both the public and private worlds. A community cloud leverages resource pooling to a large extent, one example being a number of schools in a school district that share server resources for information processing.
Based on the cloud service and deployment models chosen, cloud consumers have different socket types available to them. In general, Internet and stream–based sockets are supported by all major providers (Amazon Web Services, Rackspace, Windows Azure™, Google App Engine) as both PaaS and IaaS offerings. Consumers of SaaS solutions do not need to concern themselves with using sockets directly, although they may need to have third parties interact with their SaaS–based providers via sockets. However, providers do not support raw sockets organically, although by using and configuring an IaaS environment, an organization could theoretically accept and process raw sockets. Finally, few enterprises have found a business case to move their mainframe environments to a virtualized or private cloud platform; therefore, virtualization and private cloud technology providers such as OpenStack, Xen, Microsoft, and VMware have not explicitly mentioned their support for domain–based sockets. However, this may change over time as private cloud technologies are used with greater prevalence.
Sockets have been around a long time, and they're here to stay. The introduction of mobile and cloud technologies has meant that sockets have morphed and scaled to respond to these new markets. As more enterprises and technologies focus on mobile and cloud solutions, sockets developers will too. However, not all sockets are the same, and enterprises should carefully consider their strengths and weaknesses before deciding which sockets an application should use which provider to select for transactional processing.
Learn
-
For more information on the Twisted framework, check out Ray Wenderlich's blog,
How
To Create A Socket Based iPhone App and Server.
-
For more information on sockets, check out
Sugih
Jamin's presentation on socket programming.
-
For more information on socket structure, see Mohtashim's site,
tutorialspoint.
-
In the developerWorks cloud
developer resources, discover and share knowledge and experience of
application and services developers building their projects for cloud deployment.
-
Follow developerWorks on Twitter.
-
Watch developerWorks
demos ranging from product installation and setup demos for
beginners to advanced functionality for experienced developers.
- Learn more information about
Windows
Azure.
-
Find more information on Amazon EC2 and
Amazon VPC.
-
Learn about Google App Engine .
Get products and technologies
-
Access IBM SmartCloud Enterprise.
-
Evaluate IBM products in
the way that suits you best: Download a product trial, try a product online, use a
product in a cloud environment, or spend a few hours in the
SOA
Sandbox learning how to implement service-oriented architecture efficiently.
Discuss
-
Get involved in the developerWorks community. Connect with other developerWorks users while
exploring the developer-driven blogs, forums, groups, and wikis.
Steve Markey is a consultant, adjunct professor, and the current president of the Delaware Valley (Greater Philadelphia) chapter of the Cloud Security Alliance (CSA). He holds multiple certifications and degrees and has more than 11 years of experience in the technology sector. Steve frequently presents on information security, information privacy, cloud computing, project management, e-discovery, and information governance.
Table of contents
Next steps from IBM
Learn more, join the cloud community
