Imagine you meet a small startup company planning to launch a new mobile application that allows consumers & service providers to interact real time. Currently, their architecture uses a LAMP stack comprising open source software. Like many small start-ups, they are confident that they will be the next big thing and expect significant, rapid, yet unquantified growth in the next few months. With this in mind, they are concerned about the following:

• Scaling to meet the demand, but with uncertainty around when and how much this demand will be – they are very concerned about buying too much infrastructure too soon or not enough too late! 
• Disaster recovery planning 
• Manage user identities & sync user-specific data across multiple devices 
• Ability for service providers to send notifications to consumer 
• Ability to run analytics on top of collected data; with analytics they should be able to visualize & understand app data usage 
• Their ability to configure their database and data access layer for high performance and throughput 
• Effective distribution of load 
• A self-healing infrastructure that recovers from failed service instances 
• Security of data at rest and in transit 
• Securing access to the environment as the delivery team expands 
• An archival strategy for inactive objects greater than 6 months
• Ability to easily manage and replicate multiple environments based on their blueprint architecture
  

Solution approach

Proposed below is a high-level reference architecture for a mobile and web-based services small start-up company that hopes for significant growth in the near future. This proposed architecture is based on AWS solutions and enables various enterprise capabilities for the solution.

How a startup company is supported by AWS

Since growth of the company is not confirmed and not measured based on historic profit model, and to keep it cost-effective over time, the solution should be easily re-sizeable to match the growth. AWS solutions can auto re-size as per the given load at run time. Say, using EC2 you can have more servers added to the solution if the load on servers increases and vice-versa. AWS pay-as-you-go pricing model keeps investments elastic as well. This means when you have more load, you use more resources and pay for the added resources and vice-versa. Choosing AWS provides elasticity to the overall solution for any load over any period of time.

This is a result of resources not being scalable to meet the unexpected increase in load in real time. AWS auto scale provisioning of VM instances helps you add more web servers readily as needed to serve the increased loads. They can be taken offline or removed when the load returns to normal as needed. This capability boosts the scalability of the overall solution in the scenario of ever-changing traffic loads.

AWS mobile solution

AWS provides the solution for integrating mobile applications with backend (existing backend and new). Using this feature, the company can proceed with mobile app creation and publish it to their end users. AWS provides many services to help customers architect a secure, agile, and scalable backend for their hybrid mobile apps. This eliminates the need for customers to develop and manage their own backend resources for each mobile app feature and can help reduce costs and increase productivity and innovation.

The existing architecture is the LAMP Stack of web-based in AWS. The proposed solution and architecture for mobile based (Mobile frontend development and hosting with Android and iOS is the separate task), represents a RESTful mobile backend infrastructure that uses AWS managed services to address common requirements for backend resources. The architecture provides capabilities to identify and authenticate users and perform complex queries to return user-relevant data. The architectural flow of RESTful mobile backend resources for a mobile app and includes functional components to address these common requirements

• When a user signs in to the mobile app, the user’s credentials are sent to the Amazon Cognito user pool for authentication. After successful authentication, Amazon Cognito returns an ID token to the app    
• The mobile app sends HTTPS requests to the Amazon API Gateway RESTful interface with the Amazon Cognito ID token in the authorization header 
• An Amazon Cognito user pool authorizer associated with the Amazon API Gateway RESTful API validates that the token in the authorization header is an authenticated user • Amazon API Gateway invokes the AWS Lambda microservice function associated with the requested API resource 
• AWS Lambda identified an appropriate IAM role to execute a defined task, such as accessing user-specific data in MySQL DB and performing CRUD actions according to mobile front-end request of action and also pushing objects to S3 (if it’s required). All requests that Lambda handles are recorded and stored through Amazon CloudWatch Logs 
• Perform any third-party calls for other services
• AWS Lambda returns the results in an HTTP-formatted response to the RESTful API in Amazon API Gateway
• Amazon API Gateway returns the results to the mobile app
  

Existing web-based architecture with proposed mobile-based solution,  startup company can use both models for all users if they want.

Presentation and Web Tier

The Presentation Tier of the solution consists of a native Android and iOS application that encapsulates the user interface and presentation logic of the application. For Mobile Web application, the presentation tier also includes a web tier statically hosted on Amazon S3 and distributed via CloudFront CDN. The mobile web application is implemented as a Single Page Application using a client-side Javascript MVC framework (like Angular, Knockout) using static HTML, CSS and JS files.

All presentation tier applications (Android, iOS and Mobile Web) interact with the Logic Tier via API Gateway endpoints. The applications use API Gateway Client SDK generated for Android, iOS and JS to consume API Gateway endpoints. All communication between mobile applications and L using AWS Cognito. ogic Tier is secured using AWS Cognito.

Logic Tier

The Logic Tier of the solution encapsulates the business logic and intelligence of the solution inside stateless AWS Lambda functions. Lambda functions internally communicate with the Data Tier and other dependencies to execute the desired business logic. The functionality of the Logic Tier is exposed to the presentation tier via custom RESTful APIs powered by Amazon API Gateway. These APIs act as a front-door for presentation tier to access data, business logic and functionality exposed by the back-end services.

The Logic Tier provides the following features and benefits to the solution:

• Use of AWS Lambda provides a computing platform for running business logic without the need of managing any servers. 
• Lambda functions can be explicitly invoked via API Gateway endpoints or in response to a variety of events. 
• Lambda automatically scales up / down to match the event rate/traffic patterns. 
• Integration with CloudWatch makes it easy to monitor and analyze API usage.
• Integration with Amazon SNS service enables the Logic Tier to send real-time cross-device push notifications. 

The Data Tier of the solution consists of fully managed, scalable and highly available services like DynamoDB and Amazon S3. DynamoDB provides a NoSQL data store for storing structured data with low latency access. Amazon S3 provides highly durable and infinitely scalable object storage for storing photos, videos, binary data and other files that can be accessed directly via HTTP. Data stored in Amazon S3 can be archived to Amazon Glacier service by applying an archival policy to the S3 bucket.

Identity management

Amazon Cognito can simplify user authentication and authorization, giving customers the options to authenticate users with Amazon Cognito user pools, social identity providers, or their own identity management system. Amazon Cognito provides user sign-up features and integrates with AWS Identity and Access Management, which adds additional security capabilities to your mobile backend while simplifying the management of crucial security features for your app.

Sign-in UI with MFA Login with Facebook, Google and Twitter

Add user sign-up and sign-in workflows for customer onboarding with support for multifactor authentication to your apps with a fully managed service. You can also authenticate users through social identity providers such as Facebook, Twitter, and Google+. This feature is powered by Amazon Cognito.

Event-driven architecture

AWS Lambda enables easy implementation of event-driven architectures that do not require persistent resources and hosts backend logic for mobile apps. AWS Lambda automatically runs your code in response to events, and allocates resources to resolve requests on an as-needed basis. This allows you to put minimal logic in the mobile app itself, making it easier to scale and update. AWS Lambda automatically monitors Lambda functions on your behalf, reporting metrics through Amazon CloudWatch. To help you troubleshoot failures, Lambda logs all function requests and automatically stores logs through Amazon CloudWatch Logs.

App storage

Amazon Cognito Sync supports reading and writing to a local data store. This means that your app can work in the same way regardless of whether the device is online or offline. You can also save user data, such as user preferences, sign-in, and game state, and then sync this data across a user’s devices to create a consistent experience.

Amazon DynamoDB provides a managed, highly available NoSQL database for storing and querying app data while preventing superfluous client downloads and content mining. Amazon DynamoDB includes fine-grained access control to follow the best practice of least privilege for Lambda functions querying specific data.

Mobile push notifications

Amazon Simple Notification Service (Amazon SNS) is a fast, flexible, managed push notification service that makes it simple and cost-effective to send push notifications to mobile device users, email recipients or even send messages to other distributed services. Mobile push notifications send messages directly to apps on mobile devices, which can appear in the mobile app as message alerts, badge updates, or even sound alerts.

Disaster recovery planning

The underlying AWS services being consumed by the solution offer built-in fault tolerance and guarantee high availability by using multiple availability zones in each region to help protect against individual machine or data center failures.

Conclusion

Serverless architectures powered by PaaS offerings from leading public cloud vendors like AWS offer the ability to implement highly scalable and available applications without the groundwork of capacity planning and server setups. The ability to independently scale the web, logic and data tiers results in delivering the optimum performance of the overall solution.

S Sampath Kumar

Senior Architect, Cloud Application Services, Wipro Limited.

Sampath has over 16 years of industry experience as an Enterprise Architect, Technical Consultant, Business Analysis & Delivery Manager across multiple geographies and diverse lines of businesses. With a passion for customer success and excellent technical management skills, he has successfully led numerous projects on fixed bid and t & m models across BFSI, Pharma, Publishing and Storage Area domains in the last 12 years.