This guest post comes from Blake Dournaee, product manager for Intel Expressway Service Gateway, including the Tokenization Broker product. Blake wrote the first book on XML Security and co-authored "SOA Demystified."
Seems like a simple answer perhaps, but an investigation of the nature of mobile apps reveals some characteristics that are a bit of a blast from the past. In the context of an enterprise setting, despite being a relatively new addition to the enterprise network, mobile apps display characteristics from passé programming styles. As a starting point for comparison, it is key to evaluate how mobile apps integrate and communicate with the prevalent enterprise architecture relative to more traditional web applications.
So what does today’s enterprise architecture consist of? Typically the enterprise network consists of modern SaaS applications or the classic multi-tier architecture for web applications including the persistence tier (where user and application data is stored), the application tier (for administering business logic and controlling views), and the web server tier (for rendering views to browsers). Additionally, we see enterprise adopting a hybrid cloud model wherein some functions of the network leverage the cloud while other functions are kept on premise. The main presumption of this architecture, given that this has been the case for the last 10 years, is that the client is a browser. With native mobile apps which are not accessed via a browser, we can see a deviation from this fundamental circumstance. For this reason, although native mobile apps are HTTP-based they do not purely fit the client-server model in the same way that web applications do.
Because native mobile apps reside on your device, they are naturally designed with its specific functionality in mind. In particular, they are compiled for a specific programming language and platform and while native mobile apps are network based and HTTP based, they may also employ non-HTTP communication in order to leverage push notifications, GPS, and other tools which make such apps more powerful, but are unheard of in a traditional browser client.
Do mobile apps have more in common with desktop applications? Desktop applications, for instance, utilize both HTTP and non HTTP-based communication and rely on rich user-interface controls provided by the operating system. To make an even more stark comparison, consider Java applets. While well past their days of being en vogue, some of the Java applet characteristics are analogous to the mobile apps we see today. Java applets essentially provide specific UI functionality which cannot be accomplished via HTML alone: They rely on rich client functionality that must be upgraded, they can utilize proprietary socket protocols, and in the Enterprise context, are often only supported in certain browsers and Java Virtual Machines. Additionally, applets can capture mouse input through UI controls and achieve similar performance to natively installed applications, so again we see a combination of HTTP and non-HTTP communication. Other limitations related to standardization, compatibility, installation, and updates have caused applets to lose their luster of 5-10 years ago, yet notable similarities to the proliferate and current mobile apps can’t be denied.
The implications of this rapid growth in the mobile landscape on the traditional browser-dominated multi-tier architecture are many. In this new environment, client variability is the norm rather than the exception, and as such there are a number of things that should be on your radar in terms of adapting for mobile: managing identity and single sign-on, client trust & API Security (since BYOD introduces “non-trusted” devices), delivery of mobile apps (whether handled through an internal enterprise app store or outsourced), obtaining bandwidth to support a new flux of API calls, and the list goes on. While certain mobile app functionality may evoke old-school desktop application and Java applet comparisons, the new questions and concerns that they introduce to the integrity of the traditional enterprise network should not be underestimated. The following analysis on mobile architecture dishes up some of the true nitty-gritty on how the enterprise must adapt going forward.