Welcome!

@DevOpsSummit Authors: Yeshim Deniz, Zakia Bouachraoui, Pat Romanski, Elizabeth White, Liz McMillan

Related Topics: @DevOpsSummit, Linux Containers, Containers Expo Blog, @ThingsExpo

@DevOpsSummit: Blog Feed Post

APIs Are Not Web Pages | @DevOpsSummit #API #IoT #M2M #DNS #DevOps

Even though web pages might be built from APIs, they are not the same

There’s a tendency, particularly for networkers, to classify applications by the protocols they use. If it uses HTTP, it must be a web app. The thing is that HTTP has become what it was intended to be: a transport protocol. It is not an application protocol, in the sense that it defines application messages and states. It merely transports data in a very specific way.

That’s particularly important in the age of the API and, increasingly, the age of things that might be using APIs. You see, APIs are primarily data centric constructs while web pages (think any HTML-based app) are document centric constructs.

Data centric constructs tend to exchange, well, data. And document centric constructs… yes, exchange documents. Both might use HTTP as a mechanism to do that, but the actual payload carried differs dramatically. That’s because data centric constructs are concerned with exchanging data that is not necessarily meant for human consumption. It’s meant to provide the application with information that it can then process and display or act on accordingly. Document centric constructs, on the other hand, are meant to be consumed by human beings. Because of that they tend to include all the stuffs required to format, display, and present information.

Now, some web apps are a combination of both. There’s a framework composed of HTML that lays out the user interface, and then scripting that exchanges and processes data via APIs. The initial “load” grabs the document, subsequent interactions exchange data.

The reason I’m being so pedantic about this difference (ignoring that pedantry is my superpower) is because this distinction is critical when architecting for scale. The load generated by these interactions is different. Loading a single page is no trivial task these days. HTTP Archive, which tracks these fascinating kinds of numbers, notes that the average page required 35 TCP connections to load.

35 TCP connections.

That may be because the average document size was 24kB, comprising 889 elements.

So not only do we need to open a lot of connections, we’re taking a lot of time transferring data over those connections.

Now it is true that APIs also get objects. The thing is that except for images, almost all data is a far more compact form and it is data, not visual elements of a document or UI. For APIs, JSON is universally favored right now, and it adheres to a fairly consistent key:value paradigm, with appropriate embedded lists (arrays) of objects within it. Pagination and a smaller screen size dictate generally smaller pieces of data at a time, displayed in preparation for user interaction. The interface already exists, the data is simply used to populate that interface. This is not the same as HTML, where both interface and data presentation often need to occur as the result of transferring the objects.

Dependencies, too, are different. Many of the optimization techniques used by ADCs and front-end optimization services focus on the web of interdependencies that exist naturally in an HTML document. You can’t layout the page until you’ve loaded the style sheet that dictates it (CSS), and scripts may need to execute before data is processed for display (or as part of that process), and so on. The display of one object might depend on the existence of another that is not yet loaded. Hence the focus on optimizing the transfer of objects in an order that allows the UI to begin parsing and presenting information as soon as possible, giving the illusion, at least, of greater speed whether or not reality matches the illusion.

In other words, the API returns a single, large chunk of data. It may or may not trigger additional calls to retrieve additional objects. A web page, by design, automatically will.

So… to sum up this comparison, APIs exchanging JSON are not the same as HTML even though both are using HTTP as the transport layer.

What does that mean?
It means, kids, that optimizing an API is not the same as optimizing a web page. It means that techniques like minification (stripping out white space and comments) isn’t necessarily going to improve performance of APIs, nor will reordering objects or inlining scripts and style sheet elements. It means that optimization an API depends a whole lot on design (which networkers can’t do that much about) and on the intermediaries you use to scale and secure that API.

A significant number of APIs are geared toward mobile devices. Mobile devices are infamously plagued by poor performance largely due to excessive round trip times (RTT) from DNS and the overhead of connection establishment. APIs delivered via HTTP can stand to be connected with longer TCP idle times to prevent requiring re-establishment of the underlying TCP session during the application experience. To offset the impact on capacity that has (servers can only serve so many concurrent connections, after all), using an intermediary (a full proxy) that effectively splits the interaction between “client” side and “server” side can reduce the impact of longer-lived sessions while simultaneously improving performance by eliminating the extra round trips required to establish a TCP session by employing TCP multiplexing techniques (similar to HTTP/2).

Compression, too, if your API is returning significantly large chunks of data, can be a bonus. Many API optimizing blogs and articles point out that for some reason, compression is rarely “on” at the server. There are reasons for this, good reasons, but that doesn’t mean compression shouldn’t be used at all. When appropriate, let the intermediary (proxy) apply compression, as it is usually far enough upstream to avoid the potential negative impact of doing so.

The big deal here is that optimizing an API for performance is not necessarily the same as optimizing a web application, even though both use HTTP. So if you’re really looking for a performance boost for APIs and you can’t get developers to change what they’re doing, look to the network and, as is increasingly the case today, to the architecture.

Read the original blog entry...

More Stories By Lori MacVittie

Lori MacVittie is responsible for education and evangelism of application services available across F5’s entire product suite. Her role includes authorship of technical materials and participation in a number of community-based forums and industry standards organizations, among other efforts. MacVittie has extensive programming experience as an application architect, as well as network and systems development and administration expertise. Prior to joining F5, MacVittie was an award-winning Senior Technology Editor at Network Computing Magazine, where she conducted product research and evaluation focused on integration with application and network architectures, and authored articles on a variety of topics aimed at IT professionals. Her most recent area of focus included SOA-related products and architectures. She holds a B.S. in Information and Computing Science from the University of Wisconsin at Green Bay, and an M.S. in Computer Science from Nova Southeastern University.

@DevOpsSummit Stories
Hackers took three days to identify and exploit a known vulnerability in Equifax’s web applications. I will share new data that reveals why three days (at most) is the new normal for DevSecOps teams to move new business /security requirements from design into production. This session aims to enlighten DevOps teams, security and development professionals by sharing results from the 4th annual State of the Software Supply Chain Report -- a blend of public and proprietary data with expert research and analysis.Attendees can join this session to better understand how DevSecOps teams are applying lessons from W. Edwards Deming (circa 1982), Malcolm Goldrath (circa 1984) and Gene Kim (circa 2013) to improve their ability to respond to new business requirements and cyber risks.
DevOpsSUMMIT at CloudEXPO, to be held June 25-26, 2019 at the Santa Clara Convention Center in Santa Clara, CA – announces that its Call for Papers is open. Born out of proven success in agile development, cloud computing, and process automation, DevOps is a macro trend you cannot afford to miss. From showcase success stories from early adopters and web-scale businesses, DevOps is expanding to organizations of all sizes, including the world's largest enterprises – and delivering real results. Among the proven benefits, DevOps is correlated with 20% faster time-to-market, 22% improvement in quality, and 18% reduction in dev and ops costs, according to research firm Vanson-Bourne. It is changing the way IT works, how businesses interact with customers, and how organizations are buying, building, and delivering software.
The benefits of automated cloud deployments for speed, reliability and security are undeniable. The cornerstone of this approach, immutable deployment, promotes the idea of continuously rolling safe, stable images instead of trying to keep up with managing a fixed pool of virtual or physical machines. In this talk, we'll explore the immutable infrastructure pattern and how to use continuous deployment and continuous integration (CI/CD) process to build and manage server images for any platform. Then we'll show how automate deploying these images quickly and reliability with open DevOps tools like Terraform and Digital Rebar. Not only is this approach fast, it's also more secure and robust for operators. If you are running infrastructure, this talk will change how you think about your job in profound ways.
Dynatrace is an application performance management software company with products for the information technology departments and digital business owners of medium and large businesses. Building the Future of Monitoring with Artificial Intelligence. Today we can collect lots and lots of performance data. We build beautiful dashboards and even have fancy query languages to access and transform the data. Still performance data is a secret language only a couple of people understand. The more business becomes digital the more stakeholders are interested in this data including how it relates to business. Some of these people have never used a monitoring tool before. They have a question on their mind like "How is my application doing" but no idea how to get a proper answer.
Nicolas Fierro is CEO of MIMIR Blockchain Solutions. He is a programmer, technologist, and operations dev who has worked with Ethereum and blockchain since 2014. His knowledge in blockchain dates to when he performed dev ops services to the Ethereum Foundation as one the privileged few developers to work with the original core team in Switzerland.