How Yalantis Approaches Backend Challenges Yalantis deals with backend challenges.… · actions we...
24
Backend challenges Yalantis Value Proposition A guide to some of the most common challenges of backend development How Yalantis Approaches Backend Challenges
Transcript of How Yalantis Approaches Backend Challenges Yalantis deals with backend challenges.… · actions we...
Backend challenges
Ya
lant
is V
alue
Pro
posit
ion
A guide to some of the most common challenges of backend development
How Yalantis Approaches Backend Challenges
Backend challenges
01 / 23Ya
lant
is V
alue
Pro
posit
ion
Why we created this[ [ [[Our clients often ask how we build applications. More specifically, they want to know what challenges we face and what actions we take to overcome them. Reasonable enough – they want to make sure they’ll get stable and quality products.
Questions about backend challenges are probably the most common. So we’ve brought together all our expertise and prepared this guide to some of the most common challenges associated with backend development. We’ll describe the nature of these challenges and suggest possible ways to solve them, spicing our explanations with real-life examples.
Backend challenges
02 / 23Ya
lant
is V
alue
Pro
posit
ion
What’s the backend?[ [ [[The backend supports the frontend of a product. In other words, the backend is responsible for an app’s business logic and calculations and for storing and retrieving data. The backend usually consists of a backend application (or backend script), a server, a database, and APIs (which make communication between the server and client possible).
In general, the backend is the part of a software product that exists behind the scenes. By contrast, the frontend is what an end user sees and interacts with – a website, web app, or mobile app.
The frontend is also referred to as the client side of an application, whereas the backend is often called the server side. The frontend is where UI/UX design and client-side scripting usually happen.
Backend challenges
03 / 23Ya
lant
is V
alue
Pro
posit
ion
A site is loaded in a browser from the server1Client-side scripts run in the browser and process requests without call-backs to the server
2
When a call to the database is required JavaScript and AJAX send requests to the back end
3
The back-end server-side scripts process the request, pull what they need from the database then send it back
4
Server-side scripts process the data, then update the site - populating drop-down menus, loading products to a page, updating a user profile, and more
5
[Backend server scripts process requests initiated by a user on the client side, pull information from a database, and then send results back to the user.]
Backend challenges
04 / 23Ya
lant
is V
alue
Pro
posit
ion
Backend challenges and wins [ [ [[There are a number of challenges associated with building the server side of an app. We’re going to explain what these backend challenges are and how we approach them at Yalantis.
Backend challenges
05 / 23Ya
lant
is V
alue
Pro
posit
ion
Security
In most cases, information on the backend is stored on cloud servers. But without the proper backend infrastructure and security, a server-side program deployed to a remote server may be exposed to cyber attacks, which can seriously damage a business and its customers.
Some of the most common security pitfalls according to the Open Web Application Security Project (OWASP) include injection, broken authentication and session management, cross-site scripting, and exposure of sensitive data.
Backend challenges
06 / 23Ya
lant
is V
alue
Pro
posit
ion
We follow industry best practices to secure applications and protect businesses and their customers from possible threats:
How Yalantis approaches security challenges
• We use only credible, tried-and-tested frameworksand libraries when developing products.
• We use only the latest versions of frameworks andlibraries.
• We always apply the latest security updates to libraries and frameworks.
• We use Amazon Web Services (AWS) as our trusted hosting solution.
Backend challenges
07 / 23Ya
lant
is V
alue
Pro
posit
ion
Additionally, we follow an established access control procedure that involves setting up a hierarchy of users with different levels of access to a project and its data as well as to a client’s live servers.
Our DevOps team deploys a secure and healthy server infrastructure for each project. Before releasing an app, our developers conduct a thorough code security audit – both automated and manual – to make sure that we deliver a secure product. This is especially important when it comes to apps for domains like healthcare and finance.
We also carefully follow security guidelines for the services and frameworks that we use to build the backend. Examples of such guidelines are the Ruby on Rails Security Guide, PostgreSQL Security Guidelines, Angular.js Security Guide, and AWS Security Best Practices.
Backend challenges
08 / 23Ya
lant
is V
alue
Pro
posit
ion
( (
((
We’ve recently been working on a large healthcare project called Optima Curis. Optima is an app that connects doctors with patients so they can communicate and share sensitive health information. Security was one if the most important concerns for this app.
As part of our compliance with FDA standards for medical app data security, we had to make sure that users only have access to appropriate data layers in the app. We also needed to make sure that our access control system allows users to access their information both on the web and in the mobile app. To ensure smooth operation of the access control system, we created a separate module based on the open-source component CanCan. Other modules request data from this module to understand what level of access users have.
Sometimes, user roles overlap (a doctor in one hospital can be a patient in another hospital), and we had to account for this as well to make sure the app was HIPAA-compliant (HIPAA, the Health Insurance Portability and Accountability Act, sets standards for protecting patient data). We also had to store all error tracking and logs on our servers to ensure the security of sensitive data.
Before the release, we carried out a code security review to make sure that Optima didn’t have any security flaws.
We used a proven Rails security scanner called Brakeman to automatically scan our code and detect typical security vulnerabilities such as SQL injection or SCRF. After that, we carried out a manual code review to identify minor and atypical mistakes. That’s how we confirmed
that Optima is secure.
Backend challenges
09 / 23Ya
lant
is V
alue
Pro
posit
ion
Scalability
In the most general sense, scalability refers to the ability of a system to successfully adapt to changes over time. In terms of application development, these changes may, for example, be unexpected spikes in demand or fluctuating user activity. However, even in such situations, a product should be capable of meeting demand and handling the increased workload.
Sometimes, however, it’s hard if not impossible to predict demand spikes and properly configure your system to respond to them. This is especially true for startups, as it’s hard to say when exactly they’ll attract the first huge wave of users.
Backend challenges
10 / 23Ya
lant
is V
alue
Pro
posit
ion
When defining scalability requirements is impossible, we recommend scaling a system on-demand. By doing so, we avoid the unpleasant situation when a client throws away lots of money on server capacity that may be left unused. We take three basic approaches to scaling systems:
How Yalantis approaches scalability
1 2 3Using the autoscaling feature offered by a hosting provider,
which automatically scales server resources as demand grows;
which involves manually analyzing code to define poorly performing parts and optimize them;
which involves using a load balancer and creating clusters of application servers that contain the same codebase to distribute the workload.
Performing manual code optimization,
Application server cloning,
Backend challenges
11 / 23Ya
lant
is V
alue
Pro
posit
ion
Autoscaling gives instant results but costs more money for additional resources. Manual code optimization doesn’t require additional expenses for server optimization but requires more time and effort to define and refactor bottlenecks in code. Server cloning requires additional time and resources as well to properly reorganize the application architecture and ensure scalability.
( ( For several years, we’ve been partnering with a US-based startup that asked us to build a dating app from scratch. The application, called Bro, has been quite successful, and we still support it.
To our client’s surprise, Bro quickly attracted a significant user base – around 100,000 active users almost instantly after its release – which affected the overall performance of the product since the app wasn’t prepared for such a load.
To solve this unexpected issue, we used a combination of the first two approaches – instant server scaling and manual code refactoring. Since we used Amazon Web Services for hosting, we used its amazing Auto Scaling feature. Auto Scaling monitors an application and automatically adjusts capacity to maintain steady, predictable product performance without affecting users. This bought us some time to carry out code refactoring.
Backend challenges
12 / 23Ya
lant
is V
alue
Pro
posit
ion
We choose our approach to scaling based on how urgently a product needs to scale. We can mix and match approaches or use only one – it all depends on you and your business needs.
((Using Apache JMeter – a tool that’s used to simulate server loads in order to analyze performance – we identified the slowest features in the project. We then manually analyzed these features to determine why they were so slow. After that, we refactored our code and deployed optimized code to the server. After achieving stable performance, we stopped using AWS Auto Scaling to save money.
Backend challenges
13 / 23Ya
lant
is V
alue
Pro
posit
ion
Real-time features
Real-time functionality has become an integral part of many applications that we use on a regular basis: Twitter, whose feed is updated when something new is published; Uber, which lets us track our location as we move; Google Docs, which offers multi-user real-time collaboration; WhatsApp, which literally made instant messaging mainstream.
Real-time features have worked their way from fancy to must-have. Take real-time messaging, for example – today, this feature is present in almost every app. Even Google Docs lets collaborators chat with each other without having to leave the app.
Sometimes, however, live chats serve not as an edge feature but rather as a key functionality. Dating apps are probably the brightest examples of this.
Backend challenges
14 / 23Ya
lant
is V
alue
Pro
posit
ion
((
((
To integrate real-time chat in Bro, we used a third-party service called Layer. With Layer, we could implement chat functionality quickly and with minimal effort. Very soon, however, Bro’s user base started to grow, so we faced a little challenge...
Layer is priced based on an app’s monthly active users and the number of messages they exchange. So as your app’s user base grows, the cost grows as well (at some point, it reached around $1,000 per month for Bro). We had to help our client avoid this expense.
We decided to integrate our in-house real-time messaging solution built on the Phoenix technology. We prepared a detailed estimate on how much it would cost to migrate to our Phoenix-based chat, got the green light from the client, and successfully integrated it. As a result, our client now saves up to $1,000 a month.
So, most dating apps are built around a real-time chat. Take Bro, for example – a dating app you’re already familiar with – where real-time chat is necessary to provide smooth communication between users.
How Yalantis develops real-time features
Backend challenges
15 / 23Ya
lant
is V
alue
Pro
posit
ion
Integrating third-party services
Integrating third-party services (i.e. APIs) has become common practice. APIs let smaller apps benefit from solutions that a startup couldn’t create on its own. For example, companies can turn to Stripe or Braintree for payment functionality or use Layer or Pusher to equip an app with live chat.
Moreover, these third-party integrations may play a significant role in delivering better user experiences. For example, integrating login via Facebook, Twitter, or Google+ may significantly save your users’ time since they can authenticate in just a few clicks.
Our experience shows that your app will likely need at least one third-party service, whether a popular solution like those listed above or a niche API. Our experience shows that your app will likely need at least one third-party service, whether a popular solution like those listed above or a niche API.
Backend challenges
16 / 23Ya
lant
is V
alue
Pro
posit
ion
( (
((
We’ve worked on two projects with particularly tricky integrations. The first project, which was developed for the Gulf region, used a local payment system. The second, developed for the US, used a special real estate database to parse information.
While the payment gateway had poorly organized public API documentation, the real estate database service didn’t have any public documentation at all. But the payment gateway also lacked several necessary libraries. On top of that, we had to quickly estimate the scope of work for both of these projects before starting.
We thoroughly researched how to integrate both of these services at the project planning stage – a time when we elicit requirements, design the technical architecture, and come up with estimates. This stage usually comes before the actual start of the project.
At the planning stage, we created a prototype of the first project and developed necessary libraries for it. For the second, US-based, project, we reached out to the payment gateway team and got necessary documentation. This helped us accurately estimate the scope of work associated with integrating these services and properly plan each project. As a result, we met our budgets and delivered both projects on time.
How Yalantis integrates third-party services
Backend challenges
17 / 23Ya
lant
is V
alue
Pro
posit
ion
Working with legacy code
Very often, we have to work with existing projects. As a rule of thumb, these projects are for businesses that want to either add new features or completely rework their products and launch new versions. Sometimes, however, businesses simply want to fix minor bugs.
All of these scenarios require coping with so-called legacy code. And the quality of this code may vary from excellent to good to terrible or even barely maintainable.
Backend challenges
18 / 23Ya
lant
is V
alue
Pro
posit
ion
Before starting work on a project, we always conduct a thorough code audit to understand the condition of the code. We analyze project requirements (whether for bug fixes, new features, or a new version), taking into account the budget and deadlines as well as the nature of the project. This helps us make an informed decision on what approach to choose.
There’s no standard approach to working with legacy code. The decision of which approach to take is based on the code quality and the specific needs of your business.
How Yalantis works with legacy code
Backend challenges
19 / 23Ya
lant
is V
alue
Pro
posit
ion
No refactoring
is possible for applications with excellent code quality. This option assumes that we can easily work with legacy code while integrating new features.
is advisable for projects with poor quality code. This option assumes that minor refactoring won’t deliver desirable results. We start by making minor bug fixes to provide relatively smooth operation of the existing product while at the same time we develop a second version of the product from scratch.
Ongoing support of legacy code and development of a new version
is needed to replace temporary solutions that were designed as prototypes. In this case, we completely rewrite the app code, sometimes partially using old parts.
Development from scratch
is suitable for apps with relatively good code quality. We review code, identify parts that require urgent refactoring (often, these are small), develop a refactoring plan, and align this plan with the general scope of work; we then refactor and develop new features simultaneously.
Partial refactoring and support of legacy code
Backend challenges
20 / 23Ya
lant
is V
alue
Pro
posit
ion
Conclusion[ [ [[This list gives you a basic understanding of some unexpected situations that may occur while developing software products. We’ve provided examples of challenges that Yalantis has successfully coped with. This list may grow further though, since we never know what bleeding-edge crazy feature our clients will want us to integrate next. However, we’re always ready to deal with something testing.
Backend challenges
21 / 23Ya
lant
is V
alue
Pro
posit
ion
Yalantis services[ [ [[We offer design, iOS, Android, and web development services together with quality assurance and project management. We have all the expertise you need to produce a fully-fledged, stable product. At Yalantis, we find the most efficient ways to create software by combining the strong points of different technologies, choosing the right methodology, and putting together the best team.
Backend challenges
22 / 23Ya
lant
is V
alue
Pro
posit
ion
Our quality assurance team verifies that developed functionality meets business objectives and ensures that code is relatively bug-free prior to launch.
Quality assuranceWe support and maintain products after they’re launched to constantly improve quality and meet our clients’ precise needs.
Support
We offer prototyping, branding, and UI/UX design for web and mobile applications. We focus on how actual people will use our client’s products in order to deliver positive and lasting results.
Design
We use both traditional (Objective-C and Java) and modern (Swift and Kotlin) programming languages to build highly performant native mobile applications for iOS and Android. We also provide backend development using modern, tried-and-tested frameworks including Ruby on Rails, JavaScript, PHP, AngularJS, React, Node.js, and Elixir.
Software development
Backend challenges
23 / 23Ya
lant
is V
alue
Pro
posit
ion
Contact us[ [ [[Send us a message at [email protected] if you want to team up or if you have some questions.
For the latest news
twitter.com/yalantis
For insights
yalantis.com/blog
For design works
dribbble.com/yalantis
For open-source projects
github.com/Yalantis
