Tuesday, March 23, 2010

How zkBox works?

In my previous posts I was presenting how the idea behind zkBox was born and what is zkBox trying to solve. Now I’ll try to talk in general lines about the chosen architecture, to show a simple usage example and to discuss some thoughts about the future.

Architecture
First of all, I want to mention that I’m Windows guy, almost all the projects I worked on were on MS technologies. Add to this that zkBox was started as a hobby project and you’ll guest pretty easy what technological approach I had for this project: Microsoft technologies.

zkBox is developed in C# using ASP .NET on IIS7/Windows Server 2008 platform. Moreover, I developed a client to be used from JavaScript (so platform independent) along with a zkBox proxy (to be used in ASP .NET web projects) and also a C# client. Clients for others platforms might be added later, but depending on how the project will be perceived. The service is exposed via a RESTful API understanding and talking the JSON dialect. The possible backends are Amazon Web Services (using Amazon S3 + Amazon SDB, ideally hosted on EC2 instances) or Microsoft SQL Server 2005/2008 (for the case when security demands are very strict and physical hosting the data outside of the perimeter of the company is not allowed). On top of the backend layer there is a distributed caching layer (Microsoft Velocity used for the moment) for minimizing the trips to the storage and speeding up the system.

At the moment there is one instance of zkBox running, the official one running on the main website. This instance is free for everybody, so fell free to register your application and use zkBox as backend for your application.

Usage example
Similar to the line “A picture is worth a thousand words”, I think that having an example can shed a lot of light when trying to explain technical things.
Although too technical discussions are not in the scope of this post, I would like to present in a few steps what a developer will use to interact with the free hosted version of zkBox from his/hers own application. More is detailed in the developers section on the website, but, briefly, the following steps are required:
  • Get the JavaScript API client to be included in your pages
    The functions that you’ll call from you JavaScript code will use this library

  • Get jQuery if you don’t already use it in your project and included it as well

  • Get the zkBox proxy and add it to your web project
    • You can get it from here: http://www.zkbox.com/developers/downloads (look at the “zkBox JS client” package)
    • Configure it (e.g. in your Web.config file) to be accessible from your application (e.g. to be reachable at https://yourdomain.com/zkboxproxy)
      The zkBox JavaScript methods that you’ll use from your code will call this proxy from your application; the proxy will sign the requests and will forward them to the zkBox server.
    • You need the zkBox proxy for two reasons:
      • First, because the requests going into zkBox should be signed by your application with you application’s key (which never leaves your server) in order to authorize the application on the zkBox server to access your users’ data
      • Second, because anyway it’s a technological limitation of the browsers that it’s stating that you cannot make calls but only to the origin site, in this case your web application; in geeky terms, it’s known as XSS (Cross-Site Scripting)
      ...so the requests coming from your application’s users must pass through your server

  • Initialize in your code the zkBox proxy
    • In your initialization routine (e.g. usually Application_Start from Global.asax) you’ll provide the zkBox API endpoint (i.e. the zkBox server that you’ll use, if using the public instance, then you’ll need to use the address: http://api.zkbox.com/rest)

  • Initialize in your JavaScript code the zkBox API client
    • By providing the address of the zkBox proxy from your web application (e.g. https://yourdomain.com/zkboxproxy)
That’s it, only a few steps to get connected and start using the zkBox in your applications. Check out regularly the developers section as more examples and documentation will become available.

Future evolution
There are several directions under consideration for the project in the future, but at this moment there is no clear roadmap available, only some draft ideas. However, one thing will be for sure in the coming future: the possibility to have your own installation of zkBox so you can deploy it on your premises (most likely backed up by a SQL Server instance) or in the Amazon cloud (on your managed instances).

When talking about the future, a lot is depending on zkBox’s impact in the developers’ community and if the project will be a real useful tool. One of the goals will be to make it self-sustainable; I have some ideas how this can be approached in the future, but now it’s too early to analyze this.

This will be the last post from this trilogy where I’m presenting some facts behind zkBox’s birth, but keep close as more writings on security and adjacent topics will come.

0 comments:

Post a Comment