Developing apps and other integrations with the UMP REST API

Blog Technology Viewpoint

The Unvired Mobile Platform offers a rich set of REST APIs to build custom integrations easily.  The REST APIs are broadly classified into APIs that deal with:

  • Sessions – Handles persistent login sessions
  • Users – Work with Unvired users (Create, Update, List, Lock etc)
  • Groups – Work with groups of users (Create, Update, List etc)
  • Applications and Libraries – Work with Unvired applications and libraries (Execute functions, Deploy, Undeploy, Configure Properties and Settings etc)
  • Messages and Attachments – Queue messages, attachments, retrieve them etc.

Other APIs include:

  • Companies – Work with Unvired Companies (Departments) (Create, Update, Activate plans, List etc)
  • Status – Get technical status information on the platform for monitoring etc.

Some use cases can be to create a user in the UMP when a user is provisioned in MS Active Directory, or write command line tools that create users/groups based on other Identity Management systems like ADS, LDAP etc, deploy (make available) applications to users belonging to specified ADS groups etc.  The APIs can also be used to for e.g. execute functionality in an enterprise system like a ticketing system from a web site wherein the user can request support.

The APIs are documented in detail and the documentation is made available as Swagger definitions for import into API testing tools, code generation etc.  Additionally if you are a Postman fan (http://getpostman.com) you can directly import the UMP Postman collection to work with the APIs and test/develop.

The detailed documentation can be accessed at the Unvired Developer Portal (http://developer.unvired.com)

Enjoy developing smart integrations.  Let us know what you build here and receive a memento from Unvired 🙂

Unvired for Health Care Applications

Blog Lessons Learnt Mobile Use Case Technology
healthcareMobile access to patient data or Protected Health Information (PHI) is of paramount importance.  While the backend is already digitized using EMR (Electronic Medical Record) systems, the last mile is mostly manual using pen and paper or other offline means of data management.  Modern health care requires that the care team has immediate access to the patient information.
PHI is part of the HIPAA Privacy rule and protects most “individually identifiable health information” held or transmitted by a covered entity or its business associate, in any form or medium, whether electronic, on paper, or oral.  This requires that mobile and web applications enabling this access are ultra secure and handle the information accordingly.
Unvired recently implemented a Patient Information System on mobile with a backend database to store the PHI data securely.  The key aspects were:
Mobile Application
1.  Data at rest is encrypted on the iOS devices.  Additional data protection is enabled with security mechanisms such as password/PIN to prevent unauthorised access.
2.  Data in transit is transmitted via secure HTTPS/SSL.
3.  Data stored in the backend database is encrypted at rest.  Connections to the database are protected via encrypted SSL connections.
4.  The web application allows online access and all data is invalidated/cleared on session termination.
The Landscape
The Unvired Mobile Platform (UMP) enabled this offline/online access to the patient information from both Mobile devices and web browser.  While UMP satisfies the security and encryption requirements of HIPAA, Unvired partnered with Aptible (http://aptible.com) to additionally enable a secure environment in the AWS cloud.  Aptible provides a platform on AWS to securely deploy applications and satisfy the regulatory requirements.  UMP was deployed in Docker containers on the Aptible landscape to enable this secure access.  All the dockcer containers are isolated in an Amazon VPC with restricted access.  Additional logs and audit trails in Aptible ensure that every access to the landscape is recorded.  All data transmitted and received via the platform is logged and audited by the UMP.  Once data is safely delivered to the device, the data is cleared on the UMP and no PHI information is cached.
The combination of the secure UMP platform with the Aptible landscape provides a secure and cost effective platform for customers to deploy mobile and web applications to handle PHI in a secure and compliant manner.  Over the next few weeks there will be a series of follow up blogs delving into more detail on each of the above aspects, do join us for the journey.
Contact us to know more about how Unvired can enable a robust health care solution for your institution.

Unvired is on Google Compute Engine!

Blog Technology

At Unvired we have always prided ourselves on providing choices to our customers.  We were the first to offer Unvired Mobile Platform (UMP) as both an on-premise and cloud platform for mobile application development a few years ago. Taking that journey ahead in cloud neutrality, we are delighted to announce that UMP now runs natively on The Google Compute Engine aka Google Cloud.

GCE instances can be leveraged to run multi-node, horizontally scaling UMP instances.  For database you can create an instance of the Cloud SQL engine and link it to the UMP compute engine nodes conveniently via the Google Cloud Console.

For storage we leverage the Google Cloud Storage and store data in the buckets that are created there.  This provides for both stateless access from any of the UMP nodes and redundancy in terms of storage / backup etc.

 

Pasted Graphic

Pasted Graphic 1

UMP can now run seamlessly within your datacenter, AWS or on Google Cloud.  More innovations are underway to support other cloud providers in the next weeks.

If you are interested in taking UMP for a spin, submit a trial request now and we would be delighted to spin a couple of instances for you.

Is the IAAS cloud really low cost?

Blog Technology Viewpoint

Host on the cloud, get a dedicated server or build your own? This is a common question that most entrepreneurs who are launching a service ask themselves. Seeking answers via the web probably leaves more questions than answers.

The reasons are simple, there are a plethora of articles that sing the praises (for many right reasons) of Infrastructure As A Service (IAAS) such as AWS, Google and other similar services. The ease with which you can launch servers on these clouds make it even more appealing. The fact that Netflix and other companies are using it gives the added assurance. Now head over to the wonderful calculator that all these services provide and crunch some numbers. You may either buy into it so completely that you are ready to launch your service or taken aback by actually how much it can cost. Lets face it, its not as cheap as its made out to be.

To better understand this problem, lets crunch some numbers with an example server. Suppose the server we need is equivalent to 4 Cores (or more), 32 GB RAM and about 200 GB hard disk space (Note that in most cases RAM is the overarching choice and CPU cores are not really configurable, notable new exception is Google). For simplicity I’am also not considering prepayment as no startup probaly wants to commit for more than a few months.

Cloud Servers (Instances):

AWS – Consider the m4.2xlarge at 32GB RAM and 8 cores. Linux instance is at $0.504 per hour or ~375$ per month. Add charges for storage and data transfer and approximate it to 400$ per month.
Google – Consider the n1-standard-8 at 30GB RAM and 8 cores. Linux instance is at $0.280 per hour lowest price with 100% usage or ~208$. Add charges for storage and data transfer and approximate to 230$ per month.

As you can notice there is already a significant difference between the two services. If you check other providers the price range will be similar.

Dedicated Servers:

Typically dedicated servers have always set you back by a significant sum and hence may not have been a choice. But a host of new providers has meant that hybrid offerings are available which has already reduced prices. Significantly Managed dedicated servers are way more expensive than unmanaged servers. The significant difference being in unmanged only the hardware is supported by the provider, every other responsibility us yours (software, backup etc).

Rackspace – A 24GB prepackaged dedicated server with 6 cores will set you back by ~ 674$ per month. This is backed by Rackspace Fanatical Support of course.

Packet.net – Packet offers dedicated baremetal hardware in a cloud like fashion. Type 1 server with 4 Cores and 32GB RAM (with 2x120GB SSD drives) is at $0.4 per hour or 297.6$ per month. There are no other charges as everything is included in this.

OVH – A major European provider with a NA presence in Canada and data center. A 32GB / 4 Core dedicated server (unmanaged) costs 79$ a month (no setup fee)

Hetzner.de – German data center, 32GB 4 Cores is priced at 39 Euros or ~43$ per month with a 79 Euro / ~87$ setup fee (one time)

As can be seen the range is again wide not considering a huge number of smaller providers. Depending on whether some of the administrative tasks can be managed in house or not, choice of provider can be made. Point to note though is that dedicated servers can actually be cheaper than cloud.

Conclusion:
So before deciding, its important to decide based on these (There could be many more significant ones I’am missing, add to the comments)

1. Elastic Scaling – Are your users going to grow that dramatically that you need elastic capabiloty of that nature? Less than 1% of all web apps need this kind of scaling, rest are happy with more deterministic scaling. (Cloud v/s dedicated)
2. Redundancy – Sometimes cost of 2 dedicated servers is still cheaper than 1 cloud instance. So even HA is not an issue with dedicated, but multi region availability etc can also determine the choice.
3. Time – The longer you are willing to commit the cheaper some of the cloud services will be.
4. Legal or Security related – If customers dont prefer shared multi tenant instances, then you may have to go dedicated.

Net-net: Cloud services such as AWS are not the only choice. Even dedicated servers can be bought month on month with significant cost and performance gain. You actually have more choice than what is sometimes made out to be!

Note: This post originally appeared on LinkedIN: https://www.linkedin.com/pulse/iaas-cloud-really-low-cost-srinivasan-subramanian

The UMP 3.2 travelogue

Blog Technology Viewpoint

The Unvired Mobile Platform (UMP) 3.2 includes a number of innovations that enable faster digitization and mobility.  Whether your company wants to mobilize enterprise backends like SAP or databases or legacy systems, UMP has made that easy, fast and cost effective with a plethora of adapters that enable out of the box integrations.  UMP 3.2 now includes a powerful REST API that allows you to leverage the same functionality to also develop web apps.  So whether you want to go digital via web or mobile or both, UMP is your platform of choice.

In a series of blog posts starting today I will explore the new features and the transformations in the platform.  This post will focus on the high level features and some under the hood changes that have been made to UMP to make it faster and better.

Features of note in UMP 3.2:

  1. Single infrastructure that runs within your datacenter or on cloud IAAS like Amazon Web Services (AWS).  Absolutely identical, even the binaries are the same!  This gives you enormous flexibility to go on premise and switch to cloud later or vice versa
  2. Fully load balanced, High Availability setup supported both within your datacenter and on cloud infrastructures
  3. Improved performance and scalability (see under the hood section below for more details)
  4. Enhanced REST API to easily build applications for web and mobile, supports both XML and JSON
  5. New enterprise adapters for OData and SAP HANA.  SharePoint, REST and all other adapters have been further enhanced
  6. Enhanced push notifications for APNS and GCM (including follow up actions), support for browser push to notify web applications
  7. Error console to help administrators process data errors, backend submission errors etc.  Your users will never need to see errors any more, just save and forget!
  8. Conflict management on submission, handle concurrent submissions, and multi-channel updates without breaking a sweat
  9. Enterprise App Store to distribute your enterprise applications, applications can also auto update without admin intervention
  10. A brand new dashboard that helps administrators know the pulse of the mobile deployments
  11. Isolate your deployments and administration control for subsidiaries, locations, departments with a single central instance
  12. Transport configurations and code across Development, Quality and Production landscapes of UMP.  No more manual administration tasks
  13. Time zone (user or company) based distributed scheduler to periodically refresh mobile data, no need to run battery hogging threads on devices checking for updates
  14. And …

Under the hood: UMP 3.2 core has undergone significant reengineering.  The new UMP is now based on Spring backed by Level 2 distributed caching of data.  This allows lightning fast reads and writes. UMP uses async servlets for maximum scalability with  configurable thread pools to optimize resource needs based on your individual needs.

UMP supports deployment on any enterprise operating system such as Unix, Linux, Windows etc. with a MySQL, Oracle or MS SQL Server backend.  For test and demo purpose,UMP can also be run with a H2 embedded database.

The UI has been spruced up with keyboard shortcuts to simplify administration and management.  For those Unix/Linux administrators who love the command line, a command window allows you to quickly enter commands.  The new UMP runs on JBoss 7.2 EAP and open source editions and deploys in seconds.  UMP is also certified by SAP for NetWeaver deployment and is deployable on SAP NetWeaver 7.x all the way up to 7.4.

UMP 3.2 is also supported on Docker containers and the official images will be available on the Docker Hub shortly.

Related tools: A brand new Unvired Modeler works hand in glove with the UMP infrastructure to enable development of applications easily.  The modeler is installed as an Eclipse plugin with auto discovery of UMP development landscapes.  Model, Design, Develop, Debug and Deploy from a single place.

There is much more to talk about the new UMP.  Watch this space for a series of blog posts that will expand on each of the features and how exactly you can benefit from it.

UI Toolkit on the wall, who is the prettiest of them all?

Blog Technology Viewpoint

Today most enterprises want to build and deploy awesome mobile apps on multiple devices for their employees and customers. But when it comes to UI technology most are stumped. If I were to pick the most common question that we encounter in discussions with customers it would be, How do I build apps for all devices? (this is typically iOS and Android). Follow ups to that are: What UI should I choose? How can I build once and run anywhere? What skills should we ramp up on? The list is endless.

First up the UI choice needs to lend itself to your need and not the other way round. At Unvired our normal approach is to find out what that need is and then recommend the technology solution.

I want to deploy native apps with fantastic user experience, fast performance, hardware integration and so on.

If your need falls in this category you are typically looking to build native applications using the vendor’s prescribed technology. These are:

  • iOS – Objective C (more recently Swift) using the XCode IDE from Apple
  • Android – Java using the Eclipse IDE or the Android Studio
  • Windows – C#/.Net using the Visual Studio IDE

All platforms come with their own set of challenges based on the OS version to support. This is more under control with Apple where you are usaully covered if you support the latest version and the one lower (for e.g. iOS 8.x and 7.x). Its more complicated with Android given the disparate devices and OS distribution and you should opt for the OS version with the most installed base for e.g Kitkat or 4.4. You are also well served if you use the standard APIs and do not depend on any vendor/device dependent APIs from Samsung, Sony etc.

I want to build apps once and deploy them on multiple devices. 

This is the trickier questions as there are a few choices. This usually needs further qualification on what skills the company has or alternatively what they would prefer in addition to the end application’s requirements.

Web technology, hybrid apps that do not require any major hardware integration etc.

The most obvious choice in this case is to build hybrid HTML5/JavaScript apps using the Apache Cordova/Phonegap (http://cordova.apache.org/) plugin. This allows to build, host and deploy hybrid (native like) apps that render the UI in a webview with standard HTML5 look and feel. The advantage is that the technologies used are typical web technologies like HTML5, JavaScript and CSS and web developers will be able to code them. Some understanding of the mobile paradigm is definitely necessary. The plethora of CSS/JavaScript frameworks can be utilized to build some real cool apps. However performance can be an issue with lag on some devices, transitions not being smooth, low touch sensitivity etc. This technology is evolving and will only improve further.

Native apps that can be deployed on any device

Xamarin (http://xamarin.com) is your best choice here (at least for now, more on that later). Mobile applications can be developed in C#/.Net and deployed on iOS, Android and Windows tablets. The code compiles into native applications and hence offer a native user experience. The User interface can be developed once for multiple devices using Xamarin Forms or alternatively separate UI for Android and iOS devices can be developed with common business logic.

A new kid on the block here is Telerik NativeScript (http://www.telerik.com/nativescript) with an imminent release in April/May 2015. Telerik is positioning NativeScript as a JavaScript framework that can be used to develop mobile applications that are finally packaged as native applications. So these applications will not render in a webview on the device but will render as native applications. This is new technology under development and needs validation / adoption.

So now that you know them all, what’s your choice?

Unvired Apps can now be built with Xamarin!

Unvired Apps can now be built with Xamarin!

Blog Technology

Here is some real exciting news.  Unvired has so far been supporting development of Native applications using the SDK and tool sets provided by the device/OS vendors and Hybrid/HTML5 applications using the Cordova mechanism.  Many of our customers and propects have expressed the need to build Native applications in a simple manner with the benefits of Build-Once-Run-Anywhere.  To fulfil that need we decided to support developing Unvired Enterprise applications using the widely popular Xamarin Studio.

We are delighted to announce the availability of the Unvired Xamarin component that brings the power of connecting to enterprise systems such as SAP, Sharepoint, Oracle among others using the simplicity of the Unvired Mobile Platform to the Xamarin Studio.  The Unvired Xamarin component can be accessed on the Xamarin component store.

So how does this benefit you?

As an Enterprise – There is now a simple, proven way to nowconnect apps to your enterprise systems such as SAP using the scalable Unvired Mobile Platform.  Applications can be developed once and deployed on multiple devices!

As a Developer – Use the familiar C# / .Net technologies to harness the power of the Unvired Mobile Platform and build awesome user experiences with Xamarin.  Building those many micro-apps that your manager wanted is now real easy!

As a User– You can now get to use awesome apps from your company on all devices, never be left out again!

Want to get started right away?

Login to Xamarin Studio and download the Unvired Xamarin Component.  Follow the example and the included getting started guide.  To build more complex applications with SAP etc we are in the process of publishing some more samples to our GitHub repository, watch this space or follow us on Twitter @unvired to get updates.

Unvired Mobile Platform now on H2 database

Unvired Mobile Platform now on H2 database

Blog Technology

Exciting update for Unvired Mobile Platform (UMP) development.   UMP now supports the H2 embedded database.  (What is H2?)

First up, H2 is a pure Java embedded database with the performance and capabilities of larger server based database systems.  UMP has been supporting MySQL, MS SQL and Oracle so far and has now added full support for H2.  So what, you ask?

1. Easier and less cumbersome Trials and POCs

One of the hallmarks of UMP has been simple free trials and self experience via POCs before the enterprise makes the buy decision.  This just became easier with the H2 support.  Unzip the preconfigured trial UMP archive,  start the UMP service and you are up and running.  An on-premise trial should now take a maximum of 1 hour for you to self provision!

2. Easy evangelizing of UMP in your organization

As a mobile architect or developer are you excited about UMP and want to try building some apps before evangelizing it within your organization.  You can now simply extract the UMP archive and run it with one click on your laptops or Mac’s and start development.  No licenses from IT required!

3. Easy development and test/quality servers

One of the constraints an Enterprise has always faced is the time and resource constraints in setting up hardware or provisioning Virtual Machines in their data centres.  For a traditional DB server such as MS SQL or Oracle additional license/hardware/DBA resources were required and led to approvals and delays.  Now with support for H2, the UMP service just needs to be started and automatically an H2 database will be created/used without any additional licenses or hardware requirement.

4. Single cloud instance sufficient for UMP

If you are provisioning instances in AWS or similar cloud services, a single instance is sufficient to unleash the full power of UMP.

Interested in trying any of the above?  Drop us an email and we will be happy to oblige.  Contact us.

Shellshock security update

Blog Security Technology

From Wikipedia:

Shellshock, also known as Bashdoor, is a family of security bugs in the widely used Unix Bash shell, the first of which was disclosed on 24 September 2014. Many Internet-facing services, such as some web server deployments, use Bash to process certain requests, allowing an attacker to cause vulnerable versions of Bash to execute arbitrary commands. This can allow an attacker to gain unauthorized access to a computer system.

Details: : http://en.wikipedia.org/wiki/Shellshock_(software_bug)

And: https://shellshocker.net/

And: http://blog.cloudflare.com/inside-shellshock/ for some understanding on how hackers are exploiting the bug

UMP and Shellshock:

Shellshock affects running the Bash shell.  UMP is currently supported on Linux and Unix systems which typically run the Bash shell.  While UMP is not directly affected, the bug exposes the underlying system to attacks and its critical that the system is patched.  Please contact your OS provider to get the required patches and update them immediately.

Conclusion:

The bug exposes the underlying system to attacks and its critical that the system is patched.  Please contact your OS provider to get the required patches and update them immediately.

 

Heartbleed security update

Heartbleed security update

Blog Security Technology

From Heartbleed.com:

The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet. SSL/TLS provides communication security and privacy over the Internet for applications such as web, email, instant messaging (IM) and some virtual private networks (VPNs).

The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.

Details: : http://heartbleed.com/

And: http://en.wikipedia.org/wiki/Heartbleed

UMP and Heartbleed:

UMP is currently supported on SAP NetWeaver and on Redhat JBoss.  Both SAP and JBoss are not affected by the Heartbleed bug.  SAP customers can read more here: https://service.sap.com/~sapidb/011000358700000308332014E/ (SAP Login required) and JBoss customers can check this: https://access.redhat.com/solutions/785113 and http://anil-identity.blogspot.in/2014/04/jbosswildflyas-openssl-heartbleed.html?m=1

Conclusion:

As such UMP is not affected by the Heartbleed.  Additionally the public UMP sites can be tested against Heartbleed online tests such as http://safeweb.norton.com/heartbleed. Nevertheless in order to overcome any rare scenarios also, Unvired aligns with the general advise to change passwords used on affected websites.