[Update 2016/06/07: I eventually found Azure to be lacking, though this did lead me to explore the excellent Auth0 for authentication. To be honest all three offerings are currently pretty much a bunch of ‘beta bits’, an apt phrase coined by by Michael Facemire and Jeffrey S. Hammond in their “Forrester Wave™: Mobile Infrastructure Services, Q3 2015“. I’m now exploring Kinvey, one of the services mentioned in that report. Kinvey are certainly responsive and tick most of the boxes. I just hope they can deliver as I’m seriously behind schedule]
[Update 2016/06/08: After reviewing Kinvey and chatting with them I’ve decided it supplies just about all I need. I’ve added them in to the comparison below for future reference. The one missing feature is a full CLI to enable scripted “from clean” setup and so CI / CD, but then I didn’t think of that when doing the original post. Another point I forgot was encryption of data in the client storage which they also have covered.]
My current work is the Brian project for people with cognitive disabilities. This open source development is funded by the Prosperity For All EU FP7 project (part of GPII initiative). The plan is for it to become a self financing a service based on Gregg Vanderheiden’s Easy One Communicator and features from MAAVIS.
After much thought about implementing Progressive Enhancement for a proper ‘web app’ verses usage scenarios requiring offline access I decided to start off making a so-called Single Page App (SPA) or ‘browser app’ as I prefer to call them. SPAs require javascript for their functionality and tend to take advantage of all the latest features in the evergreen browsers. They treat the browser as a platform and are designed as part of a system architecture with custom client-server splits. This usually means consuming REST or other APIs directly in the client in order to access a broad range of services (often micro service based). These services may be part of the architecture being developed or from the many 3rd party offerings that add value through aggregation (or mashup).
Those services that are part of the new system being developed might be implemented as a HTTP server, either self hosted or in the cloud (so called IaaS). However, these days it is possible to go ‘serverless’ by using so called Backend as a Service (BaaS) cloud offerings for ‘mobile’ apps (MBaaS). These go a step beyond Platform as a Service (PaaS) which lets you concentrate on you server software at the top of your backend stack. They also added features that are critical for mobile situations; eg offline data sync, user authentication. I decided to go this route as I really did not want to get involved in DevOps or SysOps or whatever you want to call service configuration, maintenance and security. Another advantage of BaaS is you can easily scale up the backend should your service ‘go large’; you just need to pay more.
The three main PaaS offerings that include some BaaS are Amazon Web Services (AWS), Microsoft Azure and Google Firebase. My initial thoughts were these big operators would have the best dev experience.
- Amazon AWS has been around the longest are easily the most popular IaaS. Not bad for a spin-off from Amazon’s own in house services. I discovered them via the excellent Serverless project early in my investigations.
- Azure has steadily added features since the early IaaS only offering days and with the recent introduction of Apps and Functions looks like a pretty reasonable BaaS. It has a strong enterprise positioning.
- Firebase was until very recently quite limited. They just rounded out the PaaS offering but adding authentication, storage and other features. Firebase is strong on metrics and pushing ads to users (now surprise there as is now Google / Alphabet). They often mention the most up-to-date requirements of SPA developers using modern JS practices.
- Kinvey is about 4 years old and started supporting indie developers (like me) but recently pivoted to be more enterprise focussed. Their founder and CEO Sravish Sridhar claims to have invented the term BaaS and prove the model works. They have a rounded provision and fully support HTML5 and javascript in the browser.
As an aside, the Serverless project simplifies the configuration of your backend. This is especially important in a team environment. Though serverless is tied to parts of AWS, Azure may come.
I tried AWS first. However after writing some client code and hitting many problems and confusions I finally decided enough was enough and I should look at others. The next big sticking point was username only sign in, most Brian users will not have email addresses. The following is a brief summary of my findings and thoughts based on my requirements.
Disclaimer: this review is a result of reading around the subject, with the exception of AWS I have not tried working code, yet. I also looked at the free tiers but with an eye on the expansion options
Clear docs and examples for JavaScript mobile web app client
- AWS: Quite a mess. iOS and Android are first class but javascript poorly linked and rather hard to find. To be fair, some components are beta. The main problem is lots bits and no clear complete examples
- Azure: Yes but slightly confusing messaging and so many features that are not relevant to browser apps. “Web Apps” focusses on the back end services while a “Mobile App” add an offline-capable OData v3 feed for data and client SDKs including JS. Apache Cordova (hybrid apps) is often mentioned whenever JS is but apart from a few dependencies on Cordova plugins, browsers are equally well supported. An excellent series of posts from the from the Apps project lead
- Firebase: Excellent getting oriented and get started docs with good complete examples. Clean SDKs. All really easy to find.
- Kinvey: Hard to fault really: case studies, developer guides, references, samples and code all easy to find and digest. No bloat or hype, just good information. They even have some whitepapers and ebooks introducing the wider topics and comparisions with other providors.
All the JS client SDKs are open source projects
Support
You get what you pay for with support so I just tried pre sales via twitter and other free channels
- AWS: I tried issues on the client SDK projects with limit success
- Azure I got excellent direct help from the project lead.
- Google: Use Stack Overflow – no response yet
- Kinvey: Pretty much perfect. Initial Twitter contact from the CEO when I happened to mention Kinvey. Swiftly followed by voice discussion with JS lead. Forum is also active.
Static hosting for SPAs
SPAs only need static hosting for the HTML, JS, CSS and other assets, While developing you don’t want caches to get in the way. In production you want CDNs to give global fast access. HTTPS is a must have as is URL rewriting as SPA use pushState to simulate URLs and we need to stop the server throwing 404s
- AWS: S3 doesn’t provide HTTPS, cloud front does but only suitable for deployment
- Azure: All covered, Blob storage looks best or possibly web apps
- Firebase: all covered
- Kinvey: No. Perhaps the only missing feature
There’s always GitPages, Surge and other services for cheap static hosting.
Simple sign-in with Username and Password
Brian users are elderly in residential environments and are most unlikely to have either email, SMS or accounts with other social services. Thus the commonplace and more secure authentication flows that require email or SMS cannot be used. Even a password may be too much for a person living with dementia.
- AWS: Explicit with Cognito User Pools, a new beta service.
- Azure: fairly straight forward example given using Auth0 a separate service
- Firebase: requires a custom Auth flow and identity server – perhaps works with Auth0
- Kinvey: Yes. Plus options for enterprise and social federated
Offline data sync for use config
This means no need to use REST APIs for data access. Just read/write locally and the system takes care of details as and when connectivity is available. Further, sync supports updates between devices. Should also optimise battery use and metered connection costs. I’m not particularly bothered if data is JSON, pairs or SQL.
- AWS: supposedly easy using Cognito Sync. I hit problems which basic set/get transaction which caused me to look at others.
- Azure: not yet but in progress and a fork on GitHub project. Will initially be for Cordova apps only.
- Firebase: yes. They mention all the important points.
- Kinvey: Yes. Again covers the bases plus works with all browser storage options. Very clean flexible SDK based on RxJS observables and providing a Fluid style API for queries. This is a big bonus for Brian which uses RxJS CycleJS
Storage for media files and URL access
Brian needs to display local images but the FileAPI URLs used to access local content are temporary. This almost certainly security related. Thus we unfortunately need to upload local files, store them an access with a private URL. Alternatively we create a Hybrid app to circumvent the sandboxing, but then we have to play the App Store dance and Ive no desire to do that.
- AWS: S3 and the Generate Web URL API for public and signed URLs
- Azure: Blob storage with public and private URLs
- Firebase: just released. Not clear how to get URL as operations seem to be upload / download only.
- Kinvey: yes, delegates to Google cloud storage. Still not clear how to provide private URLs
Server side code execution, AKA business logic
Rather than setting up a full server it should be possible to run ‘snippits’ Obviously security, authentication and integration with other parts are all important.
- AWS: yes – Lambda
- Azure: yes functions – still beta and not yet fully integrated with Apps
- Firebase: no
- Kinvey: Yes. Restricted node environment on free tier, full node on paid tiers.
CLI to make config easy to manage and reproduce
All the systems have snazzy interactive web GUIs but as I discovered with SQL Server maintenance you *really* need to script you configuration to make it reproducible and to easily make bulk changes. This is especially important for CI /CD and allowing anyone to easily set up an open source project from scratch
- AWS: yes
- Azure: yes and not just Windows either
- Firebase yes.
- Kinvey: Only for business logic on free. Requires manual management and deployment of some config. Offers image cloning on other tiers
Features for metering, crash support
- AWS: yes
- Azure: yes
- Firebase: naturally strong given Googles business model
- Kinvey: only with enterprise tier
Realtime messaging, data and push notifications
I’m not bothered by this right now but it might be useful. I didn’t spend any time looking at this
- AWS: push notifications
- Azure: push notifications
- Firebase: make a big thing of push etc.
- Kinvey: push notifications but not for JS clients (yet)
Collaboration opportunities
I’m developing the client in CycleJS and RxJS (switching soon to xstream) and the small but growing community includes those working on another SPA using Firebase. It would be great to share effort with the sparks project, especially as they really understand the technology a lot more than myself. If I don’t use Firebase it might still be possible to share concepts with them and maybe make a similar driver for the community to use with another provider.
Cost
I left the most important ’till last. Brian is an open source project and I’m collaborating with various EU projects who are performing trials. So as a micro SME I’m very cost sensitive. At least until I get the self financing service going. Thus a free period or credits are vital.
- AWS: I year free access to almost everything, Looks cheap after.
- Azure: Somewhat confusing array of subscriptions that can run in parallel. Free month, F1 tier, MSDN and BizSpark. I’ve applied for the latter. Pricing a bit confusing and one page seemed out of date.
- Google: most parts are free but some appear to always be chargeable.
- Kinvey: Free developers tier good for all non enterprise .focused features, can have unlimited backends (called Apps).
Conclusion
Part of the reason for this post was for me to collect my thoughts and make a decision. So despite being very late with getting a MVP out the door, I’m going to use Kinvey, rather than spend more time trying to get AWS working or fight with the gaps in Azure’s provision. I’ll take the extended learning curve and present lack of offline sync on the chin. It looks like Kinvey has all my requirements covered except a full CLI so with any luck I can just get on with my app now! I’ll post my experience