Web or Cloud – Which Direction Will Client Apps Take?

Introduction

It is a well-known theory that the web and cloud will gradually force out client applications. All that would be needed is a computer with Internet access. In fact, even the full-fledged operating systems in use today would be excessive, as data will be stored on remote servers with necessary software available in the form of various web services. Could this really happen?

Despite all the benefits that may be initially apparent, there are many opponents to this theory. Advocates believe that at some point, the web will completely supplant client applications. The opponents are adamant that the web will never be able to fully replace many client applications, and that some users, and in particularly enterprises with sensitive data, will never agree to store their important and confidential information on remote servers that could potentially be accessed by others.

Rather than re-hash the already-exhausted debate, this article will highlight the key challenges of migrating and web enabling client application to be consumed over the web and cloud, as well as offer possible solutions from the views of developers and architects.

Background

This article is being written on the premise that there are two general types of applications. The first is web apps, which can theoretically jump onto cloud infrastructures fairly easy, although there are three major considerations that should be made before migrating:

  1. Which cloud can host the specific type of web apps? The ability to select the cloud provider and move from one cloud provider to another is very important. A guideline answer to this question would probably be virtual machine-based clouds (i.e. Amazon or VMware v-Cloud infrastructures) which can host most web applications. Shared computing platform, such as Windows Azure or Google App Engine, will progressively support the major infrastructures, but most of the unique back-ends will be left behind, at least for a few years.
  2. What is the cost to deploy to the cloud? Will this be a smart move from an economic perspective? The financial aspect is one of the most important questions today, as the cost-effective calculation is often the deciding factor in business and management strategy. But can we really estimate those costs in advanced?
  3. From a security perspective, can we really expose our organizational apps to the web or the public cloud without severely risking the data security? This is probably the most difficult question to try and answer, as cautious developers will probably say that some apps should never go to the web or cloud because they contain too much data that simply cannot be deployed anywhere else but on-premise. Others will claim that everything has a solution or one is forthcoming shortly, and all apps should be expected to move to the cloud in a secure manner very soon. The truth is probably somewhere in between, however, it will not be wise to ignore this security factor.

The second general type of application is desktop apps. Until recently, moving any organizational desktop app to the web, and even more so to the cloud, actually meant a re-engineering of the entire application to fit the new architecture. Once the technological aspects were complete, then the aforementioned key issues of cost, security and hosting were raised.

With an understanding of the application types, it is important to understand the primary options for migration. Manual re-engineering is an undertaking that involves severe costs and an extensive time frame. Its advantage is that it uses the most advanced coding patterns to transfer the code to a form that leverages the cutting edge technologies and practices. With Code Translation, the amount of work is largely dependent on what is translated (and to what it is being translated); however, inter-architectural translations, such as a desktop single user app to be based on asynchronous web, stateless and multi-user environment, is somewhere between an enormous amount of manual work and an impossible undertaking. Finally, the third migration option is web enablement of existing code. This approach may be the only reasonable solution, as it reflects the need to maintain the current investments in code and is also able to emulate and maintain the same paradigm of development and maintenance along with the same user experience.

For developers, it is very clear that the ultimate solution is having the same desktop code running on the web, being able to maintain it using the same skill-sets, and not having to re-engineer the code in order to maintain its UI and behavior but simply have it running on the web. If that is, indeed, the ideal solution, then what option, practically speaking, do developers have today?

Solutions

The initial solution is client virtualization. Citrix, Remote Desktop, and other similar options would do the job of deploying the same desktop application over the web. The clear advantages are that after the fact, there is no coding at all. Moreover, it can easily be implemented on almost any desktop app. The downside is more serious, such as its high cost (based on a per-user license); it is highly demanding in terms of the hardware required to support large number of users; non-extensible; problematic security model as it opens an independent TCP port and installs a local client; and the high bandwidth consumption, due to the fact that the transportation is based on bitmaps.

There is a second solution that is growing in popularity among developers, who favor its architectural approach, the "Empty Client". This architecture is an emerging open source method, which offers a different approach to architecting, developing and deploying AJAX applications. To better understand it, we will compare it to the classic Thin and Thick (also referred to as Fat or Smart) client approach and to traditional AJAX structures. Empty Client offers a new balance between the Thin and Thick Client approaches and a new channeling of the AJAX calls.

The Thin Client model communicates with a central processing server, which means that there is little hardware and software installed on the user’s machine. This allows all end users’ systems to be centrally managed with software deployed on a central server location, as opposed to being installed on each individual system. This is usually used in places where it would create a major headache for IT to both deploy and maintain so many user stations. In contrast, a Thick Client will provide users with more features, graphics and choices, thereby expanding the opportunities to make the applications much richer. Unlike Thin Clients, Thick Clients do not rely much on a central processing server because most of the processing is done locally on the user system, and the server is accessed primarily for storage and data retrievals purposes. For that reason, Thick Clients often are not well-suited for public environments. To maintain a Thick Client, IT needs to maintain all systems for software deployment and upgrades, rather than just maintaining the applications on the server. Additionally, Thick Clients often require operating specific plug ins, again posing more work and limitations for deployment. The trade-off is a more robust and local computing environment.

Making technological history, Empty Client is a mutual approach for the web and cloud, offering the best of both worlds – the desktop and web environments (or Thick and Thin Client approaches) and enhancing them with AJAX. With the Empty Client approach, an optimized protocol generates and extends server side power, typically achieved with Thin Client, and make it available for data centric, customizable and scalable web applications, typically achieved with Thick Client. Furthermore, the Empty Client leverages the client’s processing power to render the UI and to activate any of the server’s instructions. The Empty Client uses asynchronous refreshes, and a JavaScript-based engine to communicate with the server. Instead of communicating at the component level in a scattered way, it communicates the incremental updates, asynchronously through one central pipeline. What this means is that rather than open numerous routes to the server, it channels all communication through its centrally controlled pipeline; Essentially, Empty Client relies on AJAX but does all the plumbing under the hood.

It also achieves the highest scalability and performance that, in the past, were enabled only with the Thick Client approach. Hence the name "Empty Client", because it doesn’t run any logic or data manipulation on the client, doesn’t expose data or logic, and doesn’t require exposing web services consumed by the client, which is a non-secured very common practice on traditional AJAX development methods. Empty Client is sometimes referred to as Clever Client because with this approach the UI control’s process is an integral part of the control just like a single layered desktop control only divided into the control rendering part (on the client) and the control’s logic part (on the server); it executes on top of traditional and standard web platforms and creates the feeling of a native client side application that usually run as Thick or Fat client only with a Thin client footprint. The Empty Client differs from the Thin client also because it runs on any plain browser with no plug-ins and it does not transfer bitmaps. This way, the Empty Client is really offering the best of both worlds by allowing central computing with the strong processing power that clients typically have today.

How does the Empty Client approach work?

With Empty Client, the application is developed and run on the server, and its user interface is “projected” onto the client. A unique algorithm is charged with the task of transferring user interactions and application responses back to the client. While other frameworks utilize AJAX to enhance scattered parts of the applications (like individual controls), the Empty Client approach seeks AJAX to accomplish one specific need: acting as its main pipeline to the server. This explains why it is so secure, why there is no need to code AJAX, and why there is a very speedy performance regardless of the size or the amount of data that is processed and presented by the application. All one has on the client is a small JavaScript kernel that is responsible for UI drawing on the browser (creating standard HTMLs), receiving the user interaction and sending it back to the server. This interaction passed by the client cannot instruct the server or change the application’s behavior since the entire logic is executed and validated exclusively by the server. With this approach, security hazards are completely removed as there is "nothing" on the client to hack into or manipulate to get access into the server.

Empty Client Solutions

One option for Empty Client is the WOW model – Windows Over Web, which is enabled by the Empty Client approach. This will emulate the desktop environment on plain web platforms and enable almost immediate usage of WinForms based apps over the web, VB 6.0 migration to .NET using translation tools (a non-inter-architectures translation) and then run it over the web. This approach also provides the best starting point for any desktop application migration to the web as it emulates the same mature dev paradigms. Its positive attributes include not needing business logic changes; user experience remains the same; Very low migration project costs; no operational costs on top of the standard web or cloud deployment; and maintenance using existing skill-sets

The downside issues are that this is not an after the fact solution and it requires a new .NET project; partially automatic processes are available for WinForms and VB 6.0; however, other desktop technologies can use it as the best starting point; and that it will not improve old coding patterns to new ones; however, maintains the same business logic which can be improved over time.

A Closer Look at Empty Client

WinForms over Web

If you are performing a WinForms migration to ASP.NET, using any AJAX 3rd party controls (for a richer UI experience), you will have to consider:

  • Entirely new API.
  • Entirely new update approach.
  • Entirely new look & feel C”b,” or work hard to customize the UI to look the same.
  • Lightening the amount of data transferred to the client and presented at any given time to avoid severe latency.
  • The potential of compromising on features list due to the web limitations.
  • Handling security holes created as a result of opening services consumed by client side AJAX and transferring business logics to the client.

The Windows over Web methodology is integrated into Microsoft Visual Studio and provides the exact same API and set of tools/capabilities which are provided out-of-the-box with WinForms 1.0 and 2.0. This fact enables the native capability of simply copying any existing WinForms source code to a Windows over Web (VWG: Visual WebGui) project and providing a fully functional equivalent web application.

More by Author

Must Read