High Performance Messaging for Web-based Trading Systems. Frank Greco - @frankgreco Director of Technology, Kaazing

High Performance Messaging for Web-based Trading Systems Frank Greco - @frankgreco Director of Technology, Kaazing

Outline Background Trading Systems and the Web Requirements Web Messaging for Trading Apps Layered Approach to Web Protocols New Requirements The Web beyond the Browser

Background Financial Services Capital Markets Desktop trading systems Swing/Java/TIBCO, et al Customer use cases FX, Commodity desks Director of Technology @ Kaazing Chairman NYJavaSIG (javasig.com) Largest JUG in North America 7,000+ members frank.greco@kaazing.com, @frankgreco

Web Trading Systems FX Trader Application front office demo.kaazing.com/forex

What is a Web Trading System Trading System A set of rules governing buying/selling An application that expedites a trading system Modern Web Trading requirements - HTML5 no more plugins - UI/UX Sencha/extJS, GWT, jquery, GPU acceleration, etc - Usable application cache - Fast, reliable, secure - Minimal impact to back-end services - Works with pub/sub brokers and data feeds - High message rate, small payload equity ticks, watchlist, currency pairs, etc.

Everything sounds do-able, except Designed for document transfer HTTP - Short-lived Request / Response interaction Bidirectional, but half-duplex - Traffic flows in only one direction at a time Stateless - Large amounts of metadata resent for each request Web was not designed for real-time, event-based services

Some things age well HTTP TCP

and some things don t Oldies Hits - AJAX and the Comet Pollers - 2006

High-Level Trading Systems Architecture ios/android Authentication Mobile Browser/Native Client Net Authorization Make me Web friendly Browser Desktop Java/.NET Msg Broker JMS/AMQP etc Pricing Feeds News/Alerts Trade Exec What everyone does Reports

High-Level Trading Systems Architecture ios/android Authentication Mobile Browser/Native Client Net Browser Desktop Java/.NET Authorization Make me Web friendly Msg Broker JMS/AMQP etc Developers want a secure version of this architecture so they can focus on the app Pricing Feeds News/Alerts Trade Exec Reports

Real-time Client/Server Architecture Instead, we try this traditional solution Trading App Broker Just have to open some ports Merely deploy Java/.NET on client Only need to traverse several proxies between the endpoints Easy, right?...

Middleware for the Middleware Or we try to proxy things over the web ticker plant Protocol mismatches Inefficient Scalability Issues Latency Issues

Things aren t looking too good

Welcome HTML5 (aka The New Web)! Users are Demanding more from Apps UI/UX Requirements are more sophisticated API Explosion Browser Enhancements Web no longer just about Documents but the existing infrastructure reflects this legacy The New Web is a Foundation for Enterprise-grade Applications 14

WebSocket Real-Time, bi-directional connectivity IETF Protocol - RFC 6455 Dec 2011 W3C API Easily add event-based (trading) data to web apps Avoids polling Avoids HTTP meta-data overhead Shares port with HTTP (80/443) Peer protocol to HTTP (both use TCP) Most Important API in HTML5 Facilitates other protocols Puts the web in a better place

WebSocket Standards W3C API Candidate Recommendation - http://www.w3.org/tr/websockets/ IETF Formal Protocol (RFC 6455) - Event-driven JavaScript API - Full-duplex communication protocol Integrates HTTP addressing - ws://yourcompany.com/collaboration_svc - wss://anothercompany.com/marketdata_svc Traverses firewalls, proxies, routers securely Text and Binary Leverages Cross-Origin Resource Sharing (CORS)

The WebSocket Handshake

For Real-Time, Event-based Web Communication Legacy HTTP vs WebSocket Seems like a no-brainer for trading apps 18

Java API for WebSocket - JSR 356 Creation of WebSocket Java components to handle bi-directional WebSocket conversations Handling WebSocket events Creation and consumption of WebSocket text and binary messages Allows for WebSocket protocols and content models for an application Configuration and management of WebSocket sessions, like timeouts, retries, cookies, connection pooling Specification of how WebSocket application will work within the Java EE security model! Official Java SE WebSocket API in the works

Why do I Care? What does this really have to do with highperformance messaging?

Legacy Web Half Duplex - HTTP Full duplex Web Browser Web Tier Middleware Msg Broker Live Web Full duplex - WebSocket Full duplex Web WebSocket Server Msg Broker

Scalability more traders, more services Complexity More Traders More Services More More Growth Greco s Law! Scalability = Growth / Complexity Simple things scale 22 22

HTML5 WebSocket API

HTML5 WebSocket API But Dealing with WebSocket is like dealing with TCP. It s a streams-based model. You need to understand how to handle streams-based data over the wire. So how do I do publish/subscribe for my trading system?

What is Missing? Where is the Application-level Protocol? Who handles retries? How do we handle publish/subscribe semantics? How do we handle market data? Is guaranteed delivery possible (trades)? What if the client is not active? How do we handle [fill in with favorite semantics] What about partials? Who s responsible for entitlements? How do I manage that? etc

But wait Protocol Layering is Possible! Whoa Its just like TCP! Huzzah! Browser and Native Applications JMS XMPP AMQP B2B FTP VNC mktdata etc WebSocket TCP Internet WebSocket Gateway WebSocket Gateway

Anything Else Missing? Other Considerations Need to handle multiple WS versions Need to handle multiple (and legacy) browser versions Can t have business logic in the DMZ Have to work in multiple DMZs AuthN/AuthZ has to work multiple times High-availability topology Concerns about open ports with back-end service Services architecture needs to be consistent Native, HTML5 and hybrid environments Integrate easily with non-messaging services XaaS integration the Web beyond the browser Bandwidth management etc All things you need for a real enterprise app

Publish/Subscribe over the Web for Trading Systems Java Message Service (JMS) over WebSocket A 60-second Tutorial In case you haven t heard of JMS

Java Message Service (JMS) Java EE Message Oriented Middleware JMS 1.0 2001, JMS 1.1 2002, JMS 2.0 (Feb 26, 2013) Asynchronous Messaging vs. RPC Loosely coupled vs. Tightly coupled Pub/Sub, Topics, Queues Transactions, Reliable

Basic Inside-the-Firewall JMS conn = createconnection(); sess = conn.createsession(); topic = jndicontext.lookup(topic); pub = sess.createproducer(topic); pub.send( hey Frank ); msg broker conn = createconnection(); sess conn = conn.createsession(); = createconnection(); topic sess conn = = jndicontext.lookup(topic); conn.createsession(); = createconnection(); sub topic sess = sess.createconsumer(topic); = = jndicontext.lookup(topic); conn.createsession(); sub.setmessagelistener(this); sub topic = sess.createconsumer(topic); = jndicontext.lookup(topic); sub.setmessagelistener(this); = sess.createconsumer(topic); public sub.setmessagelistener(this); void onmessage(message m) { public String void s = m.gettext(); onmessage(message m) { public String void do stuff s = m.gettext(); onmessage(message m) { } String do stuff s = m.gettext(); } do stuff }

Now JMS API for JavaScript 1. Create connection from ConnectionFactory see tutorial.kaazing.com 2. Create session 3. Create topic or queue 4. Create producer 5. Create consumer 6. Create message listeners (function to handle messages) 2 3 4 5 6 session = connection.createsession(false, Session.AUTO_ACKNOWLEDGE); var mytopic = session.createtopic("/topic/mytopic"); topicproducer = session.createproducer(mytopic); topicconsumer = session.createconsumer(mytopic); topicconsumer.setmessagelistener(handletopicmessage);

JMS API for JavaScript 7. Send messages var dosend = function(message) { message.setstringproperty(message_properties.userid, userid); topicproducer.send(null, message, DeliveryMode.NON_PERSISTENT, 3, 1, function() sendfromqueue(); }); }; 8. Process messages: the message listener function: handletopicmessage() var handletopicmessage = function(message) { if (message.getstringproperty(message_properties.userid)!= userid) { $("#slider").val(message.gettext()); $("#pic").width(message.gettext()); } };

WebSocket Projects, OSS, Vendors Kaazing Node.js/socket.io ActiveMQ Tomcat Jetty Oracle Glassfish Java EE Play Framework Rabbit MQ JBoss IIS/ASP.NET 4.5 PHP, Objective-C, Ruby, Python, C/C++, JVM-langs Many more

Futures What s next for Trading Systems and the Web? 34

New Computing Model Clouds 35

New Computing Model Storage Docs Email Cloud Cloud websocket websocket websocket websocket Regulatory hypothetical Clearance Collaboration Cloud Wealth Management websocket Enterprise Notifications Transactions Risk Management Cloud Cloud Sentiment Analysis Cloud FX Analytics 36

Inter-Cloud Connectivity or XaaS Compliance as a Service External Cloud Clearance as a Service Service Bus service service service websocket Regulatory Auditing as a Service Risk Management as a Service ipaas websocket Internet Service Bus Enterprise Enterprise Service Bus service service service 37

Event-based XaaS Everything as a Service in Real-Time Monitoring as a Service WAN Optimization as a Service Data Center as a Service CDN as a Service Sentiment Analysis as a Service Database as a Service Security as a Service EAI as a Service Identity as a Service Integration as a Service Enterprise Messaging as a Service Backup as a Service Risk Analytics as a Service Trade Clearance as a Service Auditing as a Service Governance as a Service Testing as a Service Windows Desktop as a Service Network as a Service Notification as a Service Analytics as a Service Telephony as a Service 38

Global Distribution Next Generation CDN

Questions? frank.greco@kaazing.com

Enterprise-Quality Features WebSocket++ IETF RFC Compliance No business logic in Gateway - can be installed securely in DMZ Extends Browser as full enterprise client JMS Topics, Queues, Durables, Acks for Guaranteed msgs JMS Edition Works with any JMS provider - no broker lock-in Secure Services can close all inbound ports End-to-End encrypted messages for multiple DMZs Full JMS API for JavaScript,.NET, Flash, ios, Android (soon) Granular Client Timeouts for mobile to detect offline ios-apns & Android/GCM Integration Kerberos over WS No Server-Side API for messaging needed for legacy integration Emulation when intermediaries block native WS AuthN/AuthZ and SSO integration 24x7 Global Support Can Connect to any TCP or UDP data source Bandwidth Control Emulates WebSocket protocol for old browsers w/ no polling