10 Factors To Consider When Evaluating Geospatial Data Streaming Services A Whitepaper by i‐cubed, LLC ©2012 [email protected] | +1 970.482.4400 | +1 800.472.8328 | www.i3.com
i-cubed, LLC | 1600 Prospect Park Way | Fort Collins, Colorado 80525 | USA
Why Stream? Dynamic streaming of imagery and vector content has significantly increased over the last several years along with the growth of web services within the Geospatial community. This growth has been fueled by broad adoption of OGC W*S standards and increasing availability of compatible web services from many commercial and government organizations. In many cases, streaming of content is the easiest way to disseminate the content across an entire organization or to the public at large in a standardized way. i‐cubed was an early adopter of web serving technology and has been a leader in streaming imagery and vector web services since 2003. As our hosting capabilities have grown, so too have our dynamic image delivery services and the infrastructure to support them. While some organizations may choose to use Commercial Off‐The‐Shelf (COTS) or open source web server applications to stream data themselves, there are many collateral issues that should be considered when electing to take on the burden of providing performant and reliable streaming web services. 1. Infrastructure and Physical Security The hardware and environmental infrastructure required to provide robust and resilient services are significant, par‐
ticularly when it comes to providing scalable services that are needed to accommodate surge demand. i‐cubed's primary serving facility is maintained in a Tier 3 facility. All environmental and power systems are completely redundant and operate in an N+1 configuration with no single point of failure. The physical servers themselves are monitored 24 X 7, and protected by 5 physical barriers which incorporate key card and biometric access controls. This infrastructure ensures that no unauthorized physical access is permitted to the hardware and storage systems and en‐
sures that in the event of power outages, all environmental and power infrastructure is functional. 2. Service Level While internal consumers of a web service within an organization may be more tolerant of intermittent service inter‐
ruptions, external users typically are not. In the case of mission‐critical applications such as emergency response, even a small amount of down‐time can have serious implications. Additionally, many organizations have a broad geographic reach and literally "Follow‐the‐sun" in providing services to their customers. Because of this, even events like sched‐
uled system maintenance may impact end‐users who are distributed across the globe. i‐cubed believes the minimum service level outside of regularly scheduled maintenance activities is 99.9%. This level of service provides no more than 8.75 hours of downtime outside or regularly scheduled maintenance per year. Due to the clustered nature of the i‐cubed infrastructure 'stack' many maintenance activities can be performed without im‐
pacting services. Furthermore, for activities requiring down time, i‐cubed has structured its scheduled maintenance window to last no more than 3 hours per week and exploits this window at a time when the least number of customers will be impacted. [email protected] | +1 970.482.4400 | +1 800.472.8328 | www.i3.com
3. Reliability and Resiliency Reliability goes hand in hand with maintaining a minimum service level. While it is relatively easy to maintain a service level of 99%, reaching 99.9% or higher requires a sophisticated approach that includes clustering and load balancing of hardware and software applications as well as internet connections and all other critical infrastructure, to eliminate all single points of failure in the stack. Resiliency refers to continuity of operations in the event that the primary serving facility is completely unavailable. In order to accomplish this, all infrastructure, applications, data, services and ancillary systems must be replicated to one or more secondary data centers with an appropriate level of geographic separation to ensure physical and logical inde‐
pendence. Additionally, appropriate protocols need to be established for switching between these sites in the event of a failure at the primary site. The i‐cubed infrastructure has been designed from the ground up with reliability as a cornerstone of the architecture. Internet connectivity is provided through a 'mesh' of 13, tier 1 international internet providers. All traffic is dynamically routed across these providers which helps optimize performance of i‐cubed services globally. To accomplish Disaster Recovery (DR), i‐cubed maintains 2 completely independent streaming systems. All data, services and applications are continuously replicated between sites, which ensures that in the event of a critical system failure, the backup system can be invoked to minimize interruption of services. 4. Monitoring, Alerting and Reporting i‐cubed firmly believes that "if you can't measure it, you can't manage it". While hardware and application clustering help ensure system stability, monitoring, alerting and reporting are the foundation of system continuity. The i‐cubed system is monitored 24 X 7 from multiple independent external nodes which are integrated into a tiered escalation and alerting system. All events are logged and issues which impact system performance or availability are escalated appropriately to ensure on‐call staff is notified immediately. The i‐cubed IT and Network Operations Center (NOC) team are available via this system 24 X 7 X 365 to re‐
spond to critical events and maintain service level. In addition, every streaming request that enters the system is logged which enables detailed reporting to be provided to organizations on actual use and system response times for different data sets. These reports are very useful in under‐
standing and justifying the cost‐benefit of providing stream‐
ing services and they also provide business intelligence about where an organization's "hot spots" are located. The figure to the right shows an example of the Network Op‐
erations Center Monitor (NOCMon). Figure 1 ‐ The Network Operations Center Monitor [email protected] | +1 970.482.4400 | +1 800.472.8328 | www.i3..com
Additionally, i‐cubed contracts a 3rd‐party to audit the i‐cubed services against its stated Service Level (99.5%) and typi‐
cally maintains a better than 99.9% uptime. Figure 2 ‐ 3rd Party Audit of i‐cubed WMS services 5. Content Protection Sensitive data provided via web services needs additional protection to maintain confidentiality and prevent abusive behavior such as 'scraping', where content may be downloaded by an unauthorized user or in an unauthorized manner, effectively 'stealing' the content. i‐cubed employs a layered approach to protect proprietary customer content and detecting and preventing abuse. Some services at i‐cubed can be configured to use secured tokens and passwords for the highest level of protection. While this may be unnecessary (or even unsupported) for some applications, there are still ways in which i‐cubed pro‐
tects customer content. Hosted content at i‐cubed is made available through a subscription which is tied to a web ser‐
vice endpoint via a Globally Unique Identifier (GUID). Use of GUIDs provides a reasonable level of protection from abuse and unauthorized use by obfuscating the web service URL, however, in some cases additional protection is needed. The i‐cubed DataDoors system includes ability to 'Whitelist' and 'Blacklist' specific IP addresses and ranges of IP ad‐
dresses which enforces additional levels of protection. A Whitelist entry allows for requests only from that IP address or address range and no others. Conversely, a Blacklist entry blocks any requests originating from the specified IP ad‐
dress or range of addresses. Whitelists and Blacklists can be configured for a specific subscription which allows great flexibility in protecting customer data. [email protected] | +1 970.482.4400 | +1 800.472.8328 | www.i3.com
The final tier employed by DataDoors to provide content protection involves the detection of suspicious activity and automatically blocking the offending IP addresses. All streaming subscriptions can be configured to provide "Auto‐
Smiting" functions. When Auto‐Smiting is active, the DataDoors Network Operations Center Monitor automatically as‐
sesses each request received by the system. Using a sophisticated algorithm, patterns of abuse are detected and if spe‐
cific thresholds are reached, the IP address is automatically blocked. 6. Auto‐Expiration of Subscriptions, Pre‐Defined Hits In some cases, it is desirable to allocate a specific web server end point for a defined period of time or for serving a spe‐
cific volume of data. This may be the case when contractors are working with customer data and need to be removed from access at the end of a contract. The i‐cubed DataDoors system provides this ability in addition to providing access for a pre‐defined number of image requests for a specific subscription. These services can be reconfigured at any time to extend service availability. 7. 'Extreme' Serving ‐ Support for Large Requests In some cases customer may want to send imagery from a WMS service to a plotting device to print large format maps. In many cases dynamic imagery servers will fail on requests that are larger than 2000 X 2000 pixels. Additionally, some client applications may time‐out and either request the same imagery again or fail completely. The i‐cubed DataDoors streaming system incorporates an advanced 'Plot' streaming request handler that supports im‐
age requests of up to 20,000 X 20,0000 pixels. This handler allows large requests to be fulfilled, and elegantly handles poorly behaved client applications that may make multiple large requests that could otherwise overwhelm a standard imagery server. Due to the clustered and load balanced nature of the system, these large requests can be handled without impacting the performance of other requests. 8. Support for Multiple Protocols and High Performance Tile Caches In many cases, supporting the myriad of web client applications can be difficult, especially as protocols evolve and new protocols are created. Additionally, while some users may desire the flexibility of a dynamically rendered image with an unlimited number of display scales, others may require the high performance of pre‐rendered tile caches. In many cases these requirements can result in replication of data in multiple projections on the streaming servers which can significantly increase cost. While the DataDoors streaming system supports many existing protocols (OGC W*S, WMS‐T, WMS‐C, ESRI Imager Server, ArcGIS Server, Google Earth, Bing, etc.), the pluggable architecture of the DataDoors streaming system permits rapid integration of new streaming protocols as they become available. Additionally, these protocols can often be inte‐
grated on top of existing data which can reduce or eliminate the need for duplication and replication of data. This flexi‐
bility allows for customer data to be presented to client applications in a variety of ways while remaining extensible to future technologies and requirements. [email protected] | +1 970.482.4400 | +1 800.472.8328 | www.i3.com
9. Serving on the Edge ‐ Latency, Internet Performance and CDN's Many applications perform well when housed inside an internal network or in a regional context but suffer perform‐
ance degradation due to internet latency as the distance to the servers increase. This can cause the user experience to deteriorate to unacceptable levels, especially internationally, and result in loss of clients. The i‐cubed DataDoors streaming system supports Content Delivery Networks such as Akamai and CloudFront etc. for static content, and also includes proprietary network optimization technology (called hsservices) that dramatically im‐
proves performance of dynamic requests. For example, average internet latency within the US is around 700 millisec‐
onds compared to around 3500 milliseconds from the US to India. Using the optimized DataDoors hsservices transport layer, latency to India is decreased to around 800 milliseconds which is a significant improvement. In many cases, this technology has eliminated the need to place multiple Points of Presence (POPs) around the globe and enables i‐cubed customers to reduce cost, while maintaining an acceptable user experience. 10. Performance Optimization, Content Augmentation, Metadata and Geo‐Fencing Most Geo‐Spatial content (particularly imagery) is not natively optimized to provide the best performance for dynamic streaming services. While services based on native data files can be instantiated, the rendering times will often not meet the expectations of end‐users. As data is ingested into the DataDoors streaming system, it is optimized to provide the best end‐user experience. Standard 1000 X 1000 pixel dynamic requests are typically rendered on the i‐cubed serv‐
ers in under 1000 milliseconds and which improves the end‐user experience. i‐cubed also has extensive experience in providing color‐balancing and seamless integration of multi‐temporal/multi‐
sensor data sets to create tonally‐balanced services that eliminate the 'patchwork' visual effects that that are inherent in these composite mosaics. This type of processing provides a performant and visually enhanced service that greatly improves the end‐user experience. An example of value‐added seamless integration by i‐cubed is shown below: Figure 3 ‐ Typical Multi‐Sensor Integration Figure 4 ‐ i‐cubed Value‐Added Seamless Integration [email protected] | +1 970.482.4400 | +1 800.472.8328 | www.i3.com
In many cases, customer have their own unique content that they wish to stream, however, they may also wish to aug‐
ment their content to include other data sets that may be available from other sources that they themselves do not own. Finding and staging these data sets and the associated metadata can be a significant challenge. i‐cubed has a variety of standard off‐the‐shelf global imagery services including DEM's, Topo Maps, Bathymetry, etc., that can be used to augment a proprietary customer data set. This content can be integrated as a separate service for customers or directly combined with proprietary data to create a seamless custom streaming service of the best avail‐
able data for end users. As well, these services can be configured on the i‐cubed servers in order to eliminate the need for customers to manage any of the data or stage these services themselves. In addition to providing standardized imagery and vector services integrated with i‐cubed and third‐party provided im‐
agery services, i‐cubed can also configure user‐specified metadata rendered directly onto each image request, or as a separate WFS service that can be integrated into a variety of client applications. The i‐cubed DataDoors stack also includes ability to apply Geo‐Fences against WMS and Tile Cache services to restrict access to defined geographic areas on a subscription basis. This capability allows access‐control to be applied spatially and can help in situations where a user, such as a contractor, only needs access to a subset of the available data for a defined period of time. Summary While it is reasonably easy for an organization to stand up streaming services there is often much more associated with standing up services that are robust, resilient, flexible, performant and scalable. If these are requirements for the ser‐
vices that are provided by the system, then it typically needs to be architected from the ground up to achieve these objectives. The additional requirements for service monitoring, alerting and reporting require additional independent external infrastructure in place and either a dedicated or on‐call team to respond to issues as they arise. In i‐cubed's experience, requirements from streaming services often evolve quickly from an initial simple request to "stream some imagery". The i‐cubed DataDoors system provides a scalable, extensible and flexible platform to support these evolving requirements and protocols and is backed by a 24 X 7 team that has maintained a service level in excess of our stated objectives of 99.5%. [email protected] | +1 970.482.4400 | +1 800.472.8328 | www.i3.com