I currently have an application server on AWS Lightsail that serving smartphone app. I had to make backend changes mostly security tweaks to secure API calls between the server and the app. The changes are still in my test server and the moment i apply them to production current users wont be able to communicate with the server. They will be logged out and required to update the app before login again. My problem is I cant really find a way to avoid service disruption and there will be downtime between the time I deploy the changes until my app update gets approved by Apple as Apple need a running server to test the app before they approve it. during that time my users who are using the old version wont be able to communicate with the updated server and that time would be 1-2 days which is something I cant afford.
My questions:
First Question
Is there anyway I can have DNS Zone setup and have both the old and new servers running and direct traffic coming from the old and updated app to the respective server? I have an initial thought that this can be done by using Route 53 however, i am not sure how to get this working.
Second Question
Do I need add a config file to the updated app to check the health of the server and communicate with accordingly?
Thank you in advance!
Related
Our organization and our environments run at closed environments (behind Citrix and no public access given to mobile apps connected to those).
We have developed a mobile app for iOS, for one of these environments, which runs also with Blackberry Dynamics as IAM. The question is related to the sign-in request of Apple during the App Review process for a mobile app.
Since we simply can not just open our environment to the public, we can not make the app accessible during app review (so they simply will not reach our server if they run the iPA). We are probably not the first organization who runs at closed environments and who experienced this issue.
I thougt self to;
1 - dynamic runtime urll; we can create sandbox environment and use this url and prod url behind another generic url of the loadbalancer or so. while in review we can forward traffic coming from the runtime url to sandbox env and after that we can toggle the traffic to prod url. this is compliancy wise hard to achieve within the organization.
Any more ideas without comprimizing our closed envs?
We have built a iOS application and we are going to submit it to App store. Inside our app we have hardcoded the url of the webservice.
Our client wants to do something like this.
For the review he wants set that url to the webservice in the dev and after approval to change it to production. As he doesn't want to create fake accounts and data in the production database.
Is there any setting or something to do such a thing for the approval without changing our code.
Thanks
Hardcode a specific URL in your app. Then setup your web server so that URL gets redirected to the "real" URL. Before your app is in the store, have the URL redirect to the development URL. Once your app has been approved and it goes live, change the URL to redirect to the production URL.
This is basically a single line change in the web server's config file.
This gets a little trickier if you need to repeat the process each time you submit an update. You probably will want the review of the update to go back to the development URL. This will probably required that you pass a version number as part of the URL (which you should do anyway incase the API of your URL changes over time).
You can check whether on not the app is in AppStore. Check out this answer for more info: https://stackoverflow.com/a/17627239/2604030
I am hoping you haven't also hardcoded a password in there.
However, unless this is a very long-term, robust service, also hardcoding your database server details in there is also a bit dangerous.
Consider writing them to NSUserDefaults but having a failover service.
For example, if the server doesn't respond, have a different server you can hit to get a new database server address.
This would allow you to setup a test server, kill it after review, and have new users go to the new server.
Another approach is, if you have a way to push notifications to the devices or have a status check that they do, add extra metadata to that check message so you can pass through an update to the server address.
Querying a separate server for important metadata is a common technique - it lets you have some flexibility and respond to emergencies.
Why not just KISS and set the URL in NSUserDefaults or a plist (i.e. validation=URL1, validated=URL2 or something). This way your URL is configuration-based and not embedded in your code. You could use Sebyddd's response in your code to determine which URL you grab at runtime
I'm trying to get to a point where I can make and deploy emergency changes to my Heroku apps from mobile devices. Using CodeHub (ios) I'm able to make changes to the GitHib repo, and using Nezumi (ios) I'm able to access the logs, restart the application and even gain console access to my app. The one thing that I can't figure out how to do at the moment is how to push the updated GitHub repo to Heroku and rebuild/redeploy the slug.
Is there any way retrigger this via the heroku console or any other mobile friendly interface?
Thanks.
There are plenty of deployment services that will do this, but if you're looking for one that works well on mobile, http://www.wercker.com is great.
I am trying to use push notifications for OS < 7.X .
I downloaded the sample server / client code. I deployed the client code on my device and the low-level-sample code on the tomcat provided.
For the record , when i registered for push notifications here i registered using the BIS option. Now that i was actually given a blackberry i was informed it is using BES ( i dont think though this is the root of the problem that i am going to describe..).
On the device , in the sample application i put all the correct settings given from the email i received.
Both my pc which is running the tomcat server and my phone are connected to the same wifi.
I am trying from the device browser to connect to the server , eg https://196.84.32.112:8443/low-level-sample
and the browser opens the page normally , meaning that i am able to connect to my server from the mobile.
Now when i hit register from the device sample app ( i have tried both BIS/BES options on the settings ) , i always get the following error :
Request to register failed. Cause by java.io.IOException: Network operation[Subscribe] failed. Make sure that Content Provider URL is accessible.
In the log i get :
Opening URL: my server url appended with info like username/password/model/connection type etc
Content Provider network command [ Subscribe] failed , caused by could not connect to 196.84.32.112:8443
Command "register" failed with error: java.io.IOException: Network operation[Subscribe] failed. Make sure that Content Provider URL is accessible.
A thought is that i should register again for new push keys and use the BIS/BES option instead of only BIS , but here the problem seems to be no connectivity with the local server , not the RIM server. I already tried to register though and i am waiting for the mail with the new settings.
Also i am a bit confused with the BIS / BES option. I have no idea if my users will have BIS or BES enabled so what do i put in my code ?! In the sample application it asks me to select between BIS or BES but when the app is going to production and i need to programmatically make that choice what will i choose?! Or this choice is made only for the evaluation/development of the app and on production there is another server ?
I think all the right things have been said here, but I'm hoping we can consolidate some of the answers, and wrap this question up.
You haven't shared your code, which makes things more difficult, but many people use the RIM/BlackBerry provided PushDemo source, where a connection suffix is hardcoded in /pushdemo/com/rim/samples/device/push/PushUtils.java:
private static String getConnectionSuffix() {
return ";deviceside=false;ConnectionType=mds-public";
}
I'm also guessing this from having read your other question.
By doing this, you've hardcoded the BlackBerry transport type of BIBS. BlackBerry supports many different transports, like BES, BIS, BIBS, or WAP. The BIBS transport will send the request from your device, out to BlackBerry's servers, which are on the internet. (Note: this part is probably confusing to an iOS/Android developer, since those platforms don't provide Apple/Google network intermediaries to relay normal HTTP/S traffic)
Then, the request is relayed to your server, which is at:
196.84.32.112:8443
I'm pretty sure that TCP/IP endpoint is not available from the Internet (I can't reach it). So, that's why it fails for you.
You can take this URL
https://196.84.32.112:8443/low-level-sample
and paste it into your BlackBerry device's browser, and it will work. Your device is configured for BES, which uses your company's internal servers. Those internal servers can reach the 196.84.32.112:8443 endpoint, so it seems to work for you. But, that's because you haven't hardcoded the transport, as you have in the push code that uses getConnectionSuffix(). The device browser is smart enough to figure out a transport that works, and BES works to reach that intranet server.
Hopefully, that explains the confusing part.
Solutions
As others have said, a solution is to get your company's IT people to make IP address 196.84.32.112 and port 8443 accessible through their firewall. That would allow the BlackBerry servers to reach it successfully.
Another solution would be to change the PushUtils.java code to avoid the BIBS transport:
private static String getConnectionSuffix() {
return ";deviceside=false";
}
If you want really flexible code, then I'd suggest rewriting that PushUtils.java code, because it appears to use the pre-5.0 HTTP connection logic. ConnectionFactory in OS 5.0+ makes this easier, and more robust, when supporting multiple transports ...
To answer your question about supporting users with multiple transports, take a look at this blackberry.com example, specifically the MyConnectionFactory class. It allows you to select which transports your app allows, and which it tries first.
Ultimately, the decision to make your server public or not depends on how it's going to be used, and whether you'll have non-corporate internet clients trying to register with your corporate server.
Let me first explain the registration flow for BB Push Demo:
When you click on Register the device will
Inform your web application that the device wants to register. For this it will send the information about the device to your Web Application (the so called ContentProvider). You are expected to store that information in your database. This step happens in the ContentProviderProtocol.performCommand() method of the push demo.
Inform the BB Push Server that the device wants to register for receiving push notifications from your application. This happens in the BpasProtocol.register() method of the push sdk.
Step 1 is only necessary if you want to know who all are registered for push notifications (maybe if you want to send individual push notifications to each device and not broadcast the message to all registered users). In that case, you will probably need other information like that user's preferences etc for customizing the push anyway.
Now the error you are getting is from the step 1. For step 1 to succeed, your device should be able to connect to your web app which it is not able to.
To solve this problem, either you have to make your web app publicly accessible (and be ready to handle the load) or comment out the step 1 from the app by making ContentProviderProtocol.performCommand() return without doing anything.
PS: The webapp used in step 1 need not be same as your push initiator. The webapp is simply being used for tracking who all is registered for receiving the push and should ideally be located in the cloud on a distributed architecture if you expect a lot of users.
Is it possible to uninstall application from an iPad remotely without user's permission?
The client wants an app for secure sharing company data through iPads and some server (something like Dropbox). The requirement form the client also is to wipe all application data from iPad and possibly uninstall application at all when employee is fired :-)
In my opinion neither the data wiping or remote uninstalling is possible. I am just curious if anyone can came with some solution.
I plan simply offer client to open all encrypted documents only inside an app and only when the app is connected to internet. Each time the document is about to be opened (even if the document is cached) authentication is required. When employee is fired documents can't be read.
You're right in your assumption that remote uninstalling is not possible. And data wiping isn't possible without the user's permission. (The only solution I can think of for this is to send a remote notification with instruction to delete files, but the user would have to open the application from that notification, they could just ignore it).
Authentication does sound like a viable solution. Ask the user to sign in when they open the application (and when the app returns from background) and authenticate the sign in remotely on a server. When the user leaves the company, invalidate their login. Encrypt files stored on the device for extra security.
You could do something where your app checks with a server, each time it is run, for a "kill flag". It could still have content on board but it just does not allow access until it has confirmed there is no kill flag. If there is a kill flag then it wipes all sensitive data.
Another thing to consider is that devices connected through Exchange can be remotely wiped by an administrator. If your client uses exchange and is ok with the idea of completely wiping the device this could be a procedure they could implement.