James posted on this topic after watching a presentation at OWASP’s local Hartford chapter meeting last week. It was buried halfway down in the post, but it asked a great question:
Do they really think that their silly little architectures that support 500 users concurrently is somehow more challenging than implementing an architecture that supports 2 million concurrent?
It is a damn good point. The playground for these applications is different, but the same issues arise. I’ve played a few online games in my day and have seen the ups and downs of their implementations. I think I’ll throw in my opinion on two of the items for comparison, performance and security.
Damn Lag Killed Me
I can tell you right now that James understates the performance issue. When the games started coming out, and they were rare, lag was accepted as a fact of life. We hated it, but we didn’t know any better. We also were dealing with modems and blamed all the the data coming down to the client. To the user, the environment would stop updating and then the game would shutdown. Inside the game, the MOBs (the critters) would see a nice juicy target ready for revenge. Going LD (link death) is still a problem for users today.
Then came high-speed internet. Then came the need to get the latest video card in order to handle some of the intense graphics processing on the client-side. Performance issues on the server-side became more obvious and pretty much killed some games. Why play a game if you are just going to get killed because the server fries? Code had to be improved, communication improved, and servers scaled out. When you are in an environment where you have to correctly track over 100 users in your immediate vicinity in order to decide your next action, you can’t afford any delays.
Let’s look at an enterprise application. A two second screen change is actually considered good. Something that would lead to the death of my character at the hands of a horde of wood imps is actually acceptable. I don’t see that changing unless the paradigm of system design changes.
Right now, Enterprise applications are delivered via the web. Games have FAAAAT clients. They consume several Gigs (6+) on the hard drive. They are also memory hogs. Just futzing around in a game can churn 350+ MB. All of this, plus one kickin’ video card, is what gets you most of your performance.
Users and managers have been asking for web interfaces for their Enterprise applications for over a decade now. The presentation layer begins to eat at server resources and forces more data to be sent to the user. When it gets to the client machine, the application is dependent on a third party browser, of which vendors have to support multiple to keep their potential market happy.
Did I mention that Enterprise application must work on both Windows, UNIX, and Linux systems while the gaming servers just have to work? Game vendors can put together their server farms how ever they want and on anything they want. It just as to perform.
If vendors where allowed to put light-weight clients on end-users computers, then we could start to see some performance and start to really focus on the other performance lessons from the gaming world.
Exploits for Money
Security is where there are massive lessons to be learned. You have a client that limits what a user can submit in terms of input. It must then be processed on the client before being sent to the server. There are a lot of things that are determined on the client. The question is securing that communication so that the information the server receives is accurate.
Look at the audience for the games. A healthy number are technical in nature. Even if only 1% of the player base were technically inclined, that leaves thousands of capable people that have something to gain by hacking the system. Who doesn’t want to be the most powerful player? You can even make money by being good in the game.
There are lessons to be shared here.
Using what We Learn
While a lot of what these game companies develop can’t be applied to Enterprise Software due to the need to support everyone and keep the CTOs of the world happy, internal development project can benefit. From there, organizations can begin to realize that in order to get some of the gains they crave, they need to change their approach to how applications are deployed.
Users have big fat client machines that are under-utilized. Don’t give those resources to Vista, give them to your Enterprise.
Word of Pie 
I never thought I would see an opportunity to mix my two passions, content management and gaming. (Yeah, I’m a real chick magnet.) I actually migrated from the gaming industry to CM several years ago. (As an aside, I worked on the Age of Empires series.)
It seems that the people who do best at the latest generation of MMO’s are from the business world. About two years ago, I was working in a very large IT Supply Chain department with a friend with a World of Warcraft account. Every morning for about 10 minutes, we would strategize different ways to manipulate the gaming environment, specifically the Auction House. Using my knowledge of how games are designed, his superior knowledge of supply chain economics and our combined programming, we had a great time dominating the marketplace through effective pricing and using the laws of supply and demand. We did this little experiment (no cheating whatsoever involved) mainly to try out ideas and models to see if it could be done.
What we discovered is that not only did we have fun, but we also learned a lot in the process. When gaming and business merge together, there are a lot of possibilities. Business shouldn’t frown upon electronic gaming as seems to always has. Fortunately, the first generation of kids raised on video games in the ’70s are firmly entrenched in the business world and the benefits are showing.
The world at large isn’t aware that electronic gaming has been the largest driver of technology. If it wasn’t for the *consumer* demand for faster processors, better graphics and more storage space, the cost of everything you use in your office would still be astronomical. (I’m sure someone is going to counter “But what about business databases being the technology driver?” Pffft… yeah, right. Just try bringing that point up and I’ll snuff that argument right out.)
Okay, back to your post… The argument about client apps being FAAAAAAT is tangental. There’s a reason they are so fat. That because a large portion of that data is graphical in nature, HD intro movies, cutscenes, textures, meshes, models, etc. which isn’t going to be something you’re going to find on a business application. (I don’t seem to recall Visio 2007 requiring DirectX9a.) Because the gaming server isn’t going to send realtime graphical data, of course you’re going to have a big client. So compare the actual nuts and bolts of the game to the web app.
You’ll find that the game is almost always coded more efficiently. The network code is not only tight, but encrypted as well. Memory is often protected far better. The game algorhythms would shame most financial models. Frankly, the only thing the gaming industry lacks is discipline, structure and organization within their own development companies.
Don’t forget that the target audience for computer games has a faster, better computer than most corporations. They use more memory and resources because they can. In fact, gamers almost demand that a game use every little bit of their PC. The total opposite of what the business world wants. Instead, look at the console side of the gaming industry. They have to work with a fixed environment with no chance of an upgrade for at least 5 to 7 years. I hear all the time at work about some long beard who worked on a VAX and all the crap he had to put up with. That’s nothing to the early game programmers I know that had 4k of memory to work with, little to no documenation and they had to coax every little cycle out of a cheap Motorola chip.
I can talk about this for a week, but I’ll wrap this up with one more comment on your statement about game servers “just have to work”. For the most part, yeah, performance is the driving factor. Everything is custom coded for the most part so the developer can choose whatever he wants. However, for MMO games, the developer does have to worry about overall bandwidth costs and he is dependent on network hardware. These servers are constantly abused and stressed to the limit. Over time, this is the largest expense the developer has to cover. If the subscriptions don’t cover those costs, then a game will quickly die.
It’s a fun topic. Gaming makes more money than Hollywood, but it’s a roller coaster industry. If anyone has questions, I’ll be more than happy to answer.
LikeLike
So do you guys see Adobe AIR and/or FLEX and/or Silverlight as the future for a “fatter” richer and hopefully faster client experience? Clients have demanded more and more from our web applications for years and it seems that we are starting to want to swing the pendulum back towards FAT clients based on performance, look, feel and ease of use. The catch is that they are a pain to deploy and maintain.
I just hope whatever it looks like in the future is easy to deploy. Hopefully FLEX and/or AIR or Silverlight or whatever becomes the standard will be as easy to deploy for clients both inside and outside our firewalls / company walls.
LikeLike