Hey everyone! My team works on software for high-security clients like banks and government agencies. We're thinking about switching our inter-cluster communications from standard HTTPS REST calls to STOMP over WebSockets (wss://). Our current structure involves multiple Kubernetes clusters in possibly different regions using HTTPS. We believe that moving to WebSockets can enhance performance with persistent connections secured by TLS. However, I have some concerns:
- **Security Inspection:** Our clients' Web Application Firewalls (WAFs) can easily examine HTTP traffic, something we might lose with WebSockets.
- **Monitoring & Logging:** HTTPS gives detailed logs, like paths and status codes. WebSockets would only show connection open and close, which seems less transparent.
- **Operational Overhead:** Managing persistent connections could complicate routing and load balancing.
While this change could boost performance, I'm worried about how it might impact our clients. If we were to limit the duration of these persistent connections, could it help with load balancing? What other strategies could we implement to address my concerns? Is this switch something we should seriously consider, or should we avoid it altogether?
5 Answers
Honestly, moving away from HTTPS could lead to major headaches. You lose a lot in terms of observability, and your WAFs won't be able to inspect your traffic anymore. That's a huge risk in an enterprise scenario. I'd tread carefully with this idea.
Sure, you can do event-driven architecture over HTTP. I'm not sure what WebSockets give you besides some performance boost. If that's your goal, have you thought about using gRPC instead? It seems more standard and might be a better fit for internal traffic.
Switching to a messaging architecture is a big step that goes beyond just changing protocols. You're right to be concerned about logging and security; those can be more complex in a messaging setup since you need to handle them in your code. If you're considering STOMP over WebSockets, I'd suggest looking into gRPC as it offers a cleaner way to handle both asynchronous and synchronous communications.
You really need to clarify why you're switching. What's the underlying problem you're trying to solve? If improving performance is the goal, how will your customers benefit from this change? Also, as others mentioned, you don’t need to overhaul everything at once; maybe just apply WebSockets to specific parts of your application.
You don’t have to go all-in on WebSockets! Why not use them selectively for parts of your app that could really benefit from it, while keeping HTTPS for everything else? That's what we've done in our enterprise SaaS for security checks across various government departments. It’s a bit more work, but it allows you to use the right tool for the job where it makes sense.
Related Questions
How To: Running Codex CLI on Windows with Azure OpenAI
Set Wordpress Featured Image Using Javascript
How To Fix PHP Random Being The Same
Why no WebP Support with Wordpress
Replace Wordpress Cron With Linux Cron
Customize Yoast Canonical URL Programmatically