Deploying a FM app on AWS

[suzume]

Hi everyone,

This is my first topic on FM Forums so please let me know if I am not posting on the right forum.

I would need to request your insights to better understand the choices I have for my upcoming FM application. My use case is as follows: I currently have a FM application running locally in my company, with a team of 5 users. I am using the latest version of FileMaker (today: v18). My company provides language courses to customers and as of today, applying to courses means coming to our reception desk, and discussing with the receptionist and the teacher to find out the best plan (among 10) based on availability (of teacher and student) and commitment (of student). The next phase is to book a certain number of hours of lessons (based on the type of plan bought previously) every month.

All those steps are supported by my application, but as you can see there is still a lot of administration. As a first step towards simplification, I envision to let the students book their hours of study directly on the web. Having never deployed a FM app on the web, I started looking at what kind of choices were available. I understood that there were mainly two: either hosting the web-facing app on our own local server (exposed on the Internet), or deploy on AWS. As I would like to avoid hosting on my own server due to all the security and backup setup I would need to build, I am particularly interested by deployment on AWS. I am not looking at deploying my existing app on the web, but rather build a new one which would be connected to my solution (as an example, I would leverage the "address book" table of my students instead of re-creating it for the web app). 

I called the local Sales Office of FileMaker in my country but to be honest I am not sure that the person was 100% knowledgeable about AWS-based solutions. I have a really hard time understanding especially two things:

1. What sort of licenses do I need to buy ? I will have about 200 students logging on the website (not concurrently) to proceed to bookings (no anonymous login). Does it mean that I have to buy 200 licenses ? This would be a killer of course as our company cannot afford this sort of plan. 

2. Will it be possible for the web app to communicate with my local application ? The web app should be able to read (request) data from my local app.

Apologies for the long thread and thanks in advance for any pointers!

[Wim Decorte]

How do you envision to do the web side of things?  Through WebDirect?  Then you'll need to have proper licensing.

You don't need to license all 200, you can choose to license for the max expected concurrent peak load.  Concurrency licenses are 3 times as expensive as regular licenses so you're cutoff would be around 65.  If you expect to have more than 65 concurrent users you may as well buy licenses for all 200.

Regular licensing gives you the right to 3 server licenses.  Concurrency licensing only gives you 1 server.

If however you envision to do the web publishing through the PHP API, the XML API or the Data API then you don't need extra licensing but you have to build the web side of your solution yourself in your favorite web technology: PHP, Ruby, ASP.NET, Python, Node.js,...

 

[suzume]

Thank you very much Wim for taking the time to answer my question. Based on your answer I did some further search on the net and I will summarise what I have understood so far.

First of all, yes, my initial intention was to use WebDirect hosted on AWS. Though now it seems like a rather pricey approach. Here is what I found.

Today I have:

• FileMaker for Team with FileMaker Server - 5-9 connections

Additional costs if deployment on AWS:(*)

• AWS server (e.g. t2.medium) with annual license (no downtime)
• AWS data consumption costs
• SSL certificate
• FileMaker - 20 concurrent connections -> that would include my current colleagues using and administrating the existing apps + customers who use the “booking” application. I think 20 concurrent connections would be enough as my customers would go more or less only once or twice a month on the website to book classes

(*) Here I could either buy new licenses (if I want to continue using my FileMaker Server for some reason) or convert the existing ones (and upload all my apps on the Cloud). If I convert, I assume that means that I have to give up on my FileMaker Server connections. I can still install FileMaker Pro Advanced and let my colleagues use it on their own computer, but the connections will be done on AWS and not on my server anymore. Is this correct ?

Alternative solution as you proposed:

1. Build my own website (hosting will have its own share of costs of course)
2. Build my new app on my existing FileMaker Server
3. Have the website and my server talk to each other

Did I understand your proposal correctly ? You also mentioned that such solution would not need extra licensing. Does it mean that the connection between the website and my server would be done via a unique and restricted user, even if there are 10 people logging on the website and using the website concurrently ? 

I am sorry for asking so many questions. Maybe you would know about some good material on the web which could help me understand how that would work ?

Thanks again !

[Wim Decorte]

10 minutes ago, suzume said:

If I convert, I assume that means that I have to give up on my FileMaker Server connections.

Can you expand on what you think you'll give up here?

If by "convert" you mean changing your FLT license to an all-concurrent license then you don't need to choose between the two necessarily.  You can just add 20 concurrent licenses to your FLT license (or user licensing as it is called).  The beauty of "user licensing" is that it gives you the right to use 3 FMS.  So it covers your dev, your production internal and your production AWS box right there.

 

Before you consider moving your whole solution to AWS: do some due diligence testing: is your solution designed for the higher latency / lower network speed of cloud hosting?

As to the alternative solution: yes, you have that right.  And yes: the data connection between a custom web site and the FM backend would be done through a single dedicated service account.  Unless you really want each web site user to log in under their own credentials.

Materials on "how that would work": do you mean custom web publishing with FM data?  First you'll need to pick your choice of technologies you'd like to use for your web site and then you can search for more targeted info.

[suzume]

1 hour ago, Wim Decorte said:

Can you expand on what you think you'll give up here?

I was referring to the connections I have now (5-9 FileMaker "Team" connections to my server), in case I would convert them via BYOL for AWS. But I guess I might be mixing things up a bit ?

1 hour ago, Wim Decorte said:

Before you consider moving your whole solution to AWS: do some due diligence testing: is your solution designed for the higher latency / lower network speed of cloud hosting?

Good points indeed. 

1 hour ago, Wim Decorte said:

As to the alternative solution: yes, you have that right.  And yes: the data connection between a custom web site and the FM backend would be done through a single dedicated service account.  Unless you really want each web site user to log in under their own credentials.

There you go  Yes, I would like each user to log in with their own credentials ... which would be valid only for the purpose of the website. So I guess I could have a user credentials approach only on the website and then use the dedicated service account to read from and send to my FM app. Would that work ?

1 hour ago, Wim Decorte said:

Materials on "how that would work": do you mean custom web publishing with FM data?  First you'll need to pick your choice of technologies you'd like to use for your web site and then you can search for more targeted 

I meant how I can read and write to an FM app using a custom website. Fair enough, I'll have to choose a technology first. I am not there yet, as I first try to understand what is possible and think about a high-level estimate of costs.

[Wim Decorte]

3 hours ago, suzume said:

I meant how I can read and write to an FM app using a custom website. Fair enough, I'll have to choose a technology first. I am not there yet, as I first try to understand what is possible and think about a high-level estimate of costs.

Building a good website is a skill on its own with proficiency in HTML5 / CSS / JavaScript and/or whatever technology you want to use for server-side processing (PHP, Ruby, ASP.NET, java,...)

 

3 hours ago, suzume said:

I was referring to the connections I have now (5-9 FileMaker "Team" connections to my server), in case I would convert them via BYOL for AWS. But I guess I might be mixing things up a bit ?

You are.  I thought we were talking about installing are regular on-premise copy of FMS on an AWS Windows instance.  Not using a FileMaker Cloud for AWS instance.  "BYOL for AWS" is a term that applies for "FM Cloud for AWS"

Also the "Teams" licensing doesn't exist anymore.  Since 17 there is "user licensing" and "concurrency licensing".   Since you have 18, you don't have "FileMaker for Teams", you have "user licensing".

 

3 hours ago, suzume said:

I would like each user to log in with their own credentials ... which would be valid only for the purpose of the website. So I guess I could have a user credentials approach only on the website and then use the dedicated service account to read from and send to my FM app. Would that work ?

Sure.  But that would mean doing separate account management for your web site, which seems suboptimal.  What would authenticate the users on the web site?  Might be simpler to make FM the authority (or any OAuth provider that works with FM) and when you do, you wouldn't use a service account for the data connection, you'd use the actual user account.

[suzume]

2 hours ago, Wim Decorte said:

Building a good website is a skill on its own with proficiency in HTML5 / CSS / JavaScript and/or whatever technology you want to use for server-side processing (PHP, Ruby, ASP.NET, java,...)

Fully agreed. What I meant is that I am not too anxious about that part yet. I am not minimising the efforts but in this area I have stronger knowledge which should allow me to do a proper efforts assessment.

2 hours ago, Wim Decorte said:

You are.  I thought we were talking about installing are regular on-premise copy of FMS on an AWS Windows instance.  Not using a FileMaker Cloud for AWS instance.  "BYOL for AWS" is a term that applies for "FM Cloud for AWS"

Sorry if I confused you - it is due to my inexperience with FM licensing models and me thinking out loud about different solutions. 

I was initially looking into using WebCloud as in "FM Cloud on AWS" with the (naive ?) idea of creating an FM app with my FM Pro Advanced and uploading it on AWS Cloud. This FM App was supposed to be only taking care of the language lessons bookings; I do not need all my other applications to be on the Cloud as they are used only by my employees (not my customers). The app on the Cloud would ideally be able to talk to my apps hosted on my FMS and vice-versa.

So I was not talking about my whole FileMaker Server to be moved to an AWS instance.

Then, after listing the additional costs tied to using FM Cloud on AWS, I understood that it would cost way too much for our small company (AWS instance + additional concurrent licenses) for the rather simple website and access we expect to set up. So I kind of gave up on that idea for now. 

2 hours ago, Wim Decorte said:

Also the "Teams" licensing doesn't exist anymore.  Since 17 there is "user licensing" and "concurrency licensing".   Since you have 18, you don't have "FileMaker for Teams", you have "user licensing".

Noted, thanks.

2 hours ago, Wim Decorte said:

Sure.  But that would mean doing separate account management for your web site, which seems suboptimal.  What would authenticate the users on the web site?  Might be simpler to make FM the authority (or any OAuth provider that works with FM) and when you do, you wouldn't use a service account for the data connection, you'd use the actual user account.

True, that would be suboptimal. You mention here the possibility to make FM the authority, thus using the actual user accounts. But doesn't that bring us back to me having to buy additional x number of concurrent licenses ? 

Students (my customers who need to access the website to book classes) have no access to my existing apps and never will. Hence I assume authentication is only needed on the website itself. The website should be able to fetch data from my FM apps (hosted on my server) regarding the student who logged in (e.g. which "plan" he bought, which "bookings" he already did, ...), and should be able to send back data to my FM apps when the student has confirmed the bookings:

(my local server) my FM apps <-----> (on the web) the booking website

I hope it makes some sense. I really appreciate the time you are taking to answer my questions even though they are far from being clear.

[Wim Decorte]

15 hours ago, suzume said:

You mention here the possibility to make FM the authority, thus using the actual user accounts. But doesn't that bring us back to me having to buy additional x number of concurrent licenses ? 

 

No.

In the concurrency model your users are not 'named'.  Meaning that you can have a FM account in your solution for each of your 200 clients and 20 of them can legally connect at the same time (if you buy a set of 20 concurrency licenses).

There is no 1-to-1 link between the accounts that exist in FM and the number of licenses you have.  Not in the concurrency licensing model.

[suzume]

2 hours ago, Wim Decorte said:

 

No.

In the concurrency model your users are not 'named'.  Meaning that you can have a FM account in your solution for each of your 200 clients and 20 of them can legally connect at the same time (if you buy a set of 20 concurrency licenses).

There is no 1-to-1 link between the accounts that exist in FM and the number of licenses you have.  Not in the concurrency licensing model.

ok, this is what I understood: I can have 200 accounts (or 400 or whatever) and buy only 20 concurrency licenses. This would mean that only 20 people can use the app at the same time. I could buy 40, 50 or whatever licenses, those licenses are unnamed and just ensure a number of concurrent connections to FM.

In that scenario, I still have to buy a rather high number of concurrent licenses vs what I have today. Whereas in the other scenario (1 "service account"), I would need only 1 additional license though the downside is that I would have to do user account management on the website. Hopefully I got it right

[Mark Mitchell]

Sounds like you need the data api to handle the interaction between your web front end and your backend FileMaker Server - have a read of this https://fmhelp.filemaker.com/docs/18/en/dataapi/.  Lots of videos on YouTube etc.

[suzume]

49 minutes ago, Mark Mitchell said:

Sounds like you need the data api to handle the interaction between your web front end and your backend FileMaker Server - have a read of this https://fmhelp.filemaker.com/docs/18/en/dataapi/.  Lots of videos on YouTube etc.

Thank you Mark - I will definitively look at this. 

I also saw that FileMaker just came up with a new type of licenses (since yesterday I believe). Looks interesting but too restrictive for my needs.