Making a purchase on an iPad

Performance killers: How to prep for Election Day and Black Friday

There are always some online web sites that go down on Black Friday. But this year, the stresses could be much worse, because two other events are giving online web app developers reason to worry about November traffic volumes.

The first one is the presidential election in the U.S. The second is the recent distributed denial-of-service (DDoS) attack on Domain Name System (DNS) provider Dyn’s servers that forced major websites up and down the East Coast of the U.S. to go offline for hours on October 21.

While there's not much you can do about a DDoS attack, there are things you can do right now about event-related traffic surges to keep your users happy, and there are steps that you can take today to start preparing for 2017.

Continuous testing: A practical guide

An Election Day like no other?

Social media has played a big part in the election campaign. The campaigns are adept at using social media forums such as Twitter to get their messages across, and events related to this election, in particular, are creating very strong engagement on social media. For example, the 90 minutes of the second presidential debate generated over 17 million tweets—a Twitter record—while Facebook received more than 92.4 million posts, comments, and shares.

Much of the engagement on social media starts with shared links to articles on mainstream news sites, so these news sites must prepare for a surge of up to 30 times the traffic previously experienced during the debates and primaries.

When the lights go out on Black Friday

November is traditionally a very busy month for online shoppers. Last year, 103 million Americans shopped online over the Black Friday weekend, compared with 102 million who visited the brick-and-mortar shops. Online shoppers spent about $4.45 billion, and they made one third of those purchases on mobile devices. Even more are expected to shop online in November 2016.

It’s not just shoppers who are busy. Online retailers have been working hard to ensure that their sites are ready for the coming spike in traffic. Those who are unprepared will be spending the weekend trying to work out why their site has crashed, and to get it back online before the shoppers give up and visit their competitors’ sites.

DDoS wildcard: Is another cyberattack coming?

In October, attackers launched the largest DDoS attack in history against Dyn’s servers. Thousands of networked IoT devices were infected with the recently open-sourced Mirai malware, creating a botnet that coordinated the assault. The sheer volume of traffic generated by the IoT devices (everything from Smart TV’s and DVRs to Internet-connected cameras) brought down Dyn’s servers, which are used by some of the most popular websites on the Internet.

Some think that this attack might have been practice for Election Day. That remains to be seen. But the attack clearly demonstrated the catastrophic effect that an attack could have on Election Day, Black Friday, or any other event.  

The growth of the IoT means that things are going to get worse before they get better. Consider that many items purchased on Black Friday and over the holidays will be IoT devices, such as smartwatches, fitness trackers, smart home devices such as Amazon Echo and the Nest Thermostat, and gimmicks such as connected kettles.

And guess what? The first thing consumers will do is connect their new device to the Internet without changing its default password. Those devices will be hacked in under an hour, potentially turning them into an unwitting army of devices for the next great DDoS attack.  

You can’t do much to prevent a DDoS attack, but hopefully, people buying new IoT devices will be encouraged to take the simple step of changing the device’s default password to make it harder for malware to hijack it and use it as an agent in an attack.

How to mitigate your risks

The best way to prepare for large volumes of traffic, whether your site is an online store, a news outlet, or a social media application, is to build performance in from the start, and perform continuous testing to make sure that your site can handle the load. Hopefully you’ve been doing these things already. If not, start doing them now so that you’re ready for November 2017:

  • Include performance testing in your unit tests to uncover issues as early as possible.
  • Run performance tests on a production-like, environment to cover the scenarios most likely to be encountered.
  • Use emulated services during testing so that you can see how the application responds if a third-party service is unavailable, unresponsive, or responds with unexpected results.
  • Test in production so that you know that all of the pieces of the application, such as load-balancers and databases, are working well.
  • Continuously monitor real-time user experience so that you how the system is being perceived by the end-user.

Consider the following as you plan your tests:

  • Test from different geographies to ensure that you know how real users, who may be thousands of miles away from the lab where you do most of your testing.
  • Test under different networks and network conditions so that you know how the application will respond in the wild.
  • Use different client devices to test, because traffic can come from desktops, laptops, and mobile devices, each of which has its own set of possible operating systems and form factors.

It’s never too late to build in performance

Even if you haven't been building in performance from the start, there are four steps you can take right now:

  • Assess performance so that you have a starting point to understand the user experience as it exists today. This will be your benchmark for future tests.
  • Conduct a realistic high-volume test so you can see how your application will perform under the expected load on Black Friday, or on Election Day.
  • Monitor the key performance metrics so you can quickly pinpoint the parts of your application that are responding poorly.
  • Tweak the user experience according to the results of the tests. Sometimes, all it takes is a simple fix—if you know what to change. If the application needs more radical treatment to meet expected demand, make sure you get it done for next year.

It’s not too late to take at least some action for 2016, and it’s not too early to start preparing for November 2017. That's important, because as bad as 2016 could get, 2017 may be even more challenging.

Continuous testing: A practical guide
Topics: Performance