The impending legislation to legalize online gambling in the US has ignited debate and speculation on how to prepare for and successfully launch and operate online gambling operations in the US. One of the major challenges for operators and game platform developers will be their ability to provide robust and scalable game content to address the large and sophisticated preferences of the US population. Building and managing reliable and scalable game platforms is a non-trivial. The act of crafting an online game strategy and executing the production, delivery, operation, integration and maintenance of games, game platforms, payment processing, age/identity/location systems is worthy of some serious planning.
Licensing Versus Build - I crafted a blog several months ago called "Should An Online Game Operator License Or Build Games?" I suggest you also read this blog to determine if building your own games/platform or having a third party provide you with a solution is the best way to go for your company. This decision has long term strategic business implications that are difficult to reverse once a path is chosen. The decision does not have to be binary. There are hybrids. However, the decision has significant impact on cost, staffing, organizational flexibility and market differentiation.
Even if you do decide to license games and a game platform the following points should still be taken into consideration when evaluating a vendors product offering.
The Primary Challenge(s) For Online Game Development - Online gaming is fundamentally different then most web applications. Online gaming is transaction intensive. The amount of transactions that occur per second in a popular online gaming site far exceed anything witnessed on a standard e-commerce site. Game applications are "state machines" that must be aware of what has happened, at a detailed level, at any instant in time in order to proceed to the next state. Game applications are data intensive requiring the capture and storage of every detail of game play. This level of detail is required to support the "state machinery", to address the need to audit previous game activity and to support financial transaction processes. Underlying the game play operation is a banking operation that has to be 100% accurate. Gaming platforms have to be secure to avoid internal and external attempts to influence game play and or to extract funds from the game system. Multiplayer games are social networks that include interaction in social and financial terms. Gaming sites are subject to legal scrutiny by state and federal authorities. To sum it up online gambling systems are complex and held to a higher standard then other web applications.
So how does a company, operator, IT or development staff successfully build and operate an online gaming platform.
It Is All About The Database - In many ways this is also true for web applications that are not gaming related. I start here because in almost every online game system I have built, managed or operated the DB has been the primary challenge. In the early stage of development the DB selection, architecture, IT layout, query creation and table design need to be fully vetted. This requires projection of loads, data types and usage patterns. Each DB has its strengths and weaknesses. The way the DB is constructed has an impact on performance, security, reliability, cost and talent required to make it operate efficiently.
Why is the DB so critical in a gaming application? Gaming applications are "transaction" intensive resulting in the accumulation of data at a rapid rate. Games require quick response time to keep up with game play and require knowledge of the "state" of play to determine the next step in the game play sequence. If a system/DB fails to address these fundamental requirements resulting in an incorrect outcome, hesitation in game play, slow response time, or an incorrect result the game is over so to speak. The DB is largely responsible for making sure the game platform is in equilibrium for maintaining the stability and viability of the game platform.
DB selection is important. Developer's and business owners have their prejudices. Prejudice should not cloud your judgment for the DB selection. Databases used in high transaction banking operations come closest to the type's of DB's appropriate for gaming systems. However, these can be costly and prohibitive for startup operations. Certain open source DB's are good alternatives with the caveat that DB architecture and design are even more critical when selecting open source DB solutions.
Avoid monolithic DB's and plan for sharding and or clustering of the DB to segment the DB. The divide and conquer approach provides isolation and will help to avoid an overload of any one server. Design a DB to allow it to be spread over multiple machines. This provides you with an option to add hardware to address DB performance issues.
Who writes the queries and who is in charge of the health, welfare and design of the DB. The answer is simple; NOT THE PROGRAMMERS!! Programmers are not normally DB architects and have a habit of developing queries without taking into consideration the big picture and an overall architecture. Also, some "frameworks" auto generate queries. This is also not a good idea. Each query should be specifically crafted to optimize performance.
Game development organizations should have a DB architect on staff to implement a DB design, create tables, create queries and to interact with business owners, project managers and developers determining the philosophy, design, table structure, layout and setup of the DB. The responsibilities of a database architect are different from a database administrator and are often confused. This confusion is understandable because some database architects can and do administer databases. The distinction between the two functions is very clear. An architect established the DB design, creates tables and queries. An administrator loads the DB on the hardware, does the backups/restores an sets up the monitoring of the DB.
Application Layer - The games will need to run on their own hardware separate from web serving and database activity. This will optimize game performance and provide isolation in case there is a problem. Reacting to problems quickly is important because of the financial implications.
No single application server should act as a "controlling" or traffic router in the application server mix. This will defeat the purpose of distributing traffic to decrease the risk of impacting the entire system if one server has an issue. All application servers should be created equal.
Web Servers - Web server technology, load balancing, logging, etc. has become standardized allowing operations to handle large transaction volumes associated with typical web traffic. Keep game play responsibility away from web servers. Web servers will handle registration, log-in, traffic monitoring and content serving. The heavy lifting will be done by the application servers and the DB. One exception is graphic content. Place graphics on separate web servers.
Caching - Caching is a way of storing information/results on application or web server without having to go the the DB to fetch the information. Caching is most effective when certain data is consistently being used and retrieved. This will off load strain on the DB and distribute the load to the application and web servers.
Plan and Design For Multiple Delivery Platforms - Plan for Facebook, mobile and multiple language deployment. Do not design your game platform to deliver content in only one environment. Develop your application to be deployed in social networks, on mobile devices and with multi language support. Social networks and mobile are especially important given the trend for consumers to exclusively interact in these environments.
Small Foot Print Client - The age of heavy, large and complex game clients is gone or has been marginalized for use in console game environments or MMOG worlds. Keep you client development light weigh allowing players to quickly engage(download) your games.
Age/Location/Identity - For compliance reasons your game system will have to know where a player is accessing your system from, where they reside and how old they are. This can be a fully automated implementation or a combined automated manual process. The implications of allowing a player to play on a gaming site this is underage or from a jurisdiction that does not allow online gambling will be severe. Creating these systems requires expertise in risk managment(AI) and access to multiple data source that provide the operator with comprehensive coverage of the target population.
Prepare For System Audits - A game system will be subject to audit to assure that the system is secure and the outcomes are fair and random. The game systems will be audited by third party organizations. They will determine go and no go. They could shut you down if your system is deemed vulnerable to internal or external attack. Prepare your code and system layout to make this process as painless as possible. Obtain the auditors guidelines beforehand to make sure you are not over or under designing you system for audit and compliance.
Payment Processing And PCI Compliance - The credit card companies have formed an alliance that dictates the level of security your platform will have to have to take credit card transactions. These guidelines are detailed and require a PCI knowledgeable individual or company to help you implement a PCI compliant platform. If you are caught not complying your credit card transaction processing could be terminate. Run through your own PCI audit before launching.
Tracking And Analytics - Google Analytics will not cut it. A system should be created that ties web traffic together with game play and payment processing activity. This is the only way you will get a complete picture of player behavior, marketing results, traffic and revenue per player.
Hosting and IT - Unfortunately "Cloud Computing" may not be an option because it is difficult to enforce PCI compliance in a Cloud environment. This will require the operator to locate a hosting facility in a jurisdiction that allows online gambling operations and has the infrastructure, bandwidth and expertise to support a sophisticated gaming operation. This may be one of the biggest challenges for game operators.
Denial Of Service And Intrusion Attacks - In Europe it is common for a gambling site to be subject to a denial of service attach and then a ransom to stop the attachk Get you hosting, network provider and development team together to craft a strategy to deal will the attacks.
Intrusion attacks conducted by robot scans of your URLS will also be common. The goal is to figure out a way to reverse engineer the URL to get access to your data. So, be careful how you construct your URL's. Do not forget about the URL's you put into e-mails and other promotions. The attackers scan these as well.
Engage a security service company to regularly scan you URL's for vulnerability. This we be required for PCI compliance as well.
Web Services - Your architecture and applications should be designed as web services with the appropriate standard communication protocols (SOAP/XML/Hybrids). Your applications will be accessing data from external systems and supply data to external systems. Do not back your platform into a proprietary setup.
Monitoring And Support - Support for game platforms go well beyond the needs of standard web applications. 7/24 of course. However, the financial implications to players, your company and to payment processors can be severe if the game system has downtime or unexpected failures. Do not skimp on monitoring software or you IT support staff.
In Conclusion - The eventual legalization of online gambling in the US will open up new and lucrative opportunities for businesses. It will also provide challenges for these businesses and their technical staff/partners to deliver and support operations that meet the requirements of their players, regulators and payment processors. Be prepared and design game systems with this in mind.
Licensing Versus Build - I crafted a blog several months ago called "Should An Online Game Operator License Or Build Games?" I suggest you also read this blog to determine if building your own games/platform or having a third party provide you with a solution is the best way to go for your company. This decision has long term strategic business implications that are difficult to reverse once a path is chosen. The decision does not have to be binary. There are hybrids. However, the decision has significant impact on cost, staffing, organizational flexibility and market differentiation.
Even if you do decide to license games and a game platform the following points should still be taken into consideration when evaluating a vendors product offering.
The Primary Challenge(s) For Online Game Development - Online gaming is fundamentally different then most web applications. Online gaming is transaction intensive. The amount of transactions that occur per second in a popular online gaming site far exceed anything witnessed on a standard e-commerce site. Game applications are "state machines" that must be aware of what has happened, at a detailed level, at any instant in time in order to proceed to the next state. Game applications are data intensive requiring the capture and storage of every detail of game play. This level of detail is required to support the "state machinery", to address the need to audit previous game activity and to support financial transaction processes. Underlying the game play operation is a banking operation that has to be 100% accurate. Gaming platforms have to be secure to avoid internal and external attempts to influence game play and or to extract funds from the game system. Multiplayer games are social networks that include interaction in social and financial terms. Gaming sites are subject to legal scrutiny by state and federal authorities. To sum it up online gambling systems are complex and held to a higher standard then other web applications.
So how does a company, operator, IT or development staff successfully build and operate an online gaming platform.
It Is All About The Database - In many ways this is also true for web applications that are not gaming related. I start here because in almost every online game system I have built, managed or operated the DB has been the primary challenge. In the early stage of development the DB selection, architecture, IT layout, query creation and table design need to be fully vetted. This requires projection of loads, data types and usage patterns. Each DB has its strengths and weaknesses. The way the DB is constructed has an impact on performance, security, reliability, cost and talent required to make it operate efficiently.
Why is the DB so critical in a gaming application? Gaming applications are "transaction" intensive resulting in the accumulation of data at a rapid rate. Games require quick response time to keep up with game play and require knowledge of the "state" of play to determine the next step in the game play sequence. If a system/DB fails to address these fundamental requirements resulting in an incorrect outcome, hesitation in game play, slow response time, or an incorrect result the game is over so to speak. The DB is largely responsible for making sure the game platform is in equilibrium for maintaining the stability and viability of the game platform.
DB selection is important. Developer's and business owners have their prejudices. Prejudice should not cloud your judgment for the DB selection. Databases used in high transaction banking operations come closest to the type's of DB's appropriate for gaming systems. However, these can be costly and prohibitive for startup operations. Certain open source DB's are good alternatives with the caveat that DB architecture and design are even more critical when selecting open source DB solutions.
Avoid monolithic DB's and plan for sharding and or clustering of the DB to segment the DB. The divide and conquer approach provides isolation and will help to avoid an overload of any one server. Design a DB to allow it to be spread over multiple machines. This provides you with an option to add hardware to address DB performance issues.
Who writes the queries and who is in charge of the health, welfare and design of the DB. The answer is simple; NOT THE PROGRAMMERS!! Programmers are not normally DB architects and have a habit of developing queries without taking into consideration the big picture and an overall architecture. Also, some "frameworks" auto generate queries. This is also not a good idea. Each query should be specifically crafted to optimize performance.
Game development organizations should have a DB architect on staff to implement a DB design, create tables, create queries and to interact with business owners, project managers and developers determining the philosophy, design, table structure, layout and setup of the DB. The responsibilities of a database architect are different from a database administrator and are often confused. This confusion is understandable because some database architects can and do administer databases. The distinction between the two functions is very clear. An architect established the DB design, creates tables and queries. An administrator loads the DB on the hardware, does the backups/restores an sets up the monitoring of the DB.
Application Layer - The games will need to run on their own hardware separate from web serving and database activity. This will optimize game performance and provide isolation in case there is a problem. Reacting to problems quickly is important because of the financial implications.
No single application server should act as a "controlling" or traffic router in the application server mix. This will defeat the purpose of distributing traffic to decrease the risk of impacting the entire system if one server has an issue. All application servers should be created equal.
Web Servers - Web server technology, load balancing, logging, etc. has become standardized allowing operations to handle large transaction volumes associated with typical web traffic. Keep game play responsibility away from web servers. Web servers will handle registration, log-in, traffic monitoring and content serving. The heavy lifting will be done by the application servers and the DB. One exception is graphic content. Place graphics on separate web servers.
Caching - Caching is a way of storing information/results on application or web server without having to go the the DB to fetch the information. Caching is most effective when certain data is consistently being used and retrieved. This will off load strain on the DB and distribute the load to the application and web servers.
Plan and Design For Multiple Delivery Platforms - Plan for Facebook, mobile and multiple language deployment. Do not design your game platform to deliver content in only one environment. Develop your application to be deployed in social networks, on mobile devices and with multi language support. Social networks and mobile are especially important given the trend for consumers to exclusively interact in these environments.
Small Foot Print Client - The age of heavy, large and complex game clients is gone or has been marginalized for use in console game environments or MMOG worlds. Keep you client development light weigh allowing players to quickly engage(download) your games.
Age/Location/Identity - For compliance reasons your game system will have to know where a player is accessing your system from, where they reside and how old they are. This can be a fully automated implementation or a combined automated manual process. The implications of allowing a player to play on a gaming site this is underage or from a jurisdiction that does not allow online gambling will be severe. Creating these systems requires expertise in risk managment(AI) and access to multiple data source that provide the operator with comprehensive coverage of the target population.
Prepare For System Audits - A game system will be subject to audit to assure that the system is secure and the outcomes are fair and random. The game systems will be audited by third party organizations. They will determine go and no go. They could shut you down if your system is deemed vulnerable to internal or external attack. Prepare your code and system layout to make this process as painless as possible. Obtain the auditors guidelines beforehand to make sure you are not over or under designing you system for audit and compliance.
Payment Processing And PCI Compliance - The credit card companies have formed an alliance that dictates the level of security your platform will have to have to take credit card transactions. These guidelines are detailed and require a PCI knowledgeable individual or company to help you implement a PCI compliant platform. If you are caught not complying your credit card transaction processing could be terminate. Run through your own PCI audit before launching.
Tracking And Analytics - Google Analytics will not cut it. A system should be created that ties web traffic together with game play and payment processing activity. This is the only way you will get a complete picture of player behavior, marketing results, traffic and revenue per player.
Hosting and IT - Unfortunately "Cloud Computing" may not be an option because it is difficult to enforce PCI compliance in a Cloud environment. This will require the operator to locate a hosting facility in a jurisdiction that allows online gambling operations and has the infrastructure, bandwidth and expertise to support a sophisticated gaming operation. This may be one of the biggest challenges for game operators.
Denial Of Service And Intrusion Attacks - In Europe it is common for a gambling site to be subject to a denial of service attach and then a ransom to stop the attachk Get you hosting, network provider and development team together to craft a strategy to deal will the attacks.
Intrusion attacks conducted by robot scans of your URLS will also be common. The goal is to figure out a way to reverse engineer the URL to get access to your data. So, be careful how you construct your URL's. Do not forget about the URL's you put into e-mails and other promotions. The attackers scan these as well.
Engage a security service company to regularly scan you URL's for vulnerability. This we be required for PCI compliance as well.
Web Services - Your architecture and applications should be designed as web services with the appropriate standard communication protocols (SOAP/XML/Hybrids). Your applications will be accessing data from external systems and supply data to external systems. Do not back your platform into a proprietary setup.
Monitoring And Support - Support for game platforms go well beyond the needs of standard web applications. 7/24 of course. However, the financial implications to players, your company and to payment processors can be severe if the game system has downtime or unexpected failures. Do not skimp on monitoring software or you IT support staff.
In Conclusion - The eventual legalization of online gambling in the US will open up new and lucrative opportunities for businesses. It will also provide challenges for these businesses and their technical staff/partners to deliver and support operations that meet the requirements of their players, regulators and payment processors. Be prepared and design game systems with this in mind.
1 comment:
Hello blogger, you have summarized it clearly and comprehensibly. Thank for this online gambling post.
Post a Comment