DNS vs JavaScript Virtual Waiting Room

Businesses face increasing pressure to stay relevant and competitive, mainly driven by the consumers that they serve.

Customers expect your business to be available, at any time and from anywhere. This expectation of accessibility and on-demand consumerism is driving change in eCommerce.

TrafficDefender, powered by Netacea, was founded on the principle that for many business, technical ability and performance mark the difference between success and failure. That’s why we seek to meet the world’s demand for scalable technology with our virtual waiting room.

TrafficDefender’s founders designed and implemented several bespoke online waiting systems for high demand retail and ticketing organizations, before productizing their unique approach to providing a world-leading, non-bypassable, secure queuing solution.

Virtual waiting room integration overview

Foreword Our adaptive API architecture supports a wide range of infrastructure from leading product vendors, allowing you to integrate our machine learning risk reduction into your existing platform of choice.

The adaptive data model and micro-services API approach gives huge power and flexibility to ensure that even the most complex of visitor requirements can be elegantly and reliable handled at volume, using the existing infrastructure that enterprise customers already maintain and own.

We complement existing controls such as WAF rulesets, rate limiting and threat databases, to provide deep analysis of all website visitors., through a practical use of A.I. to understand human and bot behaviours and adjust their website journey in real-time.

Enterprise grade, java-less virtual waiting room

Any design decision must deliver both core requirements for a successful virtual
waiting room, the queue must be:

Fair and reliable

• Customer satisfaction is of utmost importance. If there is no logic to the queue order or an issue arises that causes them to lose their place in the queue this causes immense dissatisfaction and damages brand reputation.
• The solution must therefore work in chronological order, letting customers through in the order they arrived, and only when capacity is available.

Secure and non-bypassable

• Tech-savvy customers and automated bot traffic will attempt to bypass the queue and gain direct access to the sale transaction.
• The solution must therefore manage all incoming traffic and cover all aspects of the web application infrastructure, not just specified pages.

The DNS-based virtual waiting room approach

TrafficDefender works with some of the world’s largest eCommerce organizations and is well-equipped to help businesses prepare for surges in online traffic, while being your first line of defence against malicious bots.

The benefits of a DNS approach vs. JavaScript

Increased control

Only a DNS based approach will ensure full visibility and control of all traffic. All requests passing in and out of the system are inspected, enabling an accurate number of visitors on any part of the site at any one time

Enhanced queue security

Being in-line at a DNS level improves security by allowing you to restrict access to your system to only the IP addresses of the TrafficDefender platform. This means that no one can bypass the Virtual Waiting Room.

Full stack protection

By positioning the solution in the cloud in front the infrastructure you can provide protection for load balancers, WAFs, application and database servers, not just the website.

Customer experience and trust

In-line DNS integrates as a seamless layer into the customers purchasing journey. Our customers do not have to worry about their buyers becoming suspicious of being directed to external URLs, e.g. www.VirtualWaitingRoom.CustomerWebsiteName.com

Easy and speed of implementation

DNS does not require any code changes to the website, a single redirection covers all aspects of the web infrastructure, enabling our larger customers to deploy to 10,000’s sites in a single, rapid implementation.

Achieve compliance

Requests pass through the solution as encrypted HTTPS traffic, but are not stored, enabling the solution to be both PCI and GDPR compliant.

Unrivalled 100% website uptime

Hosting the solution on a highly available, distributed cloud infrastructure with complete fail over protection has enabled a DNS solution to achieve 100% availability since inception.

Guaranteed business user access

The ability to whitelist specific users or locations ensures that no in-store or call centre employee is placed within a waiting room when trying to place a customer order or access stocking information.

Instant access for VIP customers

Returning or high-spend customers can be rewarded with guaranteed direct access to the website in any given situation, rewarding those loyal to your business.

Instant removal

The DNS based solution, combined with TrafficDefender’s passive mode functionality, allows for the Virtual Waiting Room to be instantly added or removed to your website at the click of a button.

Ultra-low latency

Proven to perform all interactions sub 1ms in front of some of the world’s busiest websites

Superior scalability

Further to customer reports, DNS solutions have been load tested to over 2 million concurrent users with no sign of performance degradation or instability.

Client-side JavaScript

This solution involves you as a customer inserting some JavaScript into your website which is used to make a call to the waiting room to determine if the user is known, and if it should be granted access to the website or redirected to a waiting room page.

While this is a perfectly valid way to establish if a waiting room is needed, there are some fundamental flaws with this methodology:

Infrastructure overload prior to queue initiation

There is very high potential that the webservers could become overloaded before the JavaScript queue has been initiated, causing a webserver crash. The initial page containing the JavaScript must be successfully loaded, the JavaScript executed and return the completed result from the originating client for the virtual waiting room to be initiated.

In the event of a flash sale or a huge spike in traffic, the webservers could very easily buckle under the load before the client-side scripts have chance to execute and the users re-directed to the waiting room page.

Loss of decision making control

Firstly, the decision on whether access to the website should be granted or not is moved to the connecting customer which removes the decision-making control from you and passes it to the end user. In simple terms, this means that the user can see and potentially manipulate what the JavaScript is doing, making this solution easy to bypass by using various ad blocking tools or a simple modification to the Host File.

It is not 100% secure and nonbypassable

Through working with existing customers and our own testing, TrafficDefender is yet to find a JavaScript based virtual waiting room that could not be bypassed and gain direct access to a website.

CDN-based systems

By design, CDNs are distributed systems and, because of this, they cannot offer a unified view of the current user levels on a system or manage a potential waiting room scenario fairly.

No ‘first in, first out’ functionality

Virtual waiting rooms based in the CDN layer tend to use a “next returning user” rather than a “first in, first out” approach to processing waiting users. Meaning, unfortunately, that the first person in the queue isn’t always the first person out of it and onto the website.

Requires constant manual administration

CDN based virtual waiting rooms do not use a fixed waiting room threshold, instead they use a percentage ruleset whereby a set percentage of traffic is always re-directed to a waiting room regardless of the visitor numbers. The result of this approach is that as the amount of traffic hitting your website increases, so does the amount of traffic that hits your webserver. In other words, the amount of traffic being allowed to hit your site is flexible depending on load whereas your servers have a fixed capacity regardless of load.

The upshot of this is that in the case of a traffic spike, an administrator would need to constantly monitor and (where necessary) reduce the percentage of traffic allowed though to the website during peak loads, and then continue monitoring to increase that percentage again when the amount of traffic reduces.

In-house infrastructure for the virtual waiting room

Configuring your web application(s) and/or load balancers to deal with a waiting room scenario can potentially yield mixed results. Issues will more than likely still occur as all traffic is hitting your existing infrastructure without the flow control at the perimeter, that a DNS-based solution would provide.

By implementing the virtual waiting room in this manner, it’s all too common for the solution to end up behind the bottleneck(s) that are causing the problem and will therefore compound the issue, without solving the problem.

With in-house implementations differing in customisation and configuration, a larger amount of time and resources will be required. For example, website owners will need to manage additional failure points within the deployment increasing risk, therefore adding more complexity than is necessary and reduces the overall effectiveness of the solution.

Summary

It has never been more important to ensure 100% website availability. In a digital world of streaming, consumers are accustomed to gaining access to information, entertainment and items of desire in near real time. Failure to provide immediate access to website shops, limited edition product ranges and discounted sales events can be detrimental to brand reputation and repeat custom.

Even a one-second delay in load time can result in a 7% loss in conversions and a two-second delay during a transaction results in shopping cart abandonment rates of up to 87% as customers fear something has gone wrong with the transaction and abandon their purchase. It is vital that your virtual waiting room solution makes the waiting process as fair, transparent and pain-free as possible.

Selecting a proven, scalable virtual waiting room solution will protect the uptime, availability and performance of web applications. Therefore, maximizing customer transactions and safeguarding brand reputation through customisable access rules during spikes in traffic.

How the TrafficDefender virtual waiting room works

When the maximum number of visitors is reached, TrafficDefender delivers a waiting page to all additional visitors without any access to your servers. Your servers only ever see visitors that you know they can handle so the TrafficDefender’s Virtual Waiting Room offers genuine protection for your servers and quality of service to your site visitors.

TrafficDefender’s Virtual Waiting Room solution controls the flow of website visitors allowing through only the visitors your website can handle. By putting all additional visitors into a fair, first-in-first-out waiting room we ensure that all visitors get the best possible experience and you make the most money.

In short, TrafficDefender’s Virtual Waiting Room ensures that your site remains available 24/7 no matter how busy it gets.

Try TrafficDefender today and see the virtual waiting room in action.