Alberta is absolutely nuts about their raffles, with NHL Oiler’s raffles usually going into the millions! Since we already had a good foundation of customers for the silent auction app, it made sense to expand our offering with raffles.
More importantly, people were already using the silent auction platform to sell raffle tickets, by setting up ‘Buy Now’ items that sold for a fixed price. Demand clearly existed for online raffles, and we started with a very rudimentary raffle system inside the silent auction app.
Certification Required for Online Draws
While our rudimentary solution was working, we learned that in most jurisdictions, drawing the winning ticket in the system requires third-party certification, as raffles are considered online gaming. And certification required a much more robust solution than what we had, leading to a much bigger project to build this out right.
Certification involves a review of all code, infrastructure, and procedures. Security was of course of paramount importance, as was robustness for uptime, data integrity, and disaster recovery. Every time we touched the code we needed to pay for a costly re-certification, making this project trickier than most, in terms of being responsive to user needs!
Security
This wasn’t a big leap as security is always a concern, and we already had tight security on the silent auction product as well as any project we worked on. Whitelist firewalls, scanning software, SSL, database encryption, complex passwords, and robust security implementation in the .NET Core API that followed the same standard as all our projects let us breeze through this requirement.
High Availability
We hadn’t adopted Docker yet, so we instead used Digital Oceans load balancing service in front of two droplets running our API on Ubuntu. We used RabbitMQ for processing emails. We used Redis for distributed caching for performance and for load testing we used Loadster.
We had been using SQL Server, but moving to high availability on that technology was prohibitively expensive. Like $20K expensive! So instead we chose a managed MySQL database on Digital Ocean with 2 nodes, which cost less than $100/month.
Learnings
There are a couple of things that could have gone better on this project. The first is a better understanding of the requirements for certification. We submitted the entire API, which was a great exercise in validating our overall architecture and approach, but it meant that even just a fix to a report would require a re-certification. We should have instead broken the API up into microservices so that there was a core that would get certified and pretty much never need to change.
More research should have been done to better understand what jurisdictions require certification for selling raffle tickets online, as not all do. Then, building out a raffle system targeting those areas could have allowed a more modern, iterative approach to development, as well as further validation of demand for such a solution.