What does enterprise grade server-side Javascript look like? Do you work at a large org over 2000 people that probably is a Java or .Net shop? Could you be better served leveraging the cloud and the vibrant Node.js community for some projects? Do you need to convince your boss? At Fidelity we have several security/quality checkpoints across many departments to validate that applications and platforms protect customer data. Security code reviews, penetration test, risk audits, legal compliance and many other factors go into signing off on an application. Fidsafe is a new virtual safe deposit box offering by Fidelity that is the first application to be served outside the Fidelity firewall on the cloud. Fidsafe challenges every aspect of how the organization builds and deploys software. We had to answer a lot of questions and provide practical tooling/solutions to get Node into production. We will cover what it takes from top to bottom build and operate a secure and scalable service backend implemented in Node.js and deployed to AWS. Topics covered: Node Process Management Lifecycle management – Upstart and Forever Smart defaults for scalability and uptime Reactor — How we use cluster to scale across cores Hardened Express End to End Javascript — CouchDB / MongoDB Layering security using middleware Strategies for bulletproof cookies SSL termination strategies Authenticating end-users and API consumers Building a Secure PaaS — A brief overview If you want it to be secure you have to build your own. What’s the minimum you need for Node? Devops in across organizational boundaries — AWS, Python, Boto, AMIs, and Asgard Ubuntu as PaaS — real solutions are diverse and polyglot