Serverless Architectures: Ein Survival Guide

#WISSENTEILEN
Serverless
Architectures
The ultimate Survival Guide
Lars Röwekamp | open knowledge GmbH
@_openKnowledge | @mobileLarson

ABOUT OPEN KNOWLEDGE
Software development and IT consulting
#WISSENTEILEN

ABOUT ME
Who am i?
• CIO New Technologies
• Enterprise & Mobile
• Author, Speaker, Coach & Mentor
• Snowboard & MTB Enthusiast
• Traveller between the worlds
Lars Röwekamp (a.k.a. @mobileLarson)
#WISSENTEILEN
LR

My Server
and me ...
„The Nightmare“

#WISSENTEILEN
Server Q&A
(„Things I better should care about.“)

#WISSENTEILEN
#Servers
(Quantity? OS? Storage? CPU? Memory?)

#WISSENTEILEN
#Customers
(Start small! Grow fast! Die faster?)

#WISSENTEILEN
#Traffic
(Moderate but peeks!)

#WISSENTEILEN
#Security
(OS? Patches? Access Control?)

#WISSENTEILEN
Depends ...! 42?
(Go for max? Way too expensive!)

#WISSENTEILEN
“We are a hospitality management
organization, not an IT services company.”

#WISSENTEILEN
“We have to be great at a number of things…
operating data centers is not one of those things.”

#WISSENTEILEN
Reduce
Labor Cost
(„No need to DIY.“)

#WISSENTEILEN
Reduce
Risk
(„Don‘t care about the technical stack.“)

#WISSENTEILEN
Increase flexiblity of
Scaling
(„Reduce to the max.“)

#WISSENTEILEN
Reduce
Resource Cost
(„Don‘t pay idle.“)

#WISSENTEILEN
Shorten
Lead Time
(„Right here, right now.“)

„Kein Server ist
einfacher zu
verwalten, als
kein Server.“
(Werner Vogels, CTO Amazon)
out-of-the-box self-scaling
out-of-the-box
self-scaling
cloud-based
super-backend
I had a dream ...

„No server is
easier to maintain
than no server.“

#WISSENTEILEN
Road to
less Server ...

#WISSENTEILEN
The Road to the Cloud ...
The Workshop Showcase

#WISSENTEILEN
Road to less Server

#WISSENTEILEN
Road to less Server
IaaS

#WISSENTEILEN
Road to less Server
IaaS
(Infrastructure as a Service)

#WISSENTEILEN
Road to less Server
IaaSPaaS

#WISSENTEILEN
Road to less Server
PaaS
(Platform as a Service)

#WISSENTEILEN
Road to less Server
PaaSBaaS IaaS

Ain‘t gonna work!
My business logic
My integration logic
My event-based logic

#WISSENTEILEN
Road to less Server
PaaS IaaS

#WISSENTEILEN
Road to less Server
BaaS
(Backend as a Service)

#WISSENTEILEN
My Logic
(... as a Service)

#WISSENTEILEN
Run Code,
not Server!

#WISSENTEILEN
“Run your business code
highly-available
in the cloud in response
to events and scale
without any servers to
manage.“

#WISSENTEILEN
#1:
No servers to
provision or manage

#WISSENTEILEN
#2:
Build in high availability and
disaster recovery

#WISSENTEILEN
#3:
Scale with usage
by design

#WISSENTEILEN
Management:
“Hmm, I am not
convinced.”

#WISSENTEILEN
#4:
Never pay idle
(Management: „Ok, I am definitely in!“)

„Kein Server ist
einfacher zu
verwalten, als
kein Server.“
out-of-the-box self-scaling
out-of-the-box
self-scaling
cloud-based
super-backend
Remember
„your“ dreams?

#WISSENTEILEN
Function
(... as a Service)

#WISSENTEILEN
Road to less Server
FaaS
(Function as a Service)

/* super advanced lambda function */
public class HelloWorld {
public String handle(String name,
Context ctx) {
return “Hello“ + name;
}
}
#WISSENTEILEN
FaaS @work
FaaS @Work: Hello World

#WISSENTEILEN
AWS Lambda
(serverless, event-driven compute service)
How does it work?

#WISSENTEILEN
S3 Bucket
DynamoDB
Kinesis
EVENT
EVENT
INVOKE
Stateless Code
(a.k.a. AWS Lambda)
How does it work?

#WISSENTEILEN
How does it work?
S3 Bucket
DynamoDB
Kinesis
INVOKE
INVOKE
RETURN
Stateless Code
(Node, Python, Java, C#)

#WISSENTEILEN
Amazon
S3
Amazon
DynamoDB
Amazon
Kinesis
AWS
CloudFormation
AWS
CloudTrail
Amazon
CloudWatch
Amazon
SNS
Amazon
SES
Amazon
API GatewayAmazon
Cognito
AWS
IoT
Amazon
Alexa
Cron
Events
DATA STORES ENDPOINTS
REPOSITORIES
EVENT/MESSAGE SERVICES
Amazon
Config
How does it work?

The Anatomy of
Lambda Functions

#WISSENTEILEN
Anatomy
Lambda
Function

#WISSENTEILEN
Anatomy
Handler Function
Lambda
Function
</>
„...“
Event Object
Context Object
...
{

#WISSENTEILEN
Anatomy
Handler Function
Lambda
Function
</>
„...“
Event Object
Context Object
...
{
IAM Role

#WISSENTEILEN
Anatomy
Handler Function
Lambda
Function
</>
„...“
Event Object
Context Object
...
{
IAM Role
Return Object*

#WISSENTEILEN
Anatomy
Lambda
Function
1. Number of calls**
2. Memory usage***
{
IAM Role
Return Object*
(**first 1 million for free, ***first 400.000 sec free for 1 GB memory)

#WISSENTEILEN
Serverless
Manifesto

#WISSENTEILEN
Functions are the unit
of deployment and
scaling.
*FaaS: short-lived, stateless, scalable, event-driven unit

#WISSENTEILEN
No machines, VMs,
or containers.
*... are visible in the programming model

#WISSENTEILEN
Permanent storage
lives elsewhere.
*no state, each new function gets created within fresh environment

#WISSENTEILEN
* users cannot over- or under-provision capacity
Scales
per request.

#WISSENTEILEN
Never pay idle.
*use async, split long running functions

#WISSENTEILEN
Build in
availability and
fault-tolerance.
*because functions can run anywhere

#WISSENTEILEN
BYOC
*a.k.a. bring your own code

#WISSENTEILEN
Metrics and logging
are a universal right.
*use metrics and log events for AI, ML and self-healing

#WISSENTEILEN
AWESOME!
(But is it really so simple?)

#WISSENTEILEN
FaaS @work
FaaS @Work: Image Gallery

#WISSENTEILEN
Real Life
(easy version)

#WISSENTEILEN
Real Life
(real version)

#WISSENTEILEN
We need a Cloud aware
Architecture
for Serverless Applications

#WISSENTEILEN
Architecture?
I thought we are Serverless!

#WISSENTEILEN
What do you mean by architecture?
We will use multiple components to design robust architectures for
serverless workloads.
• Compute Layer
• Data Layer
• Messaging & Streaming Layer
• User Management & Identity Layer
• System Monitoring & Deployment

#WISSENTEILEN
serverless workloads: Compute Layer
• Serverless Functions (stateless, business logic)
• API Gateway (non functional, cross-cutting concerns)
• Step Functions (function orchestration via state machine)

#WISSENTEILEN
serverless workloads: Data Layer
• RDBMS
• NoSQL (including caching and streaming)
• Object Store (e.g. used by CDN for static content)
• (Elastic)Search Service (search and analytics)

#WISSENTEILEN
serverless workloads: Messaging & Streaming Layer
• Notification Service (pub/sub for async event notification)
• Streaming Service (collect and analyze data in real-time)
• ETL Service (capture, transform & load data for near real-time BI)

#WISSENTEILEN
serverless workloads: User Management & Identity Layer
• User Management Service (user and user attributes)
• Authentication & Authorization (sign-up, sign-in, openID Connect)
• Federal Identity Service (e.g. for Google, Facebook accounts)

#WISSENTEILEN
serverless workloads: System Monitoring & Deployment Layer
• System Monitoring (system & custom metrics)
• Distributed Tracing (deep insights for analyzing and debugging)
• Cloud Application Model (infrastructure as code)

#WISSENTEILEN
Scenarios
Examples

#WISSENTEILEN
Scenario #1: RESTful Microservice

#WISSENTEILEN
Characteristics
• you want a secure, easy-to-operate framework, that is simple to
replicate and has high levels of resiliency and availability
• you want to log utilization and access patterns to continually
improve the backend to support customer usage
• you are seeking to leverage managed services as much as possible
which reduces the heavy lifting associated wiith managing common
platforms including security and scalability

#WISSENTEILEN
What could possibly go wrong?
• abnormalities, e.g. unexpected / invalid calls
• internal errors, latency, cache misses
• usage pattern evolves over time
• customer location changes
• security attacks (e.g. DoS/DDoS)

#WISSENTEILEN
Scenario #2: Mobile Backend

#WISSENTEILEN
Characteristics
• you want to create a complete serverless architecture
without managing any instances and/or server
• you want your business logic to be decoupled from your
mobile application as much as possible
• you are looking to provide business functionalities as an
API to optimize development across multiple platforms

#WISSENTEILEN
• unexpected peaks of workload
• runtime cost explosion
• duplicated or lost events
• security attacks
• high latency

#WISSENTEILEN
Scenario #3: Stream Processing

#WISSENTEILEN
Characteristics
• you want to create a complete serverless architecture without
managing any instances or server for processing stream data
• you want to use existing libraries to take care of data ingestion
from a data producer perspective

#WISSENTEILEN
• peaks of data to process
• data occurence and throughput does not match
• processing fails (all or parts)
• processing is slow(er) (... than expected)
• duplicate records (retry? idempotent?)
• runtime cost explosion

#WISSENTEILEN
Scenario #4: Web Application

#WISSENTEILEN
Characteristics
• you want a scalable web application that can go global in
minutes high levels of resilience and availability
• you want a consistent user experience with adequate
response times
• you want to optimize your costs based upon actual user
demand versus paying for idle resources
• ...

#WISSENTEILEN
Characteristics
• ...
• you are seeking to leverage managed services as much as
possible which reduces the heavy lifting associated with
managing common platforms including security and
scalability
• you want to set up a framework that is easy to set up and
operate, and that you can extend with limited impact later

#WISSENTEILEN
• security attacks
• static content latency
• personalized SLAs / usage plans
• customer location changes

#WISSENTEILEN
Design
Principles

#WISSENTEILEN
speedy, simple,
singular

#WISSENTEILEN
think concurrent
request, no total
request

#WISSENTEILEN
assume no
hardware affinity

#WISSENTEILEN
orchestrate your
application with
state machines, not
functions

#WISSENTEILEN
use events to trigger
transactions

#WISSENTEILEN
design for failure
and duplicates

#WISSENTEILEN
Pillars of
Serverless
Architecture

#WISSENTEILEN
1
Operational
Excellence
2
Security
3
Reliability
4
Performance
Efficiency
5
Cost
Optimization
The 5 pillars of a
well-architectured Serverless Application

#WISSENTEILEN
1
Operational
Excellence
2
Security
3
Reliability
4
Performance
Efficiency
5
Cost
Optimization
The ability to run and monitor systems to deliver business
values and to continually improve supporting processes and
procedures.

#WISSENTEILEN
Operational Excellence
of a well-architectured Serverless Application
„How are you monitoring and responding to anomalies in your
serverless application?“
• collect default metrics
• define and collect custom metrics (ops- and business-centric)
• enable distributed tracing
• define alarms at individual and aggregate level

#WISSENTEILEN
AWS Resources
CloudWatch Alarms
Archive / AuditS3 Bucket
CloudTrail
Troubleshoot
AWS SDK
AWS CLI
Mgmt Console

#WISSENTEILEN
ELK-Tracing:
CloudTrail &
S3 Logstash
Input Plugin

#WISSENTEILEN
Logz.io-Tracing:
built-in support

#WISSENTEILEN
„How are you evolving your serverless application while minimizing
the impact?“
• seperate code from configuration via function env variables
• API Gateway stage variables and/or configuration service
• infrastructure as code templates to enable faster deployment
• seperate gateway endpoints, functions, and state machines per
stage over aliases and versions alone
• A/B-Testing and zero-downtime changes via weighted aliases

#WISSENTEILEN
1
Operational
Excellence
2
Security
3
Reliability
4
Performance
Efficiency
5
Cost
Optimization
The ability to protect information, systems, and assets while
delivering business value through risk assessments and
mitigation strategies.

#WISSENTEILEN
Security
• Identity & Access Management
• Detective Controls
• Infrastructure Protection
• Data Protection

#WISSENTEILEN
Security (Identity & Access Management)
„How do you authorize and authenticate access to your serverless
API?“
• IAM authorization (e.g. AWS IAM & SDKs)
• API Gateway customer Identity Provider authorizer (for existing IdP)
• BaaS based user pools (e.g. AWS Cognito)

#WISSENTEILEN
Security (Identity & Access Management)
„How are you enforcing boundaries as to what cloud services your
serverless functions can access?“
• least-privileged access via specific roles to avoid opening up the
systems for abuse
• small(er) functions with scoped activities
• NOTE: API Gateway API Key feature is not for security but primarily
for consumer‘s usage tracking

#WISSENTEILEN
Security (Detective Controls)
„How are you analyzing serverless application logs?“
• track vulnerabilities
• use log filters to transform log in metrics via regex
• create alarms based on application custom metrics
• enable API Gateway logging for single methods* for troubleshooting
• encrypt any data traversing the serverless application
*make certain not to violate compliance requirements

#WISSENTEILEN
Security (Detective Controls)
„How do you monitor dependency vulnerabilities within your
serverless application?“
• use 3rd party solution (e.g. OWASP Dependency Check)
• integrate into your CI/CD pipeline

#WISSENTEILEN
Security (Infastructure Protection)
„For VPC access, how are you enforcing networking boundaries as to
what serverless functions can access?“
• configure serverless function for VPC via VPN
• use security groups and Network Acess Control Lists (NACL) as
basis
• use proxies for outbound traffic filtering due to compliance reasons

#WISSENTEILEN
Security (Data Protection)
„How are your protecting sensitive data within your serverless
application?“
• use TLS for all communication
• senstive data should be protected at all times in all layers
• use encryption at transport and at rest

#WISSENTEILEN
Security (Data Protection)
„What is your strategy on input validation?“
• set up basic API Gateway request validation (JSON + parameters)
• app-specific deep validation via serverless function, framework, ...

#WISSENTEILEN
1
Operational
Excellence
2
Security
3
Reliability
4
Performance
Efficiency
5
Cost
Optimization
The ability of a system to recover from infrastructure or service
disruptions, dynamically acquire computing resources to
meet demands, and mitigate disruptions such as
misconfigurations or transient network issues.

#WISSENTEILEN
Serverless Reliability 101
improperly tuned timeouts

#WISSENTEILEN
missing error handling

#WISSENTEILEN
missing fallbacks for outages

#WISSENTEILEN
theory vs. praxis: limited concurrency
1
2
n
…
1
2
n
…
n 1…
1
2
n
…

#WISSENTEILEN
Reliability
„Have you considered serverless limits for peak workload?“
• avoid degradation and throtteling of services
• monitor usage and set alarms at 80% (e.g. via AWS Trusted Advisor)
• react context sensitive (e.g. raise limit temporary vs. throtteling)
• differ business-critical and non-business-critical functions*
• prefer asynchronous over synchronous communication
*keep max concurrent execution limit in mind

#WISSENTEILEN
Reliability
„How are you regulating access rates to and within your serverless
applications?“
• enable throtteling at the API level
• return appropriate return code, e.g. 429, to consumers
• include predictive limit information in return header
• issue API keys to consumers for more granular throtteling (SLAs)

#WISSENTEILEN
Reliability
„What is your strategy on asynchronous calls and events within your
serverless architecture?“
• use async calls and events as often as possible for decoupling ...
• to avoid time-outs and locked code
• to allow non-blocking I/O
• use external service for timeout handling if sync is needed*
• NOTE: async plus async equals sync
*e.g. step functions

#WISSENTEILEN
Reliability
„What‘s your testing strategy for serverless applications?“
• separate logic from infrastructure to allow unit testing
• don‘t use mocks for services you can‘t control* for integration tests
• perfom acceptance or end-to-end tests in real life environment
*they may change and may result in unexpected results

#WISSENTEILEN
Reliability
„How are you building resilience into your serverless application?“
Change Management
• put monitoring metrics in place
• monitor workload to be able to determine abnormalities
• use function and API versioning to be able to rollback

#WISSENTEILEN
Reliability
Failure Management
• know default back-off and retry logic of serverless framework
• tune back-off and retry logic to your needs if necessary
• build back-off and retry logic into serverless queries
• leverage error logging and capture log info as a custom metric
• ...

#WISSENTEILEN
Reliability
Failure Management
• use Dead Letter Queues (DLQ) as dedicated resources
• use step-functions to avoid custom „try-catch“ blocks*
• inspect and handle responses for non-atomic requests (batch-alike)
• use SAGA Pattern to roll back distributed business transactions
*AWS Step Functions, IBM Sequences, Azure Logic Apps

#WISSENTEILEN
TYPES OR ERROR
• 4xx Client Error:
Can be fixed by developer, e.g.
InvalidParameterValue (400),
ResourceNotFound (404),
RequestTooLarge (413), etc.
• 5xx Server Error:
Most can be fixed by admin,
e.g. EC2 ENI management
errors (502)
RETRY POLICY
• Stream-based event sources:
Automatically retried until data expires
• Asynchronous invocations:
Automatically retried 2 extra times,
then published to dead-letter-queue
• Synchronous invocations:
Invoking app receives an error code
and is responsible for retries

#WISSENTEILEN
1
Operational
Excellence
2
Security
3
Reliability
4
Performance
Efficiency
5
Cost
Optimization
The efficient use of computing resources to meet requirements
and the maintenance of that efficiency as demand changes
and technologies evolve.

#WISSENTEILEN
Performance Efficiency
„How do you choose the most optimum capacity units (memory,
shards, r/w per seconds) within your serverless application?“
• take a data-driven approach selecting a performant architecture
• gather data on all aspects of the architecture
• review results on a cyclical basis
• make architectural trade-offs if needed (e.g. compression, caching)
• run performance and load testings including upstream services
• finetune serverless functions

#WISSENTEILEN

#WISSENTEILEN
„How have you optimized the performance of your serverless
application?“
• enable API Gateway caching
• enable in-memory DB caching (e.g. DAX)
• avoid full scan operations on NoSQL DBs via indexes
• test performance with accurate sized sample workload
• leverage global scope within functions to take advantage of
container reuse (e.g. DB Connections, Cloud Service Connections)

#WISSENTEILEN
active container available
for this Lambda that isn‘t busy
processing another event?
YES NO
invocation
After new container is created:
• function code package downloaded
• Lambda runtime environment started

#WISSENTEILEN
ping
ping
ping
ping
AWS
Lambda
CloudWatch
Event

#WISSENTEILEN
„How do you decide what components of your serverless application
should be deployed in a VPC?“
• check for cloud-risk data
• check for access to the VPC located components
• avoid VPC whenever possible

#WISSENTEILEN
1
Operational
Excellence
2
Security
3
Reliability
4
Performance
Efficiency
5
Cost
Optimization
The continual process of refinement and improvement of a
system over its entire lifecycle to build and operate a cost-
aware system.

#WISSENTEILEN
Cost Optimization
„What is your strategy for deciding the most optimal serverless
function memory allocation?“
• fine-tune memory allocation due to costs based on gathered data

#WISSENTEILEN
Cost Optimization

#WISSENTEILEN
Cost Optimization
„What is your strategy for code logging in your serverless functions?“
• NOTE: logging impacts costs (ingestion and storage)
• remove unnecessary print statements in code
• use log levels and environment variables
• define log retention periods
• export old logs to cost-effective „archive“-storage

#WISSENTEILEN
Cost Optimization
„Is your code architecture running unnecessary serverless functions
in order to reduce complexity?“
• use API Gateway service proxy
• prefer direct integration over custom functions
• optimze code due to execution time

#WISSENTEILEN
Cost Optimization
„How to optimize your code to run in the least amount of time
possible?“
• use step functions instead of serverless functions for orchestration
to avoid the serverless function waiting for a resource to become
available*
*pay per state change not per milliseconds

#WISSENTEILEN
Don‘t pay
idle!

Kontakt
LARS RÖWEKAMP
CIO NEW TECHNOLOGIES
lars.roewekamp@openknowledge.de
+49 (0)441 4082 – 101
@mobileLarson
@_openknowledge
OFFENKUNDIGGUT
#WISSENTEILEN

Bildnachweise
#001: © chanchai howharn – shutterstock.con
#004: © wacebreak media – shutterstock.com
#014: © RichVintage – istockphoto.com
#020: © foxaon1987 – shutterstock.com
#021: © Guido van Nispen – Wikipedia
#022: © Framework Wonderland – shutterstock.com
#036: © vasakna – fotolia.com
#059: © print10 – istockphoto.com
#069: © pathdoc - fotolia.com
#110: © Myvisuals – shitterstock.com
#180: © tomer_turjeman – fotolia.com
#WISSENTEILEN

Serverless Architectures: Ein Survival Guide

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (20)

Ähnlich wie Serverless Architectures: Ein Survival Guide

Ähnlich wie Serverless Architectures: Ein Survival Guide (20)

Mehr von OPEN KNOWLEDGE GmbH

Mehr von OPEN KNOWLEDGE GmbH (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Serverless Architectures: Ein Survival Guide