assets.infoq.com /newsletter/architect/en/newsletter_sample/10Architects-NL-April2018.

html

The Software Architects Newsletter

11-13 minutes

We are delighted to be able to share our ninth monthly architects' newsletter with you, which we will send on the last Friday of every month. InfoQ
strives to facilitate the spread of knowledge and innovation within this space, and in this newsletter we aim to curate and summarise key learnings
from news items, articles and presentations created by industry peers, both on InfoQ and across the web. We aim to keep readers informed and
educated about emerging trends, peer-validated early adoption of technologies, and architectural best practices, and are always keen to receive
feedback from our readers.

News

The Present and Future of Serverless Observability

At QCon London, Yan Cui provided an overview of the challenges of observing a serverless architecture, and discussed the tradeoffs to consider, the
current state of the tooling for serverless observability, and also examined new and proposed tooling to help with the current challenges.

Attempting to observe Function-as-a-Service (FaaS) serverless applications can present many challenges. First, there is nowhere to install monitoring
agents anymore, and no opportunity for background processing, and so if you want to send telemetry data this has to be done during a function's
invocation when the user is still waiting on a (potentially business critical) response.

Second, The deep integration between AWS Lambda and AWS Kinesis has made event-driven architectures much easier to implement within the
AWS ecosystem, and patterns like CQRS have become much simpler to implement in practice. However, tracing function invocations through
asynchronous event sources like AWS Kinesis is not easy, and is not currently supported out-of-the-box by existing tools like Amazon X-Ray.

Cui concluded by stating that serverless observability tooling has become better over the past year, and that "through the work by many smart people,
more and more developers are waking up to the new constraints and challenges around operations and observability" when it comes to serverless
technologies like AWS Lambda. FaaS technologies can provide many benefits, but architects must be aware of the potential tradeoffs.

Serverless IoT @iRobot

At QCon San Francisco 2017, Ben Kehoe discussed the benefits of the Internet of Things (IoT) paradigm when producing constantly connected
devices, and argued that serverless technology (and the associated event-driven architecture) is a natural fit within this domain. In this recently
released video of the talk, Kehoe argued that serverless is "cheaper, faster, leaner, better", but he also cautioned that deployment of serverless
applications is still not a completely solved problem, and observability is particularly challenging, as your call graph is now your (distributed)
component graph.

A key takeaway from the talk was that your organisation may have to adapt (a la Conway's Law) in order to take full advantage of the new
development paradigm, and expectations of the effort required and associated Total Cost of Ownership (TCO) should be set with senior stakeholders
upfront. Kehoe also warned that the "cloud has weather", and so engineers must design mitigation strategies into systems that cope with the
ephemeral nature of infrastructure and hard-to-predict faults.

AWS Serverless Application Model (SAM) Implementation is Now Open-source

The AWS Serverless Application Model (SAM) implementation is now available under the open source Apache 2.0 license. AWS SAM extends AWS
CloudFormation to provide a simplified way of defining the resources needed by your serverless application. The SAM implementation is the code that
translates SAM templates into AWS CloudFormation stacks. Previously, developers could submit feature requests to the SAM specification, but now
can contribute new features and enhancements by forking the SAM repository on GitHub, and proposing changes to the implementation by creating a
pull request.

Amazon Launches AWS Secrets Manager to Securely Store, Distribute, and Rotate
Credentials
Amazon recently announced the launch of the AWS Secrets Manager, which makes it easy for customers to store and retrieve secrets using an API or
the AWS Command Line Interface (CLI). The AWS Secrets Manager enables users to centralize the management of secrets of distributed services
and applications, and customers can rotate their credentials with the built-in schedule feature or custom Lambda functions. Users of AWS Secrets
Manager can manage access to secrets using a fine-grained set of IAM policies, control the lifecycle of secrets, and secure and audit secrets centrally.
This a managed service with a pay-as-you-go model and available in most regions.

Building Azure Functions With F# Script and Visual Studio Code

In a series of blog posts Mike Sigsworth presents the steps required to create a simple Azure Function using F# Script, VS Code, and v1 of the Azure
Functions Core Tools. The series provides information on what you need to install, all the way through creating the function, testing locally, and
ultimately deploying it to an Azure account.
How to Build your Own Serverless Platform
Tomasz Janczuk has recently posted on Medium an article that explains "how to build your own serverless platform", based on his lessons learned
from working on Auth0 Extend in recent years. Janczuk states that after you have implemented the design detailed in this post on a cloud vendor's
infrastructure, you will have a functioning, multi-tenant serverless platform that can power the serverless webhooks of your SaaS. However, he
cautions that the operations of a serverless solution like the one described in this post "is a project in itself, in many respects just as complex as the
solution". He plans to cover this in a future post.

Can Open-Source Serverless Be Simpler than AWS Lambda?

In a recent TheNewStack article Yaron Haviv argued that “open-source serverless is not always as integrated as cloud provider services, but it gives
you far more choices in setting your own parameters, choosing which data or API gateways you want to use, local debugging, avoiding cold starts if
you want, and it’s faster”. Haviv provides an example test case using the Nuclio serverless event and data processing platform, in order to support his
arguments.

This edition of The Software Architects' Newsletter is brought to you by:

NGINX

Scaling with Kubernetes

In Kubernetes, scaling can mean different things to different users. We distinguish between two cases:

• Cluster scaling, sometimes called infrastructure-level scaling, refers to the (auto- mated) process of adding or removing worker nodes based on
cluster utilization.
• Application-level scaling, sometimes called pod scaling, refers to the (automated) process of manipulating pod characteristics based on a variety
of metrics, from low-level signals such as CPU utilization to higher-level ones, such as HTTP requests served per second, for a given pod. Two
kinds of pod-level scalers exist:
◦ Horizontal Pod Autoscalers (HPAs), which increase or decrease the number of pod replicas depending on certain metrics.
◦ Vertical Pod Autoscalers (VPAs), which increase or decrease the resource requirements of containers running in a pod.

Case Study

Simple Serverless eCommerce: Tutorial with the Square Checkout API

In a recent Medium post "Super Simple Serverless eCommerce", Richard Moot, engineer at Square, writes that a lot of mainstream companies have
begun using serverless in order to enhance their tech stacks (e.g., Nordstrom, Netflix, and Coca-Cola). He discusses that although it may initially
appear that serverless is just a growing fad, this was the same line of thought many people had about Node until Walmart launched a new site before
Black Friday. We might be approaching a "similar inflection point for serverless" to rapidly improve the speed of development and scale that Node has
been able to accomplish.

The article presents a simple tutorial on how to create serverless functions to allow customers to instantly checkout and buy an item from a Square
store. The tutorial begins with creating a static site on S3, and then moves on to creating AWS Lambda functions, before creating AWS API Gateway
endpoints to allow customers to instantly checkout using the Square Checkout API.

Moot discusses that there appears to be widespread misunderstanding around serverless computing and what it is comprised of, and that it is worth
clarifying that there is a difference between The Serverless Framework (which is used within the tutorial) and the serverless computing paradigm. The
Serverless Framework is just a tool that can be used to facilitate creating, deploying, and managing your serverless functions that you create with your
desired cloud provider. Serverless computing is a reference to a cloud provider dynamically managing the allocation of machine resources.

Much like Node, Moot argues, serverless is suffering from the same desire to "do all the things". Node is known for being really bad at handling CPU-
intensive tasks due to its single-threaded nature, and the same goes for using serverless for user facing interactions or APIs: "Users expect things to
be responsive, and cold starts kill the expected responsiveness". You can certainly try to circumvent this by keeping your functions warm, but this
"smells like an anti-pattern".

"The whole benefit of serverless is to not have to be as concerned with your infrastructure, yet people are writing more code to modify their
infrastructure's behavior that they don't really have control over".

Concluding the article, Moot cautions that if you plan to use serverless for user-facing applications, you must look carefully at your user traffic patterns
to your endpoints, as this dictates the overall user experience. A constant amount of traffic would provide a good use case - functions stay warm, and
a very small percentage of users would be impacted by a slow response - but if you have particularly spiky traffic, the user experience will suffer as
your platform provider is spinning up additional instances of your function to service your traffic.

To get notifications when InfoQ publishes content on this topic follow Serverless on InfoQ.

This is the ninth issue of a monthly newsletter, focusing exclusively on software architecture. We thought it would be valuable for you to get a quick
overview of things you might like to keep an eye on. If this is not the case, you can unsubscribe using the link below.

Forwarded email? Subscribe and get your own copy.