Agile Australia 2014: Workshop - Design and Implementation of Microservices

Scott Shaw

@scottwshaw
Sam Newman
@samnewman

Schedule
• 09:00 - 10:30 Session 1

• 10:30 - 10:45 Break

• 10:45 - 12:00 Session 2

• 12:00 - 13:15 Lunch

• 13:15 - 15:00 Session 3

• 15:00 - 15:30 Break

• 15:30 - 17:00 Session 4

09:00 - 10:30 Session 1
• Introduction

• Icebreaker

• Why Services

• Principes & Constraints

• Evolutionary Architecture

10:45 - 12:00 Session 2
• Integration

13:15 - 15:00 Session 3
• Splitting Services

• CAP & Transactions

• Testing & CDCs

• Operational Concerns

15:00 - 15:30 Session 4
• Deploying

• UI & Mobile

• Conway’s Law

• Security

http://www.ﬂickr.com/photos/55255903@N07/6835060992

http://www.ﬂickr.com/photos/sailbit/3409405778/

or: are we building systems that are too big?

90% of the TCO of an application is incurred post launch

IT project-related losses are an embarrassment for the industry fund backers – AustralianSuper, Cbus, HOSTPLUS, HESTA and MTAA Super –
which pride themselves on low fees and improving member services. Illustration: Karl Hilzinger
A group of industry superannuation funds has revealed in accounts lodged with the Australian Securities and
Investments Commission that the cost of implementing a key IT project has blown out by another $43 million.
This means that a project that started in 2008 and was meant to be completed by 2010 will cost super fund members at
least $250 million and will be delivered at least four years late.
Superpartners, a super administration company owned by five industry retirement schemes, posted a $7.4 million loss
on revenues of $257 million for the 12 months ended June 30, after being forced to take a $20.4 million impairment
Superpartners’ botched IT project costs industry
super funds millions
Published 26 November 2013 01:17, Updated 27 November 2013 07:46
Sally Patten

we have to rewrite entire ecosystems every few years

we have to rewrite entire ecosystems every few years
this doesn’t make many CFO’s happy

Retail

Site
Departure

Control

Retail

Site
Departure

Control
48 Cores

!
256 GB RAM (NUMA)

!
~ $1 x 106 per machine

Airline
Tightly coupled
“Golden Hammer Syndrome”
Single point of failure
Expensive to scale
High operational cost
High cost of failure

Airline
Retail

Site
Departure

Control

Airline
Retail

Site
Departure

Control
X

HR
UI
"Middleware DB"
? ? ?
Data Warehouse
?
canned reports cubes / ad-hoc
UIUI
UI
Finance
UI
Views of
external
Data
Read only
external
data
Read only
external
dataDirect db access
Direct db access
Direct db access
Direct db access
Direct db access
Direct db access
Direct db access
Direct db access
SSO
UI / Service
AD
Direct db access
Direct db access
?

The stovepipe enterprise
Stovepipes)are)“systems)procured)and)developed)to)solve)a)speciﬁc)problem,)
characterized)by)a)limited)focus)and)func:onality,)and)containing)data)that)
cannot)be)easily)shared)with)other)systems.”)(DOE)1999))
DOE.%Commi*ee%to%Assess%the%Policies%and%Prac7ces%of%the%Department%of%Energy,%Improving%Project%
Management%in%the%Department%of%Energy,%Na7onal%Academy%Press,%Washington,%D.C.,%1999,%page%133.%

HR
UI
"Middleware DB"
? ? ?
Data Warehouse
?
UIUI
UI
Finance
UI
Views of
external
Data
Read only
external
data
Read only
external
Direct db access
Direct db access
Direct db access
Direct db access
Direct db access
Direct db access
Direct db access
SSO
UI / Service
AD
Direct db access
Direct db access
?
HR
UI
"Middleware DB"
? ? ?
Data Warehouse
?
UIUI
UI
Finance
UI
Views of
external
Data
Read only
external
data
Read only
external
Direct db access
Direct db access
Direct db access
Direct db access
Direct db access
Direct db access
Direct db access
SSO
UI / Service
AD
Direct db access
Direct db access
?
HR
UI
"Middleware DB"
? ? ?
Data Warehouse
?
UIUI
UI
Finance
UI
Views of
external
Data
Read only
external
data
Read only
external
Direct db access
Direct db access
Direct db access
Direct db access
Direct db access
Direct db access
Direct db access
SSO
UI / Service
AD
Direct db access
Direct db access
?
HR
UI
"Middleware DB"
? ? ?
Data Warehouse
?
Finance
UI
Views of
external
Data
Read only
external
data
Read only
external
Direct db access
Direct db access
Direct db access
SSO
UI / Service
AD
Direct db access
?
HR
UI
"Middleware DB"
? ? ?
Data Warehouse
?
UIUI
UI
Finance
UI
Views of
external
Data
Read only
external
data
Read only
external
Direct db access
Direct db access
Direct db access
Direct db access
Direct db access
Direct db access
Direct db access
SSO
UI / Service
AD
Direct db access
Direct db access
?
HR
UI
"Middleware DB"
? ? ?
Data Warehouse
?
UIUI
UI
Finance
UI
Views of
external
Data
Read only
external
data
Read only
external
Direct db access
Direct db access
Direct db access
Direct db access
Direct db access
Direct db access
Direct db access
SSO
UI / Service
AD
Direct db access
Direct db access
?
HR
UI
"Middleware DB"
? ? ?
Data Warehouse
?
UIUI
UI
Finance
UI
Views of
external
Data
Read only
external
data
Read only
external
Direct db access
Direct db access
Direct db access
Direct db access
Direct db access
Direct db access
Direct db access
SSO
UI / Service
AD
Direct db access
Direct db access
?
HR
UI
"Middleware DB"
? ? ?
Data Warehouse
?
Finance
UI
Views of
external
Data
Read only
external
data
Read only
external
Direct db access
Direct db access
Direct db access
SSO
UI / Service
AD
Direct db access
?
HR
UI
"Middleware DB"
? ? ?
Data Warehouse
?
UIUI
UI
Finance
UI
Views of
external
Data
Read only
external
data
Read only
external
Direct db access
Direct db access
Direct db access
Direct db access
Direct db access
Direct db access
Direct db access
SSO
UI / Service
AD
Direct db access
Direct db access
?
HR
UI
"Middleware DB"
? ? ?
Data Warehouse
?
UIUI
UI
Finance
UI
Views of
external
Data
Read only
external
data
Read only
external
Direct db access
Direct db access
Direct db access
Direct db access
Direct db access
Direct db access
Direct db access
SSO
UI / Service
AD
Direct db access
Direct db access
?
HR
UI
"Middleware DB"
? ? ?
Data Warehouse
?
UIUI
UI
Finance
UI
Views of
external
Data
Read only
external
data
Read only
external
Direct db access
Direct db access
Direct db access
Direct db access
Direct db access
Direct db access
Direct db access
SSO
UI / Service
AD
Direct db access
Direct db access
?
HR
UI
"Middleware DB"
? ? ?
Data Warehouse
?
Finance
UI
Views of
external
Data
Read only
external
data
Read only
external
Direct db access
Direct db access
Direct db access
SSO
UI / Service
AD
Direct db access
?
HR
UI
"Middleware DB"
? ? ?
UIUI
UI
Finance
UI
Views of
external
Data
Read only
external
data
Read only
external
Direct db access
Direct db access
Direct db access
Direct db access
Direct db access
Direct db access
UI / Service
Direct db access
Direct db access
HR
UI
"Middleware DB"
? ? ?
UIUI
UI
Finance
UI
Views of
external
Data
Read only
external
data
Read only
external
Direct db access
Direct db access
Direct db access
Direct db access
Direct db access
Direct db access
UI / Service
Direct db access
Direct db access
HR
UI
"Middleware DB"
? ? ?
UIUI
UI
Finance
UI
Views of
external
Data
Read only
external
data
Read only
external
Direct db access
Direct db access
Direct db access
Direct db access
Direct db access
Direct db access
UI / Service
Direct db access
Direct db access
HR
UI
"Middleware DB"
? ? ?
Finance
UI
Views of
external
Data
Read only
external
data
Read only
external
Direct db access
Direct db access
UI / Service
Direct db access

HR
UI
"Middleware DB"
? ? ?
Data Warehouse
?
UIUI
UI
Finance
UI
Views of
external
Data
Read only
external
data
Read only
external
Direct db access
Direct db access
Direct db access
Direct db access
Direct db access
Direct db access
Direct db access
SSO
UI / Service
AD
Direct db access
Direct db access
?
Logic scattered all over the place
Data scattered all over the place
Difﬁcult to predict the effect of changes
Which system is right?
BI / MI almost impossible to get at

standing on the
shoulders of giants

Engineering for:

reliability and availability
Devops
circuit breakers, health checks,
status pages

Strategic Design
Bounded Contexts
“town planning”

web integration
application protocols
HATEOAS

infrastructure
automation
patterns for push
button deployments
the lean software
value stream

Summary
We understand more about building reliable distributed systems
cloud compute and programmable infrastructure has matured
organisations need to adapt and change quickly to survive
we spend too much money on building monoliths

“Just enough
architecture”

Would you build a playground
next to a power station?

Would you build a playground
next to a power station?
a sewage works next to Macy’s?

and it would be a bad idea not to use the same language
for stop signs...

emergent design is within the zones

evolutionary architecture is in the gaps
emergent design is within the zones

• Things to think about:

• Concentrate on the business capabilities

• technical acronyms make us think the
wrong way

• What are the common features?
Integration methods?

• What different types of data live where?

it can be a single system and its
component parts or chunking
up to how your systems
integrate with others
and if you can’t remember thats ok too, we don’t want
perfect, just something to work with

Summary
do just enough up front
evolutionary architecture is in the gaps
emergent design is in the boxes

The Triﬂe
Musik Web
Persistence

“A set of capabilities on an
endpoint”

"The delimited applicability of a
particular model. BOUNDING
CONTEXTS gives team members a
clear and shared understanding of what
has to be consistent and what can
develop independently."

A speciﬁc responsibility
enforced by explicit
boundaries
!
http://www.sapiensworks.com/blog/post/
2012/04/17/DDD-The-Bounded-Context-
Explained.aspx

Add to cart
Checkout
View Latest

Releases

Add to cart
Checkout
View Latest

Releases
Search

Add to cart
Checkout
View Latest

Releases
Search
Listen To Previews

Add to cart
Checkout
View Latest

Releases
Search
Listen To Previews
Shopping Cart Catalog
Music Library

Hexagonal Architectures
83
bounded contexts all the way down (and back up
again)

Object
James’ conjecture
“objects should be no bigger than my head”

as we chunk up domains of abstraction, each
domain should be small enough to ﬁt in my head

93
in this case, it meant 100’s of lines of code per application

to build systems is to make trade-oﬀs

throughput vs cost

throughput vs cost
portability vs deployability

throughput vs cost
replacability vs maintainability

throughput vs cost
replacability vs maintainability
evolutionary architecture and emergent design are
approaches that maximise ﬂex

you want to maximise the degrees of
freedom of your system

The idea of architecture principles is
to try and balance these tradeoffs

to try and balance short term gain with longer term strategic goals

Where trade offs have to be made they should be done so
visibility and consciously

They should move you towards a state where the tradeoffs don’t
happen so often or have such large impact


They should be driven by the goals of the business


for the next 18-24 months


for the next 18-24 months
any longer and you are only fooling yourself

and if you don’t know what your business goals are...

and if you don’t know what your business goals are...
may we respectfully suggest that you go and
ﬁnd them out!

The idea of constraints is to allow your teams the freedom to make decisions
within a consistent framework

this is not about “not allowed to break them”, this is about having a
conversation

conversation
these work best when backed up by tooling that makes it easy to do the
right thing

conversation
these work best when backed up by tooling that makes it easy to do the
right thing
shall we take a look at some examples?

Heroku’s 12 factors are a mixture of principles and
constraints
http://www.12factor.net/

never return directly from a POST

favour choreography over orchestration

don’t share domain code (and physically separate the
codebases to ensure this)

scale using processes, not threads

scale using processes, not threads
don’t use session state

Two Key Attributes Of A
Good Service

1. High Cohesion
!
2. Loose Coupling

Otherwise…
http://www.ﬂickr.com/photos/mikecogh/4472054494/

Integration Styles
An Evolutionary View
Data Oriented
Procedure
Oriented
Document
Oriented
Resource
Oriented

DB Schema
Recomendation

Service
MusicShopMono

DB Schema
Recomendation

ServiceMusicShopMono

DB Schema
Recomendation

ServiceMusicShopMono
No loose coupling!

DB Schema
Recomendation

Service
MusicShopMono
DB Schema
Magic ETL

HR
UI
"Middleware DB"
? ? ?
Data Warehouse
?
UIUI
UI
Finance
UI
Views of
External
Data
Read only
data
Read only
data
Direct db access
Direct db access
Direct db access
Direct db access
Direct db access
Direct db access
Direct db access
Direct db access
SSO
UI / Service
AD
Direct db access
Direct db access
which is ok until...
and yes, this is a real world example...

HR
UI
"Middleware DB"
? ? ?
Data Warehouse
?
UIUI
UI
Finance
UI
Views of
External
Data
Read only
data
Read only
data
Direct db access
Direct db access
Direct db access
Direct db access
Direct db access
Direct db access
Direct db access
Direct db access
SSO
UI / Service
AD
Direct db access
Direct db access
changing anything is really really hard

HR
UI
"Middleware DB"
? ? ?
Data Warehouse
?
UIUI
UI
Finance
UI
Views of
external
Data
Read only
external
data
Read only
external
Direct db access
Direct db access
Direct db access
Direct db access
Direct db access
Direct db access
Direct db access
SSO
UI / Service
AD
Direct db access
Direct db access
?
different types of data are smeared about

systems like this are brittle
HR
UI
"Middleware DB"
? ? ?
Data Warehouse
?
UIUI
UI
Finance
UI
Views of
external
Data
Read only
external
data
Read only
external
Direct db access
Direct db access
Direct db access
Direct db access
Direct db access
Direct db access
Direct db access
SSO
UI / Service
AD
Direct db access
Direct db access
?

difﬁcult to reason aboutHR
UI
"Middleware DB"
? ? ?
Data Warehouse
?
UIUI
UI
Finance
UI
Views of
external
Data
Read only
external
data
Read only
external
Direct db access
Direct db access
Direct db access
Direct db access
Direct db access
Direct db access
Direct db access
SSO
UI / Service
AD
Direct db access
Direct db access
?

difﬁcult to reason about
difﬁcult to change
HR
UI
"Middleware DB"
? ? ?
Data Warehouse
?
UIUI
UI
Finance
UI
Views of
external
Data
Read only
external
data
Read only
external
Direct db access
Direct db access
Direct db access
Direct db access
Direct db access
Direct db access
Direct db access
SSO
UI / Service
AD
Direct db access
Direct db access
?

difficult to reason about
difficult to change
difficult to maintain
HR
UI
"Middleware DB"
? ? ?
Data Warehouse
?
UIUI
UI
Finance
UI
Views of
external
Data
Read only
external
data
Read only
external
Direct db access
Direct db access
Direct db access
Direct db access
Direct db access
Direct db access
Direct db access
SSO
UI / Service
AD
Direct db access
Direct db access
?

method calls across a
process boundary

consider a client invoking the createUser endpoint

createUser(id, !
firstName, !
lastName,!
address)
consider a client invoking the createUser endpoint

other clients can use the same call as the ﬁrst
createUser(id, !
firstName, !
lastName,!
address)

other clients can use the same call as the ﬁrst
createUser(id, !
firstName, !
lastName,!
address)
so far so good

but what happens when you want to change
how one of the clients calls your service?

but what happens when you want to change
how one of the clients calls your service?
maybe I don’t want to use ﬁrst name
and last name anymore

I want to use the ‘fullname’
createUser(id, !
firstName, !
lastName,!
address)
createUserByFullname(!
id, !
fullName,!
address)

or I want to specify address individually
createUser(id, !
firstName, !
lastName,!
address)
createUserByFullname(!
id, !
fullName,!
address)
createUserByFullnameAnd
Address(!
id, !
fullName,!
street1,!
street2,!
zipcode)

one of two things tends to happen with
systems of this type

1. you end up with very long service deﬁnitions

1. you end up with very long service deﬁnitions
2. coordination of changes to clients becomes
difﬁcult

1. speciﬁcations quickly become very very
long and a nightmare to maintain

createUserWithFullname(...)

createUser(...)

createUser(...)
createUserWithFullnameAndAddress
(...)

createUser(...)
(...)
createUserWithAddress(...)

createUser(...)
(...)
createUserWithAddress(...)
every time I want to change some logic, I have to change every
method call

2. you have to coordinate the release
cycles of your clients
createUser(id, !
firstName, !
lastName,!
address)

createUser(id, !
firstName, !
lastName,!
address)
createUser(id, !
fullname, !
address)
@deprecated

createUser(id, !
firstName, !
lastName,!
address)
createUser(id, !
fullname, !
address)
@deprecated
and if you have many clients, thats no easy
task

Who can tell me
about RFC 761?

Postel’s Law:
“Be liberal in what you do,
conservative in what you
expect”

Practical impact of this
- only bind to what you
need to reduce
breaking service
consumption

Service B
Service A
Shared Lib v1
Shared Lib v1

Service B
Service A
Shared Lib v1
Shared Lib v1
Shared Lib v2

Service B
Service A
Shared Lib v1
Shared Lib v1
Shared Lib v2
Beware of shared
serialization protocols

Service B
Service A
Shared Lib v1
Shared Lib v1
Shared Lib v2
Beware of shared
WSDL-binding

Service B
Service A
Shared Lib v1
Shared Lib v1
Shared Lib v2
Beware of shared
WSDL-binding
JAXB

Service B
Service A
Shared Lib v1
Shared Lib v1
Shared Lib v2
Beware of shared
WSDL-binding
JAXB
Java Serialization

a bit like going back to the 50’s enterprise
(AMC / Associated Press)

a bit like going back to the 50’s enterprise
except without the smoking and the rampant misogyny
(AMC / Associated Press)

back in the day, if you wanted to book a
holiday, you didn’t go onto your
corporate intranet to do it right?

you went to the cupboard

and you pulled out one of these

and you pulled out one of these
and you ﬁlled it in

james’ holiday request
form
and then you sent it to the HR department

james’ holiday request
form
and then you sent it to the HR department
where it was processed, and eventually you got
another envelope back containing the approval

and messaging is a bit like that

asynchronous

asynchronous
after all, you wouldn’t want to block waiting for internal mail right?

incidentally, I wasn’t actually there in the 50’s. I just have this on good
authority
asynchronous
after all, you wouldn’t want to block waiting for internal mail right?

generally you create a message composed of a document

and you push it onto some kind of queue

systems interested in your documents can pop those
documents and act on them

and return them should that be the semantics of the
exchange

the documents allowed additive changes to
be made without breaking existing clients

If you want to add a ﬁeld, you can do so as long as
clients are late bound to the documents

If you want to add a ﬁeld, you can do so as long as
clients are late bound to the documents
and if you want to rename something, you can do
that easily too (add another one with the same name)

and the asynchronous nature decouples the
applications from each other

you can change this

you can change this
without breaking this

of course, there is a teensy bit
more to it than that...

Channel Adapter
Channel
Datatype
Channel
Dead Letter
Channel
Guaranteed
Delivery
!
Invalid Message
Channel
Message
Bus
Messaging
Bridge
Publish
Subscribe
Channel
Aggregator
Content Based
Router
Composed
Message
Message
FIlter
Message
Router
Recipient List
Process
Manager
Splitter Routing SlipResequencer
Competing
Consumers
Message Endpoint
Durable
Subscriber
Event-Driven
Consumer
Message
Dispatcher
?
Selective
Consumer
Service
Activator
Polling
Consumer
Transactional
Client
Messaging
Gateway
quite a lot more to
be perfectly frank

Getting async comms
right can be hard!

And can require the
dreaded ‘middleware’

So when to use it?
Long-running jobs

So when to use it?
Long-running jobs
Alternative scaling

So when to use it?
Long-running jobs
Alternative scaling
Resiliency

So when to use it?
Long-running jobs
Alternative scaling
Resiliency
Broadcast

So when to use it?
Long-running jobs
Alternative scaling
Resiliency
Broadcast
Low-latency

Let’s take a look at the world’s most
successful, distributed, scalable
computing system for some tips

The Web
http://www.ﬂickr.com/photos/photophilde/4527076709/

Client cache
Proxy cache CDN Infrastructure

caches
Reverse proxy

cache

Leonard Richardson’s maturity
heuristic

Leonard Richardson’s maturity
heuristic
http://martinfowler.com/articles/richardsonMaturityModel.html

Level 0 - POX single service endpoint, many
methods

methods

createUser(...)
methods

createUser(...)
updateUserById(...)
methods

createUser(...)
updateUserById(...)
updateUserByFullName(...)
methods

createUser(...)
updateUserById(...)
deleteUserById(...)
methods

createUser(...)
updateUserById(...)
deleteUserById(...)
methods
findUserById(...)

• Level 1 tackles the question of handling complexity
by using divide and conquer, breaking a large
service endpoint down into multiple resources.

!
!
• Level 2 introduces a standard set of verbs so that
we handle similar situations in the same way,
removing unnecessary variation.

Level 2 - HTTP verbs
getUserById(...)

Level 2 - HTTP verbs
getUserById(...)
GET /users/f3c2ac

• Level 3 introduces discoverability, providing a
way of making a protocol more self-documenting.

What if consumers of a service
could act in the same way?

scottwshaw / gist:ee875a6018e1676b36ad
Last active 22 minutes ago
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
var
jsonpath
=
require('JSONPath');

var
version1
=
{"results":

{"link":
{"uri":
"http://musikshop.com/search/artist=the%20brakes",

"rel":
"self"},

"releases":
[{"release":
"Tale
of
Two
Cities",

"year":
"2008",

"link":
{"uri":
"http://musikshop.com/api/cmVsZWFzZXMvMQ==",

"rel":
"http://musikshop.com/rels/release"}},

{"release":
"The
Brakes",

"year":
"2006",

"link":
{"uri":
"http://musikshop.com/api/cmVsZWFzZXMvMg==",

"rel":
"http://musikshop.com/rels/release"}}]}};

jsonpath.eval(version1,
"$..[?(@.rel=='http://musikshop.com/rels/release')]");
gistfile1.json
A Document with Hypermedia
Links

A non-breaking change to the
service contract
scottwshaw / gist:d531a3f35de01ea45644
Last active 20 minutes ago
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
var
jsonpath
=
require('JSONPath');

var
version2
=
{"results":
{

"link":
{"uri":
"http://musikshop.com/search/artist=the%20brakes",

"rel":
"http://musikshop.com/rels/self"},

"fullLengthReleases":
[{"release":
"Tale
of
Two
Cities",

"year":
"2008",

"link":
{"uri":
"http://musikshop.com/api/cmVsZWFzZXMvMQ==",

"rel":
"http://musikshop.com/rels/release"}}],

"EPReleases":
[{"release":
"The
Brakes",

"year":
"2006",

"link":
{"uri":
"http://musikshop.com/api/cmVsZWFzZXMvMg==",

"rel":
"http://musikshop.com/rels/release"}}]}}

jsonpath.eval(version2,
"$..[?(@.rel=='http://musikshop.com/rels/release')]");

gistfile1.json

In practice most people end up here
Aim high!

This stuff is hard to change later - so do
your research and pick principles that
make sense for you

Go read more!
http://martinfowler.com/articles/richardsonMaturityModel.html
http://www.crummy.com/writing/speaking/2008-QCon/

Summary
• REST over HTTP is best - aim high!
• Messaging is cool, but can be hard
• Whatever you do, think lazy binding!

MusikShopMono
Warehouse Finance
Catalog Recommendation

DB
MusikShopMono
Warehouse Finance
Repository

DB
MusikShopMono
Warehouse Finance

Catalog
Line Items
MusikShopMono

Catalog Finance
Line Items
MusikShopMono

Catalog Finance
Line Items Ledger
MusikShopMono

MusikShop
System
Finance ServiceCatalog Service

MusikShop
System
Line Items

MusikShop
System
Line Items Ledger

Country Codes
MusikShopMono
Finance
Warehouse
Catalog

Catalog
Finance
Warehouse
Country Codes
Country Codes
Country Codes
MusikShopMono

Catalog
Finance
Warehouse
MusikShopMono

Finance Warehouse
Customer Record
MusikShopMono

Finance Warehouse
Customer Record
MusikShop

Finance Warehouse
Customer Record
Customer
MusikShop

Warehouse ServiceFinance Service
MusikShop
System
Customer Service

Catalog Warehouse
Item
MusikShop

Catalog Warehouse
Item
MusikShop
Bee Gees Hits | $4.99 | 45

Catalog Warehouse
Catalog Item
MusikShop
Stock Levels

@samnewman
Summary
• Split around bounded contexts

• Make small, incremental changes

• Split inside the process boundary before
splitting out services

• Start coarse-grained

It is impossible for a distributed computer system
to simultaneously provide all three of the following
guarantees:
http://en.wikipedia.org/wiki/CAP_theorem
• Consistency (all nodes see the same data at the same time)

• Availability (a guarantee that every request receives a response about
whether it was successful or failed)

• Partition tolerance (the system continues to operate despite arbitrary
message loss or failure of part of the system)

Partition Tolerance
The system continues to operate despite arbitrary message
loss or failure of part of the system
Typically, we need this - so end up trading off the other two

Node 1
Inventory Service
Master DB
dc1
Node 2
Slave DB
dc2
Load Balancer

Option 1: Keep Node 2 serving trafﬁc
Node 1
Master DB
Node 2
Slave DB
Load Balancer
Inventory Service

Data is potentially
stale, but, we keep
Node 2 up Node 1
Master DB
Node 2
Slave DB
Load Balancer
Inventory Service

Data is potentially
stale, but, we keep
Node 2 up
We have
sacriﬁced
consistency for
availability
Node 1
Master DB
Node 2
Slave DB
Load Balancer
Inventory Service

Option 2: Remove Node 2 from service
Node 1
Master DB
Node 2
Slave DB
Load Balancer
Inventory Service

Option 2: Remove Node 2 from service
Node 1
Master DB
Node 2
Slave DB
Load BalancerNow we have
had to degrade
availability to
ensure
consistency
Inventory Service

What about sacriﬁcing
Partition Tolerance?

So in general, we talk
about CP or AP systems

Node 1 Node 1
Catalog
Service
Web Shop
Node 1 & 2 will have the
same catalog ‘eventually’

Node 1 Node 1
Catalog
Service
Web Shop
ttl: 5 mins
12:00

Node 1 Node 1
Catalog
Service
Web Shop
ttl: 5 mins
12:00
Update12:02

Node 1 Node 1
Catalog
Service
Web Shop
ttl: 5 mins
12:00
Update12:02
ttl: 5 mins
12:03

http://nathanmarz.com/blog/how-to-beat-the-cap-theorem.html

It’s Maths
http://lpd.epﬂ.ch/sgilbert/pubs/BrewersConjecture-SigAct.pdf

http://ferd.ca/beating-the-cap-theorem-checklist.html

You entire system
doesn’t need to be CP
or AP!

Catalog
Web Shop
Payment
ttl: 5 mins
Customer

Web Shop
Master DB
* - http://blogs.msdn.com/b/pathelland/archive/2007/05/15/memories-guesses-and-apologies.aspx

Web Shop
Master DB
Let us consider a read

Web Shop
Master DB
Is this ‘consistent’?

Web Shop
Master DB
Is this ‘consistent’?
We should see this
data as a memory* - we
see this data as it was,
we can’t (easily ) be
sure what it is now

Consistency = locks
locks in distributed systems are hard
and they are the enemy of scaling

https://static.googleusercontent.com/external_content/untrusted_dlcp/research.google.com/en//archive/chubby-osdi06.pdf

Web Shop
Inventory
Payment
Gateway
http://www.ﬂickr.com/photos/63702881@N00/5038034651/

Web Shop
Inventory
Payment
Gateway
r
http://www.ﬂickr.com/photos/63702881@N00/5038034651/

Transaction Club
• The ﬁrst rule is…don’t!

• If you really, really, really have to, consider
merging services ﬁrst

Summary
• Understand if consistency or availability is
important - and this is normally a business
decision!

• It isn’t all or nothing

• Avoid distributed transactions if you can

TESTING &
DEPLOYING
MICROSERVICES
Microservices Workshop
60

61
Accounts
Returns
Invoicing
Shipping
Inventory
Customer
Service

63
Small
Medium
Large
TEST PYRAMID
Increasing Scope
More Conﬁdence
Faster!
Better Isolation

6767
Small
Medium
Large
TEST SNOWCONE

69
Small
Medium
Large
Build
Tests
Tests
Source
Control
…
BUILD PIPELINE

69
Small
Medium
Large
Build
Tests
Tests
Source
Control
Faster Feedback
…
BUILD PIPELINE

69
Small
Medium
Large
Build
Tests
Tests
Source
Control
Faster Feedback
Binary Artifact(s)
…
BUILD PIPELINE

71
S/M TestsBuild Large Tests UAT Prod

71
DB
Machine CI Node
Large Tests Environment
Large Tests

72
DB
Machine
UAT Environment
Machine

73
Master
DB
Machine
Production Environment
Machine Machine Machine
Slave
DB

74
More Production Like

74
S/M TestsBuild Large Tests UAT ProdLarge Tests

74
Faster Feedback

75
Customer Service
S/M TestsBuild Large Tests

76
Customer
Service
Web Shop
Fulﬁlment
Service

76
Customer
Service
Web Shop
Fulﬁlment
Service
Large
Medium
Small

77
Customer
Service
Fulﬁlment
Service
Large
Medium
Small

77
Customer
Service
Large
Medium
Small
Fulﬁlment
Service
Stub

78
Mountebank
http://www.mbtest.org

79
mountebank
:2525
:5555
Customer
Service

80
Customer
Service
Fulﬁlment
Service
Stub

81
Customer
Service
V1
Web Shop
Fulﬁlment
Service

81
Web Shop
Customer
Service
v2
Fulﬁlment
Service

82
Customer
Service
Customer
Service
v1
Web Shop
v1
Production

82
S/M TestsBuild Large Tests Integration Test
Customer
Service
Customer
Service
v1
Web Shop
v1
Production

82
Customer
Service
Customer
Service
v1
Web Shop
v1
Production
Customer
Service
v2
Web Shop
v1
Integration
Test

83
Customer
Service
v1
Web Shop
v1
Production

83
Customer
Service
v1
Web Shop
v1
Production
Customer
Service
Customer
Service
v2

83
S/M TestsBuild Large TestsWeb Shop
Customer
Service
v1
Web Shop
v1
Production
Customer
Service
Customer
Service
v2

83
Customer
Service
v1
Web Shop
v1
Production
Customer
Service
Customer
Service
v2
Web Shop
v2

83
Customer
Service
v1
Web Shop
v1
Production
Customer
Service
Customer
Service
v2
Web Shop
v2
???

84
Customer
Service

84
Customer
Service
Integration Test

84
Customer
Service
Integration Test
Invoice
Service

84
Customer
Service
Integration Test
Invoice
Service
S/M TestsBuild Large TestsBasket

84
Customer
Service
Integration Test
Invoice
Service
S/M TestsBuild Large TestsBasket
S/M TestsBuild Large TestsFulﬁlment

85
Provisioning of Environments
Timing
Browsers

85
Networks
Timing
Browsers

85
Deployment
Networks
Timing
Browsers

85
Deployment
Networks
Timing
Browsers Diagnosis

88
John Allspaw: “Ops Metametrics” http://slidesha.re/dsSZIr

89
Integration Test Prod…
v1v2
v6
v4 = v10

92
Golden Rule:
Get good at releasing services independently

95
Customer
Service
Web Shop
Small
Medium
Large

95
Customer
Service
Web Shop
Small
Medium
Large
Consumer Driven Contracts

96
Customer
Service
Web Shop
Expectations

96
Customer
Service
Web Shop
Expectations
Prod

97
https://github.com/realestate-com-au/pact

98
Prod
Prod
Prod
Prod
QA
Good Monitoring

98
Prod
Prod
Prod
Prod
QA
Good Monitoring
Fast Remediation

99
Faster Feedback

100
DB
Machine CI Node
S/M TestsBuild Large Tests UAT ProdLarge TestsLarge Tests

100
DB
Machine CI Node
DB
Machine
UAT Environment
Machine
S/M TestsBuild Large Tests UAT ProdLarge Tests UAT

100
DB
Machine CI Node
DB
Machine
UAT Environment
Machine
Master
DB
Machine
Production Environment
Machine Machine Machine
Slave
DB
S/M TestsBuild Large Tests UAT ProdLarge Tests Prod

101
Faster Feedback

104
Ansible
Puppet
Chef
AWS
Digital Ocean

104
Ansible
Puppet
Chef
AWS
Digital Ocean
OpenStack

104
Ansible
Puppet
Chef
AWS
Digital Ocean
OpenStack
VMWare

104
Ansible
Puppet
Chef
AWS
Digital Ocean
OpenStack
VMWare
Vagrant

104
Ansible
Puppet
Chef
AWS
Digital Ocean
OpenStack
VMWare
Vagrant
Immutable Servers

104
Ansible
Puppet
Chef
AWS
Digital Ocean
OpenStack
VMWare
Vagrant
Immutable Servers
Fast Spin-up

104
Ansible
Puppet
Chef
AWS
Digital Ocean
OpenStack
VMWare
Vagrant
Immutable Servers
Fast Spin-up
Provider Agnostic

104
Ansible
Puppet
Chef
AWS
Digital Ocean
OpenStack
VMWare
Vagrant
Immutable Servers
Fast Spin-up
Provider Agnostic
Feedback Can Suﬀer

104
Ansible
Puppet
Chef
AWS
Digital Ocean
OpenStack
VMWare
Vagrant
Immutable Servers
Fast Spin-up
Provider Agnostic
Feedback Can Suﬀer
Cycle Time

105
Prod
Prod
Prod
Prod
Packer Images

105
Prod
Prod
Prod
Prod
“Machine”
Service
Packer Images

105
Prod
Prod
Prod
Prod
“Machine”
Service
“Machine”
Service Service
Packer Images

106

106
AWS

106
AWS
VMWare

106
AWS
VMWare
Vagrant

107
“Machine”
Service
Much Easier To Reason About

107
“Machine”
Service
Easier To Provision (Or Decommission)

107
“Machine”
Service
Fewer Side-eﬀects

107
“Machine”
Service
Fewer Side-eﬀects
Cost & Management Overhead!

107
“Machine”
Service
Fewer Side-eﬀects
Cost & Management Overhead!
AWS
Digital Ocean
OpenStack

108
Machine
STANDARD VIRTUALISATION

108
Machine
Base OS

108
Machine
Base OS
Hypervisor

108
Machine
Base OS
Hypervisor
VM

108
Machine
Base OS
Hypervisor
VM
OS

108
Machine
Base OS
Hypervisor
VM
OS
Apps

108
Machine
Base OS
Hypervisor
VM
OS
Apps
Packer Image

108
Machine
Base OS
Hypervisor
VM
OS
Apps
VM
OS
Apps
Packer Image

108
Machine
Base OS
Hypervisor
VM
OS
Apps
VM
OS
Apps
VM
OS
Apps
Packer Image

110
Machine
CONTAINER VIRTUALISATION

110
Machine
Base OS

110
Machine
Base OS
Container

110
Machine
Base OS
Container
OS

110
Machine
Base OS
Container
OS
Apps

110
Machine
Base OS
Container
OS
Apps
Container
OS
Apps

110
Machine
Base OS
Container
OS
Apps
Container
OS
Apps
Container
OS
Apps

110
Machine
Base OS
Container
OS
Apps
Container
OS
Apps
Container
OS
Apps
Linux Only

110
Machine
Base OS
Container
OS
Apps
Container
OS
Apps
Container
OS
Apps
Same Kernel
Linux Only

110
Machine
Base OS
Container
OS
Apps
Container
OS
Apps
Container
OS
Apps
Same Kernel
Linux OnlyFine-grained control

110
Machine
Base OS
Container
OS
Apps
Container
OS
Apps
Container
OS
Apps
Same Kernel
Linux OnlyFine-grained control
Very fast to provision

112
DOCKER
Machine
Base OS
Docker

112
DOCKER
Machine
Base OS
Docker
Apps

112
DOCKER
Machine
Base OS
Docker
Apps Apps

112
DOCKER
Machine
Base OS
Docker
Apps Apps Apps

112
DOCKER
Machine
Base OS
Docker
Apps Apps Apps
Docker Image Registry

114

114
Docker Image

114
Docker Image Registry
Docker Image

115
Be aware of - and balance - your test Pyramid

115
Understand the balance between testing & rapid remediation

115
Deploy one thing at a time

115
Consider consumer-driven contracts over integration tests

115
Consider consumer-driven contracts over integration tests
Explore image-based deployments to reduce environment diﬀerences

UP? DOWN?
Too slow? Where is the problem?

“it pushes the accidental complexity into the infrastructure”
Martin Fowler

“it pushes the accidental complexity into the infrastructure”
Martin Fowler
monitoring and logging are essential

“Every socket, process, pipe, or remote
procedure call can and will hang. Even
database calls [...]”

M. Nygard,“Release It”

Cascading Failures
• Happen when a problem in a service causes
a problem in one or more consumers of
that service

• Become a bigger problem with more
services (cross more process boundaries)

• Can a failure in one back-end application
take down the entire system (including the
parts that don’t depend on that back-end)?

Failure Types
• Rejected connections

• Dropped ACKs

• Slow responses (these are the nasty ones!)

Defense Mechanisms
• Resource pools

• Timeouts

• Circuit breakers

• Bulkheads

• Fail fast

Circuit Breakers
• If a service consistently fails, stop calling it
for a while!

MusikShop v1
Rekomender
v124
www.MusikShop
Take That
Queens Of The
Stone Age
Snoop Dogg
We Rekomend ‘The
Brakes’!

MusikShop v1
Rekomender
v124
www.MusikShop
Take That
Queens Of The
Stone Age
Snoop Dogg
We Rekomend ‘The
Brakes’!
We Can’t Rekomend
Right Now!

Bulkheads
• = Damage containment

• Separate resource pools

• Partitioned servers

Fail Fast
• Check (and perhaps reserve) required
resources before processing a request

• Reject immediately if, say, a circuit breaker
has been tripped

• Allow consumers to query state of service
before proceeding (see monitoring later)

Response time tracking
Log aggregation

Log aggregation
Monitor down-stream

dependencies

Log aggregation
Monitor down-stream

dependencies
UP?
DOWN?
Track health

For every instance of
every service…

every service…
And you want to
standardize

every service…
And you want to
standardize
…needs to be status
aware

source: https://github.com/Netﬂix/Hystrix/wiki/Dashboard
remember hystrix?

ID 123
ID 123
ID 123
ID 123
Correlation IDs

This might be the
wrong question

From an architectural &
operations view...

How many >> how small
From an architectural &
operations view...

http://www.ﬂickr.com/photos/oufoufsworld/1233382476/

Summary
• Complexity doesn’t vanish, but with help it
can be more evident

• Monitoring & architectural safety measures
are essential!

• Start with a few services and understand
what your appetite is for this new sort of
complexity

Organisational
Structures & Conway’s
Law

"organizations which design systems ... are
constrained to produce designs which are
copies of the communication structures of
these organizations"
- Melvin Conway, Dude
(HBR rejected the original paper as the
thesis wasn’t proved)

“If seven people create a compiler, you get a
seven pass compiler”
- Dan North, not quite a dude

http://www.ﬂickr.com/photos/chijs/2869992728/

http://www.ﬂickr.com/photos/noodlepie/7256072798/

High change
frequency
Fine-grained

High change
frequency
Fine-grained
Low change
frequency
Coarse-grained

http://www.ﬂickr.com/photos/a_ninjamonkey/3565672226/

#123
As a despot when I
press the big red
button I want...

Splitting Stories
• When splitting, try and synchronise the
work

• Consider re-assigning service ownership
temporarily

• Splitting stories across multiple teams is
painful...

• ...so what about shared services?

#123
As a despot when I
press the big red
button I want...
Problems:

#123
As a despot when I
press the big red
button I want...
Consistency of XD
Problems:

#123
As a despot when I
press the big red
button I want...
Consistency of XD
Sequencing
Problems:

#123
As a despot when I
press the big red
button I want...
Consistency of XD
Sequencing
Bottlenecks
Problems:

#123
As a despot when I
press the big red
button I want...
Consistency of XD
Sequencing
Bottlenecks
Testing
Problems:

#123
As a despot when I
press the big red
button I want...
Consistency of XD
Sequencing
Bottlenecks
TL, QA,
PM
Testing
Problems:

Summary
• In general assign services to team...

• ...where team means a co-located group of
people

• Strongly splitting services around
organizational boundaries

• Avoid shared services, instead temporarily
re-assign ownership to reduce the need for
ﬁne-grained orchestration of work

Catalog
service
Music
Web Shop
Recommend
service
Royalty
service
Mobile
app
Web
browsers
User
service

Authentication
• Starting point: HTTP Basic
Authentication + SSL/TLS

• It gives us:

• Conﬁdentiality and Integrity
guarantees

• Strong server authentication

Why start here?
• Simple and secure

• Stable standards with implementations that
have been battle hardened

• Straightforward interop between platforms

Exception 1
• Scenario:All data is 100% public
information

• No need for strict authentication or crypto

• Use API keys to monitor usage. Allows
quotas to be applied if needed

Exception 2
• Scenario: I must have strong crypto
guarantees for my authentication

• Use SSL/TLS with client certiﬁcates

• Beneﬁt: Strong authentication of client

• Drawback: PITA to manage

Exception 3
• Scenario: Some/all of the APIs will be
consumed by native mobile applications

• Consider OAuth 2.0 + SSL/TLS

• Why? OAuth means the mobile app doesn’t
need to store passwords. It instead stores a
token that can be revoked on a per-device
basis.

OAuth 2.0 drawbacks
• It’s a “framework”, not a protocol

• Interop isn't guaranteed as not all
implementations support all authorisation
ﬂows and token types

• Security pitfalls with some token types
(bearer) and ﬂows (implicit)

At vs inside perimeter
• Services that are only consumed by
services inside the ﬁrewall don’t have to
use the same mechanism as services that
are consumed from outside the ﬁrewall

• If a service is used both inside and outside
the perimeter, consider two entry points
with different authentication mechanisms

Catalog
service
Music
Web Shop
Recommend
service
Royalty
service
Mobile
app
Web
browsers
User
service
Form AuthOAuthAPI Key
HTTP Basic
HTTP
Basic
HTTP Basic
SSL Client
Cert

Confused deputy
• Fool downstream service into accessing
resource the user shouldn’t have access to

• Harder when lots of services are involved.

• Need to have sufﬁcient authorisation
information available wherever we needed
to make an authorisation decision.

• Usually we make this part of the payload

What about SAML?
• Over-complicated

• SOAP focused*

• Some interop problems

• Workable if your organisation already has a
heavy investment

• Authorisation tokens can be used to solve
the confused deputy problem

OpenID Connect
• Builds on OAuth 2.0, adds an identity layer

• Reinvents SAML, but HTTP friendly

• Tokens are no longer opaque strings but
can contain claim information

• The future, not today. Ready in 1-2 years.

What about S3 Auth?
• HMAC-based, uses “secret key”

• HTTP Authorization header/status code

• Beneﬁt: No server-side state

• Drawbacks: No per service/device
revocation. Requires canonicalisation.

• If you want to use it, clone the AWS spec

CONCLUSIONS
Microservices Workshop
190

191
http://martinfowler.com/articles/microservices.html

192
Sam Newman
Building
Microservices
DESIGNING FINE-GRAINED SYSTEMS

194
https://www.ﬂickr.com/photos/futurowoman/2923992303

195
Monitoring
Deployment
Testing
Organisational Structure
Integration
Architectural Safety

Agile Australia 2014: Workshop - Design and Implementation of Microservices

Recommended

Recommended

More Related Content

Similar to Agile Australia 2014: Workshop - Design and Implementation of Microservices

Similar to Agile Australia 2014: Workshop - Design and Implementation of Microservices (20)

Recently uploaded

Recently uploaded (20)

Agile Australia 2014: Workshop - Design and Implementation of Microservices