Future of Serverless from ServerlessConf London October 2016

Paul Johnston - CTO of Movivo - paul@movivo.mobi - @PaulDJohnston
The future of serverless
Musings on the things we might be doing in a year
Paul Johnston
CTO of Movivo
@PaulDJohnston on twitter and medium

Musings on the things we might be doing in a year
Paul Johnston
CTO of Movivo
Jeff

Movivo

AWS Lambda
Note: Serverless is more than FaaS

Serverless is…
Reducing Maintenance
“…but there are always servers…”
(“shut up” says Jeff)

Function as a Service (FaaS)
Very Low Maintenance
Stateless
Highly Scalable
Do one thing well
Zero or one data transformations
Don’t chain them together
Minimise libraries (pref none)
Environment variables
Shared libraries
More runtimes / Binary support
Priority Functions
Queuing solutions

Auth
Authentication - Who are you?
Authorisation - Do you have
access?
FaaS are stateless
3rd party authentication options
MFA
Cognito + IAM/API Gateway
Best practices need to be deﬁned
Good solutions available
Integration of services

Data
Scalable solutions require scalable storage
“RDBMS ﬁrst”
NoSQL provides different options
Right tool for the job
NoSQL largely unmanaged
Several managed data services
Often used inappropriately
RDBMS not so universally
appropriate
(Some) NoSQL is good
Managed scaled storage
More distributed data storage
solutions needed
Data storage by country/region
Data protection worldwide
New data practices and tooling

Events and Streaming Data
Nano function chaining
Auditing functions
Complexity increased without events
FiFo Queues
Ordering of invocations
Parallel less important
Queues via DynamoDB Events
Has issues
No speciﬁc “serverless queue”
solution yet
Replaces monolith app internals
Improved queueing services
Auditing of system
Combined logging for system state
view

Beyond EC2 / Instances
Cloud != Instances
Cloud is evolving into services
Serverless / FaaS is big evolutionary step
Instance + Firewall is biggest
security hole
AWS and other Vendors know this
Vendors want you to move to
services
Containers are not the answer
Cloud vendors pushing services
over instances
Unfortunately, new tutorials/
perception needed
Over time stricter controls on
instances

API Gateway
Controlled access to walled garden
Much better than monolith routing
Has added extras
Can hide functionality behind a
service
Auth built in: API Gateway +
Cognito
Overly complex
The most important change you’ll
make
Simpliﬁcation of API access
Addition of other Auth solutions
Pushed as solution to avoid
instances

Frameworks
Frameworks are like initial structure of building
Old school
Lots of options - built for the monolith
Originally built for non-cloud scenario
Instances + framework != Cloud (imho)
Serverless Framework, Apex,
Claudia etc
Deploying/managing FaaS not that
hard
Complexity comes in config of
other services
Terraform at Movivo
We need more “frameworks”
Config + Code rather than just
code
Abstraction is not necessarily a
good thing
Hard to retrofit - please make it
easier!

Solutions
Four major cloud vendors
Most complete is AWS (could change) - services and APIs
Opportunity in tooling
Can foresee other players entering space
Don’t copy please… Innovate!

Data Infrastructure
Managed data services more important
Scaling of instance = easy
Scaling of data storage seems to be harder
Speciﬁc data types (search etc)
(up until recently) “Always RDBMS”
RDBMS originally non-cloud (and
still are)
Now is mix and match
Managed services more
purposeful
e.g. search
Learn to use right tools at right time
Case studies more than just “look
at NoSQL”
Weaning off RDBMS (and ORM)
Service discovery tools

Logging and Auditing
No more tail -f /var/log/error.log
Distributed systems need distributed logging
Moving away from servers/
instances = confusion
Per FaaS logging
Server logs
Lots of logs causes problems
Good alerts = easy to respond
Combined logging is a necessity
Audit trails needed - future
service?
Services for logging not just
invocations but data
Data protection (again)

Deployment and CI/CD
Initially FaaS was internal process tool
Addition of API interface means much more
Deployment tools are behind curve
“Roll your own” approach (behind curve)
FaaS is covered, but other services aren’t
CI tools for FaaS more complex
(terraform!)
Testing harder and CI focus different
Integration Testing needs separate
deployment
Full conﬁguration is harder
Services are “part of the whole” system
FaaS is not the whole deployment
Vendors need to consider more
deployment options
Duplicate accounts (please!)

Testing
Unit testing relatively simple
Stateless FaaS do one thing (usually)
State can couple two functions - harder testing
System/Integration tests are harder
Deployment required (Terraform)
Testing 3rd parties - difﬁcult
Reliance on 3rd parties
Automation of testing harder than monolith
Services must provide test options
Vendors should share test details
Testing of scenarios needs to be
automatable
Vendors should provide sandbox of
production

Future Serverless?
Fast on-demand binaries
Paid for on-demand Latency
Always on (websocket)
Data services - more and more specialised
Much better tooling
More case studies and best practices

Suggested questions:
How do you decide what projects are good/bad for Serverless?
Everyone keeps saying monolith… what do they mean?
What are the biggest drawbacks? (hint: tooling)
What are migration strategies for both code and infrastructure?
You make it sound so easy to do! Is it?
Or do you have to hack stuff to make it work?

Thank you.
Paul Johnston
CTO of Movivo

Future of Serverless from ServerlessConf London October 2016

More Related Content

Viewers also liked

Similar to Future of Serverless from ServerlessConf London October 2016

Recently uploaded

Future of Serverless from ServerlessConf London October 2016