Serverless: a New Paradigm
April 03, 2020Oussamah Jaber5 min read
Since its creation in 2014, AWS' Serverless has delivered by reducing the cost of infrastructure management while increasing speed, agility, and scalability.
What is Serverless?
“Serverless allows you to build and run applications and services without thinking about servers” — AWS
Serverless shifts more responsibility to Cloud Providers, allowing IT teams to build applications and services without managing the underlying architecture. Developers can send code, run databases, store data and manage security, without thinking in terms of servers, networks and patching. One classic example of a Serverless service is FaaS (Function as a Service), a Serverless approach to Compute that allows developers to send application code to their Cloud Provider and have it run without dealing with the underlying complexities of the server or network or other infrastructure components.
Today the three main Cloud Providers for Serverless services are Amazon Web Services, Microsoft Azure, and Google Cloud.
“A Serverless solution is one that costs you nothing to run if nobody is using it.” — Paul Johnston, ServerlessDays CoFounder
Prerequisites for Choosing Serverless in Your Organization
Splitting Your Business Logic Into Events
The first step in architecting an event-driven system is to understand the business domain through its events. Domain-Driven-Design (DDD) is a great framework to achieve this and Event Storming workshops can help business and technical stakeholders understand the processes and systems at play in a given domain.
These events are represented in business terms, e.g. Order Placed. But they ultimately trigger different Serverless services, for instance, running code, writing data, and authentication.
Because the feature is hosted and deployed on a Serverless Cloud Provider, it must follow its rules.
As you shift more responsibility to your Cloud Provider, there are some constraints around the code you write. Primarily, the language teams use has to be compatible with their chosen Cloud Provider. For example, Google Cloud only accepts functions written in Go, Node.js, and Python. However, custom runtimes make any language possible.
Serverless Pros and Cons
- Automatic scaling
The Cloud Provider ensures that the function responds consistently every time it is called. For example, iRobot faces a huge peak at Christmas when new robot owners start their device, AWS will automatically scale compute power to absorb the load.
In a Serverless paradigm, the Cloud Provider manages the running of your services, eliminating manual provisioning.
- You only pay for what you use
Serverless Cloud Providers charge based on resource usage only as opposed to paying for allocated servers that most of the time are only used at a fraction of their capacity. No need to pay constantly for the extra buffer of compute power you might need during peak periods. And even better, if your function isn't used, you don't pay.
When you consider that organizations use only a portion of the actual computational power of their servers, you realize the potential gain is significant. However, these servers that sit unused still consume energy, which leaves room for improvement to make the cloud computing industry greener.
- Reduce the Ops team size needed to run your systems, reducing your TCO (total cost of ownership).
As there is less infrastructure managed by the team, they can focus on delivering value to users, rather than running the underlying systems.
- Vendor Lock-In
As you become serverless, your systems couple to the underlying Cloud Provider. This makes it difficult to move to another Cloud Provider later on, for instance, if their pricing changes. Certain large organizations are concerned by this dependency and therefore want to remain cloud agnostic. There are some solutions to reducing the extent of vendor lock-in, but these often come at the cost of some original benefits of Serverless.
- Requires a mindset shift (a new way of coding)
Serverless can be massively empowering to developers, but it requires a mindset shift, correct coding, and consistent approaches to security and compliance. In this video, Nicole Yip, Senior Infrastructure Engineer at Lego, explains how their journey to Serverless was tightly linked to instilling the DevOps culture within the team.
- Changes certain security practices
Serverless removes certain security concerns, like patching operating systems as it is handled by the cloud provider who seamlessly applies security patches between two executions of a serverless function. Other security practices remain unchanged, like using a Web Application Firewall (WAF). But serverless also introduces an unprecedented level of flexibility in the definition of privileges at the function level. For instance you can specify that a given function should only be able to query certain elements of your database. This flexibility can prove itself dangerous as a rushed developer might be tempted to set lax security rules. This is why serverless requires adequate coaching and automation to ensure those rules are properly set.
Find out more on security with our expert Ben Ellerby’s talk at ServerlessDays.
- If your code is used at high intensity, the Serverless solution might cost more for each query than the marginal cost your organization pays for conventional hosting.
Parts of your application that would not benefit from permanently allocated resources can still be outsourced to a Serverless function. Authentication is a classic example where you would use a serverless authentication service like Cognito.
Serverless architectures have flourished. And use cases have grown in a broad range of industries and companies of all sizes such as:
- Netflix: Uses AWS for automatically encoding media files, automation of backup management, monitoring of other AWS services.
- PayPal: Has moved mission-critical workload to Google Cloud and transformed the way its 5,000 developers work.
- CodePen: A single SRE (Site Reliability Engineer) manages a Serverless infrastructure capable of responding to more than 200,000 requests in times of high demand, reducing the cost of managing infrastructure.
- Lego: After a system failure during Black Friday, the team decided to move to Serverless to handle peaks for their online shop. Their team now quietly watches their systems auto-scale.
In-House Serverless (An Alternative to Cloud Providers)
Since 2016, various frameworks have been gaining momentum, including OpenFaas and Knative. These solutions make it possible to no longer depend on Cloud Providers like AWS or Azure and allow you to replicate the code execution aspect of Serverless applications based on Kubernetes to host them yourself. However, your organization is again responsible for the servers on which your code is run.
Large corporations usually have large IT departments, maybe a few data centers and often an intricate plan to migrate to the cloud. Such companies could benefit from the speed and agility provided by Serverless Compute (Functions as a Service or FaaS) that would be enabled deploying Knative on their own infrastructure. The complexity of managing would not be outsourced to a Cloud Provider but handled by the existing IT team but the development team would highly benefit from the possibilities that Serverless has to offer.
Serverless is recognized for bringing more agility and scalability to the organization. In addition, Serverless can help large organizations reduce the time-to-market of new products.
By breaking up a monolithic architecture in microservices, developers can focus on business-specific code and deliver customer-centric solutions. Where appropriate, it is an excellent solution to reduce the cost of managing the infrastructure and increasing the impact of your developers on your business.
Whether you want to start a new project with state-of-the-art technology or are looking to reduce the cost of managing your infrastructure, Serverless is a technology to seriously consider.