Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Architecture and Deployment of Microservices for the Cloud

Axel Fontaine
September 10, 2015
Technology
1
20k

Architecture and Deployment of Microservices for the Cloud

The case for running an own datacenter is vanishing rapidly. The cloud seduces with a low barrier of entry and full flexibility. Infrastructure can be spun up almost instantly in a fully automated way through an API. All this with no upfront costs and the ability to decommission it just as fast. But what does this mean for our applications and their architecture? Can we just lift and shift them to the cloud?

Everything comes at a price. To be able to fully leverage the potential of the cloud, new challenges must be mastered: from data privacy and security to cost-based architectures, dynamic provisioning, service discovery and efficient deployment models.

This talk provides architects and developers clear answers and battle-tested solutions for a successful journey to infrastructure heaven.

Axel Fontaine

September 10, 2015
Tweet

More Decks by Axel Fontaine

See All by Axel Fontaine
Logging in the age of Microservices and the Cloud
axelfontaine
2
670
Majestic Modular Monoliths
axelfontaine
7
5.6k
Flyway - Database Migrations Made Easy
axelfontaine
2
19k
Immutable Infrastructure: the new App Deployment
axelfontaine
2
23k

Other Decks in Technology

See All in Technology
【新卒研修資料】基礎統計学 / Basic of statistics
brainpadpr
60
38k
2023/09/14 Fin-JAWS #32 「SIEM on Amazon OpenSearch Serviceを1年運用してわかったこと」
junjikoide
1
190
TypeScriptプロジェクトにスキーマ駆動開発を持ち込み、より型安全な世界へ
sansantech
PRO
1
400
ChatGPT in SlackでAI Slackbotを楽しく運用する
iwamot
1
120
Material 3 やめました / Good-bye M3 design system
yanzm
2
2.1k
生成AIと著作権 〜生成AIによって生じる著作権関連の課題と対処
line_developers
PRO
1
470
Traversing the GraphQL AST and Calculating Query Costs
joere
0
300
「挑戦しなければ障害は生まれない」 社内ポストモーテム共有会について
sheep_san_white
0
360
PhpStorm最新情報
AIとnew UI、便利プラグイン #phpcon_okinawa
yusuke
0
150
UIコンポーネントライブラリをうまく使うためにできること / components-with-designer
mottox2
1
420
1人目の専任SREがポストモーテム文化を改善したらエンジニア以外にも広まり、 他部門との連携も強化された話+
tk3fftk
0
400
Droidknights 2023 - 이상훈 - 기존 앱을 Jetpack Compose로 마이그레이션 하기
dsa28s
3
280

Featured

See All Featured
Learning to Love Humans: Emotional Interface Design
aarron
265
38k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
10
1.2k
GraphQLとの向き合い方2022年版
quramy
24
11k
StorybookのUI Testing Handbookを読んだ
zakiyama
9
3.9k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
352
21k
Fontdeck: Realign not Redesign
paulrobertlloyd
74
4.6k
What the flash - Photography Introduction
edds
64
11k
Build your cross-platform service in a week with App Engine
jlugia
223
17k
The Straight Up "How To Draw Better" Workshop
denniskardys
226
130k
Why You Should Never Use an ORM
jnunemaker
PRO
49
8.2k
Optimising Largest Contentful Paint
csswizardry
6
1.8k
Become a Pro
speakerdeck
PRO
8
3.5k

Transcript

  1. Up in the sky
    Architecture and Deployment of Microservices
    for the Cloud
    AXEL FONTAINE
    @axelfontaine
    [email protected]

    View Slide

  2. About Axel Fontaine
    • Founder and CEO of Boxfuse
    • Over 15 years industry experience
    • Continuous Delivery expert
    • Regular speaker at tech conferences
    • JavaOne RockStar in 2014
    @axelfontaine

    View Slide

  3. flywaydb.org

    View Slide

  4. boxfuse.com

    View Slide

  5. about
    questions

    View Slide

  6. POLL:
    what type of infrastructure are you running on?
    • On Premise
    • Colocation
    • Root Server
    • Cloud

    View Slide

  7. How did this evolve ?

    View Slide

  8. +
    =
    ON
    PREM
    +
    Challenges
    • Power, Network, Cooling
    • Physical Security
    • Physical Space
    • Procurement, Vendor Management
    • Capacity Planning
    • Financing
    • OS + Patches
    • App + Updates

    View Slide

  9. +
    =
    ON
    PREM
    +
    Our
    responsibility

    View Slide

  10. + +
    Our
    responsibility
    Their
    responsibility
    =
    COLO

    View Slide

  11. +
    =
    COLO
    +
    Simple, stable,
    standards-compliant
    interface:
    (19” Rack, AC Power,
    Ethernet, …)

    View Slide

  12. Can change as
    long as it
    complies with
    the interface
    contract
    +
    =
    COLO
    + Undifferentiated
    Heavy Lifting
    Our
    responsibility
    Their
    responsibility

    View Slide

  13. =
    ROOT
    SERVER
    + Undifferentiated
    Heavy Lifting
    Our
    responsibility
    Can change as
    long as it
    complies with
    the interface
    contract

    View Slide

  14. =
    ROOT
    SERVER
    + Undifferentiated
    Heavy Lifting
    Simple, stable, standards-
    compliant interface
    Software <-> Hardware

    View Slide

  15. Room
    For
    Innovation
    + Undifferentiated
    Heavy Lifting
    Simple, stable, standards-
    compliant interface

    View Slide

  16. what about the cloud ??

    View Slide

  17. Every day, AWS adds
    enough server capacity
    to power the whole $7B
    enterprise Amazon.com
    was in 2004.
    Weekends included.

    View Slide

  18. "Advanced Test Reactor" by Argonne National Laboratory -
    originally posted to Flickr as Advanced Test Reactor core,
    Idaho National LaboratoryUploaded using F2ComButton.
    Licensed under CC BY-SA 2.0 via Wikimedia Commons -
    http://commons.wikimedia.org/wiki/File:Advanced_Test_Reac
    tor.jpg#mediaviewer/File:Advanced_Test_Reactor.jpg
    "RIAN archive 341194 Kursk Nuclear Power Plant" by RIA
    Novosti archive, image #341194 / Sergey Pyatakov / CC-BY-SA
    3.0. Licensed under CC BY-SA 3.0 via Wikimedia Commons -
    http://commons.wikimedia.org/wiki/File:RIAN_archive_341194_
    Kursk_Nuclear_Power_Plant.jpg#mediaviewer/File:RIAN_archi
    ve_341194_Kursk_Nuclear_Power_Plant.jpg
    Control Plane Data Plane

    View Slide

  19. Control Plane Data Plane

    View Slide

  20.  Shift to a world of abundance
    (no more resource scarcity)
     Clean Control Plane/Data Plane split
    with API-based provisioning
     Cost-based Architectures
    with the ability to turn infrastructure off
    benefits of the cloud

    View Slide

  21. moving to the cloud

    View Slide

  22. lift & shift
    (= the naïve approach)

    View Slide

  23. Congratulations! You now have:
     A more expense Hetzner/OVH
     Lots of (too much?) trust
    in your cloud provider
     Potential legal trouble
    due to data privacy laws
    lift & shift
    (= the naïve approach)

    View Slide

  24. understanding the cloud

    View Slide

  25. regions

    View Slide

  26. availability zones
    <>

    View Slide

  27. building blocks
    http://en.wikipedia.org/wiki/Lego#/media/File:Lego_Color_Bricks.jpg

    View Slide

  28. building blocks
    Security
    Storage Network
    Compute

    View Slide

  29. View Slide

  30. The hard Truth about Security
    1. Always breakable with infinite time & resources
    2. Must make it more complicated/expensive to break
    than it’s worth (use defense in depth!)
    3. Has a usability cost
    4. Almost always about the data

    View Slide

  31. the 3 states of data
    Data at Rest Data in Motion
    Data in Use

    View Slide

  32. Trusting your neighbors
    is good. But it’s even
    better to put a good
    lock on the door.
    Werner Vogels
    http://en.wikipedia.org/wiki/Werner_Vogels#/media/File:Wernervogels_ddp.jpg

    View Slide

  33. Data in Motion
    TLS / SSL

    View Slide

  34. Data in Use & at Rest
    Client-side
    encryption

    View Slide

  35. Client-side encryption
     Encrypt sensitive & personally identifiable data
     Use different Encryption key for each field/record
     Encrypt Encryption Key using Key encrypting Key
     Secure & Rotate the Key encrypting Key

    View Slide

  36. Key Management
    In App

    KMS
    €€
    HSM
    €€€€€

    View Slide

  37. Querying Encrypted Data
    Other
    clear text
    field
    Id Encrypted
    123 #!azw\b
    456 67ftf6&)
    Exact Match
    => Hmac
    Hmac Encrypted
    5841545832 #!azw\b
    0219237127 67ftf6&)
    Range
    => Lower fidelity
    Low Fi Encrypted
    48.5 #!azw\b
    37.2 67ftf6&)
    => Use transparent persistence layer converters!

    View Slide

  38. the compute building block

    View Slide

  39. POLL:
    which level of automation are you at?
    • Build
    • Unit Tests
    • Continuous Integration
    • Acceptance Tests
    • Continuous Deployment (Code)
    • Continuous Deployment (Code + DB + Configuration)
    • Infrastructure

    View Slide

  40. Build Test

    View Slide

  41. Build Test

    View Slide

  42. • One immutable unit
    • Regenerated after every change
    • Promoted from Environment to Environment
    Classic Mistake: Build per Environment

    View Slide

  43. Image Instance
    Fully Baked Provisioned on
    Startup
    ?

    View Slide

  44. Fully Baked Provisioned on
    Startup
    Most people
     Every Instance 100% identical
     Fastest startup
     Launch always succeeds

    View Slide

  45. Fully Baked Provisioned on
    Startup
    Most people
     One immutable unit
     Regenerated after every change
     Promoted from environment to environment

    View Slide

  46. Fully Baked
     One immutable unit
     Regenerated after every change
     Promoted from environment to environment
    Image

    View Slide

  47.  One immutable unit
     Regenerated after every change
     Promoted from environment to environment

    View Slide

  48. Fully Baked
     One immutable unit
     Regenerated after every change
     Promoted from environment to environment
    Image

    View Slide

  49. instances
    General
    Purpose
    CPU
    RAM
    Disk

    View Slide

  50. scaling & costs
    vs
    auto-scale based on various factors
    => prefer smaller granularity

    View Slide

  51. types of services
    sync
    => load
    async
    => queue depth
    cron
    => time
    => but also instance health!

    View Slide

  52. high uptime is a liability
    The longer an instance is up,
    the harder it becomes to recreate exactly
    (and it will fail eventually!)

    View Slide

  53. Focus shift
    Individual instances become disposable
    Instance Service

    View Slide

  54. keep your instances stateless

    View Slide

  55. Treat servers like cattle instead of pets

    View Slide

  56. What are the implications ???

    View Slide

  57. How to solve service discovery ?
    Use a stable entry point with an internal registry
    Instance
    Instance
    Instance
    ? Elastic
    Load
    Balancer

    View Slide

  58. • Bake as much configuration as
    possible for all environments
    directly in the Image
    • Use environment detection
    and auto-configuration
    • Pass remaining configuration
    at startup and expose it as
    environment variables
    Key Value
    JDBC_URL jdbc:…
    ENV prod
    what about configuration ???

    View Slide

  59. what about the database ???
    • Keep all persistent state, including the
    database, out of the instance
    • Many good hosted solutions available
    like Amazon RDS or Google Cloud SQL
    • Use a database migration tool like
    Flyway to update on application startup

    View Slide

  60. what about the logs ???
    Ship logs to a central log server
    where they can be
    • aggregated
    • stored and backuped
    • indexed
    • searched through a nice web UI
    Many good hosted solutions
    • Loggly
    • Logentries
    • Papertrail
    • …
    => Think about data privacy!

    View Slide

  61. what about sessions ???
    Keep session in an encrypted and signed cookie
    • avoids session timeouts
    • avoids server clustering & session replication
    • avoids sticky sessions & server affinity

    View Slide

  62. what about rolling out new versions ???

    View Slide

  63. Load
    Balancer
    App
    v1
    App
    v1 Logs
    Availability Zone 1
    Availability Zone 2

    View Slide

  64. Load
    Balancer
    App
    v1
    App
    v1 Logs
    Availability Zone 1
    Availability Zone 2

    View Slide

  65. Load
    Balancer
    App
    v2
    App
    v1
    App
    v2
    App
    v1 Logs
    Availability Zone 1
    Availability Zone 2

    View Slide

  66. Load
    Balancer
    App
    v2
    App
    v1
    App
    v2
    App
    v1 Logs
    Availability Zone 1
    Availability Zone 2

    View Slide

  67. what about containers ???

    View Slide

  68. understanding modern CPUs
    Both Intel and AMD have
    hardware support for virtualization
    • isolation
    • performance

    View Slide

  69. Image
    Hardware
    Hypervisor
    Image
    Hardware
    OS+Container
    Runtime
    On Prem
    Container
    On Prem
    VM
    Image
    Hardware
    Hypervisor
    Cloud
    VM
    Image
    Hardware
    Hypervisor
    OS+Container
    Runtime
    Cloud
    VM + Container
    Only makes sense if
    you cannot afford
    $9.60/month
    granularity

    View Slide

  70. Image
    Hardware
    Hypervisor
    Image
    Hardware
    OS+Container
    Runtime
    On Prem
    Container
    On Prem
    VM
    Image
    Hardware
    Hypervisor
    Cloud
    VM
    Image
    Hardware
    Hypervisor
    OS+Container
    Runtime
    Cloud
    VM + Container
    Only makes sense if
    you cannot afford
    1.3 cents /hour
    granularity

    View Slide

  71. summary
     Put a good lock on the door (use encryption!)
     Use fully baked images (build once!)
     Treat servers like cattle (disposable!)

    View Slide

  72. boxfuse.com
    • Fully baked images generated in seconds
    (not minutes or hours)
    • Minimal images just 1% of size of regular OS
    (measured in MB not GB)
    • Images work on VirtualBox & AWS
    (completely identical from dev to prod)
    • Zero downtime updates on AWS
    (fully automatic blue/green deployments)

    View Slide

  73. Thanks !
    @axelfontaine
    boxfuse.com

    View Slide