View
218
Download
4
Category
Tags:
Preview:
Citation preview
• Except where noted contents © 2014 Development Partners Software Corporation • http://www.devpartners.com •
Cloud Architecture Anti-Patterns
A concise overview of some bad ideas
Bill Wilder, Finomial CTO@codingoutloudcodingoutloud@gmail.comblog.codingoutloud.comlinkedin.com/in/billwilder
O’Reilly Architecture Conference18-Mar-2015 (10:45-12:15) Room 306
• Except where noted contents © 2014 Development Partners Software Corporation • http://www.devpartners.com •
Cloud Architecture Anti-Patterns
A concise overview of some bad ideas
Bill Wilder, Finomial CTO@codingoutloudcodingoutloud@gmail.comblog.codingoutloud.comlinkedin.com/in/billwilder
O’Reilly Architecture Conference18-Mar-2015 (10:45-12:15) Room 306
Find this slide deck here
• Except where noted contents © 2014 Development Partners Software Corporation • http://www.devpartners.com •
Cloud Micro-Service Anti-Patterns for the Internet of Things written in GoA certifiably buzzworthy presentation
Bill Wilder, Finomial CTO@codingoutloudcodingoutloud@gmail.comblog.codingoutloud.comlinkedin.com/in/billwilder
O’Reilly Architecture Conference18-Mar-2015 (10:45-12:15) Room 306
Who is Bill Wilder?
www.devpartners.com
www.bostonazure.org
www.cloudarchitecturepatterns.com
Book signing2:45 – 3:30 today
Lots of ♥ to all the clouds
etc…
7
ArchitectSkills
Technical Business Decisions
9
Famous Architect: AristotleOn Properties:• Essential property = must
have • Accidental property =
happens to have but could lack
For effective software architect, all are Essential Properties
Technology Skills
Ability to Communicate
Business Awareness
11
Top 10 “Blunders” by Enterprise Architects
#3. Not engaging the business partners#2. Insufficient understanding and support
from stakeholders#1. The Wrong Lead Architect (for non-
technical reasons)#7. Not … Communicating the Impact#10. Not Spending Enough Time on
Communications Source http://www.sdtimes.com/link/33787 The top 10 enterprise architecture
blunders By Alex Handy, September 25, 2009
To cloud or not to cloud?
control vs. cost
Ctrl
€$¥
Ctrl
€$¥Technology Skills
Ability to Communicate
Business Awareness
Cloud Services … in the Cloud“who would’ve thought”
Cloud is a business innovation technology services + flexible rental model new types and combinations of services
1/9th above w
ater
Services: TTM & Sleeping well
Treating your ops team as equivalent to the cloud
vendor’s ops team
(They are not. Let cloud vendor handle service operations. Use
services. You focus on your app.)
Anti-Pattern #1
What is an Anti-Pattern
Wikipedia says: (http://en.wikipedia.org/wiki/Anti-pattern)
“A common response to a recurring problem that is usually ineffective and risks being highly counterproductive.”
Bill’s amplification:“An anti-pattern approach may seem reasonable, or actually be reasonable in other contexts. There may be problems that are not yet be apparent.” Often depends on the situation.
This talk will span:
Architecture and Architects
• N-tier, SOA, μSvcs• Multi-data center• Horizontal scaling• Expects failure• Eventual consist
Traditional Cloud-Native
• 2-tier• Single data center• Vertical scaling• Ignores failure• Transactional consist
• Less flexible• More manual/attention• Less reliable (SPoF)• Maintenance window• Less scalable, more $$
• Agile/faster TTM• Auto-scaling• Self-healing• HA• Geo-LB/FO
TELL
S/CL
UES
CON
SEQ
UEN
CES
Tells: Traditional vs Cloud-Native
Which is “best” architecture?
There is no “best” architecture – it is situational, a Technical Business Decision.
Cloud-native popularity growing in proportion to the shrinking cost
and competitive benefits.
One-size-fits-all architecture
Anti-Pattern #2
[Cloud] Anti-Pattern Causes
• Abstraction misalignment• Not reading the fine print• Insufficient ongoing attention to cost• Insufficient ongoing attention to
automation
www.pageofphotos.com (PoP)
Move Simple PoP App to Cloud
WHAT NOW?
Scalability &
Performance &
Cost&
Automation
Time passes…
PoP has lots of photos
www.pageofphotos.com
One-size-fits-all data storage
(perf, scalability, cost)
Anti-Pattern #3
Upgrade to scenario-specific storage
Some$, Perf, Scale
benefits
PoP uses Valet Key Pattern
Even more$, Perf, Scale
benefits
CDN for public content
Many, many other storage options also available: NoSQL varieties, caches, etc.
Always access raw data (regardless of distance, cost)
(performance, scalability, cost)
Anti-Pattern #4
PoP web tier goes multi-instance…
Users experiencing login issues*
*Depending on configuration …
Are Cloud Resources Infinite?
“We often hear that public cloud platforms offer the illusion of infinite resources. … This does not mean each resource has infinite capacity, just that you can request as many instances of the type of resource that you need.”Page 21, my (Bill Wilder’s) Cloud Architecture Patterns book
Running stateful VMs in web / service tiers
(Limits horizontal scalability & complicates autoscale – but
sometimes is reasonable option)
Anti-Pattern #5
I don’t have a slide on this, but …
sharding
Reliability
PoP Adding Video Support
(uh oh!)
Current
Let’s extend PoP with a Service Tier
REQUEST / RESPONSE(http + json)
OPTION 1: Request/Response Services
Serv
ices
Tie
r
Web
Tie
r
Dat
a Ti
er
Stateless StatelessServices
webbrowser
Coupling Between Tiers(reliability, scalability, cost)
(Situational: I frequently violate!Also relates to microservices.)
Anti-Pattern #6
Cloud Platform Reliable Queues
• Azure Storage or ServiceBus Queue• AWS Simple Queue Service• Google Pub/Sub
• Durable – won’t lose your data• Reliable – backed by SLA and ops team• Scalable – Internet scale• Approachable – REST + many SDKs
Basic Idea
ReliableQueue
WorkProducers
WorkConsumers
OPTION 2: Async Services
Serv
ices
Tie
r
Web
Tie
r
Dat
a Ti
er
Stateless StatelessServices
webbrowser
push pull
StatelessServices
Notice anything “missing”
?
There is no transaction
Get used to idea of eventual
consistency
Enables Responsive UX
• Response to interactive users is as fast as a work request can be persisted
• UX challenge due to async processing– Eventual consistency processing – Eventual satisfaction for users
Enables More Reliable Service
• Decoupled front/back provides insulation• Blocking is bane of scalability
General Case: Many Queue Types
WebRole(IIS)
WorkerRole
WebRole(IIS)
WebTier
(Public)
WorkerRoleWorker
RoleService
Tier Type 1
WorkerRoleWorker
RoleWorkerRoleWorker
Role Type 2
Queue Type 1
Queue Type 2
Queue Type 1
Queue Type 2
Queue Type 3 Worker
Role Type 2
WorkerRole
Type 2
Service Tier
Type 2
WebTier
(Admin)
Enables Cost-Efficient Scaling
• Loosely coupled, concern-independent scaling• Get Scale Units right• Optimize for CO$T EFFICIENCY
• GOAL:
cost α benefit
How about the queue API?
A reliable queue works just like any other queue,
right?
(beware the abstraction mismatch)
Anti-Pattern #7
Reliable Queue & 2-step Delete
WebTier
Service Tier
var url = “http://pageofphotos.blob.core.windows.net/up/<guid>.png”;queue.AddMessage( new CloudQueueMessage( url ) );
var invisibilityWindow = TimeSpan.FromSeconds( 10 );CloudQueueMessage msg = queue.GetMessage( invisibilityWindow );
(… do some processing then …)
Queue
queue.DeleteMessage( msg );
Idempotent Processing
An idempotent operation can be performed more than once
without changing the end result.
Key technique in lieue of
distributed transactions
Poison Message Detection
A poison message is a flawed message that can never be
successfully processed.
Tiers of Cloud Failure
• Transient API/DB connection failures• Temporary/Ephemeral drive loss• DC outage (or smoking hole)• Zone/Region outage (or smoking hole)• Global outage
“Failure is not an option”
(Failure is routine, at least at lower tiers.)
Anti-Pattern #8
Programming against Cloud Services as though
they were reliable
(Transient Failures handled using Busy Signal Pattern)
Anti-Pattern #9
Security
• A1-Injection• A2-Broken Authentication and Session Manag
ement• A3-Cross-Site Scripting (XSS)• A4-Insecure Direct Object References• A5-Security Misconfiguration• A6-Sensitive Data Exposure• A7-Missing Function Level Access Control• A8-Cross-Site Request Forgery (CSRF)• A9-Using Components with Known Vulnerabili
ties• A10-Unvalidated Redirects and Forwards
What about…
unicorn cloud security for apps
Copyright © 2013 Elizabeth B. O’Connor • used with permission • www.elizabethboconnor.com
SQL
INJECTIONSESSION
HIJACKINGCSRF
XSS
Belief in cloud app security unicorns
Reality: your app’s vulnerabilities will port very cleanly to your favorite cloud platform
Anti-Pattern #10
Little Bobby Tables (still a problem)
Conflating App & Platform security
secure compliant
Anti-Pattern #11
Cloud News from June 2014
• http://www.codespaces.com/• A cautionary tale…
– DDoS– Security Breach– Ransom / Extortion– Fighting Back– Malicious Destruction of Assets– Business Failure EL
APSE
D T
IME
12 H
OU
RS
1FAsingle-factor auth(2FA/MFA is widely available)
Anti-Pattern #12
Service Level Agreements (SLA)
PoP (pageofphotos.com) adds paid plans to corporate partners
– wants to offer an SLA
What is “the SLA” for storage?
SLA Responsibilities
• From Google Storage (https://cloud.google.com/storage/sla): "Back-off Requirements" means, when an error occurs, the Application is responsible for waiting for a period of time before issuing another request. This means that after the first error, there is a minimum back-off interval of 1 second and for each consecutive error, the back-off interval increases exponentially up to 32 seconds.”
SLA Math
• All required: 99.994 = 99.96• All required: 99.95 x 99.92 x 99.99 = 99.74• Period of time over which an SLA applies
matters
SLA Penalties
• Limited to the service costs– Service costs != your business losses
• Multiple instances might be needed to be eligible
Passing along the SLA
The cloud SLA becomes my service’s SLA
Anti-Pattern #13
Compose to boost reliability
The architecture of a cloud-native application is aligned with the
architecture of the underlying cloud platform.
Hiring!
HIRING at Finomial Corporation• Are you a talented senior engineer/architect
interested in financial services in Boston area?• Technology stack is ASP.NET on Azure + SPA• Downtown Boston (startup space)• bill.wilder@finomial.com (or grab a biz card)
• Except where noted, slide deck is © 2014 Development Partners Software Corporation • http://www.devpartners.com •
And….
Bill Wilder@codingoutloudcodingoutloud@gmail.comblog.codingoutloud.comlinkedin.com/in/billwilder
Find this slide deck here
See you at Boston Azure
bostonazure.org
Book signing2:45 – 3:30 today
des questions?
Recommended