For operations teams, managing a serverless environment requires a fundamentally new approach.
Serverless architecture, also known as function as a service (FaaS), is one of the hottest trends in cloud computing. Public serverless offerings like AWS Lambda, Microsoft Azure Functions, Google Cloud Functions, and IBM Bluemix OpenWhisk give developers the opportunity to create applications without thinking about the underlying infrastructure. These services take the platform-as-a-service (PaaS) concept to a new level where users don't have to provision or manage servers; the cloud vendor takes care of all that for them.
Because serverless computing offers advantages like faster development and lower costs, many organizations have begun evaluating the technology. In fact, 451 Research found that 37 percent of IT decision makers surveyed in 2016 were experimenting with serverless. "Serverless is more than just hype; it has the potential to transform the way we develop, build and run applications in the cloud," Owen Rogers, a research director at the firm, said.
While serverless offers a lot of opportunities, it also presents challenges, particularly from an IT operations perspective. According to Keith Townsend, principal at The CTO Advisor and Interop ITX 2017 infrastructure track chair, IT operations teams need to take a whole new approach when it comes to managing, monitoring and securing this new type of architecture.
In a recent interview, Townsend highlighted four things IT operations professionals need to understand about serverless computing.
1. Monitoring and security occur at the application level.
Many of the monitoring tools that IT operations staff use to keep tabs on their systems work at the operating system or the VM level. But with serverless, that isn’t an option. “For most operations teams, we start at the operating system and the services offered by the operating system to manage,” said Townsend. "If there is no operating system that the operations team can watch, then obviously the whole approach to operations changes."
Instead, IT needs to monitor performance at the application level, which may require different tools and procedures than they have used in the past.
Similarly, security ends up getting pushed closer to the application level, explained Townsend. "Since there is no server, there is no single set of IP addresses that the requests are going to come from to secure databases." As a result, building security into the applications becomes even more critical than usual.
2. Serverless applications can overwhelm downstream resources.
Another potential pitfall results from the scalability of serverless architecture. While scalability is generally seen as a benefit of the technology, it can pose challenges if the application running on the serverless architecture relies on other systems that don't have the same scalability.
For example, if a serverless application is pulling data from and/or sending data to a MySQL database or a messaging platform, the application could scale to a level with which the database or messaging platform can't keep up. For that reason, developers and operations personnel need to make sure they understand all the dependencies of the applications running on serverless architecture and plan accordingly.
3. PaaS experience helps.
Before they adopt serverless, most enterprises have at least some experience with PaaS. "Build on the lessons learned from other platform-as-a-service offerings," Townsend advised. "A lot of the tools that we looked at to manage application performance and uptime around PaaS, we're extending those processes to this concept of serverless," he added.
4. You need a true DevOps approach.
The most important thing that infrastructure pros need to understand about serverless is that it works best when organizations are taking a DevOps approach. That means they need to have made the cultural changes necessary to allow developers and operations personnel to collaborate very closely. "The operations team and developers must work together in a true DevOps model" to make the application-level steps necessary to assure performance, uptime and security, Townsend said.