Serverless computing 101 for developers
|Richard Harris in iOS Monday, March 4, 2019|
Serverless computing is growing in use and developers should learn the advantages of how to offload the burden of managing infrastructure to capable platforms so they can focus on building even better apps.
Hosting application data in the cloud is nothing new, it's as old as the Internet itself. But what is new is the way today's cloud platforms can intelligently manage the data and infrastructure itself along with the data, making the entire hosting experience seem serverless.
Nimbella, a serverless computing platform that is cloud-agnostic, recently closed a seed round of $4M. Their platform is a pure serverless cloud that leverages the public cloud infrastructure and can be extended to private on-premise infrastructure. It is built on open standards, giving developers full control over their architecture and code, without vendor lock-in.
They say serverless computing today is nascent and is lacking the abstractions, automation, and integrations that have proven necessary to accelerate the adoption of technology in new markets and application domains.
But what is serverless computing anyway? And how can it help developers build better applications? To find out, we had a discussion with one of their four founders, Rodric Rabbah, CTO, (who used to be the Principal Researcher and the technical lead for serverless computing at IBM by the way), to get a glimpse inside serverless computing architecture.
So what is serverless computing?
Rabbah explains that serverless computing is a model of computing where developers offload the burden of managing infrastructure, namely the servers, to another party, namely a Cloud provider. He goes on to say that it's an empowering model of computing for developers because it means they do not provision, secure, access or operate servers at all. Instead, this burden is shifted entirely to a Cloud provider. With serverless computing, the developer's responsibility is reduced to precisely what is of value to them: developing the high-value assets and intellectual property that allows them to grow and differentiate their business. By eschewing the server related maintenance overhead, an organization’s methodology becomes inherently more agile, they develop lean software, and deliver faster. The Cloud vendor’s responsibility is to provide servers on demand to execute the business logic from an organization and to scale automatically, with no advanced provisioning from developers. What’s happening in the Cloud is really akin to the early days of computing where levels of abstractions in the instruction set architecture (ISA), programming languages and operating system allowed developers to stop writing low-level machine code and assembly and write higher level code. The power of serverless computing is just emerging.
FaaS or functions as a service is just one component of serverless computing. It goes toward event-driven applications where some logic, namely functions, run in response to events (including API and HTTP requests) to provide results. The serverless in FaaS allows a developer to write just the business logic and the platform provide the environment to execute the code, with attractive utility-based billing (pay for what you use), on-demand scaling to handles thousands of concurrent events, and strong code isolation.
ADM: There are so many frameworks today! What are the challenges if any with current serverless frameworks?
Rabbah: Frameworks around serverless address different goals. For example, platforms which provide a service like FaaS are different from the tools developers use to build their serverless applications. Serverless is really still in its early days, and what you’re seeing is a great breadth of exploration in ideas and technologies because there are so many gaps to fill in the developer experience.
AWS Lambda, which is proprietary to AWS it an example of serverless computing with functions. Apache OpenWhisk is a fully featured platform like Lambda, but is open-source. On their own, each of these is just a small component of a larger serverless ecosystem.
Applications in the serverless model are comprised of many service integrations and functions, and there are a lot of challenges still to describing the architecture, maintaining the code, building and deploying solutions, observability, and debugging, just to name a few areas. Some solutions are also proprietary or specific to a Cloud provider, so there is also a lot of duplication of effort as well. There will surely be some consolidation and standardization, and there are ongoing efforts already, particular in the open source communities.
ADM: What applications are best suited for serverless and why?
Rabbah: What developers are showing us is that serverless will become the way you develop all applications in the future. Today, you’ll do well by adopting serverless for
- event-triggered and request/response computing,
- IoT data processing and computing at the edge,
- Web applications and APIs,
- batch processing and analytics. Increasingly there are efforts to bring high performance computing (HPC) applications into the serverless model, with applications for machine learning (ML) and artificial intelligence (AI) as well.
ADM: What applications are not suited for serverless and what is being done to make them suitable?
Rabbah: The challenges in some of the data-intensive applications like HPC, ML and AI is the data itself. The data sets may be large, and costly to move. More generally, some applications are inherently stateful and long running. These pose some challenges for serverless computing which is much better suited for ephemeral applications, with no shared state. It is really no magic – serverless computing is distributed computing at potentially very large scale.
This is the great promise serverless and why it’s so exciting. The cloud has commoditized the supercomputer for everyone and is allowing for new levels of abstraction will lead the way toward greater adoption. A good way to think of this is that there is a new instruction set architecture (ISA) for the “cloud computer”, and it’s dominated by APIs, and functions, and integrations. Now we have to solve the classic problems of data-transport and locality, non-uniform access latencies, and the like but in an emergent and high-impact context. These foundations are precisely at the heart of the innovation and solutions we’re developing at Nimbella.
ADM: Do my developers need to learn a new language and new environment to take benefit of these frameworks? Do I need to retrain my developer workforce?
Rabbah: The beauty with serverless is that you’re shifting a tedious and laborious infrastructure management job from your organization to the Cloud provider. So if you are retraining the workforce, it’s a good thing because you’re in fact re-energizing your workforce to create real business value from your organization. Developers who had to pick up infrastructure related responsibilities to operate-what-they-build now can focus more on the work they do best: develop, creating new innovations and bringing them to market. Serverless itself is really about writing code, designing architectures, and operating your code and not the servers. We see a gentle migration path for organizations especially at the enterprise level to become more agile and productive just by starting to espouse the serverless mentality.
ADM: What open source serverless frameworks exist?
Rabbah: There are several open source serverless frameworks such as:
- Apache OpenWhisk is a open source platform for serverless computing with functions. It is designed with the developer experience in mind, while also delivering a platform for industry-scale. It powers IBM Cloud Functions and Adobe I/O runtimes as too large examples operated by Cloud vendors.
- OpenFaaS is a framework for building serverless functions with Docker and Kubernetes that aims to make serverless functions simple to build and deploy.
- Fission is a serverless computing framework that enables developers to build functions using Kubernetes.
- Knative, is a new effort from Google that aims to bring serverless to Kubernetes. It is gaining a lot of attention and will be intriguing to watch.
ADM: How does serverless affect approaches do securing cloud applications?
Rabbah: Serverless computing, particular when using functions, fundamentally reduces the amount of code you develop and deploy for cloud applications, eschewing the “server” parts, and allowing you to focus on just your functions, and the APIs your using, and the secrets to manage them. Serverless by itself does not fundamentally change the approach to securing cloud applications: Your application and functions are your code and it is your responsibility to secure them.
There are however three parts to consider: the platform, identity management, and your code. The platform security is now largely handled for you by the provider. You should adhere to best practices like the least privilege principle so that secrets have limited attack surface. And for your code, a challenge with serverless is that you do not get to access the resource on which your code runs, so you should think in advance about observability, monitoring, and detection.
ADM: Can I move from cloud to cloud using serverless platform?
Rabbah: Today, this is essentially a non-starter, because each serverless offering is specific to the Cloud vendor. It isn’t just the services that you might use but the entire ecosystem of events that integrate and interoperate in your solution that makes it prohibitively expensive to move. This is what is driving a lot of exciting work and innovation in open-source solutions. There is a lot of interest in open-source serverless platforms for organizations that want to operate their own serverless cloud for their own developers.
ADM: I have a private cloud, can I use serverless or do I need to move my workload to public cloud to take advantage of these benefits?
Rabbah: It is possible to build a private serverless cloud. In fact, this is why we started Nimbella. Today, you see lots of adoption behind Apache OpenWhisk and OpenFaaS for example from companies that want to run their own serverless functions. OpenWhisk also has an open and extensible model for developing event integrations, to empower an organization to tap into its unique event streams. This allows organizations to catch up to the advances made by the public Cloud vendors, but also come with a cost: someone in your organization has to actually operate the servers.
ADM: Is my cloud bill going to go down or up? Will I be surprised/shocked every month?
Rabbah: Serverless architectures can abstract away a lot of the expensive overheads in terms of operating & maintaining the underlying infrastructure, which is a huge part of the appeal. The cost of using a given serverless framework should not be viewed in isolation from the cost of the other services such as API gateway, storage, database that are required to run the functions.
Therefore, the billing advantages of serverless depend, on actual usage patterns and the types of services used. If your application has consistent usage, then your bill may be higher but if your application scales up and down then you may see a significant reduction in your bill. Regardless, when looking at total cost, one should not forget the most expensive part of the equation: the developers behind the technology.
Rodric Rabbah, CTO & Co-founder, Nimbella:
Prior to co-founding Nimbella, Rodric was a Principal Researcher and the technical lead for serverless computing at IBM. He is the creator and the lead contributor to Apache OpenWhisk, an advanced and production-ready serverless computing platform. He was awarded an IBM Outstanding Innovation Award and an IBM Outstanding Accomplishment Award for his leadership and impact on IBM Cloud Functions. At IBM he also worked directly with several of IBM’s earliest serverless clients to help them become cloud-native and succeed in their adoption of serverless computing. Prior to IBM, Rodric was a Research Scientist at MIT for several years. His contributions are a unique mix of programming language design, compilation technology for accelerators, hardware design and synthesis, and user-facing tools.