Serverless computing

Last updated

Serverless computing is "a cloud service category in which the customer can use different cloud capability types without the customer having to provision, deploy and manage either hardware or software resources, other than providing customer application code or providing customer data. Serverless computing represents a form of virtualized computing." according to ISO/IEC 22123-2. [1] Serverless computing is a broad ecosystem that includes the cloud provider, Function as a Service, managed services, tools, frameworks, engineers, stakeholders, and other interconnected elements, according to Sheen Brisals. [2]

Contents

Overview

Serverless is a misnomer in the sense that servers are still used by cloud service providers to execute code for developers. The definition of serverless computing has evolved over time, leading to varied interpretations. According to Ben Kehoe, serverless represents a spectrum rather than a rigid definition. Emphasis should shift from strict definitions and specific technologies to adopting a serverless mindset, focusing on leveraging serverless solutions to address business challenges. [3]

Serverless computing does not eliminate complexity but shifts much of it from the operations team to the development team. However, this shift is not absolute, as operations teams continue to manage aspects such as identity and access management (IAM), networking, security policies, and cost optimization. Additionally, while breaking down applications into finer-grained components can increase management complexity, the relationship between granularity and management difficulty is not strictly linear. There is often an optimal level of modularization where the benefits outweigh the added management overhead. [4] [2]

According to Yan Cui, serverless should be adopted only when it helps to deliver customer value faster. And while adopting, organizations should take small steps and de-risk along the way. [5]

Challenges

Serverless applications are prone to fallacies of distributed computing. In addition, they are prone to following fallacies: [6] [7]

Monitoring and debugging

Monitoring and debugging serverless applications can present unique challenges due to their distributed, event-driven nature and proprietary environments. Traditional tools may fall short, making it difficult to track execution flows across services. However, modern solutions such as distributed tracing tools (e.g., AWS X-Ray, Datadog), centralized logging, and cloud-agnostic observability platforms are mitigating these challenges. Emerging technologies like OpenTelemetry, AI-powered anomaly detection, and serverless-specific frameworks are further improving visibility and root cause analysis. While challenges persist, advancements in monitoring and debugging tools are steadily addressing these limitations. [8] [9]

Security

According to OWASP, serverless applications are vulnerable to variations of traditional attacks, insecure code, and some serverless-specific attacks (like Denial of Wallet [10] ). So, the risks have changed and attack prevention requires a shift in mindset. [11] [12]

Vendor lock-in

Serverless computing is provided as a third-party service. Applications and software that run in the serverless environment are by default locked to a specific cloud vendor. This issue is exacerbated in serverless computing, as with its increased level of abstraction, public vendors only allow customers to upload code to a FaaS platform without the authority to configure underlying environments. More importantly, when considering a more complex workflow that includes Backend-as-a-Service (BaaS), a BaaS offering can typically only natively trigger a FaaS offering from the same provider. This makes the workload migration in serverless computing virtually impossible. Therefore, considering how to design and deploy serverless workflows from a multi-cloud perspective seems promising and is starting to prevail[ when? ]. [13] [14] [15]

High Performance Computing

Serverless computing may not be ideal for certain high-performance computing (HPC) workloads due to resource limits often imposed by cloud providers, including maximum memory, CPU, and runtime restrictions. For workloads requiring sustained or predictable resource usage, bulk-provisioned servers can sometimes be more cost-effective than the pay-per-use model typical of serverless platforms. However, serverless computing is increasingly capable of supporting specific HPC workloads, particularly those that are highly parallelizable and event-driven, by leveraging its scalability and elasticity. The suitability of serverless computing for HPC continues to evolve with advancements in cloud technologies. [16] [17] [18]

Anti-patterns

The "Grain of Sand Anti-pattern" refers to the creation of excessively small components (e.g., functions) within a system, often resulting in increased complexity, operational overhead, and performance inefficiencies. [19] "Lambda Pinball" is a related anti-pattern that can occur in serverless architectures when functions (e.g., AWS Lambda, Azure Functions) excessively invoke each other in fragmented chains, leading to latency, debugging and testing challenges, and reduced observability. [20] These anti-patterns are associated with the formation of a distributed monolith.

These anti-patterns are often addressed through the application of clear domain boundaries, which distinguish between public and published interfaces. [20] [21] Public interfaces are technically accessible interfaces, such as methods, classes, API endpoints, or triggers, but they do not come with formal stability guarantees. In contrast, published interfaces involve an explicit stability contract, including formal versioning, thorough documentation, a defined deprecation policy, and often support for backward compatibility. Published interfaces may also require maintaining multiple versions simultaneously and adhering to formal deprecation processes when breaking changes are introduced. [21]

Fragmented chains of function calls are often observed in systems where serverless components (functions) interact with other resources in complex patterns, sometimes described as spaghetti architecture or a distributed monolith. In contrast, systems exhibiting clearer boundaries typically organize serverless components into cohesive groups, where internal public interfaces manage inter-component communication, and published interfaces define communication across group boundaries. This distinction highlights differences in stability guarantees and maintenance commitments, contributing to reduced dependency complexity. [20] [21]

Additionally, patterns associated with excessive serverless function chaining are sometimes addressed through architectural strategies that emphasize native service integrations instead of individual functions, a concept referred to as the functionless mindset. However, this approach is noted to involve a steeper learning curve, and integration limitations may vary even within the same cloud vendor ecosystem. [2]

Principles

Adopting DevSecOps practices can help improve the use and security of serverless technologies. [22]

In serverless applications, the distinction between infrastructure and business logic is often blurred, with applications typically distributed across multiple services. To maximize the effectiveness of testing, integration testing is emphasized for serverless applications. [5] Additionally, to facilitate debugging and implementation, orchestration is used within the bounded context, while choreography is employed between different bounded contexts. [5]

Ephemeral resources are typically kept together to maintain high cohesion. However, shared resources with long spin-up times, such as AWS RDS clusters and landing zones, are often managed in separate repositories, deployment pipeline, and stacks. [5]

See also

Related Research Articles

<span class="mw-page-title-main">Client–server model</span> Distributed application structure in computing

The client–server model is a distributed application structure that partitions tasks or workloads between the providers of a resource or service, called servers, and service requesters, called clients. Often clients and servers communicate over a computer network on separate hardware, but both client and server may be on the same device. A server host runs one or more server programs, which share their resources with clients. A client usually does not share any of its resources, but it requests content or service from a server. Clients, therefore, initiate communication sessions with servers, which await incoming requests. Examples of computer applications that use the client–server model are email, network printing, and the World Wide Web.

In software engineering, service-oriented architecture (SOA) is an architectural style that focuses on discrete services instead of a monolithic design. SOA is a good choice for system integration. By consequence, it is also applied in the field of software design where services are provided to the other components by application components, through a communication protocol over a network. A service is a discrete unit of functionality that can be accessed remotely and acted upon and updated independently, such as retrieving a credit card statement online. SOA is also intended to be independent of vendors, products and technologies.

In software engineering, a connection pool is a cache of reusable database connections managed by the client or middleware. It reduces the overhead of opening and closing connections, improving performance and scalability in database applications.

Software as a service is a cloud computing service model where the provider offers use of application software to a client and manages all needed physical and software resources. SaaS is usually accessed via a web application. Unlike other software delivery models, it separates "the possession and ownership of software from its use". SaaS use began around 2000, and by 2023 was the main form of software application deployment.

Software multitenancy is a software architecture in which a single instance of software runs on a server and serves multiple tenants. Systems designed in such manner are "shared". A tenant is a group of users who share a common access with specific privileges to the software instance. With a multitenant architecture, a software application is designed to provide every tenant a dedicated share of the instance—including its data, configuration, user management, tenant individual functionality and non-functional properties. Multitenancy contrasts with multi-instance architectures, where separate software instances operate on behalf of different tenants.

<span class="mw-page-title-main">Monolithic application</span> Software design pattern

In software engineering, a monolithic application is a single unified software application that is self-contained and independent from other applications, but typically lacks flexibility. There are advantages and disadvantages of building applications in a monolithic style of software architecture, depending on requirements. Monolith applications are relatively simple and have a low cost but their shortcomings are lack of elasticity, fault tolerance and scalability. Alternative styles to monolithic applications include multitier architectures, distributed computing and microservices. Despite their popularity in recent years, monolithic applications are still a good choice for applications with small team and little complexity. However, once it becomes too complex, you can consider refactoring it into microservices or a distributed application. Note that a monolithic application deployed on a single machine, may be performant enough for your current workload but it's less available, less durable, less changeable, less fine-tuned and less scalable than a well designed distributed system.

<span class="mw-page-title-main">Univa</span> Software company

Univa was a software company that developed workload management and cloud management products for compute-intensive applications in the data center and across public, private, and hybrid clouds, before being acquired by Altair Engineering in September 2020.

<span class="mw-page-title-main">Cloud computing</span> Form of shared internet-based computing

Cloud computing is "a paradigm for enabling network access to a scalable and elastic pool of shareable physical or virtual resources with self-service provisioning and administration on-demand," according to ISO.

A message queueing service is a message-oriented middleware or MOM deployed in a compute cloud using software as a service model. Service subscribers access queues and or topics to exchange data using point-to-point or publish and subscribe patterns.

Eucalyptus is a paid and open-source computer software for building Amazon Web Services (AWS)-compatible private and hybrid cloud computing environments, originally developed by the company Eucalyptus Systems. Eucalyptus is an acronym for Elastic Utility Computing Architecture for Linking Your Programs To Useful Systems. Eucalyptus enables pooling compute, storage, and network resources that can be dynamically scaled up or down as application workloads change. Mårten Mickos was the CEO of Eucalyptus. In September 2014, Eucalyptus was acquired by Hewlett-Packard and then maintained by DXC Technology. After DXC stopped developing the product in late 2017, AppScale Systems forked the code and started supporting Eucalyptus customers.

<span class="mw-page-title-main">AppScale</span> American cloud infrastructure software company

AppScale is a software company that offers cloud infrastructure software and services to enterprises, government agencies, contractors, and third-party service providers. The company commercially supports one software product, AppScale ATS, a managed hybrid cloud infrastructure software platform that emulates the core AWS APIs. In 2019, the company ended commercial support for its open-source serverless computing platform AppScale GTS, but AppScale GTS source code remains freely available to the open-source community.

Backend as a service (BaaS), sometimes also referred to as mobile backend as a service (MBaaS), is a service for providing web app and mobile app developers with a way to easily build a backend to their frontend applications. Features available include user management, push notifications, and integration with social networking services. These services are provided via the use of custom software development kits (SDKs) and application programming interfaces (APIs). BaaS is a relatively recent development in cloud computing, with most BaaS startups dating from 2011 or later. Some of the most popular service providers are AWS Amplify and Firebase.

Cloud computing enables users to access scalable and on-demand computing resources via the internet, utilizing hardware and software virtualization. It is a rapidly evolving technology capable of delivering extensible services efficiently, supporting a wide range of applications from personal storage solutions to enterprise-level systems. Despite its advantages, cloud computing also faces several challenges. Privacy concerns remain a primary issue, as users often lose direct control over their data once it is stored on servers owned and managed by cloud providers. This loss of control can create uncertainties regarding data privacy, unauthorized access, and compliance with regional regulations such as the General Data Protection Regulation (GDPR), the Health Insurance Portability and Accountability Act (HIPAA), and the California Consumer Privacy Act (CCPA). Service agreements and shared responsibility models define the boundaries of control and accountability between the cloud provider and the customer, but misunderstandings or mismanagement in these areas can still result in security breaches or accidental data loss. Cloud providers offer tools, such as AWS Artifact, Azure Compliance Manager, and Google Assured Workloads, to assist customers in managing compliance requirements.

Cloud management is the management of cloud computing products and services.

Multicloud is a term with varying interpretations, generally referring to a system using multiple cloud computing providers. According to ISO/IEC 22123-1: "multi-cloud is a cloud deployment model in which a customer uses public cloud services provided by two or more cloud service providers". Multi-cloud can involve various deployment models, including public, private, and hybrid clouds, and multiple service models, such as Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). Multicloud incorporates workload, data, traffic and workflow portability options, exhibiting differing implementation complexities.

In software engineering, a microservice architecture is an architectural pattern that organizes an application into a collection of loosely coupled, fine-grained services that communicate through lightweight protocols. This pattern is characterized by the ability to develop and deploy services independently, improving modularity, scalability, and adaptability. However, it introduces additional complexity, particularly in managing distributed systems and inter-service communication, making the initial implementation more challenging compared to a monolithic architecture.

Multi-access edge computing (MEC), formerly mobile edge computing, is an ETSI-defined network architecture concept that enables cloud computing capabilities and an IT service environment at the edge of the cellular network and, more in general at the edge of any network. The basic idea behind MEC is that by running applications and performing related processing tasks closer to the cellular customer, network congestion is reduced and applications perform better. MEC technology is designed to be implemented at the cellular base stations or other edge nodes, and enables flexible and rapid deployment of new applications and services for customers. Combining elements of information technology and telecommunications networking, MEC also allows cellular operators to open their radio access network (RAN) to authorized third parties, such as application developers and content providers.

<span class="mw-page-title-main">AWS Lambda</span> Serverless computing platform

AWS Lambda is an event-driven, serverless Function as a Service (FaaS) provided by Amazon as a part of Amazon Web Services. It is designed to enable developers to run code without provisioning or managing servers. It executes code in response to events and automatically manages the computing resources required by that code. It was introduced on November 13, 2014.

Function as a service is a "platform-level cloud capability" that enables its users "to build and manage microservices applications with low initial investment for scalability," according to ISO/IEC 22123-2.

In software engineering, more specifically in distributed computing, observability is the ability to collect data about programs' execution, modules' internal states, and the communication among components. To improve observability, software engineers use a wide range of logging and tracing techniques to gather telemetry information, and tools to analyze and use it. Observability is foundational to site reliability engineering, as it is the first step in triaging a service outage. One of the goals of observability is to minimize the amount of prior knowledge needed to debug an issue.

References

  1. "ISO/IEC 22123-2:2023 (E) - Information technology — Cloud computing — Part 2: Concepts". International Standard: 25.
  2. 1 2 3 Brisals, Sheen. Serverless Development on AWS: Building Enterprise-Scale Serverless Solutions. O'Reilly Media. ISBN   978-1098141936.
  3. Serverless as a Game Changer How to Get the Most Out of the Cloud. 2023. ISBN   9780137392551.
  4. The Software Architect Elevator: Redefining the Architect's Role in the Digital Enterprise. O'Reilly Media. 2020. ISBN   978-1492077541.
  5. 1 2 3 4 Cui, Yan (2020). Serverless Architectures on AWS (2nd ed.). Manning. ISBN   978-1617295423.
  6. Richards, Mark (March 3, 2020). Fundamentals of Software Architecture: An Engineering Approach (1st ed.). O'Reilly Media. ISBN   978-1492043454.
  7. Richards, Mark (2021). Software Architecture: The Hard Parts: Modern Trade-Off Analyses for Distributed Architectures (1st ed.). O'Reilly Media. ISBN   978-1492086895.
  8. Distributed Tracing in Practice: Instrumenting, Analyzing, and Debugging Microservice. O'Reilly Media. ISBN   978-1492056638.
  9. Cloud-Native Observability with OpenTelemetry: Learn to gain visibility into systems by combining tracing, metrics, and logging with OpenTelemetry. ISBN   978-1801077705.
  10. Kelly, Daniel; Glavin, Frank G.; Barrett, Enda (2021-08-01). "Denial of wallet—Defining a looming threat to serverless computing". Journal of Information Security and Applications. 60: 102843. arXiv: 2104.08031 . doi:10.1016/j.jisa.2021.102843. ISSN   2214-2126.
  11. "OWASP Serverless Top 10 | OWASP Foundation". owasp.org. Retrieved 2024-05-20.
  12. OWASP/Serverless-Top-10-Project, OWASP, 2024-05-02, retrieved 2024-05-20
  13. Aske, Austin; Zhao, Xinghui (2018-08-13). "Supporting Multi-Provider Serverless Computing on the Edge". Proceedings of the 47th International Conference on Parallel Processing Companion. ICPP Workshops '18. New York, NY, USA: Association for Computing Machinery. pp. 1–6. doi:10.1145/3229710.3229742. ISBN   978-1-4503-6523-9. S2CID   195348799.
  14. Baarzi, Ataollah Fatahi; Kesidis, George; Joe-Wong, Carlee; Shahrad, Mohammad (2021-11-01). "On Merits and Viability of Multi-Cloud Serverless". Proceedings of the ACM Symposium on Cloud Computing. SoCC '21. New York, NY, USA: Association for Computing Machinery. pp. 600–608. doi:10.1145/3472883.3487002. ISBN   978-1-4503-8638-8. S2CID   239890130.
  15. Zhao, Haidong; Benomar, Zakaria; Pfandzelter, Tobias; Georgantas, Nikolaos (2022-12-06). "Supporting Multi-Cloud in Serverless Computing". 2022 IEEE/ACM 15th International Conference on Utility and Cloud Computing (UCC). pp. 285–290. arXiv: 2209.09367 . doi:10.1109/UCC56403.2022.00051. ISBN   978-1-6654-6087-3. S2CID   252383217.
  16. Serverless Computing: Principles and Paradigms. Springer. ISBN   978-3031266324.
  17. Cloud Computing for Science and Engineering (Scientific and Engineering Computation). ISBN   978-0262037242.
  18. Hellerstein, Joseph; Faleiro, Jose; Gonzalez, Joseph; Schleier-Smith, Johann; Screekanti, Vikram; Tumanov, Alexey; Wu, Chenggang (2019). "Serverless Computing: One Step Forward, Two Steps Back". arXiv: 1812.03651 .{{cite journal}}: Cite journal requires |journal= (help)
  19. Richards, Mark (2015). Microservices AntiPatterns and Pitfalls. O'REILLY.
  20. 1 2 3 "TECHNOLOGY RADAR VOL. 21 An opinionated guide to technology" (PDF). Technology Radar. 21. ThoughtWorks.
  21. 1 2 3 Fowler, Martin (March–April 2002). "Public versus Published Interfaces" (PDF). IEEE Software.{{cite journal}}: CS1 maint: date and year (link)
  22. Katzer, Jason (2020). Learning Serverless: Design, Develop, and Deploy with Confidence. O'Reilly Media. ISBN   978-1492057017.

Further reading

  1. Jonas, Eric (February 2019). "Cloud Programming Simplified: A Berkeley View on Serverless Computing". pp. 1–33. arXiv: 1902.03383 [cs.OS].
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.