As organizations move beyond leveraging just basic compute and storage in the cloud, serverless computing is gaining more attention as a capability for facilitating rapid deployment of new applications without the overhead of managing traditional infrastructure.
Serverless computing is being adopted for a wide variety of uses, from traditional systems management functions like managing backups, to mission critical needs including data processing and micro service adoption.
Serverless can be an odd term – There is always a server! But, as depicted in figure 1 below, all major cloud providers have deployed their own flavors of serverless that allow the deployment of application code without the need to manage or interact directly with the underlying operating system or hardware, and removing the operational overhead of patches, monitoring, and incident response. Serverless gets us much closer to this goal of treating everything we do as code, to facilitate full automation of deployment and operations.
While serverless introduces significant new capabilities, it does require a fundamental change in how organizations deploy their operations teams and processes. Serverless Computing affects many aspects of CloudOps, Security, DevOps, and Financial Management & Governance. Figure 2 highlights changes that will be caused across an organization during the adoption of serverless technologies.
CloudOps is the operational domain that will see the largest advantage with serverless computing. Many traditional operations that consume a large percentage of time for operations teams will be eliminated, including OS monitoring & patching, disk space management, network configuration, user and host account management and application installation.
Serverless computing also removes many of the traditional tools that a system administrator or engineer would use to diagnose problems related to system performance, outages or other incidents. This does not mean events cannot be investigated, but the transient nature of the services means operations teams must use new methods to ensure logs are captured to enable full re-creation of events and incident investigation.
The central collection of logs, from all aspects of the application, outside components, external services and data layers is critical. This centralized collection enables development teams to quickly recreate events that occurred, and monitor long term trending of application behavior and performance.
Through the deployment of serverless technologies, many traditional IT tools will also require evaluation and possible replacement. Many traditional operations tools require the presence of an operating system for the execution of checks and responses. With server-less environments, these checks will need to be instrumented to account for new methods of checking status, responding and evaluating service availability.
Prior to the deployment of serverless computing based applications, most security organizations focus on perimeter security and access controls. Due to the deployment model of serverless, the perimeter is now an ever-changing boundary, eliminating the ability to monitor traffic and connections as usual, as well as the ability to deploy traditional security appliances. In a serverless environment, security shifts to the instrumentation of application code, enabling a complete monitoring of activities, connections and use behavior.
Security must become application-centric in a server-less world. This translates to deep instrumentation within the application to capture all events, requests, and behavior. Simple monitoring and alerting can then be used as a baseline to identify and stop an anomalous behavior, while advanced machine learning can be leveraged to respond to previously unknown, but malicious behavior.
Many organizations have adopted DevOps models and principles as part of their cloud journey. DevOps was leveraged as a proven set of methods for rapidly releasing high-quality code with regular feature improvements. As serverless becomes more dominant, the principles that drive DevOps adoption become more critical to an organization’s application deployment success.
With serverless, there is no traditional operating system to interact with, as a result many of the methods commonly used for building and releasing an application simply will not work.
The use of DevOps principles will ensure more successful adoption of serverless computing by enabling developers to take complete ownership of the application pipeline and be empowered to respond to any incident or feedback from application users.
DevOps also pushes small, self-organizing and discrete teams to ensure end-to-end ownership for these functional pieces, while consuming capabilities from related organizations. Serverless provides a strong foundation for this separation of application functionality into discrete elements for simplified maintenance and elimination of team-to-team dependencies.
Financial Management & Governance
The serverless services from all cloud providers deliver the ability to auto-scale services based on demand. While this can lower the operational over-head to accommodate growth in traffic and users, if left unchecked, costs can quickly grow beyond budgeted thresholds. Previous server-based models created artificial boundaries, either server or virtual machine size, to ensure that unchecked application code did not cause large financial expenditures.
Previous IT systems did capacity planning at purchase or deployment time and rarely ever looked at capacity again until major refreshes. That cycle must become constant in a serverless world due to the risk of ballooning costs if application architectures do not match the billing models of the cloud providers.
One key element of serverless is its time-based billing models. This can be further complicated by auto scaling and triggers that run services as needed. It is important to ensure that any financial models account for this consumption model and map it to users so that costs can be adequately passed along to business units or consumers for periods of high usage.
Serverless computing provides organizations many advantages, from the ability to eliminate all management of operating systems, to more discreet billing models. While there is a huge value to operations, there are fundamental changes that must occur within operational processes, security monitoring, financial management, and code deployment pipelines. Serverless computing enables organizations to get closer to a model where developers can create features and capabilities and have them deployed without human intervention, in a highly scalable and reliable manner.