The second day of the Microxchg conference took place last Friday with more interesting talks coming up. Stefan Tilkov analyzed from his consulting experience how different is architecture in the real world, with microservices blending in a disconnected mess with potentially several different frontend monoliths. In his opinion, native frontends can resemble server monoliths in architectural aspects. And these front end monoliths can be as good or bad as back end monoliths are. His recommendation is to avoid building a single, single page app and always architect for different modules in a complex web app.
Adrian Cockcroft from Battery Ventures and ex-Netflix took the stage next, arguing that microservices are much more challenging than a large number of machines and introducing the problem of figuring out the right flow in a complex set of microservices. Gilt has already more than 450 microservices whereas Netflix has more than 1000, meaning that flow and microservices interaction becomes a real issue at this scale. At such scale, figuring out the response time of each endpoint becomes a challenge. To this end, Adrian presented spigo (to be renamed to simianviz in the next few months), a microservices simulator. Spigo tries to answer this question, assuming asymetric response times. Integrating Guesstimate in the tool, one can simulate the flow and visualize a complex set of microservices. As for the future, in-memory big data computation with Terabytes of RAM or Flash DIMM is also in his radar, along with serverless architectures based on AWS Lambda and similar technologies.
Security in microservices is another hot topic in the conference as presented by Sam Newman. His talk was based in the four steps of security prevention, detection, response and recovery. Prevention can consist of HTTPS everywhere, even inside company’s firewalls using Let’s Encrypt which provides with free and programmatically generated certificates. As for the client side authentication, this is equally important and can be tackled using Lemur, X.509 certificate orchestration framework by Netflix. Data at rest must also be taken care of as it may leak sensitive information.
In the detection aspect, logging must be in place to easily analyze intrusions. Modsecurity can also help with perimeter security.
In terms of recovery, the recommendation is to always have backups. Backups using a different, isolated account from anything else, i.e. a completely different AWS account. And if something goes wrong, burn it all and rebuild from backups. This can seem harder with microservices as there are many more moving parts, but as long as teams have devised an emergency plan beforehand, it can be done.
Another interesting talk came from Bora Tunca of Soundcloud about BFF’s or Backends For Frontends. Soundcloud has gone from less than 20 microservices to more than 120 in the past 3 years. Freedom in choosing the technology stack and faster iterations in the beginning were surmounted by the problems at scale as they expanded to more than 80 microservices.
Following Martin Fowler’s recommendation, Soundcloud implemented Humaneregistry oriented around people, but not relying on humans to update documentation however expecting humans to read and contribute to the process.
Each client application essentially ended up with its own BFF, handling common tasks like authentication and geolocation. These BFF’s would in turn talk to value added layer services, handling things like streaming, playlists and profiles which would in turn talk to foundation layer services, acting as data wrappers and dealing with low level tasks like images, tracks and users. Prometheus, Soundcloud’s scalable data collection project helps a lot with its powerful query language, operational simplicity and multi dimensional data collection.
Microexchg videos from day 2 are available in Youtube.