A tour of cloud computing: “Serverless is another step towards improving productivity, especially in DevOps and operations”
Cloud computing is worth exploring; this is what we think but of course, we’re no experts. Therefore, we decided to invite 12 experts to weigh in on the present and future of cloud computing. Our next guests are Kublr’s Oleg Chunikhin & Terry Shea.
Cloud computing is worth exploring
In last year’s JAXenter Technology Trends Survey, we asked readers about their interest in different technologies and, according to the results, the cloud was a very relevant topic for developers. As you can see in the figure below, cloud computing was the runner-up in the “General IT topics” section, after software architecture.
If you want to read more about respondents’ favorite and least favorite cloud platforms, have a look at the results. Sure, cloud computing was already very popular but these results put things into perspective for us; in 2017, respondents were more interested in cloud computing than in microservices, DevOps, machine learning, blockchain and the list goes on. That may or may not still be the case, but these results opened our appetite for everything cloud-related.
Despite cloud computing’s popularity, there are still a lot of unknowns, misunderstandings and gaps. For example, earlier this year, we learned from Sumo Logic’s 2018 Global Security Trends in the Cloud report that almost half of their respondents reported that current tools do not work in the cloud. Furthermore, a whopping 97% out of the 300+ respondents felt that they lacked the tools for proper cloud security. Read more about the report here.
The bottom line is that cloud computing is worth exploring and the benefits definitely outweigh the risks. This is what we think but of course, we’re no experts. Therefore, we decided to invite 12 experts to weigh in on the present and future of cloud computing.
A tour of cloud computing will be published twice a week. Check out the first interview [with Abby Kearns, Executive Director of Cloud Foundry Foundation] here.
Our next guests are Kublr’s Oleg Chunikhin & Terry Shea.
JAXenter: Everything is in the cloud these days, including our precious data. How can developers maintain an appropriate level of security in an increasingly insecure landscape?
Oleg Chunikhin: Utilizing the “security via obscurity” method creates more risks, so we recommend that developers maintain security by keeping the system architecture open, using open platforms and interfaces.
Keep systems as simple as possible but not simpler – security is highly sensitive to a system’s complexity. This advice may seem to contradict complex business requirements of modern organizations, but actually, well-designed hierarchical architecture where each level has well-defined responsibilities can help achieve both security and business agility through simplicity.
For example, you may use public (AWS) and private (OpenStack) frameworks for your infrastructure management layer; a container orchestration framework (Kubernetes) for your container management layer; a microservice (Istio) and/or serverless (e.g. Fission or Kubeless) framework for your application operations. Each layer’s responsibilities and security operations are well-defined and relatively easy to manage.
We tend to favor tools that allow us and our customers to mix and match, combine, develop and migrate application across clouds
JAXenter: Has GDPR affected the way you or your organization does things? How?
Terry Shea: We are selling infrastructure solutions to IT organizations, so end-user data privacy relates more to the application layer and isn’t relevant to our solution. We’ve always been careful that our integrations to IAM systems for IT user data are secure.
JAXenter: What benefits does a cloud-based infrastructure bring? What are the drawbacks?
Terry Shea: Benefits are speed of deployment, scalability, and operational as opposed to capital expenses. Drawbacks are the decentralization of spend decisions, cloud-vendor lock-in, and high scaling can equal high cost.
JAXenter: What is your favorite cloud-based tool, service, or platform to use and why?
Oleg Chunikhin: AWS, Azure, and Google Cloud – each has its own strengths and weaknesses. We tend to favor tools that allow us and our customers to mix and match, combine, develop and migrate application across clouds.
JAXenter: Is Kubernetes becoming central to cloud adoption?
Oleg Chunikhin: Kubernetes provides a very convenient and flexible abstraction layer with very little if any overhead on top of traditional cloud services. It enables developers to combine SaaS, packaged software, and custom developed software in a single, flexible, open, and portable platform. Altogether it improves maintainability and future-proofs enterprise architecture.
JAXenter: Jakarta EE has recently taken the cloud-native Java path. How important is it for a technology to be relevant to today’s cloud-first world?
Terry Shea: It’s very important. Not only are many applications built or migrated to the cloud, but “cloud-native” as an architecture is impacting on-premise applications and infrastructure as well. The term cloud-native is somewhat misleading. It refers to open source projects and technologies that utilize containers, are dynamically managed and micro-services oriented.
Oleg Chunikhin: Migration to the cloud continues to be a huge and increasing trend in the IT industry, but also brings its own set of challenges. Enterprises on this path are concerned with security, losing ownership of their data and applications, vendor lock and future-proofing their systems. Cloud-neutral technologies allow eliminating at least some of the related risks by allowing not only to migrate the load and data between different cloud providers but also between cloud and on-premise.
The Fn project is an example of such a technology that provides not only development and operations productivity improvements but other benefits such as portability and vendor independence.
JAXenter: If cloud technology wants to continue to grow, tools should grow and adapt as well. What are the most mature tools right now?
Migration to the cloud continues to be a huge and increasing trend in the IT industry, but also brings its own set of challenges.
Oleg Chunikhin: Virtualization, Cloud IaaS and SaaS services are at the plateau of productivity. Containers are largely used in development and QA, but are newer in production environments. Yet they significantly simplify support for multiple cloud and hybrid environments and are thus ideal for future growth. Serverless and service mesh, which may provide further productivity improvements, are just rising in the hype curve.
JAXenter: How can we capture the multi-cloud opportunity? What are the roadblocks to multi-cloud success?
Terry Shea: Multi-cloud requires a commitment from application development through DevOps and Ops teams to follow the right development practices and establish security processes and tooling that can support implementation and operations in multiple clouds.
JAXenter: What do you think of serverless? Is it a “revolution of the cloud,” as Maciej Winnicki, Principal Software Engineer at Serverless Inc. told us last year?
Oleg Chunikhin: It’s another step towards improving productivity, especially in DevOps and operations. For new applications that are born in the cloud, serverless has the potential to be very valuable. Although the same challenges apply for serviceless applications, if security, portability, ownership of data and applications, and vendor independence are big concerns for an enterprise, the company would need to invest in a serverless portability layer, ideally based on open source technologies.