A tour of cloud computing: “Observability is an essential component when successfully operating software in the cloud”
Cloud computing is worth exploring; this is what we think but of course, we’re no experts. Therefore, we decided to invite 12 experts to weigh in on the present and future of cloud computing. Our next guest is Ross Kukulinski, Senior Product Manager at Heptio.
Cloud computing is worth exploring
In last year’s JAXenter Technology Trends Survey, we asked readers about their interest in different technologies and, according to the results, the cloud was a very relevant topic for developers. As you can see in the figure below, cloud computing was the runner-up in the “General IT topics” section, after software architecture.
If you want to read more about respondents’ favorite and least favorite cloud platforms, have a look at the results. Sure, cloud computing was already very popular but these results put things into perspective for us; in 2017, respondents were more interested in cloud computing than in microservices, DevOps, machine learning, blockchain and the list goes on. That may or may not still be the case, but these results opened our appetite for everything cloud-related.
Despite cloud computing’s popularity, there are still a lot of unknowns, misunderstandings and gaps. For example, earlier this year, we learned from Sumo Logic’s 2018 Global Security Trends in the Cloud report that almost half of their respondents reported that current tools do not work in the cloud. Furthermore, a whopping 97% out of the 300+ respondents felt that they lacked the tools for proper cloud security. Read more about the report here.
The bottom line is that cloud computing is worth exploring and the benefits definitely outweigh the risks. This is what we think but of course, we’re no experts. Therefore, we decided to invite 12 experts to weigh in on the present and future of cloud computing.
A tour of cloud computing will be published twice a week.
Here are the interviews published so far
- Abby Kearns: “It’s very important for technology to be cloud-compatible, if not cloud-native”
- Oleg Chunikhin & Terry Shea:“Serverless is another step towards improving productivity, especially in DevOps and operations”
- Peter Meulbroek:“Cloud-neutral adds a large amount of complexity and risk to a migration, without really solving the issue”
Our next guest is Ross Kukulinski, Senior Product Manager at Heptio.
JAXenter: Everything is in the cloud these days, including our precious data. How can developers maintain an appropriate level of security in an increasingly insecure landscape?
Ross Kukulinski: I disagree with the premise that the IT landscape is getting increasingly insecure. If anything, I’d argue that it’s more secure because the major cloud providers are really good at what they do. Their business revolves around computer and network security, whereas for many IT organizations, security is a necessary evil.
As an example, I met with a telecom organization that was in the middle of evaluating several public cloud platforms as an opportunity to improve developer efficiency and product velocity. They were concerned about a perceived loss of control regarding security. “They’re not our servers anymore, how do we know they’re secure!?!”, they exclaimed. Fast forward two months after their chief security engineer met with a cloud provider security team. The engineer surprised everyone with the verdict: the public cloud is safer than our data centers.
All that said, however, there certainly are risks when building software for the cloud.
- Never build your own encryption algorithm.
- Never build your own identity authentication and authorization system.
- The biggest risk is what you don’t know. Minimize unknown risk by finding development, infrastructure, or security partners in your technology ecosystem that can educate your teams and evaluate your design decisions.
JAXenter: What benefits does a cloud-based infrastructure bring? What are the drawbacks?
Over the last few years, containers have very rapidly become the defacto deployment artifact for cloud applications.
Ross Kukulinski: Before joining the product team at Heptio, I helped build our field engineering organization and practice. I’ve met with hundreds of companies covering the entire spectrum of cloud infrastructure and cloud native adoption. Consistently, the companies furthest along in the process are commonly receiving three key benefits:
- Developer productivity and product velocity
- Reliable infrastructure and scalable applications
- Increased operational efficiency
That said, there are things to watch out for when moving to cloud native practices. The most common failure I’ve seen is when organizations are eager to make a technological shift but aren’t ready to update their process, teams, and culture. Successfully delivering software in the cloud requires reeducating your teams, evaluating new processes, and revisiting your culture.
The other common failure I’ve seen is when organizations attempt an all-or-nothing migration to the cloud. As with most technology revisions, cloud native techniques can be applied incrementally, which can help smooth transitions to the cloud.
JAXenter: What is your favorite cloud-based tool, service, or platform to use and why?
Ross Kukulinski: As a Product Manager at a distributed company, I frequently need to collaborate with my team on reviewing designs, writing documentation, testing demos and troubleshooting bugs. While we use Zoom extensively at Heptio for video conferencing, not being able to share the keyboard with my coworkers is frustrating. I’ve recently fallen in love with Visual Studio Code Live Share which allows my team to share a Visual Code session. Everyone can collaborate on the same project and run commands in a shared terminal, all in real time.
JAXenter: Is Kubernetes becoming central to cloud adoption?
Ross Kukulinski: My three years of production Kubernetes experience has made it clear to me that Kubernetes has become a key component for many cloud adoption roadmaps.
Over the last few years, containers have very rapidly become the defacto deployment artifact for cloud applications. This then leads to organizations needing a way to schedule, manage, and monitor their containers running in production. This problem gave rise to a whole class of container orchestrators like Kubernetes, Marathon, Nomad and Docker Swarm. I think it’s also important to recognize the work that Netflix has done with their AWS-tailored OSS toolkit, which is popular among Java developers.
It’s pretty telling that of all the container orchestration platforms, the only one that every major cloud provider has a hosted version of is Kubernetes. Organizations are drawn towards the API-driven and batteries-included model. The flexibility to run Kubernetes in multi-cloud and on-premises gives businesses leverage over their cloud vendor(s) to make effective buying decisions. Finally, the thriving Kubernetes open-source community continues to drive the project forward to tackle new use cases like machine-learning and big-data applications.
Kubernetes has become a key component for many cloud adoption roadmaps.
Ross Kukulinski: There’s a delicate balance between being cloud-neutral, where you develop against the lowest-common-denominator of cloud features vs. being locked into a particular cloud or vendor solution but you receive all of the benefits and features of that cloud.
Between 2012-2014, I was an active maintainer for a Node.js module called pkgcloud. The idea of the package was to provide a standard library that abstracted away differences among multiple cloud providers as well as OpenStack. Developers could create virtual machines, manage storage buckets, and configure load balancers through a common API. What I learned from that experience was that while you can create a common API and user experience, the quality and benefits of the cloud suffers.
Instead, I have found that organizations should look to embrace the unique benefits and higher-level services/APIs that each cloud provider offers. For standard compute, storage, and networking, Kubernetes provides an excellent multi-cloud abstraction layer.
But in the FaaS world, I’m inclined to leverage cloud-provider specific serverless runtimes. Two of the key benefits of FaaS is that you only pay for what you consume and horizontal scaling is automatic. Operating something like Fn yourself likely eliminates both benefits! As an alternative, I think the Serverless Framework is doing a good job of walking the fine line between cloud-agnostic and watered-down features.
JAXenter: If cloud technology wants to continue to grow, tools should grow and adapt as well. What are the most mature tools right now?
Ross Kukulinski: The Cloud Native Landscape is rapidly expanding and constantly evolving to adapt to the industry’s demands. I’m a CNCF Ambassador and I’ll be honest, it’s a struggle to keep up with all of the projects! Kubernetes aside, I think two of the most mature open source cloud native tools are Prometheus and ElasticSearch.
Observability is an essential component when successfully operating software in the cloud. Typically, “Observability” is commonly broken down into three pillars: metrics collection (Prometheus), log aggregation (ElasticSearch), and request tracing. If you’re curious to learn more, I recommend reading some of Cindy Sridharan’s posts on Logs and Metrics, Monitoring and Observability, and her free O’Reilly e-book Distributed Systems Observability.
The Serverless Framework is doing a good job of walking the fine line between cloud-agnostic and watered-down features.
JAXenter: How can we capture the multi-cloud opportunity? What are the roadblocks to multi-cloud success?
Ross Kukulinski: At the end of the day, data is going to be a persistent problem. Platforms like Kubernetes make it easy to shift workloads between different clouds and private data centers. But any sufficiently successful product, platform, or company is going to have a significant amount of data that is technically challenging and likely expensive to move between clouds. This is especially true if you leverage the operational savings of database-as-a-service offerings from cloud vendors.
One technology I’ve been keeping a close eye on is CockroachDB, which is based on Google’s Spanner data storage system. CockroachDB is a SQL database that has distributed ACID transactions while spanning data centers or cloud providers. For a certain class of applications, CockroachDB may provide a multi-cloud database solution.
JAXenter: What do you think of serverless? Is it a “revolution of the cloud,” as Maciej Winnicki, Principal Software Engineer at Serverless Inc. told us last year?
Ross Kukulinski: I continue to be simultaneously fascinated by serverless while struggling to view it as a ‘revolution’. Prior to joining Heptio, I was a freelance consultant helping companies find success with cloud-native technologies and practices (in which I include serverless patterns). I worked with one client, in particular, to design, implement, and operationalize a serverless application using a popular public cloud runtime. In total, there were fewer than 10 “functions,” but they were executing 4-6 million times a day in production.
As a developer, I found a lot of joy shipping serverless functions – it reminded me of the first time I ran `git push heroku master` to deploy an application to a Platform as a Service. What’s more, with Functions as a Service, you don’t need to worry about scaling your application and you’re only billed for the compute you actually need.
However, similar to PaaS like Heroku, Functions as a Service are inherently constrained in the types of applications and systems that can effectively leverage the runtime. If the system you’re designing fits inside the FaaS box, great! If not, you will have a losing battle on your hands.
Finally, I want to suggest some recommended learning materials for people currently evaluating Serverless:
- Martin Fowler has a great article on Serverless and its design tradeoffs. In that post, he links to Charity Majors who has plenty of insightful ideas on the topic.
- My friend, Steve Faulkner, led Bustle’s transition to 100% serverless and he has spoken extensively about the experience. He and I don’t always see eye-to-eye on containers and serverless, but it’s always an insightful conversation!
Application developers have entered a new era with the advent of cloud technology. If you want to meet the movers and shakers in the world of cloud computing, don’t miss JAX London, a four-day conference taking place October 8-11, 2018.