Shulou(Shulou.com)05/31 Report--

What is the architecture and usage scenario of Serverless? I believe many inexperienced people don't know what to do about it. Therefore, this paper summarizes the causes and solutions of the problem. Through this article, I hope you can solve this problem.

Serverless is changing the mode and process of future software development. For most applications, with the help of Serverless services, developers can devote most of their energy to the development and integration of business logic, which greatly shortens the development cycle and reduces the cost of operation and maintenance. This article will explore the tools and potential entrepreneurial opportunities that are missing in the Serverless ecology.

What we are doing in starting a business is also very closely related to Serverless, and we are currently focusing on developing an IDaaS identity as a service product, Authing. I was in charge of LarkCloud, a Serverless product with hundreds of millions of daily active users in byte jump. I personally maintain a long-term concern for Serverless, and I also have a lot of ideas about the development of the Serverless industry, which I would like to share with you today.

1) the development of cloud computing

With regard to the Serverless architecture, before we look at this architecture, let's review the development of cloud computing. The blue part of the picture is managed by the user, and the yellow part is managed by the cloud service provider. From the early On-Premises to FaaS, this is the development process of cloud computing.

In On-Premises, all the hardware, operating system, containers, runtime environment, applications and functions of the computer room need to be managed by themselves; after the development of IaaS, developers no longer need to maintain their own hardware, but they still need to maintain a lot of things.

Later, with the emergence of CaaS services, containers are services. We no longer need to maintain things at the operating system level, we only need to maintain containers. K8s became popular in such a short time, which is also a very important reason.

Next, cloud computing PaaS platforms such as Aliyun and AWS come out and do a lot of peripheral tools, such as various monitoring, alarm, and the entire server management console. Then, with this service, customers do not even have to manage these services themselves, they just need to manage their own applications. This is PaaS service.

Now, the product form of FaaS appears. The rightmost FaaS is blue, and all the modules in the lower layer are yellow, provided by cloud service providers. There is also a gray module Application in the middle, which needs to be managed by cloud service providers and users.

So this is an evolution history of FaaS. Generally speaking, the reason for the development of FaaS, PaaS, CaaS and other services is to enable more customers to concentrate on their business without having to maintain so much underlying infrastructure that has nothing to do with business.

2) Serverless architecture

Next, let's take a look at the Serverless architecture. Here we take some services of AWS as an example. The leftmost User Agent (user) accesses a system from a browser. First, an API Gateway,API Gateway will start a function Cloud Function, which is called Lambda in AWS. Then Lambda will perform some acquisition resources and business operations. These resources are all limited. It could be Amazon's DynamoDB, AWS S3 storage, Amazon's EC2, your own social data and address book friends, etc.

These resources are limited by default. When these resources are limited, you need to access a serverless authentication system, that is, Authing in the figure. The user logs in through Authing. After the authentication is completed, the user gets a Token, and then the user takes the Token to request the resources. At this time, the backend must verify that the Token is valid in order to obtain the resources to which the user has permission to access. This is a process for accessing Serverless as a whole.

Now many people divide Serverless into two parts, one is called FaaS (function as a service) Functions as a Service abbreviation, only need to execute a function, upload a function, and then these functions to perform some operations, such as reading your newsletter, your address, or reading other business information.

The other piece is called BaaS (back-end as a service), which is called Backend as a Service, which uploads the entire BaaS code to the server, and then it will automatically do some auto scaling for you.

In fact, the granularity of the function is finer, and then what we mainly discuss today is that the development of FaaS,BaaS is not particularly good, and I am not very optimistic about the market of BaaS.

3) the life cycle of FaaS function

Next, let's take a look at the life cycle of FaaS. The full name of FaaS is Functions as a Service. Developers only need to develop a function, and then this function will automatically shrink according to the number of visits to the function. FaaS has a trigger, that is, from which party to make the call, for example: if you request a FaaS on the browser, you receive a HTTP request. For example, if an image is uploaded to Tencent Cloud's OSS (OSS is Tencent's storage service), there will be a callback message after the upload is successful, and this message will trigger the FaaS function, which is called Webhook. There is also a kind of Internet of things scenario, such as temperature collector, after measuring the temperature, there will be a message model such as Pub/Sub, which is asynchronous and executes such a FaaS trigger.

Once the execution of the FaaS is triggered, a VM (virtual machine) will be started. At present, the VM (virtual machine) is mainly divided into two categories: one is to directly Fork the process and then execute this code in the process, and the other is to start a container and then execute it in the container. It's not safe to execute code in a Process process, so now many people turn to containers. Of course, the problem with the container is that the cold start time will be very long, that is, if the execution time of the function itself is only 200 milliseconds, and if you add that the startup time of the container may also be 200 milliseconds, the total time may be 400 milliseconds. Then it will cause some network delays, and finally have an impact on the user experience.

After starting such a VM, you will run the function, and the instance will be destroyed after the run. At the same time, the cloud service will calculate the resources consumed, such as CPU, memory, bandwidth, etc., based on your running time, and then calculate how much the operation will cost for a deduction.

This is the life cycle of the FaaS function, so let's take a look at it: why do we use FaaS?

4) IaaS model

First, let's look at the IaaS model. Take a look at the overall architecture of IaaS from four perspectives:

The first is from the perspective of Service Models, that is, service model, which is divided into IaaS, PaaS and SaaS.

Second, from the perspective of Cloud Stack, cloud computing is composed of the lowest infrastructure layer, application stack, application and user layer.

The third is to take a look at the detailed components from the Stack Components perspective:

Infrastructure layer: a variety of hardware resources, such as CPU, network, bandwidth, hard disk, etc., are provided by infrastructure vendors to ensure the most basic system security.

Application Stack: it is the basic software technology stack needed to build the application, including operating system, programming language, application server, middleware, database (relational database, graph database, or non-relational database, etc.), alarm monitoring service, DevOps, CI/CD, API Gateway and so on.

Application layer: developers to build their own business model, business applications need development components, "authentication, authorization" is the most basic components, followed by UI (that is, user interface), some transactions, such as your payment, or live transactions. There are also some reports about the growth data of business-related users, the management of business usage, and what the Key Metrics looks like; in addition, a background is needed to manage all resources.

User layer: including user login, registration, management and so on.

The fourth is to calculate the responsibility boundary between service providers and customers from different service modes.

IaaS mode: the responsibility of IDC suppliers is to build the most basic hardware infrastructure and ensure the security of the entire system. Customers need to build the entire computing, application environment, and business development from the bottom of OS.

Under PaaS mode: cloud service providers such as AWS and Aliyun are responsible for the construction of infrastructure and the construction of core basic software environment. Such as operating system, database, middleware, monitoring services, these services are abstracted into a layer of cloud, and then provided to enterprises for use. Customers only need to focus on application environment building and business-level development.

Under the SaaS model: cloud service providers further service the "application environment", and customers only need to consider things at the business level. For example, the two more important modules in the application layer: authentication and authorization modules are also serviced by SaaS; even the user registration, login, and management functions of the User layer are also SaaS-oriented. In the United States, there are Auth0, Okta and other manufacturers to provide this kind of services, in China, we Authing is also doing similar things: IDaaS identity as a service. With IDaaS customers, you can develop your business more directly without worrying about registration, login, user management, authentication, authorization and other functions.

Looking back in the IaaS era, customers need to do a lot of things, infrastructure and research and development costs are extremely high, the time cost to enter the market is very high. But after a series of "service" process, customers only need to pay more attention to their own business code, quickly achieve, quickly enter the market for verification and sales, which is also from 2019, Low code/No code start-up projects are very popular with capital.

5) CaaS container model

With the technology iteration and entering the era of container model, the operation and maintenance of enterprises need to manage more product matrix and service stability. First of all, there are a variety of service discovery, Container Runtime, including the management of the entire container cluster, as well as some security issues, performance issues, role-based access control (RBAC), LDAP/AD management, and the implementation of SSO.

For developers, operators need to learn a lot of SSO knowledge, as well as many other things that have nothing to do with the business, which adds to the burden of their management. The CaaS container model greatly improves the scalability of our entire service, but also greatly increases the burden on the operators.

6) Serverless model

The industry has gradually evolved into today's Serverless model, under which customers need to worry about a lot of components. However, after entering the Serverless model, customers only need to care about the "business code", design their own business model, deploy the code to the cloud service, and complete all the complex series of deployment, operation and maintenance, monitoring and other operations.

A. FaaS advantage

The benefits of Serverless are, first of all, zero operation and maintenance, also known as zero management. In addition to zero operation and zero management, there are many other advantages, such as pay by running time, pay as long as you run, and do not have to pay any money when there is no depletion of running resources.

For example, if you look at the figure above, the blue line represents how many requests are processed per second, and the red line is the number of servers needed to process these requests. You can see that the blue line has two peaks, which means 200 servers are required, which would require 200 servers under the traditional architecture. So with FaaS, you don't need to buy so many servers, you just need to write the business logic, and then it will automatically scale for you.

There are also many scaling strategies, such as using machine learning to predict, or using some real-time computing to predict and so on. Operation and maintenance personnel only need to consider managing fewer servers, developers only need to care about business code, so that enterprises can enter the market faster, and can create a native micro-service, significantly reducing the management and maintenance burden of enterprises.

B. FaaS disadvantage

In addition to its advantages, FaaS has many disadvantages and does not have a common standard. For example, AWS, Google, as well as domestic Tencent, Aliyun, Huawei and JD.com Cloud all have FaaS services, but they do not have a common standard. This also results in the problem that customers are locked by suppliers and cannot easily migrate. For example, if I use AWS, I may have hundreds of millions of requests every day, so it is very troublesome to migrate to Aliyun and Tencent Cloud. The second point is that FaaS is a black box environment, and the developer needs to know very well what is going on at the bottom of this thing before he can dare to use it, otherwise he will not be able to estimate some potential risks. The fourth is the problem of cold start, which is not a big problem. Cloud vendors have solved this kind of problem, and there are many ways to deal with it.

The fifth question is the most deadly one, and the current FaaS has not been verified by a very complex application case. If I want to use Serverless to develop a Taobao, QQ, Wechat or a live broadcast software, there is no such case at present. On the one hand, it is mainly due to the lack of ecology, on the other hand, it is also because the thinking and awareness of developers has not been improved, this is definitely not a technical problem, the technology has been very mature.

C. FaaS manufacturer

The following picture shows the manufacturers who are working on FaaS around the world. The first OpenWhisk is IBM's open source FaaS framework. The other is the well-known AWS Lambda, Amazon's cloud service is a standard in the industry, and Google and Microsoft all have similar services. China is mainly Aliyun, Tencent Cloud, Huawei Cloud, in addition to these three, in fact, JD.com, Didi other clouds. The other is Byte Jump, which is called Light Service, which is also a service I was developing at Byte Jump at that time.

In addition, there is a force that can not be ignored, that is, Auth0 in the United States is an IDaaS-identity authentication service that puts identity authentication on the cloud. They have a Webtasks product that allows users and developers to quickly complete the identity authentication function through their services, and focus more energy on specific business aspects. The other is the Authing we are working on. In the future, there will be a function product like FnSuite, which will have a very good connection with our business.

2. Serverless usage scenario 1) serverless application backend scenario

Next, let's introduce the usage scenario of Serverless.

First of all, the first category is this kind of serverless application backend. For example, I wrote a piece of code, and then I push it to Github. At this time, the webhook of Github, I need to let it notify my Slack or my flying book.

If there is no Serverless, you need to write a code back-end framework, and then splice it together, write a route, and then deploy it to the server after writing the route, and then deploy the operation and maintenance.

After you have FaaS, you only need to write a function and send it to Aliyun or Tencent Cloud. The cloud service provider returns an API link, and the developer fills the link into Github to complete the entire operation process, which is very simple.

There is also a news push app, a new user, which registers an app and then pushes some news to him in our message.

For example, the back end of the application of the Internet of things, such as a temperature information push system, calls a function after Pub/Sub, and then our function performs some specific business operations, such as pushing it to our background for monitoring and management, and some alarms, and so on.

This is the first serverless application backend scenario of Serverless, such as QQ, Weibo, Wechat IM and simple message push scenarios, which can all use Serverless.

2) artificial intelligence application scenarios

The second kind of scenario: artificial intelligence application. This picture from Google, you can look from left to right, for example, through Slack, Messenger, or Google Home to talk to the robot, will send a Http request, the request will execute the function in the cloud, and then the function will request Google's Dialogflow is a Google conversation management service.

Dialogflow manages multiple rounds of conversations, and other services, such as ML and Vision API, are provided by cloud service providers. The vendor's Cloud Functions (cloud function) can directly call these capabilities, which is a great advantage for cloud service providers.

Therefore, Serverless can only be developed by these BigTech, and it is basically impossible for some small companies or start-ups to build Serverless infrastructure, because the core competitive advantage of Serverless is not only the previous function, but also the other capabilities provided by the service provider itself for function calls.

3) Real-time data processing scenario

The third kind of scenario: real-time data processing, the most typical is the Internet of things application, the amount of data is very large, using Serverless is also very matching. If you need 10, 000 QPS, the function can immediately generate a cluster that supports 10, 000 QPS. If you build your own EC 2 server or other applications, you also need to manage the cluster yourself, which will cost a lot.

4) AaaS Authentication as a Service scenario

Then there is another scenario that can not be ignored: AaaS (Authentication as a Service), which makes user registration, login, user management, authentication and authorization modules SaaS service. Why do you need services like AaaS? There are three main reasons:

The first point: identity management is the most standardized product in cloud computing in addition to computing resources, storage resources and network resources. Why is it the most standardized? As you can see in the previous IaaS diagram: Stack Components includes registration, login, registration, user management and authentication and authorization modules, basically all applications: to B, to C, to G, to Developer are basically required and the process is very standard Even at the infrastructure level, standardized authentication services are required. For example, authentication / authorization is also required in K8S container orchestration scenarios, as well as in multi-cloud management, DevOps identity management of different tool streams, and so on.

Before there was no AaaS cloud service, everyone needed to build their own wheels, so the emergence of AaaS cloud services prevented the repetition of wheels from happening, saved huge social productivity, and made identity management very simple and secure. This is also an opportunity that many manufacturers see.

The second point: the problem of identity management has never been well solved for decades, and users pay for the "poor identity management" of enterprises at the cost of their own privacy. For example, the user data leakage accidents of many sites, these user disclosure accidents not only have a great impact on the reputation of the enterprise, but also seriously damage the privacy of users. A recently learned company spends millions of dollars a year on identity management services. The emergence of AaaS cloud service products will greatly reduce the input cost and security cost of customers.

The third point: the cost of compliance is rising year by year: with the introduction of these laws, such as GDPR, CCPA, including Castle of Canada, the government has put forward higher requirements for enterprise identity management. If enterprises want to meet these requirements, it will cost a lot of money, and the use of AaaS cloud services can ensure that enterprises can have a very efficient, simple and secure compliance identity management product.

3. Serverless usage report

Next, let's take a look at a Serverless usage report to understand the current situation of the industry. The data comes from O'Reilly serverless survey 2019.

First of all, 40% of the enterprises have adopted Serverless, this proportion is still relatively large, 60% did not adopt, there is still a lot of room for improvement in the market.

30% of Serverless users are front-line engineers, followed by architects and technical leader accounts for about 25%. There are also a lot of technical users, another surprise is: VP, director, manager level users are also nearly 20%

In addition, the report shows that the industries that adopt Serverless technology are also very widespread, with the software industry being the most adopted, the second largest industry being finance and banking, and the third largest industry being the consulting industry. So if you want to start a business in the Serverless field, perhaps the best customer is the financial industry, either doing outsourcing or serving the financial industry.

60% of medium-and large-scale enterprises adopt Serverless: this figure is also quite unexpected. We subconsciously think that the companies that adopt Serverless's new technology may be small enterprises, but we can see from the chart that 20% of them have more than 10, 000 people.

50% of Serverless users regularly use Serverless for more than one year, and more than 10% of enterprises have adopted Serverless technology for more than three years.

Then 66 per cent of users said that the effect of using Serverless technology was remarkable.

This is some survey of why Serverless is used. We look at the first three main reasons, respectively, is to reduce operating costs, can be sequentially automatic scaling. The third is that you no longer need to care about the maintenance of the server, which is similar to the first point, reducing costs.

A survey of the reasons for not using Serverless shows that:

The biggest challenge that enterprises face after adopting Serverless technology is that the cost of education for employees is very high, and it is still difficult to educate employees, so if you want to start a business in the field of Serverless, it is also good to be a consulting company in the field of Serverless and cooperate with educational institutions to train talents.

The second challenge is the lack of standards in the Serverless field, which is easy to be targeted by suppliers and not easy to migrate to other suppliers, which may need to accelerate the standardization process of the Serverless industry to prevent it from being locked up by suppliers, which is also being promoted by the CNCF Foundation. The third challenge is that integration testing and debugging are very difficult, which also reflects the imperfection of the Serverless ecological supply chain, as well as entrepreneurial opportunities.

The biggest reason for not adopting Serverless is because of security concerns. If you want to start a business, then it is also a great opportunity to solve the security problem of Serverless. The second major reason is that because of the fear of difficulties caused by the unknown of Serverless, I don't know what will happen when using Serverless. The third reason is that the underlying cloud service provider is in the process of migration and it is too late to adopt Serverless.

What role does it play in managing the Serverless infrastructure within the company? The first is the operational staff responsible for DevOps, the second is the software engineer, and the third is the technical architect. This is a global survey, I think it may not be quite consistent with the actual situation in China, China may have to turn the other way, the first may be the architect to decide. Second, it is the software engineer who has the say to decide whether to adopt it or not.

The last survey shows that 50% of enterprises are willing to try Serverless in the next three years, so Serverless will have a very big growth in the future.

4. Serverless tool chain, prospects and opportunities

Finally, let's talk about the Serverless tool chain, prospects and opportunities. First of all, let's look at the tool chain, which is divided into three sections, namely, development, deployment, and monitoring.

1) Development tools

The first is the CLI tool: mainly compatible with commercial FaaS and open source FaaS, Servereless.com has done a very good job, they are already compatible with more than a dozen FaaS platforms.

The second is the editor plug-in: many programmers are still used to using tools such as VS Code or Sublime to develop, so they need a very convenient plug-in that can be easily managed and debugged.

The third is that WebIDE:WebIDE is a derivative, mainly as a convenient development, debugging gadget, most developers should still be based on the local editor plug-in to develop.

In addition, there may be other tools that need to be added.

2) deployment tools

Common deployment tools include: Git integration, CI/CD continuous integration, Hooks (for synchronizing messages to IM tools), and so on. Then I still need to do some Cronjob, such as being able to deploy scheduled tasks very easily, and I can release previews and production versions.

3) Monitoring tools

Finally, we need monitor to call the police, SMS notification, company email notification, log and so on.

These three points I am talking about are actually just trifles at the product level, with or without these functions, it does not have much impact on the popularity of Serverless and the improvement of the industry. I think if we want to really promote the development of Serverless, we still need to do the following three things.

5. Three opportunities to promote the development of industry

The first thing is that there is a FaaS Framework dedicated to writing large projects, and it is fully compatible with the FaaS architecture. Why do you need FaaS Framework? Without FaaS Framework, we would not be able to write large projects in FaaS. A function, can only do some simple things, if you need to do a QQ, do a Wechat, a function is definitely not good.

The second thing is that Content as a Service,CaaS is a higher-level abstraction of FaaS itself, FaaS provides computing power, and then the most important thing is that you need a storage capacity, especially structured data storage, so you need a CaaS to cloud the storage. For example, my CaaS platform designs some tables and fields, and then these fields can be connected to each other, and finally he can immediately help me generate REST API or GraphQL, and it also has the ability to combine with FaaS. I think it is a great opportunity in the future.

The third category is called cloud native programming language. In this programming language, it is completely based on the existing cloud computing vendors, and its logic cycle is unchanged. But he reads and writes the hard disk on the cloud, and it is compatible with all major cloud platforms. For example, if I want to call AWS's S3, I only need to write the native programming language, and I don't need to use any framework. At the same time, it can start the server on the cloud for debugging. He is scalable at the language level. For example, I wrote a calculation like 1-1-2. If 100 million requests come, then at the language level, he can help me schedule computing resources that can resist 100 million traffic.

I think if these three things are done well, it will have a huge promoting effect on the whole industry.

6. Summary

Finally, Serverless is a real cloud computing, it is really pay-on-demand, and then do not need to manage any infrastructure, only need to focus on their own core business, the current cloud computing has not really done this. Then it is basically impossible for small companies to do Serverlss, mainly because of the lack of trust.

If it is a start-up, you can cut in from the following levels.

The first is to make a FaaS aggregator to improve development convenience, just like Serverless.com does.

The second is to do a FaaS and then take over outsourcing, this kind of large-scale outsourcing business can be done best with Serverless.

The third is to develop a CaaS and then cover the query business, and then connect with FaaS, and then complete some high-level operations, and then enable the business.

The fourth is to develop the cloud into a language, and then cooperate with educational institutions, training institutions and consulting institutions to train talents. only with this awareness can there be a greater change in the industry as a whole.

After reading the above, have you mastered the architecture of Serverless and how to use it? If you want to learn more skills or want to know more about it, you are welcome to follow the industry information channel, thank you for reading!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.