• Except where noted contents © 2014 Development Partners Software Corporation • http://www.devpartners.com •

Cloud Architecture Anti-Patterns

A concise overview of some bad ideas

Bill Wilder, Finomial CTO@codingoutloudcodingoutloud@gmail.comblog.codingoutloud.comlinkedin.com/in/billwilder

O’Reilly Architecture Conference18-Mar-2015 (10:45-12:15) Room 306

• Except where noted contents © 2014 Development Partners Software Corporation • http://www.devpartners.com •

Cloud Architecture Anti-Patterns

A concise overview of some bad ideas

Bill Wilder, Finomial CTO@codingoutloudcodingoutloud@gmail.comblog.codingoutloud.comlinkedin.com/in/billwilder

O’Reilly Architecture Conference18-Mar-2015 (10:45-12:15) Room 306

Find this slide deck here

• Except where noted contents © 2014 Development Partners Software Corporation • http://www.devpartners.com •

Cloud Micro-Service Anti-Patterns for the Internet of Things written in GoA certifiably buzzworthy presentation

Bill Wilder, Finomial CTO@codingoutloudcodingoutloud@gmail.comblog.codingoutloud.comlinkedin.com/in/billwilder

O’Reilly Architecture Conference18-Mar-2015 (10:45-12:15) Room 306

Who is Bill Wilder?

www.devpartners.com

www.bostonazure.org

www.cloudarchitecturepatterns.com

Book signing2:45 – 3:30 today

Lots of ♥ to all the clouds

etc…

7

ArchitectSkills

Technical Business Decisions

9

Famous Architect: AristotleOn Properties:• Essential property = must

have • Accidental property =

happens to have but could lack

For effective software architect, all are Essential Properties

Technology Skills

Ability to Communicate

Business Awareness

11

Top 10 “Blunders” by Enterprise Architects

#3. Not engaging the business partners#2. Insufficient understanding and support

from stakeholders#1. The Wrong Lead Architect (for non-

technical reasons)#7. Not … Communicating the Impact#10. Not Spending Enough Time on

Communications Source http://www.sdtimes.com/link/33787 The top 10 enterprise architecture

blunders By Alex Handy, September 25, 2009

To cloud or not to cloud?

control vs. cost

Ctrl

€$¥

Ctrl

€$¥Technology Skills

Ability to Communicate

Business Awareness

Cloud Services … in the Cloud“who would’ve thought”

Cloud is a business innovation technology services + flexible rental model new types and combinations of services

1/9th above w

ater

Services: TTM & Sleeping well

Treating your ops team as equivalent to the cloud

vendor’s ops team

(They are not. Let cloud vendor handle service operations. Use

services. You focus on your app.)

Anti-Pattern #1

What is an Anti-Pattern

Wikipedia says: (http://en.wikipedia.org/wiki/Anti-pattern)

“A common response to a recurring problem that is usually ineffective and risks being highly counterproductive.”

Bill’s amplification:“An anti-pattern approach may seem reasonable, or actually be reasonable in other contexts. There may be problems that are not yet be apparent.” Often depends on the situation.

This talk will span:

Architecture and Architects

• N-tier, SOA, μSvcs• Multi-data center• Horizontal scaling• Expects failure• Eventual consist

Traditional Cloud-Native

• 2-tier• Single data center• Vertical scaling• Ignores failure• Transactional consist

• Less flexible• More manual/attention• Less reliable (SPoF)• Maintenance window• Less scalable, more $$

• Agile/faster TTM• Auto-scaling• Self-healing• HA• Geo-LB/FO

TELL

S/CL

UES

CON

SEQ

UEN

CES

Tells: Traditional vs Cloud-Native

Which is “best” architecture?

There is no “best” architecture – it is situational, a Technical Business Decision.

Cloud-native popularity growing in proportion to the shrinking cost

and competitive benefits.

One-size-fits-all architecture

Anti-Pattern #2

[Cloud] Anti-Pattern Causes

• Abstraction misalignment• Not reading the fine print• Insufficient ongoing attention to cost• Insufficient ongoing attention to

automation

www.pageofphotos.com (PoP)

Move Simple PoP App to Cloud

WHAT NOW?

Scalability &

Performance &

Cost&

Automation

Time passes…

PoP has lots of photos

www.pageofphotos.com

One-size-fits-all data storage

(perf, scalability, cost)

Anti-Pattern #3

Upgrade to scenario-specific storage

Some$, Perf, Scale

benefits

PoP uses Valet Key Pattern

Even more$, Perf, Scale

benefits

CDN for public content

Many, many other storage options also available: NoSQL varieties, caches, etc.

Always access raw data (regardless of distance, cost)

(performance, scalability, cost)

Anti-Pattern #4

PoP web tier goes multi-instance…

Users experiencing login issues*

*Depending on configuration …

Are Cloud Resources Infinite?

“We often hear that public cloud platforms offer the illusion of infinite resources. … This does not mean each resource has infinite capacity, just that you can request as many instances of the type of resource that you need.”Page 21, my (Bill Wilder’s) Cloud Architecture Patterns book

Running stateful VMs in web / service tiers

(Limits horizontal scalability & complicates autoscale – but

sometimes is reasonable option)

Anti-Pattern #5

I don’t have a slide on this, but …

sharding

Reliability

PoP Adding Video Support

(uh oh!)

Current

Let’s extend PoP with a Service Tier

REQUEST / RESPONSE(http + json)

OPTION 1: Request/Response Services

Serv

ices

Tie

r

Web

Tie

r

Dat

a Ti

er

Stateless StatelessServices

webbrowser

Coupling Between Tiers(reliability, scalability, cost)

(Situational: I frequently violate!Also relates to microservices.)

Anti-Pattern #6

Cloud Platform Reliable Queues

• Azure Storage or ServiceBus Queue• AWS Simple Queue Service• Google Pub/Sub

• Durable – won’t lose your data• Reliable – backed by SLA and ops team• Scalable – Internet scale• Approachable – REST + many SDKs

Basic Idea

ReliableQueue

WorkProducers

WorkConsumers

OPTION 2: Async Services

Serv

ices

Tie

r

Web

Tie

r

Dat

a Ti

er

Stateless StatelessServices

webbrowser

push pull

StatelessServices

Notice anything “missing”

?

There is no transaction

Get used to idea of eventual

consistency

Enables Responsive UX

• Response to interactive users is as fast as a work request can be persisted

• UX challenge due to async processing– Eventual consistency processing – Eventual satisfaction for users

Enables More Reliable Service

• Decoupled front/back provides insulation• Blocking is bane of scalability

General Case: Many Queue Types

WebRole(IIS)

WorkerRole

WebRole(IIS)

WebTier

(Public)

WorkerRoleWorker

RoleService

Tier Type 1

WorkerRoleWorker

RoleWorkerRoleWorker

Role Type 2

Queue Type 1

Queue Type 2

Queue Type 1

Queue Type 2

Queue Type 3 Worker

Role Type 2

WorkerRole

Type 2

Service Tier

Type 2

WebTier

(Admin)

Enables Cost-Efficient Scaling

• Loosely coupled, concern-independent scaling• Get Scale Units right• Optimize for CO$T EFFICIENCY

• GOAL:

cost α benefit

How about the queue API?

A reliable queue works just like any other queue,

right?

(beware the abstraction mismatch)

Anti-Pattern #7

Reliable Queue & 2-step Delete

WebTier

Service Tier

var url = “http://pageofphotos.blob.core.windows.net/up/<guid>.png”;queue.AddMessage( new CloudQueueMessage( url ) );

var invisibilityWindow = TimeSpan.FromSeconds( 10 );CloudQueueMessage msg = queue.GetMessage( invisibilityWindow );

(… do some processing then …)

Queue

queue.DeleteMessage( msg );

Idempotent Processing

An idempotent operation can be performed more than once

without changing the end result.

Key technique in lieue of

distributed transactions

Poison Message Detection

A poison message is a flawed message that can never be

successfully processed.

Tiers of Cloud Failure

• Transient API/DB connection failures• Temporary/Ephemeral drive loss• DC outage (or smoking hole)• Zone/Region outage (or smoking hole)• Global outage

“Failure is not an option”

(Failure is routine, at least at lower tiers.)

Anti-Pattern #8

Programming against Cloud Services as though

they were reliable

(Transient Failures handled using Busy Signal Pattern)

Anti-Pattern #9

Security

• A1-Injection• A2-Broken Authentication and Session Manag

ement• A3-Cross-Site Scripting (XSS)• A4-Insecure Direct Object References• A5-Security Misconfiguration• A6-Sensitive Data Exposure• A7-Missing Function Level Access Control• A8-Cross-Site Request Forgery (CSRF)• A9-Using Components with Known Vulnerabili

ties• A10-Unvalidated Redirects and Forwards

What about…

unicorn cloud security for apps

Copyright © 2013 Elizabeth B. O’Connor • used with permission • www.elizabethboconnor.com

SQL

INJECTIONSESSION

HIJACKINGCSRF

XSS

Belief in cloud app security unicorns

Reality: your app’s vulnerabilities will port very cleanly to your favorite cloud platform

Anti-Pattern #10

Little Bobby Tables (still a problem)

Conflating App & Platform security

secure compliant

Anti-Pattern #11

Cloud News from June 2014

• http://www.codespaces.com/• A cautionary tale…

– DDoS– Security Breach– Ransom / Extortion– Fighting Back– Malicious Destruction of Assets– Business Failure EL

APSE

D T

IME

12 H

OU

RS

1FAsingle-factor auth(2FA/MFA is widely available)

Anti-Pattern #12

Service Level Agreements (SLA)

PoP (pageofphotos.com) adds paid plans to corporate partners

– wants to offer an SLA

What is “the SLA” for storage?

SLA Responsibilities

• From Google Storage (https://cloud.google.com/storage/sla): "Back-off Requirements" means, when an error occurs, the Application is responsible for waiting for a period of time before issuing another request. This means that after the first error, there is a minimum back-off interval of 1 second and for each consecutive error, the back-off interval increases exponentially up to 32 seconds.”

SLA Math

• All required: 99.994 = 99.96• All required: 99.95 x 99.92 x 99.99 = 99.74• Period of time over which an SLA applies

matters

SLA Penalties

• Limited to the service costs– Service costs != your business losses

• Multiple instances might be needed to be eligible

Passing along the SLA

The cloud SLA becomes my service’s SLA

Anti-Pattern #13

Compose to boost reliability

The architecture of a cloud-native application is aligned with the

architecture of the underlying cloud platform.

Hiring!

HIRING at Finomial Corporation• Are you a talented senior engineer/architect

interested in financial services in Boston area?• Technology stack is ASP.NET on Azure + SPA• Downtown Boston (startup space)• bill.wilder@finomial.com (or grab a biz card)

• Except where noted, slide deck is © 2014 Development Partners Software Corporation • http://www.devpartners.com •

And….

Bill Wilder@codingoutloudcodingoutloud@gmail.comblog.codingoutloud.comlinkedin.com/in/billwilder

Find this slide deck here

See you at Boston Azure

bostonazure.org

Book signing2:45 – 3:30 today

des questions?