Rishidot Research

deciphering the modern enterprise

governance

Selecting The Right Microservices Platform

· · 1 Comment

Introduction

The emergence of cloud in the last decade has changed how enterprise IT is being done and there is considerable pressure on organizations to transform themselves to effectively compete in a fast-moving global economy. The software is driving innovation across all verticals pushing organizations to embrace software as the pathway to innovation. This brings focus on IT, as an enabler of innovation by making it easy for developers to take an idea to code and deploy in production many times a day than months-long cycles in the past. In a modern enterprise, IT is part of the core innovation than just a cost center.

As cloud computing gained traction and helped enable organizations to deliver business value much more rapidly than any time in the past, software fast became the dominant platform for innovation. Software helped organizations to not just innovate rapidly on their core competency, it also helped them innovate in adjacent areas or even in the entirely new line of business. Software driven innovation became the competitive advantage rather than a cost center aiding their core competency. CIOs started focussing on transforming their organizations to be a modern enterprise, driven by a software platform leveraging the cloud.

With cloud computing gaining widespread acceptance as the de facto infrastructure for modern applications, enterprises embraced DevOps as the next step in their modernization journey to remove the bottlenecks in the application deployment lifecycle. With Cloud and DevOps, enterprise IT helped enable accelerated application delivery, resulting in an application deployed in production in a matter of days/weeks than months. Even though most IT organizations gained a significant increase in the speed at which they delivered business value, the ROI is still sub-optimal even with IT modernization. The sub-optimal ROI can be traced back to deploying monolithic applications on cloud infrastructure, which is distributed in nature and scales differently from these applications. Microservices, a suite of modular set of services architected around a business capability or function, is the next frontier in enterprise modernization journey. With Containers gaining tremendous momentum with advantages from developers to IT operations, they can be considered as the right encapsulating mechanism for Microservices.

Microservices architecture goes beyond the needs of enterprise agility and serves as a foundation for IoT, Big Data and other modern application use cases. Embracing Microservices for newer apps is the most convenient starting point for the transformation journey but it is also important to have a strategy in place so that other applications are re-architected in due course. In this position paper, we will focus on the Microservices architecture in the modern enterprise, its advantages, challenges and considerations for selecting the right Microservices platform. This paper provides some prescription on the key factors to consider as organizations evaluate various Microservices platform suitable for their needs.

Slaying the Monoliths, Microservices as the foundation

Even though some legacy apps might have a monolithic architecture in how business logic is implemented, the monolith problem is also present in applications with modular architecture. Even these applications are deployed as monoliths, inconsistent with the more distributed architecture of the underlying cloud infrastructure. For example, many traditional enterprise Java applications are deployed as a single WAR file or a self-contained executable. The reasons for the dominance of Monoliths in enterprises include ease of development, testing, and deployment, But any potential benefit with Monoliths are negated with challenges like slow deployment speed, complexity in scaling, inflexibility in application evolution with modern tools, etc.. Microservices are considered the next important frontier in the modern enterprise journey.

Even though there are many variations and confusion in the definition of Microservices, Rishidot Research subscribes to the definition put forward by Martin Fowler, one of the leading advocates of Microservices architectural patterns.

The microservice architectural style is an approach to developing a single application as a suite of small services, each running in its own process and communicating with lightweight mechanisms, often an HTTP resource API. These services are built around business capabilities and independently deployable by fully automated deployment machinery.

Our extensive research and based on our conversations with software architects from both startups and enterprises, we have concluded that the above definition of Microservices is a perfect fit into our own definition of a Modern Enterprise.

The key components of a Microservices architecture are:

  • Composability
  • Lightweight
  • Independent deployability
  • Functional representation of a unit of business logic
  • Lightweight communication protocols

Leading edge enterprises like Amazon, Netflix and others have embraced Microservices architecture, gaining a competitive edge over their traditional counterparts. As other enterprises embrace the modernization journey, they are faced with the dilemma of moving to a more modern architecture like Microservices architecture without disrupting their mission critical applications running as monoliths. A brute force rip and replace approach will not work for these organizations. A more methodical modernization journey that also meets their security, governance and compliance needs is needed. Off late, organizations beyond the leading edge enterprises like Amazon, NetFlix, Uber, etc. are considering Microservices as a part of their IT modernization journey. The current phase in the Modern Enterprise is focussed on providing standardized platforms that enable key building blocks and patterns needed to help mainstream developers build their applications using Microservices architecture.

In this section, we will talk about the benefits and challenges with Microservices architecture and help enterprise IT leaders embrace a strategy that better fits their organizational needs. A clear understanding of the challenges with the modern architecture pattern is imperative for the evaluation of Microservices platforms that can meet the enterprise needs. As enterprises embrace Microservices, they are faced with a scale involving thousands of services and it is important that the stakeholders understand the underlying dynamics as they plan their platform strategy.

The Microservices Advantage

Microservices offer some key advantages for enterprise IT as it helps them allocate personnel and resources more efficiently, maximizing the ROI and delivering the key competitive asset needed to bring transform IT to be part of the core innovation team.

Some of the advantages of Microservices include:

  • Deployment: Provides deployment agility and fine-grained control over replication, scaling, security, technology choices, etc.
  • Resiliency: Modern enterprise applications focus on resiliency over reliability. Microservices architecture help provides resiliency for applications because even if a single Microservice or group of Microservices are not available, the availability of the application is not affected. The application can continue to serve users with limited functionality than going down completely, as in the case with monoliths
  • Zero Downtime Upgrades: Microservices architecture makes it easy to do blue-green deployments or other zero downtime upgrades
  • Better Resource Utilization: Since Microservices architecture allows components to scale independently, it not only makes scalability much more efficient but it also allows for better resource utilization. Instead of scaling all the resources used by an application, we can just scale the underlying resources for features having heavy load
  • Technology Evolution: Microservices makes it easy to use newer programming frameworks or technologies because changing the technology underlying any single service will not impact the application as a whole. This allows for using the right technologies for specific needs, allowing a better evolution of the application to meet the rapidly changing business requirements
  • Better Talent Management: With Microservices architecture, it is possible to use the Two Pizza Team approach to application delivery. With Microservices and DevOps, it is easy for organizations to effectively manage human resources to maximize innovation without much waste

With Microservices and DevOps, the modern enterprise IT is very much part of the core innovation team focussed on delivering business value rapidly and giving a competitive edge in the fast moving market.

Understanding The Challenges

Microservices architecture is not the magic pill that completely transforms IT overnight to be part of the core innovation team. Even though Microservices offer some key advantages in the IT transformation journey, there are some key challenges that need to be addressed before realizing the benefits. In this section, we will highlight some of the challenges in using the Microservices architecture. These challenges can be mitigated with the right platform and the first step towards selecting the right platform is in understanding the challenges.

Microservices remove the complexity in the monolithic architecture that impacting application scalability, reliability, evolution, etc.. However, it moves the complexity to the application deployment, bringing in some challenges that need to be understood and addressed:

  • With hundreds or thousands of services that constitute an application, deployment becomes more complex. It involves more teams focussed on deployment than in the traditional IT setup. With traditional cloud infrastructure, deployment becomes overly complex leading to sub-optimal speed and ROI
  • With hundreds or thousands of services, management of services and its dependencies becomes more complex than traditional monolithic applications. Resource allocation should be efficient and the elasticity should be managed more coherently and based on the needs
  • The performance of Microservices can be impacted if the dynamic discovery and service lookups are not managed properly. Especially with individual services communicating with each other over a network than internal calls, any bottleneck in service discovery will have huge impact on application performance
  • With multiple services relying on a contract that defines the interactions between the services, modifying the services and the contract becomes more complicated. The complexity overlays both in the setting up of the contract and in the management of changes as different services evolve
  • Setting up and managing automated tests are more difficult than in the case of traditional monoliths and requires a more automated approach to managing these tests across various services and teams
  • The inter-process communication should be better managed to ensure resiliency during failure of a single service or a group of services. Even though it is imperative for the developer to handle these failures gracefully, it is important for the underlying platform to help streamline the inter-process communication needs
  • Managing database transactions is more complex than traditional monoliths. Without a seamless solution to handle database, developer productivity will be impacted
  • With so many services and a fluid perimeter, managing the security is difficult than in traditional IT. Similarly, managing the compliance requirements are much more complex because the traditional models of perimeter security fail in the case of Microservices. Managing identity and authentications across these services adds to the complexity of meeting the compliance requirements
  • A typical enterprise will have hundreds or thousands of services and managing the governance is much more complex than in the traditional enterprise IT

Even though using Microservices is an advantage, it is important to understand the challenges and find a platform that better mitigates these challenges.

Microservices Platform

When it comes to Microservices platform, most of the industry discussions center around the programming frameworks that help developers create Microservices. But an evaluation of Microservices platform goes well beyond the programming frameworks and it should consider the entire lifecycle of developing and deploying Microservices. Without any support for deployment and management of Microservices, the platform offers limited benefits and it may end up increasing the costs and impacting the ability. In this section, we will highlight some key capabilities of Microservices platforms and considerations one should take into account during the platform evaluation.

Key Capabilities

Some of the key capabilities of Microservices platform are outlined below:

  • The platform should abstract away the Microservices patterns and make it easy for developers to create the code
  • The platform should have good meta-data models for describing service capabilities
  • Support for synchronous (public facing APIs) and asynchronous calling (Internal calls)
  • Necessary infrastructure for publishing the services in a registry and enabling the discovery of service
  • Support for messaging including support for protocols like queuing, pub-sub and other patterns. Such messaging components should follow the security model needed for the platform
  • Multiple language support and elastic runtimes
  • Support for data persistence
  • Secure API Gateway
  • Security and Compliance management
  • Deployment automation with support for containers and container orchestration tools
  • Microservices analytics

These are some of the Microservices focussed capabilities any platform should have along with other enterprise-grade features needed for application deployment.

Key Considerations

Any evaluation of a Microservices platform should include the following considerations to maximize the benefits. The key capabilities we identified in the previous section along with the following considerations should serve as a framework for evaluating a Modern Enterprise Microservices Platform. Rishidot Research strongly urges you to ask the platform vendor the following questions and get their answers during the evaluation phase.

  1. Can the platform handle Microservices at scale? A typical modern enterprise will have thousands of services and the platform should be able to handle the scale. Ask the vendor about any benchmarks they can provide on this
  2. Does it support multiple underlying platforms? Does it support IaaS/PaaS from various vendors in the market? Read the documentation to ensure that your infrastructure provider is supported as a first class citizen through tighter integration
  3. Is it a polyglot platform offering support for multiple programming languages and frameworks including both proprietary and open source?
  4. Is the platform Multi-tenant? Multi-tenancy is critical from resource efficiency in a Microservices environment
  5. Does it offer integration with enterprise technologies to meet your needs today and in the future?
  6. Does it support the standards-based container tools like Docker and Kubernetes, DevOps lifecycle tools, etc?
  7. Does it offer seamless control for application release and deployment through the service delivery lifecycle?
  8. Does it offer support for lightweight RESTful messaging tools?
  9. Does it offer extensive logging support and monitoring?
  10. Does it integrate with Active Directory or other single sign-on tools available in the market? Does the platform meet my governance needs?
  11. Does it provide a management console to handle the security and compliance needs of your organization?
  12. When you have hundreds or thousands of Microservices, managing the relationships between them becomes complex, both from the resiliency of the application and also from a governance perspective. Does the platform map the relationships between the services and offer it through the management plane?

These are some of the questions you need to ask as you evaluate various platforms available in the market.

Microservices platform can range from DIY IaaS+ options, PaaS offerings and purpose built Microservices platforms. For an organization planning to embrace Microservices across the organization, a purpose built platform offering end to end capabilities for Microservices development, deployment and management may come handy. As you evaluate these platforms, you need to match your organization’s needs with the key capabilities of the platform to pick the right one.

Summing Up

Embracing Microservices is a critical part of Modern Enterprise journey and it goes beyond the architectural considerations of the application. Microservices model brings with it both technical and cultural changes inside the organization, enabling smaller teams with common goals to innovate faster and at scale. Even though a move to Microservices is very valuable for enterprises, it comes with lot of technical challenges that requires careful consideration and a selection of right platform to meet these challenges. A successful Modern Enterprise will blend Microservices architecture with DevOps to streamline the value creation. In order to be successful, organizations should exercise deliberate evaluation from abstracting the architectural patterns to ease of deployment and management to security and governance. With a right platform for Microservices implementation, your modern enterprise journey will produce higher ROI and will help your organization outsmart the competition.

Briefing Notes: CloudFabrix AppDimensions

· · Leave a Comment

In this briefing note, we will talk about CloudFabrix AppDimensions Platform. CloudFabrix is a new startup that is launching at the CiscoLive conference going on in Berlin. The founders of CloudFabrix are the same group of people who launched Cloupia and sold it to Cisco in 2012 (Disclaimer: I was an advisor to the executive team of Cloupia at the time).

Market Overview

As organizations steer their way through digital transformation embracing the idea of Modern Enterprise, they are using the Microservices architecture for developing modern cloud native applications. Even though Microservices is still at its infancy in terms of enterprise adoption, companies like Amazon and Netflix has shown shown a path for other organizations to follow. Along with other architecture and infrastructure challenges organizations may face in their push towards Microservices, application governance is a critical need.

Any enterprise embracing Microservices without a proper strategy for governance will increase their risk manyfold, resulting in a lower ROI with enterprise modernization. For small organizations with 50 or less Microservices, governance can be easily managed without any need for specialized tools but large organizations are going to be looking at several hundreds (or even thousands) of Microservices and, possibly, with a good mix of legacy applications. It is important for these organizations to use a standardized platform for application governance that could manage both the breadth and depth of their stack. Governance as a Platform is already a talking point among the CIOs and there are a few vendors who are trying to tackle this space.

Cloudfabrix AppDimensions Overview

CloudFabrix is a new entrant in the Governance as a Platform space and are trying to define a new category called GPaaS (Governance Platform as a Service). CloudFabrix AppDimensions is a platform for enterprise modernization where they define the application in terms of multiple governance related dimensions and then use this categorization to implement organization-wide digital governance (see the image below). This platform bridges the traditional and digital world, giving organizations seamless outcomes and insights driven governance, using Blueprints and through service discovery and data driven intelligence.

In the following section, we will do a SWOT analysis on their platform. This analysis is based on the demo they showed during the briefing session.

Strengths:

  • The platform solves a more critical need for any organization embracing digital transformation by bridging the legacy world with modern cloud native applications
  • Ability to enforce governance across the entire application stack
  • Platform is capable of enabling the “social graph” for Microservices
  • Multi – Cloud support

Weakness:

  • Lack of standardization in the industry around Microservices governance puts burden on the startup but it is also an opportunity to establish themselves in a thought leadership position
  • The imperative is on the company to carve out a new space related to governance

Opportunities:

  • At this point, the space is not crowded with very few players.in the space. Once Microservices adoption in the enterprise increase, there will be a stronger demand for such a platform and there is an exit opportunity as larger vendors try to jump into the space
  • Since they are one of the early movers in the space with other competing startups, they have a good opportunity to grab a significant portion of the market pie

Threats:

  • As it is the case with any startup trying to carve a new space, larger vendors will jump in once they see the opportunity. It is a threat as well as an opportunity for CloudFabrix.

Competitors: Apcera, Weaveworks, Sysdig

Open Source And Governance

· · Leave a Comment

Yesterday, Stephen O’ Grady from Redmonk wrote a great post addressing the role of foundations in the post Github world. He was trying to address the potential confusion among the role of open source foundations and version control systems. This reminds me of some of the arguments I heard from developers (and even some vendors) on open source.

I have come across some developers and vendors who think that dropping their source code on Github makes their project open source. In the early days of Web 2.0, we saw vendors opening up their APIs touting support for open APIs only to lock them down with restrictions once they realized that it costs money to open up their APIs or it even affects their own bottom-line. We have seen the drastic impact of unilateral changes made by them to address the issue on their ecosystem. People are slowly understanding that API dynamics involves much more than exposing their API over the internet. It involves cost, legal issues, etc. that comes along with exposing the API for any service. Though late, vendors are much more smarter on their API strategy these days.

It is even more important to consider such aspects when sharing the source code of a project. Before even sharing your code on Github, it is important to make sure copyrights are not violated and there are no legal issues associated with the shared code. After the source code is shared, apart from the license part of the code, it is also important to define the governance related to code. Governance is critical not only in protecting the source code but also in establishing trust with contributing developers and users.

Users?
In the past, with software like desktop operating systems, content management systems, etc., most of the end users of OSS were apathetic to the rights they had and, for most part, they were very happy with the availability of the source code. Some enthusiastic users participated in the mailing lists and forums suggesting features, promoting and helping fellow users. Even some contributing developers were apathetic to lack of any governance because, in the past, not many of the OSS projects ended up making money for the vendors. However, things changed drastically in the last decade.

More and more vendors realized that they can monetize open source and make a living out of it. Many other vendors were forced to embrace open source due to the market forces. More and more open source projects became vendor controlled OSS projects. Developers contributing to open source projects have started worrying about whether their contribution is at the mercy of the whims and fancies of the vendor controlling the project. They are also worried about vendor monetizing their hard work and cutting them off the loop (eg: issues related to MySQL acquisition).

Similarly, a shift happened in the open source user landscape as well. As we move into the services world, the end users of open source software changed from the ordinary Joes and Janes to enterprise IT and service providers. Unlike the apathetic Joes and Janes of the traditional software era, the use of open source software by enterprise IT and SPs are driven by the motivation that the open source nature of the product/project will empower them to participate in the software development process and even help them to nudge the direction of the project in the right direction. More than anything else, enterprise IT and SPs rely on OSS these days due to the “power” they get in the design and development of the software they use.

The changed developer mindset and the newer end user requirements puts project governance at the center of any credible open source project. Everything else comes next to governance. Unfortunately, today’s mindset among some developers and vendors is that source code on Github alone will help them attain the open source nirvana. They are either ignorant about the importance of governance or willfully ignore its importance. It is going to hurt everyone involved in the project in the long term.

In short, if you are a developer wanting to contribute your time and sweat to any open source project or an end user (enterprise IT or SP) wanting to invest your money and time on an open source project, the first question you should ask is “Have you got governance in place?”. If the answer is no, my humble suggestion is “Run Forrest, Run”. Good night and good luck.

Subscribe to Modern Enterprise Newsletter & get notified about our research