1. Except where noted contents © 2014 Development Partners Software Corporation http://www.devpartners.com http://www.devpartners.com Cloud Architecture Anti-Patterns A concise overview of some bad ideas Bill Wilder, Finomial CTO @codingoutloud codingoutloud@gmail.com blog.codingoutloud.com linkedin.com/in/billwilder.NET Architecture Group 20-May-2015

2. Except where noted contents © 2014 Development Partners Software Corporation http://www.devpartners.com http://www.devpartners.com Cloud Architecture Anti-Patterns A concise overview of some bad ideas Bill Wilder, Finomial CTO @codingoutloud codingoutloud@gmail.com blog.codingoutloud.com linkedin.com/in/billwilder.NET Architecture Group 20-May-2015 Find this slide deck here

3. Except where noted contents © 2014 Development Partners Software Corporation http://www.devpartners.com http://www.devpartners.com Cloud Micro-Service Anti- Patterns for the Internet of Things written in Go A certifiably buzzworthy presentation Bill Wilder, Finomial CTO @codingoutloud codingoutloud@gmail.com blog.codingoutloud.com linkedin.com/in/billwilder

4. Who is Bill Wilder? www.devpartners.com www.bostonazure.org www.cloudarchitecturepatterns.com

5. My name is Bill Wilder Bill Wilder @codingoutloud blog.codingoutloud.com

6. Lots of ♥ to all the clouds etc…

7. 7

8. Architect Skills Technical Business Decisions

9. 9 Famous Architect: Aristotle On Properties: Essential property = must have Accidental property = happens to have but could lack For effective software architect, all are Essential Properties Technology Skills Ability to Communicate Business Awareness

10. 10 Business Awareness

11. 11 Top 10 “Blunders” by Enterprise Architects #3. Not engaging the business partners #2. Insufficient understanding and support from stakeholders #1. The Wrong Lead Architect (for non- technical reasons) #7. Not … Communicating the Impact #10. Not Spending Enough Time on Communications Source http://www.sdtimes.com/link/33787 The top 10 enterprise architecture blunders By Alex Handy, September 25, 2009http://www.sdtimes.com/link/33787Alex Handy

12. To cloud or not to cloud? control vs. cost

13. Ctrl € $¥

14. Ctrl € $¥ Technology Skills Ability to Communicate Business Awareness

15. Cloud Services … in the Cloud “who would’ve thought” Cloud is a business innovation  technology services + flexible rental model  new types and combinations of services

16. 1/9 th above water  Services: TTM & Sleeping well  SOA

17. Treating your ops team as equivalent to the cloud vendor’s ops team (They are not. Let cloud vendor handle service operations. Use services. You focus on your app.) Anti-Pattern #1

18. What is an Anti-Pattern Wikipedia says: (http://en.wikipedia.org/wiki/Anti-pattern)http://en.wikipedia.org/wiki/Anti-pattern “A common response to a recurring problem that is usually ineffective and risks being highly counterproductive.” Bill’s amplification: “An anti-pattern approach may seem reasonable, or actually be reasonable in other contexts. There may be problems that are not yet be apparent.” Often depends on the situation. This talk will span: Architecture and Architects

19. N-tier, SOA, μSvcs Multi-data center Horizontal scaling Expects failure Eventual consist Traditional Cloud-Native 2-tier Single data center Vertical scaling Ignores failure Transactional consist Less flexible More manual/attention Less reliable (SPoF) Maintenance window Less scalable, more $$ Agile/faster TTM Auto-scaling Self-healing HA Geo-LB/FO TELLS/CLUES CONSEQUENCES Tells: Traditional vs Cloud-Native   Which is “best” architecture? There is no “best” architecture – it is situational, a Technical Business Decision. Cloud-native popularity growing in proportion to the shrinking cost and competitive benefits.

20. One-size-fits-all architecture Anti-Pattern #2

21. [Cloud] Anti-Pattern Causes Abstraction misalignment Not reading the fine print Insufficient ongoing attention to cost Insufficient ongoing attention to automation

22. www.pageofphotos.com (PoP)

23. Move Simple PoP App to Cloud WHAT NOW?

24. Scalability & Performance & Cost & Automation

25. Are Cloud Resources Infinite? “We often hear that public cloud platforms offer the illusion of infinite resources. Obviously, resources are not literally infinite (infinite is rather a lot), but you can expect that any time you need more resources, they will be available (though not always instantly). This does not mean each resource has infinite capacity, just that you can request as many instances of the type of resource that you need.” Page 21, my (Bill Wilder’s) Cloud Architecture Patterns book

26. Time passes… PoP has lots of photos

27. www.pageofphotos.com

28. One-size-fits-all data storage (perf, scalability, cost) Anti-Pattern #3

29. Upgrade to scenario-specific storage Some $, Perf, Scale benefits

30. PoP uses Valet Key Pattern Even more $, Perf, Scale benefits

31. CDN for public content Many, many other storage options also available: NoSQL varieties, caches, etc.

32. Always access raw data (regardless of distance, cost) (performance, scalability, cost) Anti-Pattern #4

33. Scalability != Performance ∞ performance does not imply ∞ scale (but sure would be a good start!) “Performance is what an individual user experiences; scalability is how many users get to experience it.” Page 8, my (Bill Wilder’s) Cloud Architecture Patterns book

34. PoP web tier goes multi-instance… Users experiencing login issues * *Depending on configuration …

35. Are Cloud Resources Infinite? “We often hear that public cloud platforms offer the illusion of infinite resources. … This does not mean each resource has infinite capacity, just that you can request as many instances of the type of resource that you need.” Page 21, my (Bill Wilder’s) Cloud Architecture Patterns book

36. Running stateful VMs in web / service tiers (Limits horizontal scalability & complicates autoscale – but sometimes is reasonable option) Anti-Pattern #5

37. I don’t have a slide on this, but … sharding

38. Reliability

39. Treating commodity cloud VMs like the super- reliable iron your company buys. (Not internally redundant; failure is routine (not frequent); optimized for value.*) Anti-Pattern #99

40. PoP Adding Video Support (uh oh!)

41. Current

42. Let’s extend PoP with a Service Tier

43. REQUEST / RESPONSE (http + json) OPTION 1: Request/Response Services Services Tier Web Tier Data Tier Stateless Services web browser

44. Coupling Between Tiers (reliability, scalability, cost) (Situational: I frequently violate! Also relates to microservices.) Anti-Pattern #6

45. Cloud Platform Reliable Queues Azure Storage or ServiceBus Queue AWS Simple Queue Service Google Pub/Sub Durable – won’t lose your data Reliable – backed by SLA and ops team Scalable – Internet scale Approachable – REST + many SDKs

46. Basic Idea Reliable Queue Work Producers Work Consumers

47. OPTION 2: Async Services Services Tier Web Tier Data Tier Stateless Services web browser push pull

48. Stateless Services Notice anything “missing” ? There is no transaction Get used to idea of eventual consistency

49. Enables Responsive UX Response to interactive users is as fast as a work request can be persisted UX challenge due to async processing – Eventual consistency processing – Eventual satisfaction for users

50. Enables More Reliable Service Decoupled front/back provides insulation Blocking is bane of scalability

51. Limit yourself to transactionally-friendly operations (reliability, scalability, cost) Anti-Pattern #99

52. General Case: Many Queue Types Web Role (IIS) Web Role (IIS) Worker Role Worker Role Web Role (IIS) Web Role (IIS) Web Tier (Public) Web Tier (Public) Worker Role Worker Role Worker Role Worker Role Service Tier Type 1 Worker Role Worker Role Worker Role Worker Role Worker Role Worker Role Worker Role Type 2 Worker Role Type 2 Queue Type 1 Queue Type 2 Queue Type 1 Queue Type 2 Queue Type 3 Worker Role Type 2 Worker Role Type 2 Worker Role Type 2 Worker Role Type 2 Service Tier Type 2 Service Tier Type 2 Web Tier (Admin) Web Tier (Admin)

53. Enables Cost-Efficient Scaling Loosely coupled, concern-independent scaling Get Scale Units right Optimize for CO$T EFFICIENCY GOAL: cost α benefit

54. How about the queue API?

55. A reliable queue works just like any other queue, right? (beware the abstraction mismatch) Anti-Pattern #7

56. Reliable Queue & 2-step Delete Web Tier Web Tier Service Tier var url = “http://pageofphotos.blob.core.windows.net/up/.png”; queue.AddMessage( new CloudQueueMessage( url ) ); var invisibilityWindow = TimeSpan.FromSeconds( 10 ); CloudQueueMessage msg = queue.GetMessage( invisibilityWindow ); (… do some processing then …) Queue queue.DeleteMessage( msg );

57. Idempotent Processing An idempotent operation can be performed more than once without changing the end result. Key technique in lieue of distributed transactions

58. Poison Message Detection A poison message is a flawed message that can never be successfully processed.

59. QCW requires “Plan for Failure” VM restarts will happen – Hardware failure, O/S patching, crash (bug) Bake in handling of restarts into our apps – Restarts are routine: system “just keeps working” – Idempotent support needed important – Event Sourcing (commonly seen with CQRS) may help Not an exception case! Expect it! Consider N+1 Rule

60. Typical SiteAny 1 Role InstOverall System Operating System Upgrade Application Code Update Scale Up, Down, or In Hardware Failure Software Failure (Bug) Security Patch What’s Up? Reliability as EMERGENT PROPERTY

61. What about the DATA? You: Azure Web Roles and Azure Worker Roles – Taking user input, dispatching work, doing work – Follow a decoupled queue-in-the-middle pattern – Stateless compute nodes Cloud: “Hard Part”: persistent, scalable data – Azure Queue & Blob Services – Three copies of each byte – Geo-replicated to sister data center – Busy Signal Pattern

62. Tiers of Cloud Failure Transient API/DB connection failures Temporary/Ephemeral drive loss DC outage (or smoking hole) Zone/Region outage (or smoking hole) Global outage

63. “Failure is not an option” (Failure is routine, at least at lower tiers.) Anti-Pattern #8

64. Programming against Cloud Services as though they were reliable (Transient Failures handled using Busy Signal Pattern) Anti-Pattern #9

65. Security

66. A1-Injection A2-Broken Authentication and Session Management A2-Broken Authentication and Session Management A3-Cross-Site Scripting (XSS) A4-Insecure Direct Object References A5-Security Misconfiguration A6-Sensitive Data Exposure A7-Missing Function Level Access Control A8-Cross-Site Request Forgery (CSRF) A9-Using Components with Known Vulnerabilities A10-Unvalidated Redirects and Forwards

67. unicorn cloud security for apps Copyright © 2013 Elizabeth B. O’Connor used with permission www.elizabethboconnor.comwww.elizabethboconnor.com SQL INJECTION SESSION HIJACKING CSRF XSS

68. Belief in cloud app security unicorns Reality: your app’s vulnerabilities will port very cleanly to your favorite cloud platform Anti-Pattern #10

69. Little Bobby Tables (still a problem)

70. Conflating App & Platform security secure  compliant Anti-Pattern #11

71. Cloud News from June 2014 http://www.codespaces.com/ A cautionary tale… – DDoS – Security Breach – Ransom / Extortion – Fighting Back – Malicious Destruction of Assets – Business Failure ELAPSED TIME 12 HOURS

72. 1FA single-factor auth (2FA/MFA is widely available) Anti-Pattern #12

73. Service Level Agreements (SLA)

74. PoP (pageofphotos.com) adds paid plans to corporate partners – wants to offer an SLA

75. What is “the SLA” for storage?

76. SLA Responsibilities From Google Storage (https://cloud.google.com/storage/sla) :https://cloud.google.com/storage/sla "Back-off Requirements" means, when an error occurs, the Application is responsible for waiting for a period of time before issuing another request. This means that after the first error, there is a minimum back-off interval of 1 second and for each consecutive error, the back-off interval increases exponentially up to 32 seconds.”

77. SLA Math All required: 99.99 4 = 99.96 All required: 99.95 x 99.9 2 x 99.99 = 99.74 Period of time over which an SLA applies matters

78. SLA Penalties Limited to the service costs – Service costs != your business losses Multiple instances might be needed to be eligible

79. Passing along the SLA The cloud SLA becomes my service’s SLA Anti-Pattern #13

80. Compose to boost reliability

81. Affordability

82. Maximizing value from public cloud platforms Key Concept Turn off or delete unused resources Leverage very aggressive pricing for non- production workloads Enhance agility & productivity ASIDE: Will your test team be ahead of – or behind – the curve when your company moves production apps to public cloud?

83. The term “cloud” is nebulous… Public cloud platforms are global (and getting “globalier”)

84. Automation

85. – – – – – –

86. 86 What is Architecture? "Architecture is the fundamental organization of a system embodied in its components, their relationships to each other, and to the environment, and the principals guiding its design and evolution." [IEEE 1471]

87. The architecture of a cloud-native application is aligned with the architecture of the underlying cloud platform.

88. Hiring! HIRING at Finomial Corporation Are you a talented senior engineer/architect interested in financial services in Boston area? Technology stack is ASP.NET on Azure + SPA Downtown Boston (startup space) bill.wilder@finomial.com (or grab a biz card) bill.wilder@finomial.com

89. Except where noted, slide deck is © 2014 Development Partners Software Corporation http://www.devpartners.com http://www.devpartners.com And…. Bill Wilder @codingoutloud codingoutloud@gmail.com blog.codingoutloud.com linkedin.com/in/billwilder Find this slide deck here See you at Boston Azure bostonazure.org

91. des questions?