All problems in computer science can be solved by another level of indirection.” — David Wheeler
In a series of articles, Lucian Toader explores serverless computing, looking at it from a business perspective as well as from a developer’s point of view.
We have come a long way since the 50s; mainframes and time-sharing were replaced by virtual machines and cloud computing, those in turn giving way to containers, with the creation of Docker. Each step until now has added a new layer of abstraction, simplifying provisioning and server management through increased automation, while bringing down costs by exploiting the commoditization of hardware, software and economies of scale.
IaaS, PaaS, SaaS, and the missing link
As information and communications technology (ICT) evolves, we are gaining increasingly finer grained control over our resources while we are required to know less and less about their internal machinery, thanks to emerging concepts such as Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS) and SaaS (Software-as-a-Service). We have almost complete control over the level of abstraction we want to operate at, from managed infrastructure to full-fledged software products provided over the Internet. I say almost, because there is still a large gap between these three main pillars of cloud computing.
Especially between PaaS and SaaS, there is a need for a concept in-between, something that caters to the development of more specialized applications better than the generic PaaS tooling. At the same time, it should be able to shift the operational responsibility to the infrastructure provider the way SaaS does, while still enabling the development of software with custom business logic.
This missing piece is serverless computing!
“Serverless computing is a form of cloud computing which allows users to run event-driven and granularly billed applications, without having to address the operational logic.”
BaaS and FaaS
Serverless computing is composed of two main categories:
- Backend-as-a-Service (BaaS) — intended for specialized applications with a limited set of functionality, such as mobile applications
- Function-as-a-Service (FaaS) — intended for running user-provided code in ephemeral containers in an event-driven manner, with the infrastructural concerns handled by the provider
Simply put, serverless is the next layer of abstraction in cloud computing, aiming to separate operational from business concerns, bringing about full automation of provisioning and server management and allowing developers to only concern themselves with the code of the software they are building.
Fastest growing cloud service
Serverless has attracted enormous amounts of attention from the industry, as evidenced by the fact that it is the cloud service with the fastest growth, 75 percent year-over-year. Amazon, Microsoft, Google, IBM and Oracle all provide serverless services, along with open source platforms such as Fission, OpenWhisk, OpenFaaS, OpenLambda and many others. It was worth 1.88 billion dollars in 2016 and is estimated to grow to a 7.72 billion dollar industry by 2021. IBM’s analysts are even more optimistic, expecting a 7 to 10 times growth by 2021, while pointing out the fact that serverless adoption is happening at an order of magnitude faster rate than container adoption.
In case you are wondering what all the fuss is about, the promise of serverless is best explained by this tweet by Kelsey Hightower, Developer Advocate at Google:
Here is my application, run it for me, when and where I want it, securely. That’s the end game.— Kelsey Hightower (@kelseyhightower) May 22, 2018
We are not quite there yet, but serverless is the closest we have ever gotten to this dream.
From CapEx to OpEx
Traditionally, when hosting an application, a company would have to buy their own servers, or rent virtual machines from a cloud provider. The former approach involves a significant upfront cost (capital expenditure or CapEx). The latter marks a shift to operational expenditures (OpEx) that is still too coarse-grained, thus incurring high costs from underutilized VMs. This is worsened by the fact that it is necessary to overprovision by a large amount, in order to make sure the application can handle either expected or unexpected traffic spikes. While this might be less of a problem for tech giants such as Google or Facebook, for small to medium enterprises as well as individuals, this high upfront cost greatly limits their ambitions.
With serverless, you only pay when the service is actually used (or the function is executed); there are no running VMs racking up expenses even when they are mostly idle. This move towards fine-grained OpEx allows for much greater freedom and flexibility. When used in an environment where its strengths shine, serverless can bring cost savings of up to 90 percent.
Abstracting away the burden of maintaining and managing servers
Serverless means you no longer need a dedicated team of employees performing the intricate tasks required to manage servers and keep services available and running smoothly. It is now the responsibility of the provider to handle operations, including provisioning, monitoring and scaling. Benefiting from the expertise of the provider and not having to keep as many people on the payroll results in better control and reduced costs.
Seamless horizontal scaling
Scaling an application is a complex task and more often than not results in both under- and over-provisioning. There is a fine balance between maintaining availability and service quality, on the one hand, and not overspending on resources that are not being used, on the other. In a serverless application scaling is done automatically and seamlessly, tightly following the demand at each point in time. Services are always available and overprovisioning is a thing of the past.
Blazing fast prototyping with minimal expenses
Pay-as-you-go and granular billing are two features of serverless that allow for cost-effective prototyping, since there is no need for a big upfront investment in resources and the personnel to manage them. As there is a variety of services that are ready to use out-of-the-box like databases, message queues and workflow engines, it becomes significantly easier to put together a Minimum Viable Product (MVP) and test the validity of various ideas.
Out-of-the-box security and compliance
It is common knowledge that security is one of the trickiest parts to get right when building an application. Overlooking it comes with severe risks. With things like authentication for example, it is often better to purchase and use a battle-tested solution, rather than implement it on-premise. Cloud providers often have much better built-in security than most companies would be able to provide on their own, since they are a prime target for hackers and have to meet a variety of expectations from many different customers and governmental regulators. Services such as AWS Cognito and Auth0 provide secure authentication out-of-the-box. Most serverless services from major cloud providers are compliant with security standards such as Payment Card Industry Data Security Standard (PCI DSS), Health Insurance Portability and Accountability Act (HIPAA), and many others.
We still have a long way to go, but the first steps have been taken. This post is the first part of a series of articles aimed at deconstructing serverless computing. We will look at its uses cases, along with its benefits and drawbacks. We will compare the main serverless providers, along with the open source alternatives. We will examine serverless architectures and how they differ from previous ones, take a look at serverless through a developer’s eyes, and inquire how migrating from a monolithic application to a serverless one might work. In the final post, it will be time to think about the future of serverless.