Major cloud vendors, including AWS, Microsoft and Google, have all rolled out serverless platforms that enable users to weave together simple, or even highly complex, applications on top of a collection of functions. But to run cloud applications successfully on one of these platforms, development teams need to evolve their design processes.
A few key principles that developers should follow to build serverless apps include:
- Develop small and discrete application components.
- Implement stateless functions.
- Plan for ephemeral functions with a short lifespan.
1. Smaller, discrete components
Serverless functions, by nature, are intended to perform a single task. This requires teams to keep their functions small and to orchestrate their development processes around these separate application components.
A good practice is to break up functions, based on the types of events that trigger them, into their own repositories. Basically, developers should design each function from the get-go to respond to one event. If multiple functions are triggered by the same event, then include them in the same repository. This makes it easier for developers to identify functions based on the events that launch them.
Each separate function should also include configuration data to ensure consistency when it launches in development, testing and production environments. It's also important to declare and isolate dependencies within each function, using tools such as npm and webpack.
2. Go stateless
Development teams should consider implementing functions as stateless services, in which the state of a function is stored outside the application itself. You can configure functions to reference data stores and databases that are managed as part of the configuration data and stored with the function in the repository.
Some serverless platforms offer local storage that persists between function calls. While developers might be tempted to use this for more complex functions, this local storage doesn't always hold between function calls and, even if it does, might not work consistently.
Try to use a backing service to store stateful data in a database, separate data store or cache. A backing service refers to any external service a function consumes over a network as part of its normal operation, including caching services, like Memcached, data stores like CouchDB or databases like MySQL.
3. Plan for ephemerality
One of the benefits of serverless functions is that they can start up in as little as a few milliseconds -- compared to several seconds or minutes for larger apps that run on PaaS, containers and VMs -- and stop just as quickly. This makes it easy to scale up a large number of functions in response to demand or spread computation across functions that run in parallel and then spin them back down once the process is complete.
In essence, serverless apps are more ephemeral in nature.
This means, to fully realize the benefits of serverless platforms, developers need to remove many of the components that they commonly bundle with applications from the core logic of their functions. Developers should:
- prewarm the data sources required by functions;
- set up external logging and tracing infrastructure; and
- manage security.
To prewarm a function, you set up the infrastructure required for the function to communicate with databases in advance of deployment.
To do this, separate the function handler from the core logic. Much like idling a car to improve how it runs on a cold day, idling the event handler ensures that, as soon as it is invoked, the function can operate at peak performance. Tools such as AWS CloudFormation and Azure Event Hubs support the prewarming process.
External logging and tracing
Functions need to be able to shut down quickly and gracefully. Although serverless platforms include some built-in native storage, it's important to configure an external logging and tracing service, built into the serverless framework itself, or to set up custom tools to gather and store logging data from functions as they run.
Tools such as AWS X-Ray and Azure Application Insights can help with logging and tracing.
Serverless apps present another potential attack vector for hackers. Without proper security measures in place, hackers might be able to spin up functions and access sensitive data. Developers should configure security settings for classes of functions to allow for minimal access to other apps required to execute a particular task.