Andrea Danti - Fotolia
Like Cinderella's slipper, serverless computing doesn't fit every foot in software development, but -- for the...
right application -- it offers royal opportunity.
Serverless computing provides a code and API deployment option for companies trying to reach more customers, grow their businesses and serve people in new and innovative ways -- without having to scale IT overhead. Serverless provides a deployment platform that, according to Gartner analyst Martin Reynolds, is "absolutely bulletproof" and guaranteed to deliver reliable, consistent results without losing information.
For software pro Chris Moyer, building and deploying APIs on a serverless framework has been a good step. Doing so makes the API lightweight on the client side, scalable on the cloud, easier to secure and less expensive.
In his role as CTO of marijuana-license tracking and research firm Cannabiz Media, Moyer chose to deploy a serverless API that has to respond to requests quickly. That approach makes sense because the API doesn't need a cloud instance's distribution network to serve its front-end static pages.
Moyer chose to deploy another Cannabiz Media API in an Amazon Elastic Compute Cloud instance. "It's for running some back-end tasks that take longer to do, like two hours, as opposed to five minutes for the serverless API," said Moyer, who is also vice president of ACI Information Group, a social media and blog aggregation service.
The moral of this story is, "Don't try to squeeze everything into serverless, but do take advantage of the benefits of serverless wherever it makes sense," Moyer said.
By deploying APIs on serverless frameworks, an organization can realize benefits to both its business and its DevOps process.
'It just works'
Serverless is, first and foremost, a developer's tool designed to deploy code quickly, said Judith Hurwitz, CEO of Hurwitz & Associates, a research and consulting firm. "You're developing code with tools you know and deploying on a serverless framework without having to do the setup," she said. "Developers don't have to know how it works. It just works."
Judith HurwitzCEO, Hurwitz & Associates
Serverless APIs don't have to fit into an enterprise's existing architecture, said Gartner's Reynolds. Indeed, deploying a serverless API doesn't require building a serverless architecture, either. Instead, most developers use lightweight packaged tool sets called serverless frameworks to deploy APIs.
"Serverless APIs are neutral on the architecture and framework," Reynolds said. "They are just little functions that you call. They are part of your application architecture, and they run in the serverless framework." Size and function are the key criteria for choosing serverless APIs. "If an API is small and just built to do a call to a back-end system, like saying what to do at a certain time, deploying on serverless makes sense," Hurwitz said.
Fixate IO analyst and developer Zachary Flower avoids deploying long-running or complicated processes on serverless frameworks. "Working with APIs that can be easily abstracted into simple function-style endpoints will go a long way towards maintaining sanity," Flower said.
Which APIs fit serverless?
Single-feature APIs with small footprints work well for specific serverless functions, Flower said. Monolithic APIs are out. Treat each endpoint as a simple action, rather than a sentence or paragraph; in other words: Do x as opposed to do everything, Flower explained. An example is the Twilio REST API that simply requests an SMS. "These are simple abstractions that demonstrate how to best consume an API in serverless," Flower said.
Any API function that can return in less than 30 seconds works in serverless computing, Moyer said. There's a 30-second timeout in the typical API gateway. "Basically, anything that takes longer than 30 seconds is questionable," Moyer said.
There are other functions that may be squeezed into the serverless computing mold, but let the user beware.
Don't try to put serverless on top of your existing virtual machine infrastructure, Reynolds advised. Serverless is all about building as little overhead as necessary. "Go all in, and build it in a serverless framework," he said.
Four timely enterprise uses for serverless computing
While APIs are an excellent entry into serverless computing, plenty of other viable uses exist. Contributors and experts suggested that decision-makers explore these four uses for serverless frameworks and function as a service (FaaS):
- Microservices. Tom Nolle, president of consulting firm CIMI Corp., sees microservices deployment as the best use case for serverless today. "Properly designed microservices are little functional atoms that can be made stateless easily, scaled easily and used to compose apps easily," Nolle said.
- Event processing. In Nolle's opinion, this is the broader mission of serverless and FaaS. In particular, the ever-expanding adoption of IoT-related event-driven applications will drive the need for serverless computing's flexibility and ease of deployment. Deploying an event-driven application on IaaS would waste compute resources, as the instance would only be used when an event occurs.
- Retail. Retailers such as Nordstrom are early adopters of serverless computing. "It's a means of opening the retail product line and distribution channel to new customers," Gartner analyst Martin Reynolds said. He expects Amazon to use FaaS to build out the online business of Whole Foods, which it acquired in 2017. "With serverless, they will be able to scale the Whole Foods business without increasing the spend on IT," he said.
- NoOps applications. Developers can deploy apps on a serverless framework without any involvement from operations, Reynolds said. Serverless offers an automated package of the ops infrastructure and tools used in the software application lifecycle management process. Developers can even test serverless code in the cloud without going through the operations workflow. Microservices could work well here, as would any software functions that produce semi-static information specific to users, Reynolds said.
The list of plausible enterprise uses for serverless is much longer, of course. Today, organizations are deploying static and semi-static information and webpages, and single-page and hosted static websites, on serverless frameworks.
Powerful, real-time socket APIs are better suited to traditional infrastructure, as they will quickly erode the cost savings of serverless, Flower said. For example, in API design, using a function as a service (FaaS) approach rather than a serverless framework for overly flexible API infrastructures like GraphQL can become more trouble than it is worth, he said.
Moyer had a right-sizing problem with serverless APIs when he found that his content delivery network (CDN) limited resources per cloud formation template. He had set up 15 different APIs via a serverless framework. "I wanted to add something that would allow people to fetch other users in their accounts," he said. In time, those APIs hit the CDN's 200-endpoint limit. "I could no longer add a new API endpoint. I had to split the APIs apart."
Benefits of serverless APIs
Building and deploying the right type of API on serverless platforms brings many benefits, including reducing repetitive, low-value tasks in software development. Even better, it relieves worries about scaling and managing APIs. For a business, serverless computing can lower development costs and increase monetization opportunities, but without the risk of vendor lock-in.
Some key benefits to deploying serverless APIs include the following:
Security. Serverless APIs run in a completely trusted and secure environment, Reynolds said. Serverless is a way to deploy proprietary APIs and code in almost any environment without anybody being able to see what's going on. It promises, and has so far delivered, that "nobody can actually attack that code," he said.
Scalability. The traditional way to build safe applications doesn't scale well, Reynolds said. Serverless scales automatically, which pays off when APIs and apps must scale to meet the needs of many customers at once. Reynolds cited Nordstrom's use of Amazon Web Services' Lambda serverless platform to scale its customer requests for product recommendation and reduce response time from minutes to seconds. "You can't keep adding mainframes to do this stuff," Reynolds said.
Cost. Users only pay for the compute time they use. For example, Cannabiz Media has clients nationwide and a very random traffic pattern. There are spikes first thing in the morning in each U.S. time zone, but traffic can also spike in the early evening. "It doesn't make sense for us to run even one server overnight when most of the time there's not going to be anyone using it," Moyer said. With the requests routed through a serverless API, the company is paying per request, not for the time people aren't using it.
Management. It's automated. "You don't have to manage anything," Reynolds said. "If there need to be another 10 instances in Canada, boom, they're there," Reynolds said. "You didn't even have to know about it. They're just there as opposed to all the paperwork you'd have to do if you needed a new server."
Monetization. Businesses can sell their APIs as a serverless function, rather than taking the longer route of patenting it, Reynolds said. For example, a developer creates a black box function that helps a retailer sell more frozen peas. The developers could provide it as a serverless interface available in a cloud provider's API library and then charge for a call of that function, Reynolds said. "Serverless opens the opportunity to monetize algorithms, APIs and other ideas that you couldn't see how to do before," he said.
No lock-in. While Amazon delivered the first modernized cloud-based serverless offering, it's not the only game in town, Moyer said. Today, changing serverless framework providers is simple. "A DevOps team can choose to re-architect for serverless using a cloud provider's FaaS platform or taking a simple approach by deploying software on a serverless framework," Moyer said.
Serverless frameworks, FaaS or stateless? What's the diff?
The definitions of types of serverless computing are moving targets. FaaS, serverless architecture and serverless frameworks are frequently referred to as one and the same. While each refers to an event-driven, pay-per-use cloud service, knowing the differences among them can be important.
Serverless or stateless? In some IT circles, serverless is synonymous with stateless. In both approaches, software development takes place entirely in the cloud, where automated infrastructure and tools needed to run application code or services are provided. Classic serverless refers to functional computing or stateless microservices, said Tom Nolle, president of consulting firm CIMI Corp. In these application architectures, developers create a specific model of transient code that can be scaled or replaced at will.
Serverless architecture. Keeping it simple, Gartner analyst Martin Reynolds sees a serverless architecture as a model for how a development team builds and deploys applications. Most application functions take place on the front end. There's no need for running an always-on server for these on-again, off-again activities.
Serverless framework. A serverless framework is a product for deployment of serverless applications. In essence, the framework is a command-line interface tool. An automated tool set facilitates building and deploying web, mobile and IoT applications on event-driven compute services.
Function as a service. FaaS refers to specific cloud service offerings that provide capabilities similar to serverless frameworks, but typically have closer integration with the cloud compute provider. Amazon's Lambda product is a widely known FaaS. Because of these roots, FaaS and serverless are considered synonyms by many, but FaaS and serverless frameworks are not. With FaaS, developers may be required to create some of the server-side logic, but most offerings include a serverless architecture. Some do not. Docker, for one, provides FaaS but requires the user to manage the underlying infrastructure.
This is the year to experiment with serverless, and APIs are good test cases. Reynolds suggested doing some trial runs to find internal APIs and applications that can deliver better value with serverless than with fixed IT assets. "A business using serverless computing can dramatically increase its ability to scale and significantly reduce the cost of dealing with variable workloads," he said.
- The Role of API Management in Digital App Strategies –Progress Software, Inc.
- Strategies for API Security –Akamai Technologies
- The API Management Playbook: Understanding Solutions for API Management –CA Technologies
- Choosing the Right API Management Platform –CA Technologies