1

Microservices under the microscope

QCon – São Paulo

#APIFirst

@rdmeyersf #API @axway

March 24, 2015

2© 2015 Axway | Confidential 2

“To Improve Is to Change; To Be Perfect Is to Change Often”

Sir Winston Churchill

3

Digital Business Changes Everything

4

Digital Business has no Border

• Architecting for Mobile isn’t enough

• Omni-channel experiences require a new approach

• Digital products are King

5

Digital Business has no Speed Limit

6

BMW i Remote App

• Status of car• Charging status• Doors, windows…• Inspection due• Range• Route to car /

to public transportation

7

Single Customer Experience

8

Netflix has shown the way…Reactions Adrian Cockcroft received.

“You guys are crazy! Can’t believe it”

-2009

“What Netflix is doing won’t work”

-2010

“We’d like to do that, but can’t”

-2012

“It only works for Unicorns like Netflix”

-2011

9

Enterprise IT Adoption Cycle

http://blog.gardeviance.org/2012/07/adoption-cycles.html - Simon Wardley

10

A mandate for change!

11

Digital Business in API TerminologyA Simple, Stateless Message

• {“API”:“First”}• {“API”:”Microservices”}• {“Microservices”:“Change”}

12

Digital Business in API TerminologyA Simple, Stateless Message

• {“API”:“First”}• {“API”:”Microservices”}• {“Microservices”:“Change”}

13

APIs Must be Useful

"The value of a well-designed object is when it has such a rich set of affordances that the people who use it can do things with it that the designer never imagined.”

Donald Norman

14

What is API First?

• Involved in most new projects– B2B– Mobile– Cloud– IoT– Social– Big Data

• Lead with APIs by default

15

What is API First?

The API is the

Contract

The API is the

Product

API First!

16

Making API First Work

17

Digital Business in API TerminologyA Simple, Stateless Message

• {“API”:“First”}• {“API”:”Microservices”}• {“Microservices”:“Change”}

18

Introducing Microservices

“…the microservice architectural style.. ..is an approach to developing a single application as a suite of small services, each running in its own process and communicating with lightweight mechanisms, often an

HTTP resource API. …”

Martin Fowlerhttp://martinfowler.com/articles/microservices.html

19

API First vs SOA

The API is the

contract

…And the product

“This is what I

need…”

“Here is what I

have to offer…”

WSDL is the

Contract

Backend App is the Product

API M

anag

emen

t

APIs SOA/ESB

20

From SOA to API First

21

Digital Business in API TerminologyA Simple, Stateless Message

• {“API”:“First”}• {“API”:”Microservices”}• {“Microservices”:“Change”}

22

Microservices Focus on Change

The API is the

contract

…And the product

“This is what I

need…”

“Here is what I

have to offer…”

WSDL is the

Contract

Backend App is the Product

API M

anag

emen

t

Public APIs:Better Customer

Experience

SOA: Better Apps +

Integration

Microservices: Improved Developer

Experience

23

Legacy Enterprise Applications

Backend ServerData Storage

Web Client

Other Clients

Mobile Client

Other Clients

24

The Backend Was Still Monolithic

• Tightly coupled• Monolithic scaling

Backend Server

25

SOA brought separation, but little empowerment• Course grained, reusable, more scalable services • Coupled through orchestration• Still common servers, DBs, data

Backend Server

Service Service

Service Service

26

Microservices brings developers

• Why SOA?– Break the monolith– Integrate legacy apps– Scale & Reuse

Backend Server

Service Service

Service Service

• Why Microservices?– A platform for the business– Agility– Not tied to servers, tools, DBs

27

Build it, Run it, Own it

• SOA Services are seen as projects

– The team moves on when the scope of that project is delivered

• Microservices and their APIs must be managed as products

– Product team owns their service from conception to retirement

28

Public APIs: True Loose Coupling“Smart endpoints, dumb pipes”

• Simple and stateless (RESTful)– Little coupling to a process (unlike Web services)• Designed outside-in based on how it’s consumed (product)

• Bullet proof– Built-in error handling/checking

• Designed from the outside in (product)– Very slowly changing, insulate from underlying change

• Self described– Standard web API documentation (e.g. Swagger)– Easy to use repository (search, etc.)– Self testing during learning process

• All reuse configured not coded– Security, identity, composition, policy/SLA, auditing, analytics

29

Microservices (Private APIs): Agility

• Platform agnostic– Support servers, tools, languages, DBMSs of choice

• Constant change (daily)– Bounded code/products (microservices and APIs)– Bounded, independent teams owning “products”– Dev Ops approach from development to operations– Lightweight communication across containers– Automated testing, deployment

• Self service (versus governance)– Self service, delegated ownership– Governance processes tailored for self service– Delegated control over “configurable” attributes

30

Design Security Assuming it’s Public

• Threat protection (e.g. OWASP top 10)• Identity management (AAA, Oauth 2.0, Mediation)

– Don’t assume internal or private access

• Auditability, compliance

Backend Server

Service Service

Service Service

The Real Firewall

Microservices

31

Trust, Visibility

Backend Server

Service Service

The Real Firewall

Microservices

Policies/SLAs

Service Service

32

Key Takeaways

• {“API”:“First”}• {“API”:”Microservices”}• {“Microservices”:“Change”}• Getting Started

– Security– Public APIs– Microservices

33© 2015 Axway | Confidential 33

Q & A

34

Obrigado!Microservices under the microscope

QCon – São Paulo

#APIFirst

@rdmeyersf #API @axway

March 24, 2015