1 microservices under the microscope qcon – são paulo #apifirst @rdmeyersf #api @axway march 24,...
TRANSCRIPT
1
Microservices under the microscope
QCon – São Paulo
#APIFirst
@rdmeyersf #API @axway
March 24, 2015
2© 2015 Axway | Confidential 2
“To Improve Is to Change; To Be Perfect Is to Change Often”
Sir Winston Churchill
3
Digital Business Changes Everything
4
Digital Business has no Border
• Architecting for Mobile isn’t enough
• Omni-channel experiences require a new approach
• Digital products are King
5
Digital Business has no Speed Limit
6
BMW i Remote App
• Status of car• Charging status• Doors, windows…• Inspection due• Range• Route to car /
to public transportation
7
Single Customer Experience
8
Netflix has shown the way…Reactions Adrian Cockcroft received.
“You guys are crazy! Can’t believe it”
-2009
“What Netflix is doing won’t work”
-2010
“We’d like to do that, but can’t”
-2012
“It only works for Unicorns like Netflix”
-2011
9
Enterprise IT Adoption Cycle
http://blog.gardeviance.org/2012/07/adoption-cycles.html - Simon Wardley
10
A mandate for change!
11
Digital Business in API TerminologyA Simple, Stateless Message
• {“API”:“First”}• {“API”:”Microservices”}• {“Microservices”:“Change”}
12
Digital Business in API TerminologyA Simple, Stateless Message
• {“API”:“First”}• {“API”:”Microservices”}• {“Microservices”:“Change”}
13
APIs Must be Useful
"The value of a well-designed object is when it has such a rich set of affordances that the people who use it can do things with it that the designer never imagined.”
Donald Norman
14
What is API First?
• Involved in most new projects– B2B– Mobile– Cloud– IoT– Social– Big Data
• Lead with APIs by default
15
What is API First?
The API is the
Contract
The API is the
Product
API First!
16
Making API First Work
17
Digital Business in API TerminologyA Simple, Stateless Message
• {“API”:“First”}• {“API”:”Microservices”}• {“Microservices”:“Change”}
18
Introducing Microservices
“…the microservice architectural style.. ..is an approach to developing a single application as a suite of small services, each running in its own process and communicating with lightweight mechanisms, often an
HTTP resource API. …”
Martin Fowlerhttp://martinfowler.com/articles/microservices.html
19
API First vs SOA
The API is the
contract
…And the product
“This is what I
need…”
“Here is what I
have to offer…”
WSDL is the
Contract
Backend App is the Product
API M
anag
emen
t
APIs SOA/ESB
20
From SOA to API First
21
Digital Business in API TerminologyA Simple, Stateless Message
• {“API”:“First”}• {“API”:”Microservices”}• {“Microservices”:“Change”}
22
Microservices Focus on Change
The API is the
contract
…And the product
“This is what I
need…”
“Here is what I
have to offer…”
WSDL is the
Contract
Backend App is the Product
API M
anag
emen
t
Public APIs:Better Customer
Experience
SOA: Better Apps +
Integration
Microservices: Improved Developer
Experience
23
Legacy Enterprise Applications
Backend ServerData Storage
Web Client
Other Clients
Mobile Client
Other Clients
24
The Backend Was Still Monolithic
• Tightly coupled• Monolithic scaling
Backend Server
25
SOA brought separation, but little empowerment• Course grained, reusable, more scalable services • Coupled through orchestration• Still common servers, DBs, data
Backend Server
Service Service
Service Service
26
Microservices brings developers
• Why SOA?– Break the monolith– Integrate legacy apps– Scale & Reuse
Backend Server
Service Service
Service Service
• Why Microservices?– A platform for the business– Agility– Not tied to servers, tools, DBs
27
Build it, Run it, Own it
• SOA Services are seen as projects
– The team moves on when the scope of that project is delivered
• Microservices and their APIs must be managed as products
– Product team owns their service from conception to retirement
28
Public APIs: True Loose Coupling“Smart endpoints, dumb pipes”
• Simple and stateless (RESTful)– Little coupling to a process (unlike Web services)• Designed outside-in based on how it’s consumed (product)
• Bullet proof– Built-in error handling/checking
• Designed from the outside in (product)– Very slowly changing, insulate from underlying change
• Self described– Standard web API documentation (e.g. Swagger)– Easy to use repository (search, etc.)– Self testing during learning process
• All reuse configured not coded– Security, identity, composition, policy/SLA, auditing, analytics
29
Microservices (Private APIs): Agility
• Platform agnostic– Support servers, tools, languages, DBMSs of choice
• Constant change (daily)– Bounded code/products (microservices and APIs)– Bounded, independent teams owning “products”– Dev Ops approach from development to operations– Lightweight communication across containers– Automated testing, deployment
• Self service (versus governance)– Self service, delegated ownership– Governance processes tailored for self service– Delegated control over “configurable” attributes
30
Design Security Assuming it’s Public
• Threat protection (e.g. OWASP top 10)• Identity management (AAA, Oauth 2.0, Mediation)
– Don’t assume internal or private access
• Auditability, compliance
Backend Server
Service Service
Service Service
The Real Firewall
Microservices
31
Trust, Visibility
Backend Server
Service Service
The Real Firewall
Microservices
Policies/SLAs
Service Service
32
Key Takeaways
• {“API”:“First”}• {“API”:”Microservices”}• {“Microservices”:“Change”}• Getting Started
– Security– Public APIs– Microservices
33© 2015 Axway | Confidential 33
Q & A
34
Obrigado!Microservices under the microscope
QCon – São Paulo
#APIFirst
@rdmeyersf #API @axway
March 24, 2015