Through several years of research on the subject of cloud functions, researchers including ourselves have gained a thorough understanding of the advantages and disadvantages of function-based application development. Along with increased maturity of FaaS, a more specialised consideration of potential use cases is needed to filter out the ones where the technology shines compared to the ones where significant weaknesses become apparent and other technologies, perhaps even in combination, would be a better fit. This early experience report informs about how we have deployed cloud functions around an existing cloud management platform as a variant of the well-known solar system approach of introducing microservices around monoliths.
Cloud management platforms (CMPs), especially applied to multi-cloud management, have become highly relevant to increasingly networked companies. Employees in a decentralised way subscribe to many offerings on the SaaS level, but also including PaaS and IaaS for their DevOps needs, but on a management level the comapny still want to have a logically centralised overview about cost, compliance and consolidation potential. Right now, CMPs are most advanced for IaaS, but as the trend is to move up the stack, (universal) connectors to PaaS and SaaS are being realised, and of course this follows an inverse pyramid where most companies use mostly SaaS in their daily business.
In our previous work, to be presented at CloudCom 2018 in Cyprus in a few days, we have contributed a testbed to compare CMPs and their simpler siblings, abstracting cloud adapters and proxies. With this work, we help independent software vendors (ISVs) to build higher-level solutions for multi-cloud management, such as Amysta. Because of different architectures and approaches, CMP should be chosen by customer-specific needs and functionalities. The testbed allows to compare all selected requirements to make the best choice. One key finding of our work has been that independently from any non-functional characteristics such as latency or memory overhead introduced on top of the actual cloud operations, CMPs are hard to extend which means that adding a new cloud provider will become an effort-intensive task. Some systems like ManageIQ are designed for extensibility on the code level, but in the era of microservices, having to master specific programming languages might be too much of an investment. Moreover, most CMPs attempt to satisfy all requirements when most of their users use only few pieces of functionality which leads to big overcomplication and not optimised solutions for particular needs such as safety-critical deployments with full auditability and traceability of the management operations.
Hence, cloud functions. In a new work which we will demonstrate at ESSCA 2018 in Zurich, Oleksii Serhiienko has looked at CloudcheckR, another such CMP system which even runs as SaaS without the ability to directly interfere with its implementation. By cleverly constructing a set of cloud functions as proxies around the software, additional functionality can be introduced, for example, checking AWS and Google Cloud Platform accounts for adherence to best practices and for following well-defined resource tagging strategies.
The following illustration presents the resulting architecture. A best practices cloud function fetches rules for best cloud management practices from CloudcheckR in regular intervals. The rules are processed and alarms are raised, through a custom alarm function, if violations are detected. Furthermore, the rather large API set of CloudcheckR is hidden behind few necessary functions, such as those for account management, in order to decrease the potential unprotected exposure of the API.
The Serverless Framework event gateway is used to dispatch function calls to the management functions which are therefore themselves deployed in a multi-cloud-native way. Hence, the solution becomes portable and, as the extension functions do not carry state, can be easily migrated to whatever cloud provider is subscribed to next.
Some of the work is still ongoing. As this blog posts gives you some first teaser information, we hope to see you as attendee at Oleksii’s talk on December 21st. Register now!