Microservices Archietcture(MSA) : Design & Development Approaches

In the recent past there has been flood of requests from major retailers who are using the premium ecommerce packages like Oracle ATG, IBM WCS, SAP Hybris & Magento etc to decouple the functionalities from the monolith deployment by moving the architecture approach to microservices. Decision for separation has to be made with lot of care & consideration as there will be too many factors at play like hosting(traditional + cloud), scaling, data modeling, replication to be used, session, cache management etc. Apart from the above listed factors the custom implementation of the solution would also come into play as we design the solution approach for incremental microservices transformation journey for the enterprise.

As we all are going through the learning curve of developing and deploying the distributed applications this journey provides lot of insights into design & development approaches to the various scenarios & problems. I have tried to summarize some key notes which can be useful during MSA implementations. Please share your learnings and experiences to make it more comprehensive.

Below are the multiple focus areas during designing the incremental microservices journey and list can be improved further based upon the experience we gain from the real ground:

  • Domain Architecture
  • CQRS (Command Query Request State) : Separates reads & writes to the data
  • Event Sourcing : Event based architecture
  • Hexagonal Architecture : Logic Kernel & Adaptor based
  • Resilience & Stability
  • Technical Architecture

While focusing on the above areas some things that will came into light during team discussions are listed below…

  • How to manage the service versions?
  • Designing for performance
  • Designing for integrity
  • Designing for failures
  • Service Boundaries
  • Designing for adapting to third party integrations/Products
  • Operational Effectiveness
  • Health checks
  • Performance Metrics & Alerts
  • Resources utilization & effectiveness
  • Logging & Error, Exception Handling
  • Event & Transaction Tracking
  • CICD for packaging & deployment
  • Hybrid Infra model support ( cloud + physical )

Domain Architecture

  • Defines how microservices will implement core domain based functionalities
  • No rigid approach (allows teams to decide the design & structure enabling them to work independently)
  • Easy to understand, Simple to maintain & replace
  • Defines how the entire domain is split into various areas (leading to mapping one team for the changes)
  • Efficient domain architecture will require low co-ordination and communication among teams

Cohesion

  • Domain architecture of overall system influences the domain architecture of each microservice
  • Microservices should be loosely couple with each other and have high internal cohesion
  • With respect to domain it should follow SRP (Single Responsibility Principle)
  • Loose coupling & high cohesion

Encapsulation

  • Internal details are hidden
  • Accessed via defined interfaces
  • Helps in easy modification
  • In microservices context one microservice will never allow other microservice to access internal data
  • Each microservice understand the interface to other microservice

Domain Driven Design

  • Functionally structures the overall design of microservices

Transactions

  • Bundle of actions (Execute Everything or Nothing)
  • One transaction one microservice
  • Transaction across microservices (by leveraging messaging based arch or design)
  • Very hard to achieve the one transaction one microservice level with domain design

CQRS (Command Query Responsibility Segregation)

CQRS is an architectural pattern for developing software where the system is segregated for the steps or operations dealing with reads & writes (very different from old monolith CRUD architecture where single component has the ownership for reads & writes)

  • Each system has a state which can be saved which requires reading(queries) & writing(command) the data
  • Command & Query can’t be synchronous in nature resulting in CQS (Command Query Separation)
  • Cache’s support the query operations

CQRS

Principles of CQRS Arch Benefits of CQRS Arch Challenges of CQRS Arch
Event Sourcing

Event Driven Architecture

Loose Coupling

High Cohesion

Domain Driven Design

SoC (Separation of Concern)

Domain/Busines Focus

Scalability

Simplification

Flexibility

Command & Query can be use different technologies

Read & Write separation

Data consistency

Expensive ( Development & Infrastructure cost will go up)

Transactions with read & write steps are difficult to implement

msafig12

Microservices with CQRS

  • The communication infrastructure can implement the Command Queue when a messaging solution is used. In case of approaches like REST a Microservice has to forward the commands to all interested Command Handlers and implement the Command Queue that way.
  • Each Command Handler can be a separate Microservice. It can handle the commands with its own logic. Thereby logic can very easily be distributed to multiple Microservices.
  • Likewise, a Query Handler can be a separate Microservice. The changes to the data which the Query Handler uses can be introduced by a Command Handler in the same Microservice. However, the Command Handler can also be a separate Microservice. In that case the Query Handler has to offer a suitable interface for accessing the database so that the Command Handler can change the data.

When to choose CQRS ?

  • Event based integration is develop & maintain in the long run
  • If there is heavy imbalance between number of reads & writes in the given system
  • While building multi-view based systems (Web, Mobile, API etc )
  • Complex CRUD operations in existing system
  • If business process has lot of events and records would be required for further analysis
  • Can live with Eventual consistency

Event Sourcing

Event Sourcing is an similar architectural pattern like CQRS, state is recorded as the sequence of events in the system resulting from actions/steps of domain. Events help in rebuilding the state of the actors with in the domain at any point of time.

CRUD stores the current state(not events) of the entity not the sequence or history of the events

  • Events are messages
  • Can be modelled in separate classes
  • Event history is maintained (persists events)
  • Event stores provide read and write capabilities
  • Used for interaction between components
  • Events are immutable ( no modification or deletion)

 

Principles of Event Sourcing

Benefits of Event Sourcing

Challenges of Event Sourcing

Persisting state of the events

Event Driven Architecture

Loose Coupling

High Cohesion

Domain Driven Design

SoC (Separation of Concern)

Simplicity

Easy Integration

Event state traceability(audit trail)

Performance

Flexibility

Consistency (Business drives the level of consistency not the technology)

Parallel updates

Validation

Event Sourcing
  • Event Queue : Sends all the events to recipients (mostly messaging middleware)
  • Event Store : Saves all events using them it can reconstruct state
  • Event Handler: Business logic which responds to the particular event(s)

Hexagonal Architecture

 “Focuses on the core logic of the application i.e. business functionalities with well-defined interfaces which are available for the users & administrators”

  • Alternative to the layered architecture which has UI, Business Logic, Persistence
  • Has adaptors which interact with logic via ports
  • Inbound & Outbound communication
  • Some of the adaptors available for users, data, events & administrators are….
    • UI Adaptor
    • REST Adaptor
    • Test Adaptor (Enables isolated testing harness)
    • Database Adaptor
    • Custom Adaptor (Resilience & Stability)
Adapter (From GoF it is also called as Wrapper)
msafig14

Resilience & Stability

  • Due to the distributed nature of the microservices architecture the system always can run into the risk of cascading failure resulting in hostage situation for the applications accessing the services
  • Distributed architecture relies on the network & cloud servers which can be highly unreliable considering the risk of failure system should be designed in such a way that probability of failure can be masked i.e. building the resilience into the system/application to ensure the availability too.
  • Patterns that can ensure the availability of the services are:
  • Bulkhead
    • Bulkhead has been used for several centuries in ship building area, it creates the watertight compartments that can hold water in case of leakage to avoid ship sink
    • Comparison to software architecture the concept allows to build sub-systems which are well shielded from cascading problems if any like overloads, response failures etc
  • Test Harness
    • It is an approach to induce the situation to study the behavior of the application in certain contexts (TCP/IP, HTTP Headers etc i.e some OS or network level issues) most of time these are not considered but addressing these situations can help the overall architecture
  • Steady State
    • Simple and manageable at any point of time, if the systems are not designed for consistent state they might run into problems at some point of time like heavy database storage operations, log & caching operations which have capability to bring down the system by creating storage & operational challenges. Hence it is recommended to have automated control over storage, caching & log operations
  • Uncoupling Via Messaging
    • Asynchronous process based communication helps (without any waiting), approach should be to proceed with other activities without waiting on the response
  • Timeout
    • An individual thread is started which can be terminated after defined timeout
    • Easy to implement compared to other patterns
    • Can be plugged into monitoring systems as well
  • Stability based patterns
    • Use Circuit Breaker, Timeouts & Bulkhead patterns to safeguard from the failures and tight coupling
    • Apply fail fast mechanism to all the microservices to ease the communication wait times
    • Steady State, Fail Fast, Test Harness, Handshaking etc have to be implemented by each microservice
    • Decoupling via shared communication is the way to design
  • Handshaking
    • It is a protocol based feature once leveraged will help us to track the overloaded system & prevent cascading failures, socket based protocols implement these very well but HTTP doesn’t support this mechanism hence it is the responsibility of the application getting built by introducing some type of health check or signaling
  • Circuit Breaker
    • Are also not a complex to implement in the microservices code but a special attention is required during design to make them work high load scenarios & meet the operational needs to monitoring etc..
  • Fail Fast
    • This approach allows the consumer system to timeout on the response and detect the failed state as quickly as possible  with defined error state. Hence validating the state of the incoming request allows to validate and avoid the processing further by confirming the error state, similar to the timeout model
  • Resilience in Reactive Context
    • Reactive Manifesto considers “resilience” as one of the core property of the reactive application
    • Asynchronous processing with error handling & monitoring
  • Hystrix
    • Very good support for resilience
    • It is a java library given by Netflix shared under Apache license
    • Internally it uses Reactive extensions for Java (RxJava)
    • Implements timeout & Circuit Breaker
    • Hystrix dashboard shares info about state of the thread pools & circuit breaker
    • Can be embedded in commands implementation
    • Library provides rich annotations
    • Leverages thread pools (for each microservice) – ensuring the support for bulkhead
    • Non java implementations can use Sidecar Hyrstrix
    • Can configured for monitoring single hosts as well as cluster mode

Technical Architecture

Technical architecture of the microservices can be designed independently, tech stack or frameworks need not be common i.e. truly ployglot support. Operational or non-functional needs can be collaboratively designed to support & maintain the system.
  • Process Engines
    • SOA based orchestrated process engines can be leveraged for microservices as well
    • Microservices are designed for one domain i.e. one Bounded Context
    • Microservices should not be designed just for integration or orchestration else it will violate the SRP and the changes for microservices will be become complex to do and maintain over the period
    • In case of collective business context multiple microservices should be implemented where each microservice supports one business functionality and used in conjunction to support multiple functionalities
    • Integration only microservices should be strictly avoided
  • Statelessness
    • In a distributed architecture stateless microservices are very useful
    • Microservices should not save any state in their business logic (State can be maintained in database or client side)
    • Having the stored state helps to recover from failures by replicating/recreating the state from database
    • Helps in creating multiple instances
    • Easy replication
    • Load distribution to the instances
    • Versioning : Old version can be shutdown or replaced without migrating state
  • Reactive
    • Reactive properties fits very well into the microservices approaches/needs
    • An application/systems which is reactive should have some defined properties like:
      • Resilience : Ensure the availability & failure tolerance
      • Elastic : Dynamically scalable at runtime
      • Message Driven : Message based communication
      • Responsive : Fast response times with fail fast setup
    • Actors/Processes can send messages to each other

      • Non-blocking I/O communication(Asynchronous)
    • Reactive Technologies

      • Vert.x ( Java JVM based but also supports various languages like Ruby, JavaScript, Groovy, Scala, Clojure & Python)
      • Reactive Extensions : RxJava & RxJS
      • Scala ( Reactive framework Akka & Web framework Play)

msafig15

 

Reactive is just an alternative approach available of the microservices but it is not the only option. Microservices can also be implemented without “reactive” approaches with traditional programming models, resilience can be achieved by using various libraries & elasticity is implemented using VM’s or Containers. Messaging is already used in traditional models. Reactive systems have real advantage in the case of “responsive” implementation

References:

 

Microservices Architecture(MSA) : Security, Authentication & Authorization

Problem : How to handle security with authentication & authorization in MSA?

MSA requires uniform security to ensure microservices can communicate and collaborate with-in and outside the system. Each microservice needs info about who triggered the call for system usage. Authentication & Authorization are two core components of the security apparatus both are independent of each other.

Authentication : Identity of the user

Authorization : Decision on user is allowed to access & execute actions

  • Individual microservices should not perform authentication(central server approach can be adopted)
  • Authorization enables the interplay between microservices hence it would require the user groups, roles etc to created & administered collectively
  • OAuth2 is a widely supported protocol( Google, Microsoft, Twitter, XING, Yahoo etc)

OAuth2 solves the authentication & authorization primarily for human users for enabling it for microservices based system would need additional steps like:

  • Microservice to microservice communication protected by SSL/TLS against wiretapping (by encription) – REST supports such protocols
  • Certificates can be used to authenticate clients(non-humans)
    • Certificate Authority (CA) creates certificates & can be leveraged to verify digital signatures (SSL & TLS support certificates)
  • API keys (similar to certificates, keys are shared with external clients to allow them access to the system) – OAuth2 supports this through Client Credential
  • Firewalls : Use for controlling the microservice to microservice communication, helps in intrusion scenarios to enforce restrictions
  • Intrusion detection mechanisms (part of the monitoring system setup)
  • Datensparsamkeit : Concept enforces the restriction on data collection fields (collect the data which is absolutely required rest all are not store in the system)
  • Hashicorp Vault : Tool
    • Secret password
    • API keys
    • Keys for encryptions or certificates
    • Integrates with Hardware Security Modules (HSM’s),SQL databases, AWS IAM, can generate keys for AWS cloud by itself

Additional security scenarios for consideration:

Each micoservice has to ensure the below things in its design & implementation:

  • Integrity : Data integrity is the responsibility of every microservice it can be achieved by signing the data
  • Confidentiality : Ensures data modifications are not denied (again by using the user keys)
  • Data Security :
    • No data loss
    • Backup & disaster recovery solutions
    • Highly available storage solutions
  • Availability : Resilience approach should address the failure scenarios to ensure high availability

Most of the times above scenarios are ignored or missed out while designing security approach for the systems.

Questions to probe further during design discussions:

  • Session management implementation
  • What is the microservices communication & service discovery model?
  • User experience can change or should remain same?
  • Are you breaking the monolith to SPA(Single Page Applications)?
  • Do you have mobile clients?
  • How is identity and permission info conveyed to a service?
  • How is info decoded and interpreted?
  • What data would be required to make access decisions(ACL’s, roles, user accounts etc)
  • How is data managed?
  • Who is responsible for storing and retrieving it?
  • How to verify the tampering case?
  • Who all will interact with the services?
    • Users, Devices, Services, Applications, External Services,

Approaches available:

Evaluate all the approaches to see the proper fitment, multiple factors are at play, traditionally authentication in monnolith(heavyweight architecture) world has been always sateful service but MSA is lightweight distributed architecture but works mostly on stateless services, below are the approaches to work with stateful microservices:

  • Old world options available are….
    • Basic HTTP authentication (has drawbacks )
      • $ curl “https: //$username:$password@host/resource
    • Certificate based security : Supported in Sprint Security (X.509) – (has drawbacks )
    • Network security – (has drawbacks )
    • Custom Authentication Token
  • In MSA’s mostly deal with stateless stuff, we need to focus on what is stateful and stateless & how do we achieve statelessness?
    • Authorization servers are often stateful (they store issued access token in db for future checks)
    • By issuing JWT tokens as access tokens will help us to get statelessness to the interactions
      • JSON (JWT) is a secure way to encapsulate arbitrary data that can be sent over unsecure URL’s
  • Leverage JWT (JSON Web Tokens)
    • URL-safe
    • Exchanged between two parties
    • Claims are encoded as JSON object which is digitally signed by using secret between two parties
  • Use some Redis/Memcached db for user sessions in all the frontend microservices(this will ensure user authenticated once will have continuity for the following sessions)
  • Tokens (Expiry & Non-Expiry) : For expiry always pair with refresh tokens
  • API firewalls/reverse proxies are used for token translations
  • OAuth 2.0 is an open source delegation protocol allow secure authorization in simple & standard from desktop, web, mobile applications
    • In MSA context:
      • Authentication can be a microservice itself
      • Authorization is a common functionality across MS’s
    • Implicit grant (Frontend application)
      • For web applications running on the browsers with AngularJS or mobile apps
      • Gets access tokens directly
      • Similar to code grant but client gets access token directly
    • Client credentials grant :
      • Service-to-Service
      • Application authenticates itself using clientid and client secret
    • Password credentials grant:
      • Client collects username & password to get an access token directly
      • Only viable for trusted clients
    • Authorization code grant:
      • Server based application
      • Redirect flow for web server apps( to authorization server for code)
  • Frontend applications
    • Use implicit grant
    • Use HTML 5 localstorage for access and refresh tokens

oauthfig1

Solution Frameworks:

  • Netflix Zuul
  • OAuth : It is not for authentication & authorization but for scalable delegation protocol where actors involved are (map the numbers beside approach to the figure shown above ):
    • Resource Owner(RO)
    • Authorization Server(AS) – (2) (5)
    • Resource Server(RS) – (4)
    • Client – (1)(3)(6)
    • Access tokens are JWT (JSON tokens help in achieving the statelessness)
      • By Value(Inside the network)
      • By Reference(Outside the network)
  • OpenID Connect
    • Resource Owner(RO)
    • Authoriztaion Server(AS) – (2)
    • Resource Server(RS) –  (5)
    • Client – (1)(3)
    • MyMail.com – (4)(6)
    • Sessions – (5)
  • JSON Web Tokens
  • Sprint Security REST plugin
    • Spring Security core support – has inbuilt support for Oauth2 standard  that can be extended or customized for our implementation needs
    • Login & Logout REST endpoints
    • Token validation filter
    • Memcahed token storage
    • Partial implicit grant support for 3rd party providers
    • Oauth 2 support
  • SAML assertions (similar features to OAuth2)
    • XML focused
    • Standard based like OAuth
    • Supported by Spring Security
    • Standardized request signing
    • Enterprise usage
    • Drawbacks
      • Cumbersome setup for servers & clients
      • Headers will have large amount of XML data
      • Complexity for developers
  • Datensparsamkeit : Approach
  • Hashicorp Vault : Tool

(Image Source : OAuth.net )

oauthfig2

Solution Design:

There is no one size fit all the solution for this scenario, we have to adjust our solution according to the context & need of technical setup on the ground

  • Core problems in MSA :
    • Identifying user
    • Creating sessions
  • Leave authentication to Oauth or OpenID server
  • Make all MS’s accept JWT’s (with translate using reverse proxy for by reference to by value translations)
  • Ensure that….
    • Everything is self-contained
    • Standards based
    • Non-reputable(don’t trust anything)
    • Scalable
  • JSON (JWT) can be used for…
    • Single Sign-On
    • Secure payload transportation (obscure url parameters or POST body elements)
  • JWT for achieving statelessness
    • Instead of storing access token in a stateful way, do it with JWT
    • On the client browser securely store the JWT-encoded access tokens ( this is helps us to achieve one of the basic rule of REST i.e. state transfer
    • JWT claims can be signed
    • JWT can leverage JWE (JSON Web Encryption)

 Summary:

Lightweight distributed architecture based services demand lightweight infrastructure, security is very important but should be unobtrusive, spring security makes it easier for the developers to understand the low level needs of security communication & implementation. Oauth 2.0 being a standard helps to have common streamlined approach to solution implementation.

  • Spring Security Oauth
  • Spring Security SAML Assertions
  • Sprint Session
  • Oauth2 seems to be evolving as the alternative it is
    • Extremely simple for client (lightweight)
    • Access token have information other than identity only
    • Resources are free to interpret token content
    • Standards based hence changes be decoupled for uniform implementation
    • Supports bearer tokens
      • Centralizes account mgmt. & permissions
    • Supports Authorization Server, Resource Server & Client Application
      • Examples
        • Facebook – Graph API
        • Google – Google API
        • Cloud Foundry – Cloud Controller

References:

Microservices Architecture : Integrations & Communications

Systems can’t be built in isolation, each part of the system needs to communicate with the components and also integrate with other parties to provide & seek the services. Microservices are no different they need to be integrated & have to communicate with other services & systems, this happens at various levels as shown below…let us explore each of these to understand the details of implementations & challenges, it is going to be long post as we need to see the various options available for the challenges to be addressed during integration scenarios. I would advice a cup of coffee won’t be a bad idea while reading  🙂

msafig3

User Interface (UI) Integration

  •  Each microservice can have its own UI
  • Single Page Applications(SPA)
  • Single HTML Page
  • JavaScript (udpates page dynamically)
  • Logic in JavaScript
  • Useful for complex interactions & offline ability requirement

Single Page Application(SPA) Technologies

  • AngularJS (Runs in browser, given by Google under MIT open source license)
    • Provides bi-direction UI data-binding which tracks changes at
      • View Level (Renders in browser)
      • Attribute Level (Code Level)
  • Ember.js (Similar to AngularJS with it s own module Ember data it provides MDA(Model Driven Approach)  for accessing REST resources. Also available under MIT open source license)
  • Ext JS provides MVC features & UI compose like Rich Client Applications. GPL license v3.0 ( Free for non-commercial implementation, for any commercial implementation license needs to be obtained from Sencha)

Microservices & SPA’s

  • SPA per Microservice
    • Each microservice can have its very own SPA which calls microservice via JSON/REST interfaces
      • Tight coupling of SPA’s is difficult
      • Switching between SPA’s needs browser app reload (not a recommended integration)
    • SPA’s should have uniform Authentication & Authorization to avoid the need for multiple logins , OAuth2 & Shared Signed Cookie can help solve these kind of problems

msafig4

Uniformity with Asset Server

  • Each SPA is assembled with its own UI
  • SPA’s of microservices can use the resources(JS,CSS etc) from asset server to enable uniform UI
  • Proxy Server helps in masking the security rules of different URL’s (helps in giving uniform experience)
  • Separation of assets will result in new problem of dependency(All the changes to the assets will require changes in microservices as well)
    • Risk to independent deployments
    • Scenario best avoided
    • Reduces dependencies in frontend

“Asset Sever is more a problem than a solution”

msafig5

JavaScript in SPA can access the data

  • From the same domain as the code originates(called as origin policy)
  • JavaScript can’t read data from multiple domains
  • All microservices are accessible to the outside under the same domain due to proxy(this is no limitation)
    • Policy has to be deactivated when UI of a microservice is supposed to access the data of different microservices
      • Solution 1: CORS (Cross Origin Resource Sharing) solves the origin policy problem
      • Solution 2: Have all SPA & REST services under one domain (here asset server is the best option to enable the solution)

Single SPA with multiple microservices

msafig6

Binding of UI would be required as the functionality of the pages might come from different microservices which are composed of the module(JavaScript, CSS) of specific microservice that has all the UI formation (assuming that implementation is AngularJS based)

  • AngularJS supports multiple modules for different SPA units/parts hence facilitating the each MS to have its own UI control module

Drawbacks:

  • Dependency across SPA & microservices for build & deployments( requires lot of coordination) – Better to avoid this setup
  • UI based coupling of microservices results in shared deployment artifact – Better to avoid this setup

“One advantage of this approach is SPA brings together UI from different microservices & shows to the users without any intervention “

HTML Applications

Each microservice has one or more web pages(HTML, JavaScript, CSS etc) generated on the server (difference from SPA is that only a new HTML web page is loaded not an application/module by the server)

ROCA (Resource Oriented Client Architecture)

msafig7

  • Handles JavaScript & dynamic elements in HTML UI
  • Alternative for SPA’s
  • JavaScript plays limited role of optimizing the usability of pages(facilitates & add effects to the web pages)
  • Core assumption application should be functional without JavaScript
  • ROCA reduces dependencies (core philosophy that web should work on HTML over HTTP)
  • In various microservices coupling can be enabled by links (natural integrations unlike SPA’s)

Routing based integration

  • From outside the mircoservices should appear like a single web application(with one URL)
  • Also enables the assets to be shared without violating same origin policy of various assets in the system

msafig8

Function of the router is to redirect the requests from external/internal parties to appropriate microservices

  • We can leverage Zuul for achieving this functionality, also reverse proxies can also help(like webservers nginx, apache httpd that direct request to other servers)
  • Request can be modified & URL’s are altered which is very easy in Zuul to extend & implement

NOTE: When the rules in router become complex it can kill the purpose of isolated deployment strategy hampering independent development & deployment.

JavaScript for HTML Layouts

  • AJAX can be leveraged to load the content of a link from another microservice(s)
  • Link based approach can be used
  • Facebook BigPipe :
    • Optimizes load time
    • Composes web pages from pagelets
    • JavaScript is used to replace elements of webpage(DIV elements etc)

Frontend Server based integration of Microservices

msafig9

  • Frontend Server assembles the HTML webpage from HTML code snippets generated by microservices
  • Assets like JavaScript, CSS etc can be stored in frontend server
  • Edge Side Integrations(ESI) concept helps by providing simple language to collate HTML from various sources
  • ESI cache holds static & dynamic content of a page (this mix of static & dynamic contents is key for assembling pages)
    • Proxies & cache (Varnish & Squid implement ESI)
  • Server Side Integrations (SSI) can be another alternative, but SSI doesn’t have cache support) and only available in webservers
  • Each microservice can deliver HTML snippets which can be integrated on the server
    • Apache httpd supports SSI’s with mod_include
    • Nginx supports SSI’s with ngx_http_ssi_module
  • Portlets can be used as an alternative solution for the content assembly ( JSR 168, 286) in this case but it is very complex and the portlets are implemented differently in various servers (For microservices this solution is best not to be considered) Also most of the portlet implementations restrict us to java technology only…

Integration Scenario with Mobile & Rich clients

Mobile & Rich client applications present a different challenge in the current context microservices integration as they have separate client side installer which is required to access the services whereas web implementation is more universal and generic with central management of the UI assembly with HTML snippets shared by microservices. Also the entire mappings can be controlled by single coordinated client & server deployment.

  • Mobile, Rich or desktop clients requires separate installation for the client (which is predominantly monolith in nature) which has to offer/manage the interfacing with microservices
  • These client requirements might drive/dictate changes in the microservices development & deployments hence it is advised to bring some modularity into the context
  • We can’t have multiple client app deployments for the feature changes in microservices as the users will have direct impact or overhead requiring updates on the devices (this isolation development approach is considered in SPA’s for client & server development but the same is not recommended)
  • Both client & microservices can’t be isolated coordination is required to rollout and address the channel based needs at optimum levels

Organization Scenario

  • Mobile client development teams are different from the microservices teams (adding the client specific developers in each microservice team is not a great approach)
  • Mobile platform team needs to interact with all the microservices implementation teams which requires lot of communication which is not recommended by microservices approach

msafig10

One probable solution can be microservices team develops the features for web and the same will be available to mobile app when it is released but the catch here is that each microservice needs to support different features for web & mobile (to avoid the scenario we can have similar features across channels but in the domain context it might not be the case as the requirements/usecases might vary)

 

 

Role of UI in Microservices Architecture

Recently while working with various client engagements focusing on gradual microservices deployments which will co-exist with monolith a big question which stands before the team is “what is the best strategy for creating UI in MSA?”.

Question very critical to understand and design the system as there will be too many things at stake in the current existing system as well as new design and its impact to application user base which most of the time is an omni-channel interface.

Business View :

We are okay with microservices implementation as long as we don’t make any change to user experience and the business functionality remains intact.

 IT View: 

Address the business need and ensure the design is not breaking the application , microservices advantages are not compromised and operational needs with process is defined. In case of failure system is fault tolerant.

Let us check some of the questions which can be discussed in JAD team session before finalizing the design approach

Questions to probe:

  •  Is it web UI’s?
  • Native mobile UI’s?
  • Desktop UI’s?
  • All of the above?
  • Impact on your scalability?
  • Team structures responsible for delivery of the components in whole assembly group to present final solution
  • How many consumers or apps will use the services? etc

Approaches:

Evaluate all the approaches to see the proper fitment, multiple factors are at play:

  •  UI making individual calls to API (assembling the UI from various modules)
  • Server side backend responsible
  • Treat UI as client application ( Bundling UI with MS to serve bits and pieces will bring lot of chaos
  • Break the entire web application in SPA – Single Page Applications which can be deployed independently relying on the microservices
  • If network is good client can call multiple services although there may be many round trip requests ( else change the composition of the service by bundling the services into one service to reduce round trip requests which allows us to transform the data from all the services to minimize the traffic)

Solution Design:

There is no one size fit all the solution for this scenario, we have to adjust our solution according to the context & need of business

  • API gateway pattern :
    • Microservices are behind the gateway and UI on top of it.
    • Limit to aggregation and lookup to serve a specific UX flow.
  • UI Composition pattern :
    • Each MS output its own UI elements or combined with another monolith on the server side
      • Challenges
        • Pros : Provides service decoupling & individual testing
        • Cons: Creates tactical coupling to maintain UX across each services output
        • Cons: Team collaboration on the UI & scripts requires cross-element operation binds into type of monolith
        • Cons: Multiple apps or consumer scenario will have lot of challenges if this option is leveraged

Summary

If it is an ecommerce situation with pages and product listings pattern #2 is best option. Once set of services provide container UI and another set of services feed product results. If scenario is tightly controlled rich UX you might have to co-odrinate the deliverables from multiple teams

  • Logic in UI should be primarily view logic only and avoid business logic ( UI is the layer which plays the data)
  • MS teams publish API docs and version accordingly to ensure proper consumption
  • Focus on service discovery
  • Conway’s Law is very important ( Organization has to support MSA initiative)
  • Keep things simple

I know this very limited view of the scenarios that will arise while designing for these kind of systems, would be keen to hear from you what approaches worked in your scenarios. In this distributed systems world the architectures and systems are changing at rapid pace and we need to learn them and keep up with pace 🙂

References:

Microservices Archietcture : Quick Intro

After the evolution of cloud application development & deployment has changed drastically but one core thing remained same about the applications is the time to market. Any small change requires entire application to be tested and deployed which limits the business to achieve the goals to maximize the revenue of each opportunity available in the market. Traditional architecture approach which is generally known as monolith is now getting transformed into new microservices based architecture model. Before jumping into the detailed understanding of the microservices let us see what is monolith & attributes associated with it…I will be publishing learning series to help understand the underlying core concepts of microservices architecture(MSA)

Monolith : It typically starts with a common simple codebase with defined tech stack and becomes non-maintainable over the period of time that qualifies to be called as “monolith”. Some attributes associated with it are….

  •  Long testing cycles for each deployment cycle(Automation helps but to limited extent)
  • Defined tech stack
  • Results in too many issues for small changes
  • High learning curve (complex codebase)
  • Maintained by large teams
  • Too many/Complex dependencies etc (Tightly coupled)

SOA came to the rescue but….

  •  Resulted in tightly coupled services based monolith
  • One dimension scalability
  • Carried forward all the problems from traditional monolith design, development & deployment

Microservices is an architecture paradigm which breaks large software monolith architectures into loosely coupled services, which communicate with each other through simple APIs and can be independently created, deployed without impacting the ecosystem. Adheres to some common principles…

  •  Single Responsibility Principle (Self-contained & autonomous)
  • Owned by small team
  • Small code base
  • Supports Polyglot tech stack with technology agnostic interfaces
  • Deployed in independent containers
  • Domain Driven Design

Microservices Architecture (MSA) is topping the charts of technology industry discussions, People are both overwhelmed & confused about architecture pattern which has announced itself with great promises. We have to be cautious not to get carried away with the blind implementation irrespective of the scenario of business context.

Please understand the details of MSA and your business context before jumping into the implementation. MSA does require high degree of commitment, skills and there is additional complexity, structural changes for which your team/organization needs to plan well to scale the operations to live with it. MSA is not a free lunch 🙂

msafig1

Below I’m calling out the advantages, disadvantages & implementation challenges of MSA based on exposure to some of the ecommerce based implementations:

Advantages

Disadvantages

Implementation Challenges

  • Loosely coupled systems
  • Independent & modularized, can developed by different teams
  • Polyglot
  • Flexible for scaling
  • Failure/Fault isolation(Design for failure, Tolerance/Resilience built-in)
  • Faster Time to Market (Quick updates without downtime)
  • Independently deployable
  • Compute based resources
  • Cloud based infrastructure with automation
  • Supports event driven programming
  • Created based on domain lines mapping to the business capabilities
  • Distributed & localized governance
  • Supports Domain Driven Design
  • Eases team structures (Conway’s Law)
  • Reduces code complexity for developers (Small Services = Small Codebase)

  • Increased Complexity due to highly distributed systems
  • Effort intensive operations
  • Complex configuration management
  • Majority of them are stateless
  • Eventual Consistency
  • Code duplication goes unnoticed
  • Contract definitions (implicit interfaces)
  • Trap you into distributed ball of mud
  • Hype around MSA
  • Not all developers embrace it
  • Communication overhead
  • Polyglot complexity
  • Operational complexity
  • Spike in infra use
  • Transition to Distributed Systems
  • Testing MSA
  • Scattered business logic (all over the place )
  • Lack of dependency view for change impact
  • Have to live with CAP
  • Modelling ( Domain & Data)
  • Need for high quality devops skills
  • Expensive (during nitial cycles)
  • Asynchronous communication
  • Services versioning
  • Increased/Multiple no of databases
  • Network communication & security
  • DevOps skillset availability (CICD Pipelines & dependencies, Configurations, Monitoring, Maintenance)

Above challenges are only subset of the bigger list and most of them have solution in their own context of design & architecture problems but there is no one solution which that fits all. Hence please ensure the due diligence to apply the fixes for the problems. Also some core things you can do are…

Ensure you have ….

  • Right team who are up for the challenge
  • Start small to make improvements on the way (Big bang is the recipe for failure) – Simplicity helps
  • Leverage right tools & automations to help the MSA cause
  • Embrace team, customer & product goals
  • Pragmatic approach works 🙂

References: