Web applications running on a cloud platform are different from applications running on-premise in many ways. A cloud based infrastructure provides many services and options to develop a scalable and highly available application which can cater to a global audience. It provides unlimited opportunities for an application to scale and match business requirements. To reap real benefits from cloud platforms, applications need to be developed using services and options provided by cloud infrastructure.
However, running applications on a cloud platform has its own challenges. These challenges can be broadly sub-divided into eight categories. This is not a fixed number. This is based on feedback collected from multiple application developers.
- Availability: Measured as a percentage of application uptime
- Data Management: Data is hosted in different locations. Eventual Consistency vs. Strong Consistency
- Messaging: Loose coupling between components and services, asynchronous messaging, ordering of message, and idempotency
- Management and Monitoring: Applications must expose runtime information for management and monitoring of the system
- Security: The application is exposed on the Internet, outside trusted on premise boundaries. It prevents malicious or accidental actions which can compromise security. It prevents disclosure or loss of information. Security has three sub-categories:
- Data Security
- Network Security
- Identity Management
- Resiliency: Multi-tenancy uses shared platform services. Resiliency provides the ability to gracefully handle and recover from failures and the ability to detect failures
- Performance and Scalability: Responsiveness of a system. It is the ability of a system to handle increased load without any impact on performance
- Design and Implementation: Consistency and coherence in component design and deployment. Reusability of components
Each challenge mentioned above describes an important aspect of web applications. Developers need to handle each challenge explicitly depending upon the requirement. Public cloud vendors provide various services and features to address these issues.
Services offered by major public cloud vendors to handle challenges like availability, data management, messaging, management, monitoring, and security are:
Options provided by AWS and Azure
|Availability||Autoscaling, LoadBalancing||Azure Autoscale|
|Data Management||RDS, DynamoDB,||StoreSimple, Cold Store, SQL Server|
|Messaging||SQS, SNS, SES||Azure Service Bus|
|Management and Monitoring||CloudTrail, CloudWatch, VPC Flowlogs||Azure Monitor|
|Security||Data Security||KMS||Key Vault|
|Network Security||VPC, Security Groups, Network ACLs||Azure Virtual Network|
|Identity Management||AWS Directory Service, IAM||Azure Active Directory|
|Resiliency||AWS Global Infrastructure, Availability Zone||Azure Regions|
|Performance and Scalability||Compute Services(EC2) , Container Services, CloudFront, ElastiCache, etc.||VM’s, Azure Containers, Azure CDN, Azure Managed Cache, etc.|
Note: Basic compute and storage services are not included in this table. This is not the complete list of services offered by AWS and Azure. This is just a high level view of services by two major service providers. There are similar services offered by other cloud providers like Rackspace, IBM BlueMix and many others.
Design and implementation of a true cloud native application is one of the major challenges faced by application developers. Challenges described above have to be kept in mind while designing the application. One of the biggest worries for cloud based applications is vendor lock-in. Applications closely integrated with specific vendor services cannot be migrated on other cloud platforms. This creates dependency on that specific cloud vendor making migration to other cloud platforms a costly affair. The solution is to develop a cloud agnostic application.
Such challenges can be handled by implementing cloud design patterns into code. There are a host of design patterns which can be used in applications. Some of the design patterns are:
- Federated Identity: Authentication is managed by an external identity provider. A dedicated security application manages the identity. This simplifies the application
- Gatekeeper: Dedicated host instance acting as a broker between client and services/application. Limits the attack surface of application. Additional layer of security
- Valet Key: Restricted access to a specific resource or service. Can be implemented using a token or a key
- Command Query Responsibility Segregation (CQRS): Segregate operations using a separate interface
- Circuit Breaker: Handles failures gracefully. Improves stability and resiliency
- Integration Provider: Messaging and sharing of data hosted by different providers
This is not the complete list of cloud design patterns. This link is a collection of commonly used cloud design patterns.
Developers can leverage options provided by the cloud platform and implement cloud design patterns to develop a robust, resilient and truly secure cloud hosted application. Few points to keep in mind:
- Make your application as generic as possible
- Make it stateless
- Store the session information in some persistent data store
- Don’t log onto the file system. Use a proper logging mechanism
- Don’t code using any specific infrastructure dependency
- Use API gateway
- Use DevOps tool to automate deployment and configuration of your application on the cloud
- Cloud Native Application: Applications built to run optimally on cloud infrastructure
- Cloud Agnostic Application: Applications which can be deployed on any public cloud. Free from vendor lock-in
[Tweet “Challenges in Cloud Application Development ~ via @CalsoftInc”]