Serverless – evil queen or tooth fairy?

Tl;dr I went to the Serverless Conf last week. I met a lot of great people, heard quite a few inspiring talks, and presented a talk myself. People tend to say that serverless is fast and reduces cost of our infrastructure - but is that actually true? Hint: I still think it's awesome ;)

Tooth Fairy

Serverless is amazing. It allows us to bash out microservices in no time, and not to have to worry about how we’ll keep our servers up-to-date in terms of security patches. Load balancing, scaling, and all that stuff is in the past. Developing is suddenly so easy, pushing our code into production and into the hands of our users is very straightforward.

There are plenty of 3rd party services such as Auth0, DynamoDB, and countless more; leveraging these enables us to develop faster. What’s more, areas that were hard to access, such as machine learning or internet of things, are quite often supported out of the box with serverless.

Apart from Amazon, other companies are developing their own version of serverless support. Microsoft has Azure Functions, IBM started an open source project called OpenWhisk which seem very interesting, and Google joined the game with their Cloud Functions. Each of these have a slightly different approach to the topic and make it possible for us to avoid vendor lock-in, and choose the right service for each of our projects.

At Red Badger, we’re really excited about this technology and are using it pretty much in every new project.

Evil Queen - Keynote by Patrick Debois

Serverless Conf was definitely the first conference I’ve been to that had a keynote warning the audience against using the technology. Patrick Debois - or the “Godfather of DevOps” - delivered a captivating talk on the caveats of using serverless which I think was both incredibly brave and hugely useful.

@patrickdebois explaining why why shouldn't use serverless "just because". Very sober keynote at #serverlessconfpic.twitter.com/mQIWK811aG

— Anna Doubková (@lithinn) October 27, 2016

I wish I could literally write everything Patrick said but I’ll try to limit it to the most important points and strongly encourage you to check his talk out once it comes online. Here are a few myths he brought down:

It’s more reliable.Services are more reliable if they’re hosted and managed by AWS. In a certain sense yes - you can expect that they are pretty good as they have great engineering teams and huge experience. However, once you host your app in the cloud, it’s out of your hands. AWS doesn’t even have a real-time status update on its services which means you can never really be sure if it’s fully up or not. Once we rely on an external provider, we tend to forget we still need a back-up plan in case things go wrong.

It’s more secure. Same rules apply as with reliability. In a certain sense it is more secure but we can’t make sure that security patches are applied as we need them - or indeed that new patches aren’t applied if we don’t want them to be. It’ harder and in some cases impossible to set up authentication and authorisation on our endpoints and resources in exactly the way we’d need them to. This side of things is being improved all the time but there’s still a way to go.

It’s faster. It can be if you have a simple lambda. However, cold starts are a known issue. Integrating with 3rd party services that are outside of your network means you can’t be sure how fast the whole process will actually be in the end. Taking into account all these things, serverless isn’t necessarily faster for the end user.

It’s cheaper. Yes it is - if you use the infrastructure in the “right way”. But you can’t quite make sure that you do. You can’t budget if you can’t limit access. And it’s true we don’t need to pay people to manage our infrastructure - instead, we increase the cost of training so that our staff know how to use serverless. We can’t stay behind because we don’t control which version of the system we’re accessing. It effectively forces everyone who’s using the system to keep up with the changes constantly. I would argue that’s a good thing - but you still need to take this into account when talking about the cost of serverless.

Better service. Logs, analytics, and similar tools are infamously bad in AWS. To be fair, other providers are doing much better on that front. However, another point is that we’re getting a set of features, and new features aren’t developed to suit our needs. We might run into a typical enterprise problem where we’re using 30% of the service, and need 10% more that we’ll possibly never get.

Tooth Fairy turned Evil Queen - Serverlessness by Charity Majors

Later that day, the main conference hall was full for Charity Majors' talk “Serverlessness, NoOps and the Tooth Fairy” where she basically destroyed the concept that we don’t need to know anything about infrastructure anymore.

We're all doing devops #serverlessconf "Serverlessness is a lie." @mipsytipsypic.twitter.com/ilLRHcrosl

— Anna Doubková (@lithinn) October 27, 2016

“Serverlessness is a lie.” - that about sums up the talk that got people raging and loving it at the same time. There are servers, and we need to care about devops. We’re all doing operations. We have outsourced a bigger chunk of our operations but we still need to understand our infrastructure, it's weak points and how to protect them.

Loving this talk so much #serverlessconfpic.twitter.com/Maw7THTfUj

— Anna Doubková (@lithinn) October 27, 2016

I loved how DevOps people often think that code is the glue for the infrastructure. In a similar way, developers often think infrastructure exists only to run their code. The truth is that our mission isn’t to write code or build infra - these are simply the tools we use to deliver a product. Neither of them should be slated and both are equally important. We should spend decent amounts of time on checking that both are in top shape. Just as we do code reviews on a daily basis, we should review our operations.

Another point is that if you outsource any part of your work to someone else, they might do the job right - but it’s hard to make them care about what your goal is. “You can outsource work but you can’t outsource caring,” Charity pointed out. Outsourcing makes seeing the bigger picture impossible, and that’s why it’s better if you keep core features close and care for them yourself. That doesn't necessarily mean you shouldn’t use serverless - but rather that you should monitor the systems, back-up your data, and do the usual maintenance yourself to make sure the critical parts of your business are always well kept.

Or as Charity said: “Own your critical path. Make it small and guard it. Understand your providers, tech, dependencies.”

Last but not least, Charity pointed out that even if we (as in developers) are using serverless, it’s crucial to understand the infrastructure and realise we’re doing the operations. Companies should really strive for tech excellence not only in dev but also in operations for every employee.

Should we use Serverless at all then?

YES! But…

These two talks were the most prominent but not the only ones that raised caution about this technology. Although most agree that serverless is great, we need to keep in mind it’s still quite new, and there are many issues to be resolved. And as always - no matter how brilliant and shiny a new tech is, the most important question to ask is “How would it benefit me, if I used it?”

Side Notes on the Conference

As a foodie, I want to highlight etc venues where the conference was held and their fantastic food! Thanks for hosting us so well for two days.

The conference was organised in a very professional way. However, possibly because I was recently spoilt at Strangeloop, where they made a huge effort to make sure everyone went welcome, I felt the atmosphere wasn’t that friendly and didn’t invite people to mingle, share, and chat. The audience didn't appear very diverse on first impressions which may have been a factor in this.

Having said that, it was still a place where I was inspired to learn and try out new things. There was also a brilliant after-party that most of the lovely people I met at the conference went to, and that was a blast :)

Post #serverlessconf wrapup wit @goserverless guys and other #serverless community members pic.twitter.com/mSFr2dBoDp

— Mikael Puittinen (@mpuittinen) October 28, 2016

List of fun talks to look out for

Day 1:

Patrick Debois - Keynote

https://www.youtube.com/watch?v=L_ClI_SzhVI

Ian Messingham - IoT

https://www.youtube.com/watch?v=gR8ndUMCW00

Charity Majors - Serverlessness, NoOps, and the Tooth Fairy

https://www.youtube.com/watch?v=J0eC1S318Q0

Gojko Adzic - Migrating to Serverless

https://www.youtube.com/watch?v=yneIlV2YGaI

Jeroen Resoort - Mission to Mars (this one has a working robot demo!)

https://www.youtube.com/watch?v=rsh6eKc1tVM

Day 2:

Florian Motlik - Getting the most out of Serverless Framework

https://www.youtube.com/watch?v=ygGmigMBVfI

Bret McGowen - Serverless Microservices with Google Cloud Functions

https://www.youtube.com/watch?v=BybYim0HRmY

Garish Dusane - Why PubNub moved Serverless Computing into the Network

https://www.youtube.com/watch?v=BxnfoXDbuio

Christian Blunden - Serverless Real-Time Aggregates

https://www.youtube.com/watch?v=Pyj5LPXoIcA

And here's the talk I did - Serverless Framework Plugins

https://www.youtube.com/watch?v=2VMNvqZYr2Q

Have you had a chance to try out serverless yet? Let us know what you thought in the comments below, or chat to me on Twitter @lithinn.