Chapter 9. Architecture of Individual Microservices

When microservices are implemented, close attention must be paid to a number of key points. First, this chapter addresses the domain architecture of microservices (section 9.1). Next up is CQRS (Command Query Responsibility Segregation) (section 9.2), which can be interesting when implementing a microservice-based system. This approach separates data writes from data reads. Event Sourcing (section 9.3) places events at the center of the modeling. The structure of a microservice can correspond to a hexagonal architecture (section 9.4), which subdivides functionality into a logic kernel and adapters. Section 9.5 focuses on resilience and stability—essential requirements for microservices. Finally, technical approaches for the implementation of microservices, such as Reactive, are discussed in section 9.6.

This section details how to identify potential problems with the domain architecture of a microservice. Once a potential issue has been discovered, the team responsible for the microservice will need to determine whether it constitutes a real problem and how it can be solved.

1. https://speakerdeck.com/owolf/cqrs-for-great-good-2

Figure 9.1 shows the structure of a CQRS system. Each command is stored in the command store. In addition, there can be command handlers. The command handler in the example uses the commands for storing the current state of the data in a database. A query handler uses this database to process queries. The database can be adjusted to the needs of the query handler. For example, a database for the analysis of order processes can look completely different from a database that customers use for displaying their own order processes. Entirely different technologies can be employed for the query database. For instance, it is possible to use an in-memory cache, which loses data if there is a server failure. Information persistency is ensured by the command store. In an emergency the contents of the cache can be reconstructed by the command store.

• The communication infrastructure can implement the command queue when a messaging solution is used. With approaches such as REST a microservice has to forward the commands to all interested command handlers and implement the command queue that way.

• Each command handler can be a separate microservice and can handle the commands with its own logic. This enables logic to be very easily distributed to multiple microservices.

• A query handler can also be a separate microservice. The changes to the data which the query handler uses can be introduced by a command handler in the same microservice. However, the command handler can also be a separate microservice. In that situation the query handler has to offer a suitable interface for accessing the database so that the command handler can change the data.

• Reading and writing of data can be separated into individual microservices. This makes possible even smaller microservices. When the writing and reading is so complex that a single microservice for both would get too large and too hard to understand, a split might make sense.

• Also a different model can be used for writing and reading. Microservices can each represent a Bounded Context and therefore use different data models. For instance, in an e-commerce shop a lot of data may be written for an online purchase while statistical evaluations read only a small part of that data for each purchase. From a technical perspective the data can be optimized for reading operations via denormalization or via other means for certain queries.

• Writing and reading can be scaled differently by starting a different number of query handler microservices and command handler microservices. This supports the fine-grained scalability of microservices.

• The command queue helps to handle any load peaks that occur during writing. The queue buffers the changes that are then processed later on. However, this does mean that a change to the data will not immediately be taken into consideration by the queries.

• It is easy to run different versions of the command handlers in parallel. This facilitates the deployment of new versions of the microservices.

CQRS can serve to make microservices even smaller, even when operations and data are very closely connected. Each microservice can independently decide for or against CQRS.

There are different ways to implement an interface that offers operations for changing and reading data. CQRS is only one option. Both aspects can also be implemented without CQRS in just one microservice. The freedom to be able to use different approaches is one of the main benefits of microservice-based architectures.

• Transactions that contain both read and write operations are hard to implement. The read and write operations may be implemented in different micro-services. This may mean it is very difficult to combine the operations into one transaction since transactions across microservices are usually impossible.

• It is hard to ensure data consistency across different systems. The processing of events is asynchronous, meaning that different nodes can finish processing at different points in time.

• The cost for development and infrastructure is higher. More system components and more complex communication technologies are required.

It is not wise to implement CQRS in every microservice. However, the approach can be valuable for microservice-based architectures in many circumstances.

2. http://slideshare.net/mploed/event-sourcing-introduction-challenges

Instead of the maintaining state itself Event Sourcing stores the events that have led to the current state. While the state itself is not saved, it can be reconstructed from the events.

Figure 9.2 gives an overview of Event Sourcing:

• The event queue sends all events to the different recipients. It can, for instance, be implemented with messaging middleware.

• The event store saves all events. This makes it possible to reconstruct the chain of events and the events themselves.

• An event handler reacts to the events. It can contain business logic that reacts to events.

• In such a system it is only the events that are easy to trace. The current state of the system is not easy to follow up on. Therefore, it can be sensible to maintain a snapshot that contains the current state. At each event or after a certain period of time the data in the snapshot will be changed to bring it up-to-date with the new events. The snapshot is optional. It is also possible to reconstruct the state from the events in an ad hoc manner.

Events may not be changed afterwards. Erroneous events have to be corrected by new events.

Event Sourcing is based on domain-driven design (see section 3.3). To adhere to the concept of Ubiquitous Language, the events should have names that also make sense in the business context. In some cases, an event-based model makes particular sense from a domain perspective. For instance, bookings to an account can be considered as events. Requirements like auditing are very easy to implement with Event Sourcing. Because the booking is modeled as an event, it is very easy to trace who has performed which booking. In addition, it is relatively easy to reconstruct a historical state of the system and old versions of the data. So Event Sourcing can be a good choice from a domain perspective. Generally, approaches like Event Sourcing make sense in complex domains which also benefit from domain-driven design.

Event Sourcing has similar advantages and disadvantages to CQRS, and both approaches can easily be combined. Event Sourcing makes particular sense when the overall system works with an event-driven architecture (section 7.8). In this type of system, the microservices already send events relating to changes of state, and it is logical to also use this approach in the microservices.

3. http://alistair.cockburn.us/Hexagonal+architecture

Interfaces don’t just take requests from other systems; they are also used to initiate contact with other systems. In the example the database is accessed via the DB adapter—an alternative adapter is provided for test data. Another application can be contacted via the REST adapter. Instead of these adapters a test adapter can be used to simulate the external application.

Another name for hexagonal architecture is “ports and adapters.” Each facet of the application like user, admin, data, or event is a port. The adapters implement the ports based on technologies like REST or web user interfaces. Through the ports on the right side of the hexagon the application fetches data, while the ports on the left side offer the system’s functionality to users and other systems.

The hexagonal architecture divides a system into a logic kernel and adapter. Only the adapters can communicate with the outside.

Since individual test implementations can be implemented for all ports, the isolated testing of a microservice is easier with a hexagonal architecture. For this purpose, test adapters just have to be used instead of the actual implementation. The independent testing of individual microservices is an important prerequisite for the independent implementation and the independent deployment of microservices.

The logic required for resilience and stability (see section 9.5) or Load Balancing (section 7.12) can also be implemented in the adapter.

It is also possible to distribute the adapters and the actual logic into individual microservices. This will result in more distributed communication with its associated overhead. However, this does mean that the implementation of the adapter and kernel can be distributed to different teams. For instance, a team developing a mobile client can implement a specific adapter that is adapted to the bandwidth restrictions of mobile applications (see also section 8.1).

Another interface is the order events. They announce to the Delivery microservice whenever new orders arrive so that the orders can be delivered. Through this interface the Delivery microservice also communicates when an order has been delivered or when delays have occurred. In addition, this interface can be served by an adapter for tests. This means that the interface to the delivery microservice does not just write data but can also introduce changes to the orders. This means the interface works in both directions: It calls other microservices but can also be used by other microservices to change data.

The hexagonal architecture has a domain-based distribution into an interface for user functionality and an interface for order events. That way, the architecture underlines the domain-based design.

The state of the orders is saved in a database. There is also an interface where test data can be used for tests instead of the database. This interface corresponds to the persistence layer of a traditional architecture.

Finally, there is an interface that uses data replication to transmit order information to reporting. There statistics can be generated from the orders. Reporting appears to be a persistence interface but is really more: The data is not just stored, but changed to enable quick generation of statistics.

As the example shows, a hexagonal architecture creates a good domain-based distribution into different domain-based interfaces. Each domain-based interface and each adapter can be implemented as a separate microservice. This makes possible the division of the application into numerous microservices, if necessary.

For this reason, microservices have to be shielded from the failure of other microservices. This property is called resilience. The necessary measures to achieve resilience have to be part of the microservice. Stability is a broader term that denotes high software availability. Release It!⁴ lists several patterns on this topic.

4. Michael T. Nygard. 2007. Release It!: Design and Deploy Production-Ready Software. Raleigh, NC: Pragmatic Programmers.

Normally the Circuit Breaker is closed and calls are forwarded to the target system. When an error occurs, depending on the error frequency, the Circuit Breaker will be opened. Calls will no longer be sent on to the target system but will instead return an error. The Circuit Breaker can also be combined with a timeout. When the timeout parameters are exceeded, the Circuit Breaker is opened.

This takes load off the target system and means that the calling system does not need to wait for a timeout to occur, as the error is returned immediately. After some set period, the Circuit Breaker will close again. Incoming calls will once again be forwarded to the target system. If the error persists, the Circuit Breaker will open again.

The state of the Circuit Breakers in a system can highlight where problems are currently occurring to operations staff. An open Circuit Breaker indicates that a microservice is no longer able to communicate with another microservice. Therefore, the state of the Circuit Breaker should be part of the monitoring done by operations.

When the Circuit Breaker is open, an error does not necessarily have to be generated. It is also possible to simply degrade the functionality. Let us assume that an automated teller machine (ATM) cannot verify whether an account contains enough money for the desired withdrawal because the system that is responsible is not reachable. Nevertheless, cash withdrawals can be permitted up to a certain limit so that customers do not get annoyed by the failure, and the bank can continue to make the associated withdrawal fees. Whether a cash withdrawal is allowed and up to what limit is a business decision. The possible damage has to be balanced against the potential for profit. There can also be other rules applied in case of the failure of a system. Calls can be answered from a cache, for instance. More important than the technical options is the domain-based requirement for deciding on the appropriate handling of a system failure.

Similar approaches are applicable to software: the entire system can be divided into individual areas. A breakdown or a problem in one area should not affect the other areas. For example, there can be several different instances of a microservice for different clients. If a client overloads the microservices, the other clients will not be negatively affected. The same is true for resources like database connections or threads. When different parts of a microservice use different pools for these resources, one part cannot block the other parts, even if it uses up all its resources.

In microservices-based architectures the microservices themselves form separate areas. This is particularly true when each microservice brings its own virtual machine along. Even if the microservice causes the entire virtual machine to crash or overloads it, the other microservices will not be affected. They run on different virtual machines and are therefore separate.

On a technical level the patterns can be implemented in different ways. For micro-services there are the following options:

• Timeouts are easy to implement. When another system is accessed, an individual thread is started that is terminated after a timeout.

• At first glance Circuit Breakers are not very complex and can be developed in your own code. However, any implementation must work under high load and has to offer an interface for operations to enable monitoring. This is not trivial. Therefore, a home-grown implementation is often not sensible.

• Bulkheads are an inherent feature of microservices since a problem is, in many cases, already limited to just one microservice. For instance, a memory leak will only cause one microservice to fail.

• Steady State, Fail Fast, Handshaking and Test Harness have to be implemented by each microservice.

• Uncoupling via middleware is an option for shared communication of microservices.

5. http://www.reactivemanifesto.org/

6. https://github.com/Netflix/Hystrix/

7. http://www.reactivemanifesto.org/

Essential properties according to the Reactive Manifesto:

• Responsive: The system should react to requests as fast as possible. This has among others advantages for fail fast and therefore for stability (see section 9.5). Once the mailbox is filled to a certain predetermined degree, the actor can, for instance, reject or accept additional messages. This results in the sender being slowed down and the system does not get overloaded. Other requests can still be processed. The aim of being responsive is also helped if blocking I/O operations are not used.

• Resilience and its relationship with Reactive applications has already been discussed in section 9.5.

• Elastic means that new systems can be started at run times that share the load. To achieve this, the system has to be scalable, and it has to be possible to change the system at run time in such a way that the load can be distributed to the different nodes.

• Message Driven means that the individual components communicate with each other via messages. As described in section 8.4, this communication fits well with microservices. Reactive applications also use very similar approaches within the application itself.

Reactive systems are particularly easy to implement using microservices and the concepts from Reactive fit neatly with microservices’ concepts. However, similarly good results can also be achieved by the use of more traditional technologies.

Some examples of technologies from the Reactive arena are:

• The programming language Scala⁸ with the Reactive framework Akka⁹ and the web framework Play¹⁰ is based on it. These frameworks can also be used with Java.

8. http://www.scala-lang.org/

9. http://akka.io/

10. https://www.playframework.com/

• There are Reactive extensions¹¹ for practically all popular programming languages. Among them are RxJava¹² for Java or RxJS¹³ for JavaScript.

11. http://reactivex.io/

12. https://github.com/ReactiveX/RxJava

13. https://github.com/Reactive-Extensions/RxJS

• Similar approaches are also supported by Vert.x¹⁴ (see also section 14.6). Even though this framework is based on the JVM, it supports many different programming languages like Java, Groovy, Scala, JavaScript, Clojure, Ruby, and Python.

14. http://vertx.io/

Low cohesion can be an indication of a problem with the domain-based design of a microservice. Domain-driven design (DDD) is an interesting way to structure a microservice. Transactions can also provide clues for an optimized domain-based division: An operation of a microservice should be a transaction (section 9.1).

CQS (command–query separation) divides operations of a microservice or a class into read operations (queries) and write operations (commands). CQRS (command–query responsibility segregation) (section 9.2) separates data changes via commands from query handlers, which process requests. This means that microservices or classes are created that can only implement reading or writing services. Event Sourcing (section 9.3) stores events and does not focus on the current state but on the history of all events. These approaches are useful for building up microservices because they enable the creation of smaller microservices that implement only read or write operations. This enables independent scaling and optimizations for both types of operations.

Hexagonal architecture (section 9.4) focuses on a kernel that can be called via adapters, for instance, by a UI or an API, as the center point of each microservice. Likewise, adapters can enable the use of other microservices or of databases. For microservices this results in an architecture that supports a UI and a REST interface in a microservice.

Section 9.5 presented patterns for Resilience and Stability. The most important of those are Circuit Breaker, Timeout and Bulkhead. A popular implementation is Hystrix.

Section 9.6 introduced certain technical choices for microservices: For instance, the use of process engines is a possibility for a microservice. Statelessness is beneficial. And finally, reactive approaches are a good basis for the implementation of microservices.

In summary, this chapter explained some essential considerations for the implementation of individual microservices.

• Microservices can be implemented internally with Event Sourcing, CQRS, or hexagonal architectures.

• Technical properties like stability can only be implemented individually by each microservice.