In This Context

Connecting designated hardware to specific apps reduces their mobility and resilience. Building any kind of manual intervention by the Ops team into an application’s life cycle will create long delays in deployment and reduce quality.

• There is a lot of fear around data on the public cloud.

• Public cloud vendors are very knowledgeable about, and experienced in, running large infrastructure.

• In much of the world, public cloud is allowed for almost all industries.

• A private cloud is under full control of the company, so you can optimize in different ways and customize different things that are not possible on public clouds.

• Proficient support is required to keep private clouds up and running, so you must have all that knowledge in your (typically limited) team.

Therefore

Decouple the setup of your physical infrastructure from the provisioning required for the application itself.

Treat all the servers and the rest of the infrastructure as a single large machine managed fully automatically through a set of APIs. Aim to use the same set of tools as would be required on at least one public cloud to ease any future migration.

• Fully automate everything related to running the application.

• Treat your on-premises infrastructure like a cloud; the hardware needs to be completely abstracted away from the users.

• Set up physical servers, network, storage, etc., all separately.

• Deploy and maintain applications through full APIs.

• Even if you need dedicated hardware, treat it as a part of the cloud so it is fully automated.

Consequently

The company enjoys the benefits of cloud native architecture with the additional control and security—but also expense—of hosting your own private cloud setup. Applications are running on the private cloud in exactly the same way as they would run on a public cloud.

• + Developers can get infrastructure on their own, and delivery is faster.

• + There is full control over the platform and data.

• − Private clouds carry a high cost of ownership and quickly become outdated.

In This Context

Procuring, installing, and maintaining hardware becomes a bottleneck that slows down the entire organization.

For most businesses, infrastructure and hardware are not their core business, so they do not invest heavily in maintaining and improving them. Public cloud vendors, however, invest a great deal of money and talent to optimize their services.

Furthermore, when you own the hardware, costs are typically higher: you need to overprovision for peak consumption. If Black Friday traffic is 10 times higher, then you must maintain that 10-times capacity the other 364 days of the year—there is no elastic capacity expansion.

• Private clouds quickly become outdated because they are not a high priority for the business.

• Never enough resources to make a private cloud as good as public cloud.

• In some business areas regulations may not allow use of public cloud due to security concerns and explicit data regulation.

Therefore

Hand over the management of hardware and rent capacity from public cloud vendors like Amazon, Microsoft, Google, and similar instead of owning, managing, and creating full automation for infrastructure.

• Rely on full automation.

• Use APIs to connect with public cloud.

Consequently

You rent fully automated, scalable, resilient infrastructure from a public cloud provider that can be increased and decreased on demand. You pay only for the resources you are actually using.

• Take advantage of integrated services.

• Public cloud vendors constantly upgrading to latest software and services.

• Built-in services like maintained databases, machine learning frameworks, and all kinds of SaaS continuously being built by the vendors.

Therefore

Dedicate at least 50% of the Ops team’s time to automating the operational tasks, and eliminate all manual infrastructure provisioning and maintenance tasks.

Any manual work that is required in between the changes committed by the developer and the delivery to production will significantly reduce the speed of delivery and introduce interteam dependencies.

• Treat infrastructure automation scripts with equal importance as the rest of the company codebase.

• Automate, fully and completely: compute, storage, networking, and other resources; patching and upgrading of operating systems; and deployment and maintenance of systems running on top of the infrastructure.

In This Context

The traditional hardware approach assumes “This app runs on this server”—which is not practical in a distributed system running on the cloud. Attaching specific microservices to specific pieces of hardware significantly compromises the stability and resilience of the system and leads to poor use of the hardware. Every time you want to improve something you need someone to understand how it is all related, so they can safely make the change.

The market demands that companies deliver value to clients very quickly, in a matter of hours or even minutes. However, the traditional deployment of applications to specified static servers using manual or semi-automatic procedures cannot support the growing demands of the development teams to deploy each component separately on multiple environments once, or even more times, per day.

• Software systems become more distributed overall and are required to run on many platforms.

• Dynamic scheduling tools (i.e. container orchestrators like Kubernetes, Nomad, and Docker Swarm, among others) are becoming mature and available for general use.

• Small pieces of applications can fail at random times.

• Advanced technology companies deploy thousands of times a day to large and varied array of development, testing, and production environments.

• In a system with hundreds of components, designating where each one runs increases complexity in the code because this must be specified in the build and is impractical.

• Predicting how a distributed system will behave in runtime is practically impossible.

• All major public clouds have managed dynamic scheduling as a service.

Therefore

All application scheduling needs to be done using an orchestration system in a fully automatic way.

Dynamic schedulers function as container management, in the form of a platform for automating deployment, scaling, and operations of application containers across clusters of hosts. This helps to achieve much more efficient hardware use as the scheduler understands the latest state of the system and can squeeze many components to the same piece of hardware. It also helps to achieve much higher resilience by adding health checks and elements of self-healing and abstracts away the target hardware to simplify the development.

• Cross-functional teams need to understand how to use such tools effectively, and they need to become part of the standard development process.

• Dynamic scheduling also handles stability and resilience by autoscaling and restarting failing applications.

Consequently

Developers build distributed systems and define how components will run and communicate with one another once they are deployed.

• + Applications can scale up and down.

• + Non-functional parts can be restarted and healed automatically.

• − In a distributed system you invest in mechanisms for disaster recovery and disaster maintenance, which carry a high cost.

• − Maintenance is more complex.

• − Even when letting the public cloud handle it for you, Dynamic Scheduling is still exponentially more complex than running a single server.

In This Context

Speed of delivery can be slow if an app depends on uniformity among different environments. Maintaining consistency of different tools and their versions on many machines across many on-premises and/or public clouds is difficult, time-consuming, and risky.

• All stable environments tend to drift eventually.

• It’s impossible to manage thousands of machines manually.

• Differences in environment are difficult to find and to fix.

Therefore

Package up an application’s code and everything it needs to run (all its dependencies, runtime, system tools, libraries, and settings) as a consistent unit so the application can be distributed to start up quickly and run reliably in any computing environment.

This minimizes dependency on the runtime environment. Build once, run everywhere, and distribute quickly and easily.

• Use industry standards like Docker.

• Ensure proper versioning and simple and quick distribution.

• All dependencies included.

• All environments use the same basic tooling.

• Ensure that containers can run on local or any other environment.

Consequently

Every part of the app is packaged in a container and can be easily started anywhere.

• + Container tools like Docker improve efficiency.

• − Large numbers of separate containers increase system complexity.

• − Managing container images requires extra effort.

In This Context

Traditional systems practice assumes the goal is for every system to be 100% up and running, so monitoring is reactive—i.e., aiming to ensure nothing has happened to any of these components. It alerts when a problem occurs. In traditional monitoring if a server fails, you will have an event; response, even if automatic, is manually triggered. This assumption is not valid for distributed systems.

• A distributed system is by definition not 100% stable—when you have so many pieces, some of them will go up and down at random times.

• Resilience is built into the system to handle the assumption that eventually everything in the system will go down at some point.

• The number of components is always increasing while the number of people working on the application remains reasonably stable.

• Always a cost: if you get something, you must pay for it in some way. Here it is complexity, and you must manage it.

• Manual response is never fast enough in a cloud native system.

Therefore

Put in logging, tracing, alerting, and metrics to always collect information about all the running services in a system.

• Switch from a centrally planned system to distributed self-governing system.

• Continually analyze availability of services and behavioral trends of the individual services and entire system.

• Instead of focusing on specific pieces of hardware, focus on functional behavior of components.

• Consistently collect as many metrics as possible.

• Analyze the trends.

• Create an interface to make system state accessible to all stakeholders: anyone involved in system maintenance or development who needs to understand the system at any given time must be able to observe the system’s behavior.

Consequently

There is a continuous overview of the state of the system, visible to anyone for whom this is relevant information.

• + Analytics and proactive monitoring can be used to discover trends, which can be used to predict failure.

• − Any response to a single specific failure is extremely difficult.

In This Context

A full quality test of a distributed system can be done only when the entire system is fully deployed and used. Teams try to reduce complexity and increase quality through infrequent and coordinated multiple-team deployments to the test environment, and then handing off to the operations team for more extensive testing and, finally, delivery.

Large-scale deployments at long intervals are usually difficult and time-consuming, so teams tend to minimize their number. This leads to painful integrations between services, reduced independence of teams, slower time to market, and—eventually—lower quality and higher costs for building the product or service.

• There is more incentive to automate an operation if it happens more frequently (if something is painful do it more often).

• Some issues cannot be caught by automation.

• People gain trust in an action when it’s executed frequently and rarely fails.

• People lose trust quickly if quality is low or reporting unreliable.

• Small changes delivered by the teams themselves are easy to fix or revert.

• Recent changes are still fresh in developers’ minds.

Therefore

Deliver every change to a production-like environment where all the services are delivered continuously and independently.

Reduce the pain by using full automation coupled with increased speed and frequency of releases.

• No manual handovers on the way to deployment.

• Full automation is now in place.

• Test automation is now in place.

• Products are always in a releasable state.

• Experiments are more effective, as getting feedback from real customers is fast and painless.

Consequently

The business can release to customers anytime.

• + A feature can be tested very quickly with customers.

• − Some failures will sneak in through automation.

• − Very high level of automation is critical; any manual steps slow the process and introduce problems.

In This Context

Changes are frequently delivered to a production-like environment in a quick and automated way, but then they get stuck there.

Many teams using CI/CD still have a human gate at the end, meaning that before changes can go live they may need to wait for the Ops team to do extensive testing, whether automated or manual, and/or wait for manual deployment. This means changes are not tested in a real live environment and carry high deployment risk due to potential differences in tools and processes. Time to market is slower; release manager delays releases due to risk and complexity.

• Any handover point slows down the process and introduces risk.

• Some industries have regulations that define roles during development and deployment (for example, release must be manually approved by a designated person of responsibility, as is common in financial sector regs).

• Frequent delivery better helps perceive customer needs.

Therefore

Create a fully automated deployment process to take all changes to production all of the time. Use gradual deployment strategies and prepare for failure mitigation.

Every change committed to the source code repository needs to be tested and ready for delivery to production at any given moment based on business needs and according to the relevant regulations.

• Build in full automation throughout system.

• No team or service dependencies are allowed.

• Make sure there is very good overview of the content and risks to the release manager.

• In case of regulatory restrictions that require a manual delivery step, automate everything before and after the release review point and make the release point as simple as pressing a button. Provide sufficient information to the release manager to allow fast and sound decisions.

Consequently

Speed of delivery to customers is very high, and the changes are flowing to the customers daily or even hourly. Products or services are continuously providing higher value to the customers while allowing the developers to get real live feedback very quickly and learn and improve the products even further.

• + Experiments can be done quickly and changes rolled back if necessary.

• − Some issues can still sneak in.

• − You have less control over feature release cadence.

In This Context

Too many companies try to rush their newly built cloud native platform into production before it is really ready. Typically the container scheduling platform is installed, but it’s still missing essential automation elements around maintenance and software delivery. This leads to poor quality of the running system and necessitates long delivery cycles. Many times the platform vendor will confirm production readiness of their tool—but without considering the whole system of delivery and maintenance cycles that are an equally crucial part of production.

• Typical cloud native platforms today include only a partial platform and require significant additional configuration and automation.

• A typical full cloud native platform includes 10 to 20 tools.

• Once the main platform is fully running, there is pressure to deliver.

• In case of poor maintenance automation, platform teams could be overloaded with support tasks as teams onboard.

Therefore

Before going to production all major elements of the platform, as well as those of any applications initially migrating to it, need to be in place. This includes having a scheduler, observability, security, networking, storage, and CI/CD. Also, at least basic maintenance automation must be in place.

• System is automated.

• Maintenance is automated or at least documented.

• A bare and basic MVP version of a platform is not enough: there must also be observability, CI/CD, security, etc.

Consequently

The new platform is functional and maintainable, and major tasks are automated. The Platform Team can continue extending the platform while providing satisfactory support for the development teams using it.

• + All major elements of the platform are in place.

• − May delay release to production.

In This Context

Deployment is like a plane taking off: it’s the most dangerous part of flying. System failures typically don’t happen during normal operation but rather during maintenance and updating. This is because change always carries risk, and these are times when you are introducing change into the system.

Deployments are the most frequent and common type of change, and if not treated carefully can introduce a lot of instability. In cloud native, deployment happens very frequently, so this is an important area of concern.

• Maintenance tasks are risk points.

• Deployment frequency in cloud native is high.

• Impact of changes to a complex distributed system is impossible to predict and can lead to cascading errors.

• Modern web users expect 100% availability and high levels of system responsiveness.

Therefore

Use a variety of advanced release strategies to reduce the impact to end users when deployments occur.

There are multiple ways to more safely release a new version of an application to production, and the choice is driven by business needs and budget. Options that work well for cloud native are:

• Re-create: First the existing version A is terminated, then new version B is rolled out.

• Ramped (also known as rolling-update or incremental): Version B is slowly rolled out and gradually replaces version A.

• Blue/Green: Version B is released alongside version A, then the traffic is switched to version B.

• Canary: Version B is released to a subset of users, then proceeds to a full rollout.

• Shadow: Version B receives real-world traffic alongside version A until stability and performance are demonstrated, and then all traffic shifts to B.

When releasing to development/staging environments, either a re-create or a ramped deployment is usually a good choice. If releasing directly to production, a ramped or blue/green deployment is a good potential fit but proper testing of the new platform is necessary. Blue/green and shadow strategies require double resource capacity and so are more expensive, but reduce the risk of user impact. If an application has not been thoroughly tested or if confidence is lacking in the software’s ability to carry a production load, then a canary or shadow release should be used.

Shadow release is the most complex, especially when calling external dependencies with mutable actions (messaging, banking, etc.). But it is particularly useful in common cloud native situations like migrating to a new database technology due to the ability to monitor live system performance under load while maintaining 100% availability.

(If your business requires testing of a new feature against a specific demographic filtered by parameters like geolocation, language, device platform, or browser features, then you may want to use the A/B testing technique. See the A/B Testing pattern.)

• Dynamic scheduling used in conjunction with other technologies supports a variety of deployment strategies to make sure infrastructure remains reliable during an application update.

• Use redundancy and gradual rollout to reduce risk.

• Limit the blast radius by deploying small parts of the system independently.

Consequently

Risks to the system during deployment/maintenance are anticipated and managed.

• + Deployments are frequent, and the Dev teams are confident.

• + Users get high availability and seamless responsiveness.

• − These setups are complex, and cost can be high.

• − The complex nature of these techniques can introduce new risks.

In This Context

Companies often first approach a cloud native transformation with the belief that it simply means migrating their existing system and processes onto the cloud. This is so common that it’s earned the name “lift and shift” and it categorically does not work if you try to do this at the beginning of a transformation. An organization has to change not only its technology but also its structure, processes, and culture in order to succeed with cloud native.

When organizations do a lift and shift at the very beginning, they expect it will be a quick and easy project to execute, since the applications themselves do not change significantly. In most cases, however, it ends up being a large and expensive initiative requiring triple the anticipated time and budget. This is due both to the complexity related to the underlying platform and the new knowledge required for operating on the cloud. Such a painful experience may lead to delays or even total cancellation of the following refactoring initiatives.

• An expensive project to rebuild/refactor an app may prevent further improvements on app.

• “Moving to cloud” may look like a quick win.

• Public cloud vendors may offer incentives for you to move—lift and shift—inappropriately early in the transformation initiative.

Therefore

Move functioning and stable legacy apps as-is from data centers to the new cloud native platform without re-architecture at the very end of the initiative.

An organization has to change not only its technology but also its structure, processes, and culture in order to succeed with cloud native. Once the cloud native transformation is close to the end, however, it could be valuable to move any remaining parts of the old system to the new platform. This avoids the extra cost of supporting the legacy platform as well as gaining at least some benefits of the new platform for the old applications.

At the end of a successful refactoring, when the last few, rarely changing applications remain, the team continues to refactor them all, ignoring the piling costs and few benefits coming from such refactoring.

• Keep old tech like VMS and monoliths intact on the new platform.

• Spend minimal effort.

• Create easy ways to strangle remaining old apps.

• Lift and shift only apps that almost never change but cannot be retired easily.

Consequently

You can retire the old platform, shut down the servers, and end the datacenter contracts.

• + Benefits are gained from some features on new platform.

• − But this is a missed opportunity to update/re-architect these legacy apps/services, which will likely remain the same forever.

• − Some teams are stuck with old tech.