Cloudy Apps: New Challenges And Complexities

Cloudy Apps

New technologies often simplify some aspect of life, an aspect which was previously painful. But then, as soon as it is adopted, a technology presents new challenges and new complexities.

With cloud computing, you can get a new machine in minutes—less than a minute, in fact, with some of the leading systems. Alternatively, you can provision a new virtual datacenter with secure VLAN and as much storage and “core-age” as you need. Once this is done, the problem of manually sourcing an environment for your application goes away, as it becomes increasingly easy to source one automatically.

With applications, however, there is a new challenge: their environment has to be managed. In the world of cloud, an application is expected to be able to flex when load increases, contract in quiet periods, and generally be efficient about how it’s consuming resources, and do so dynamically. Furthermore, this is not just the case in one site, because if it’s serving users globally, or operating on data-sets in different geographies, it needs to span across sites, adding and removing regions depending on demand, cost or compliance.

The consequence for architects and developers is that an application is no longer just its business logic; it has to carry with its operational logic.

– When should it change the resources it is using?
– How does it safely give up resources, and efficiently “on-board” new ones?
– Where are these policies expressed?

The only sane answer to the last question is that orchestration policies need to be part and parcel of the application. If an application doesn’t describe its deployment and its management—the operational logic—alongside its presentation tiers and its business logic, it is already legacy, and it will bring more complexity over time, not less. On the other hand, if the application embraces its fate, taking responsibility for its runtime lifecycle at dev-time, these operational challenges are addressed in a way app teams know well: by writing it as code—as part of the application—it can be tested, tracked in version control and reused. Continuous integration and testing applies to cloud complexity just as much as to other facets of application development.

There are a number of ways this can be done, with the most exciting activity occurring in the open-source world. Deployment frameworks, such as Puppet and Whirr, can ensure machine portability. Provisioning libraries, such as jclouds, can ensure cloud portability. PaaS offerings, including OpenShift and Cloud Foundry, can ensure application portability, and integrated deployment and management tools such as Brooklyn ensure policy portability.

For green-field applications, these tools—and an approach which treats deployment and ongoing management as core parts of development—give engineers what they need to tackle these challenges.

They enable complexity to be delegated to a PaaS or middleware for those components where it’s appropriate, and for the unavoidable complexity to be managed in other cases, where custom analytics or I/O is essential, or where we are faced with the wide-area realities of replication, consistency, bandwidth and security. By tying in with these open-source projects, application teams benefit from the best practices created by experts without being locked in to proprietary ways of running or managing.

For legacy applications, of course, it might not be practical to transition to new runtimes. However, many of these tools can still facilitate cloud-readiness. By adding a layer of operational logic to the application without touching existing code or business logic, deployment to cloud can be automated, and management introduced, with minimal risk. Eventually, re-architecting may make even better use of the cloud, but the benefits of a lightweight wrapper are significant, bringing at least the orchestration of legacy applications in line with post-cloud application development.

Coming back to our premise, if these tools solve current emerging complexities, it is inevitable that they will soon introduce new complexities. What will these be? Based on our experience, there are a few:  but they’re healthy complexities!

Firstly, the policies become a source of complexity: we recommend keeping them as simple as possible and composing them. But we in the cloud industry (née software industry) are still figuring out best practices.  Open-source policy frameworks are a great place for these conversations to happen. Secondly, everyone in the devops chain has to work together to make sure the policies are right for the app and right for the business. In some organizations this can be a challenge, but the rise of DevOps, more agile practices, and testable deployment are helping to ensure that the most valuable resource—people’s time—is spent as productively as possible.

By Alex Heneveld

Dana Gardner
Low-code Development Has Entered a Maturity Spurt Closing the gap between the applications and services a company needs -- and the ones they can actually produce -- has long been a missing keystone for attaining ...
Cloudtweaks Comic Ai
How AI Is Important for Businesses Shifting to Remote Work The Coronavirus Pandemic has taught us that organizations must have remote work choices. It is no longer possible to work in a digital environment. The ...
Ray Meiring
Proposal Management Software Benefits Amid the COVID-19 pandemic-induced supply chain and market challenges, 2021 started to course correct, allowing many companies to resume business operations. As a result, request for proposals (RFPs), sales proposals, and ...
Kelly Dyer
Achieving Data Security Compliance As individuals, we go through life sharing information about ourselves in every aspect of our daily existence. From credit checks for securing a loan, through to entire personal and family medical ...
Drew Firment
Here’s How to Make Sure Your Skills are Cloud Ready This year will be a period of meteoric growth for the cloud industry. Research from Gartner suggests that global spending on public cloud services in ...

SECURITY TRAINING

  • Isc2

    ISC2

    (ISC)² provides IT training, certifications, and exams that run online, on your premises, or in classrooms. Self-study resources are available. You can also train groups of 10 or more of your employees. If you want a job in cybersecurity, this is the route to take.

  • App Academy

    App Academy

    Immersive software engineering programs. No experience required. Pay $0 until you're hired. Join an online info session to learn more

  • Cybrary

    Cybrary

    CYBRARY Open source Cyber Security learning. Free for everyone, forever. The world's largest cyber security community. Cybrary provides free IT training and paid IT certificates. Courses for beginners, intermediates, and advanced users are available.

  • Plural Site

    Pluralsite

    Pluralsight provides online courses on popular programming languages and developer tools. Other courses cover fields such as IT security best practices, server infrastructure, and virtualization.