In this session, attendees will learn about a real-world evolution to a Distributed Architecture without being involved of a complete Microservices Madness; we will be covering tips and tricks of an experience of a evolution of a huge EAR Core Banking Application and how we evolve to a modern distributed Architecture until the evolution of use 3rd party services and Serverless; tips, tricks, pros, cons and the reasons for being involved on move forward and present sample code as FaaS and explain the pitfalls of Serverless and the security concerns on this evolution. We will be using snippets code based on JAVA, JWT, JWS, Auth0, Spring Boot, Reactor, Webflux, Spring Cloud Gateway and Spring Cloud Functions.

1. asalazar@advlatam.com
@betoSalazar
Edition I
Nowadays Architecture Trends,
from Monolith to Microservices and Serverless
Alberto Salazar,
CTO Advance Latam,
Auth0 Ambassador
21th June 2018

2. Alberto Salazar
● Speaker, Java Consultant, #Community
● Auth0 Ambassador
● Author
● Java User Group Leader, JCP Member
● Working 17 years with monolithic
● Founder and CTO:
AdvanceLatam & Cloudbanco
@betoSalazar
@EcuadorJUG
@Auth0Ambassador
www.advlatam.com www.cloudbanco.com www.ecuadorjug.org
www.javaday.ec

3. Nowadays Architecture Trends
@betoSalazar

4. SOA
Industry approach
ESB
BPM
BAM
Nowadays Architecture Trends - Where we are ?
@betoSalazar
THE MONOLITH
J2EE , JEE
App Server | OSGi
Frontend
Revolution
Html 5 Css3
Mobile
Javascript
The revenge
NodeJS, Angular,
React, Native,
VueJS…
Microservices
Rest, Vert.x | Spring
boot | Micro-profile |
JEE -> Jakarta EE
Nowadays
Devops, Docker,
Kubernetes, Istio
Serverless
Monolith
+ Microservices
+ Serverless
+ Reactive
=
MONOMICROLESS
REACTIVE

5. Nowadays Architecture Trends - The real problem is?
@betoSalazar
Everybody are looking for answers…….
But what about the architecture & business?

6. Nowadays Architecture Trends - The real problem is?
@betoSalazar
We are dealing with a distributed architecture

7. What is a Distributed Architecture ?
@betoSalazar
A distributed system is a system whose components are located on different
networked computers, which then communicate and coordinate their actions by
passing messages to each other.[1] The components interact with each other in
order to achieve a common goal.
Three significant characteristics of distributed systems are: concurrency of
components, lack of a global clock, and independent failure of components.
https://en.wikipedia.org/wiki/Distributed_computing

8. @betoSalazar
What is the problem with distributed architecture ?

9. The journey
● The monolith it is our legacy ?
● Evolved to microservices ?
● Third party services and serverless
● Tips, tricks, pros, cons & conclusions
@betoSalazar

10. asalazar@advlatam.com
@betoSalazar
Monolith

11. Monolith: How it looks
@betoSalazar

12. Monolith: How it looks -> A huge EAR file
@betoSalazar

13. Monolith = Legacy
@betoSalazar
Source: 97 Things Every Software Architect Should Know

14. asalazar@advlatam.com
@betoSalazar
Microservices

15. Microservices
@betoSalazar
Domain based services

16. @betoSalazar
Microservices
We already split our monolith or we are on it
https://jwt.io/
https://nodejs.org/es/
https://facebook.github.io/react/
https://angular.io/
https://facebook.github.io/react-native/
fat jar
api-gateway.jar
Services
api rest
POST bank.com/api/v1/accouts
POST bank.com/api/v1/accouts
logstash
Login
Angular nodejs
Transaction
Angular nodejs
Module n
Angular nodejs
Osgi container
engine-orchestrator.jar
Osgi container
dynamic-camel-routes.jar
fat jar
batch.jar
fat jar
services.jar
fat jar
business-module1.jar
fat jar
business-module-n.jar
Service
some api
Service
some api
Service
some api
Service
some api
Service
some api
Service
some api
businesslogic.jar
Rest-api-layer
businesslogic.jar
Rest-api-layer
businesslogic.jar
Rest-api-layer
businesslogic.jar
Rest-api-layer
businesslogic.jar
Rest-api-layer
businesslogic.jar
Rest-api-layer
JWT
JSON WEB TOKEN
&
Authorization Server
but…………not all is happiness

17. Microservice Madness ?
@betoSalazar
The cost of communication over the
network is not trivial.

18. Microservice Madness ?
@betoSalazar
It’s hard to trace the thread of execution in a
distributed system.

19. Microservice Madness ?
@betoSalazar
The cost of development goes up.

20. Microservice Madness ?
@betoSalazar
Do you depend on a Monolith ?
Provably we will have Bottlenecks

21. @betoSalazar
Do you have an automation pipeline process ?
DELIVERY PIPELINE
CI / CD
CODE BUILD TEST DEPLOY
CODE ANALYZE (Quality and security)
If your answer is not, do it before
microservices or serverless

22. asalazar@advlatam.com
@betoSalazar
Serverless
FaaS, Backend as Services
Third party services

23. @betoSalazar
Serverless
Serverless
! Developers code business logic as functions
! Forgetting everything about the servers
provisioning and scaling concerns where the
logic will be executed
! Ephimeral
! Vendor lock-in is a myth
! Multicloud, get the best from each one (AWS,
Oracle Cloud, Google Cloud, AWS, Azure, etc)
! Troubleshooting is hard

24. Monolith vs Microservices vs Serverless
@betoSalazar
Monolith Microservices Serverless

25. asalazar@advlatam.com
@betoSalazar
The Reality - Tips, tricks, pros , cons

26. @betoSalazar
We end with a Distributed Architecture
Osgi container
engine-orchestrator.jar
Osgi container
dynamic-camel-routes.jar
fat jar
batch.jar
fat jar
services.jar
fat jar
business-module1.jar
fat jar
business-module-n.jar
Service
some api
Service
some api
Service
some api
Service
some api
Service
some api
Service
some api
businesslogic.jar
Rest-api-layer
businesslogic.jar
Rest-api-layer
businesslogic.jar
Rest-api-layer
businesslogic.jar
Rest-api-layer
businesslogic.jar
Rest-api-layer
businesslogic.jar
Rest-api-layer
fat jar
api-gateway.jar
Services
api rest

27. Serverless Security
@betoSalazar
! A user can log in with social network credentials like Facebook, Google
! Returns JWT tokens contain the logged in user
! Use the JSON Web Tokens JWT to validate if a user makes request to a REST Endpoints
! Forget about infrastructure (that’s why we are going serverless, after all) as much as possible;
! Use Auth0 and basically forget about the security details that are behind it.
https://auth0.com

28. Reactive systems
@betoSalazar
Project Reactor
! non-blocking applications
! 10's of millions of messages per second
! Scaling-Out to overcome latency and slow
microservices
https://projectreactor.io
https://projectreactor.io/docs/core/release/reference/
Spring Webflux
https://docs.spring.io/spring/docs/current/spring-framework-reference/web-reactive.html#spring-webflux
! non-blocking HTTP runtimes to the Reactive
Streams API

29. @betoSalazar
https://docs.spring.io/spring/docs/current/spring-framework-reference/web-reactive.html#spring-webflux
Spring WebfluxRest API
Reactive systems

30. @betoSalazar
https://cloud.spring.io/spring-cloud-function/
Spring Cloud Functions
FaaS
! Promote the implementation of business logic
via functions
! Adapters for
• AWS Lambda,
• Microsoft Azure,
• Apache OpenWhisk
• and possibly other "serverless"
service providers.

31. @betoSalazar
The big picture
Osgi container
engine-orchestrator.jar
Osgi container
dynamic-camel-routes.jar
fat jar
batch.jar
fat jar
services.jar
fat jar
business-module1.jar
fat jar
business-module-n.jar
Service
some api
Service
some api
Service
some api
Service
some api
Service
some api
Service
some api
businesslogic.jar
Rest-api-layer
businesslogic.jar
Rest-api-layer
businesslogic.jar
Rest-api-layer
businesslogic.jar
Rest-api-layer
businesslogic.jar
Rest-api-layer
businesslogic.jar
Rest-api-layer
fat jar
api-gateway.jar
Services
api rest
API Gateway Lambda
Lambda

32. asalazar@advlatam.com
@betoSalazar
Demo Secure Serverless
& Code blueprints:
https://github.com/lasalazarr/secure-serverless

33. Demo
@betoSalazar
Run on the command line:
Run with docker:

34. asalazar@advlatam.com
@betoSalazar
Summary

35. @betoSalazar
The conclusion
Nowadays Architecture Trends
! We are dealing with a Distributed Architecture
! Secure your endpoints is a rule
! The system and services have to deal with:
• network communications,
• failures,
• rebalances,
• splits and refactor
! Our legacy system are only legacy because
they’ve been successful enough to last this long

36. @betoSalazar
The conclusion
Recommendations
If you can fit your team around a table you maybe don’t need microservices yet
Hybrid approach and employing monolithic architecture styles when needed
Care about logs, monitoring and always use a CORRELATIONID and MDC (Mapped Diagnostic Context)
Various software architecture patterns match various problems, so you can start to get a
feel for the right solution to fit your needs.
Several applications with monolithic architecture is a good fit and there is no need to
change or refactor that architecture
Security - JWT json web token, Json Web Signature, Json Web Encryption

37. @betoSalazar
Recommendations
To manage changes review the Architectural Clash http://architecturalclash.org
-> In extrategy to developed a new way to assess the level of resilience of our frontend
and mobile applications: the Architectural Clash.
Automate the deployment and delivery process -> CI & CD -> DEVOPS Culture
Design for failover, Service load balancing and automatic scaling, data Separation,
Integrity, Performance
If you have monolith dependencies, you will have performance issues
The conclusion
Always think about: • Low coupling
• High Cohesion
• SOLID Principales
• CQRS Command Query Responsibility Segregation

38. @betoSalazar
#Community
Quito - Ecuador
September 8th
https://www.javaday.ec

39. asalazar@advlatam.com
@betoSalazar
THANK YOU
Auth0 Ambassadors.
Helping the developer community make the
internet safer.