In this session, attendees will learn about a real-world evolution to a Distributed Architecture without being involved of a complete Microservices Madness; we will be covering tips and tricks of an experience of a evolution of a huge EAR Core Banking Application and how we evolve to a modern distributed Architecture until the evolution of use 3rd party services and Serverless; tips, tricks, pros, cons and the reasons for being involved on move forward and present sample code as FaaS and explain the pitfalls of Serverless and the security concerns on this evolution. We will be using snippets code based on JAVA, JWT, JWS, Auth0, Spring Boot, Reactor, Webflux, Spring Cloud Gateway and Spring Cloud Functions.
2. Alberto Salazar
● Speaker, Java Consultant, #Community
● Auth0 Ambassador
● Author
● Java User Group Leader, JCP Member
● Working 17 years with monolithic
● Founder and CTO:
AdvanceLatam & Cloudbanco
@betoSalazar
@EcuadorJUG
@Auth0Ambassador
www.advlatam.com www.cloudbanco.com www.ecuadorjug.org
www.javaday.ec
7. What is a Distributed Architecture ?
@betoSalazar
A distributed system is a system whose components are located on different
networked computers, which then communicate and coordinate their actions by
passing messages to each other.[1] The components interact with each other in
order to achieve a common goal.
Three significant characteristics of distributed systems are: concurrency of
components, lack of a global clock, and independent failure of components.
https://en.wikipedia.org/wiki/Distributed_computing
9. The journey
● The monolith it is our legacy ?
● Evolved to microservices ?
● Third party services and serverless
● Tips, tricks, pros, cons & conclusions
@betoSalazar
16. @betoSalazar
Microservices
We already split our monolith or we are on it
https://jwt.io/
https://nodejs.org/es/
https://facebook.github.io/react/
https://angular.io/
https://facebook.github.io/react-native/
fat jar
api-gateway.jar
Services
api rest
POST bank.com/api/v1/accouts
POST bank.com/api/v1/accouts
logstash
Login
Angular nodejs
Transaction
Angular nodejs
Module n
Angular nodejs
Osgi container
engine-orchestrator.jar
Osgi container
dynamic-camel-routes.jar
fat jar
batch.jar
fat jar
services.jar
fat jar
business-module1.jar
fat jar
business-module-n.jar
Service
some api
Service
some api
Service
some api
Service
some api
Service
some api
Service
some api
businesslogic.jar
Rest-api-layer
businesslogic.jar
Rest-api-layer
businesslogic.jar
Rest-api-layer
businesslogic.jar
Rest-api-layer
businesslogic.jar
Rest-api-layer
businesslogic.jar
Rest-api-layer
JWT
JSON WEB TOKEN
&
Authorization Server
but…………not all is happiness
21. @betoSalazar
Do you have an automation pipeline process ?
DELIVERY PIPELINE
CI / CD
CODE BUILD TEST DEPLOY
CODE ANALYZE (Quality and security)
If your answer is not, do it before
microservices or serverless
23. @betoSalazar
Serverless
Serverless
! Developers code business logic as functions
! Forgetting everything about the servers
provisioning and scaling concerns where the
logic will be executed
! Ephimeral
! Vendor lock-in is a myth
! Multicloud, get the best from each one (AWS,
Oracle Cloud, Google Cloud, AWS, Azure, etc)
! Troubleshooting is hard
26. @betoSalazar
We end with a Distributed Architecture
Osgi container
engine-orchestrator.jar
Osgi container
dynamic-camel-routes.jar
fat jar
batch.jar
fat jar
services.jar
fat jar
business-module1.jar
fat jar
business-module-n.jar
Service
some api
Service
some api
Service
some api
Service
some api
Service
some api
Service
some api
businesslogic.jar
Rest-api-layer
businesslogic.jar
Rest-api-layer
businesslogic.jar
Rest-api-layer
businesslogic.jar
Rest-api-layer
businesslogic.jar
Rest-api-layer
businesslogic.jar
Rest-api-layer
fat jar
api-gateway.jar
Services
api rest
27. Serverless Security
@betoSalazar
! A user can log in with social network credentials like Facebook, Google
! Returns JWT tokens contain the logged in user
! Use the JSON Web Tokens JWT to validate if a user makes request to a REST Endpoints
! Forget about infrastructure (that’s why we are going serverless, after all) as much as possible;
! Use Auth0 and basically forget about the security details that are behind it.
https://auth0.com
28. Reactive systems
@betoSalazar
Project Reactor
! non-blocking applications
! 10's of millions of messages per second
! Scaling-Out to overcome latency and slow
microservices
https://projectreactor.io
https://projectreactor.io/docs/core/release/reference/
Spring Webflux
https://docs.spring.io/spring/docs/current/spring-framework-reference/web-reactive.html#spring-webflux
! non-blocking HTTP runtimes to the Reactive
Streams API
31. @betoSalazar
The big picture
Osgi container
engine-orchestrator.jar
Osgi container
dynamic-camel-routes.jar
fat jar
batch.jar
fat jar
services.jar
fat jar
business-module1.jar
fat jar
business-module-n.jar
Service
some api
Service
some api
Service
some api
Service
some api
Service
some api
Service
some api
businesslogic.jar
Rest-api-layer
businesslogic.jar
Rest-api-layer
businesslogic.jar
Rest-api-layer
businesslogic.jar
Rest-api-layer
businesslogic.jar
Rest-api-layer
businesslogic.jar
Rest-api-layer
fat jar
api-gateway.jar
Services
api rest
API Gateway Lambda
Lambda
35. @betoSalazar
The conclusion
Nowadays Architecture Trends
! We are dealing with a Distributed Architecture
! Secure your endpoints is a rule
! The system and services have to deal with:
• network communications,
• failures,
• rebalances,
• splits and refactor
! Our legacy system are only legacy because
they’ve been successful enough to last this long
36. @betoSalazar
The conclusion
Recommendations
If you can fit your team around a table you maybe don’t need microservices yet
Hybrid approach and employing monolithic architecture styles when needed
Care about logs, monitoring and always use a CORRELATIONID and MDC (Mapped Diagnostic Context)
Various software architecture patterns match various problems, so you can start to get a
feel for the right solution to fit your needs.
Several applications with monolithic architecture is a good fit and there is no need to
change or refactor that architecture
Security - JWT json web token, Json Web Signature, Json Web Encryption
37. @betoSalazar
Recommendations
To manage changes review the Architectural Clash http://architecturalclash.org
-> In extrategy to developed a new way to assess the level of resilience of our frontend
and mobile applications: the Architectural Clash.
Automate the deployment and delivery process -> CI & CD -> DEVOPS Culture
Design for failover, Service load balancing and automatic scaling, data Separation,
Integrity, Performance
If you have monolith dependencies, you will have performance issues
The conclusion
Always think about: • Low coupling
• High Cohesion
• SOLID Principales
• CQRS Command Query Responsibility Segregation