Cloud computing has its place in the IT arsenal but it's not necessarily the whole story. Many companies have good reasons for continuing to operate a core data center with mission critical business systems and highly proprietary and sensitive data in it.
That's why one Interop ITX speaker, Keith Townsend, is taking a look at what is an almost completely cloud-based phenomenon, serverless computing, and explaining how it will need to operate as part of a hybrid cloud. In other words, it will need to connect back to the core enterprise data center at key points.
"Most people won't plunge into the public cloud with all their systems" in their first encounter with cloud computing, he said in an interview to preview his May 17 session: Integrating Serverless Computing Into Your Hybrid Infrastructure. Townsend is bent on addressing the concerns of an IT organization that has an investment in the public cloud but is still maintaining an enterprise data center.
Townsend is the SAP infrastructure architect at AbbVie, a supplier of newly developed pharmaceuticals. AbbVie is a spin-off of the pharmaceutical firm Abbot Labs. Townsend is also editor of The CTO Advisor, where he advises his readers that it's not always necessary to go all-in on the public cloud.
He urges newcomers not to get hung up on the term "serverless." There are servers somewhere with serverless applications. But from the application development point of view, there's no need to know where they are or how they're running. Cloud infrastructure insures their continuous availability.
A serverless application calls on functions that are embedded by their enterprise owner in the cloud and activated by a predefined software event. Townsend gave the example of an individual collecting a large video file on his computer, then uploading it into Amazon Web Service's S3 storage. The addition of a video file to the user's account would be an event that triggers a function in AWS' Lambda service.
One example would be an encoding function that would process the video file into the desired format. There's be no human issued commands to accomplish the function. There'd be no need to establish a set of encoding virtual machine servers or assign them an explicit number of CPUs. The Lambda service limits a function's operation to 4.5 or 5 minutes at a time. So the AWS infrastructure would examine how much memory the user had designated, then assign servers to get the encoding done within the five minute time limit.
Townsend explained in a video on serverless that its closest kin, perhaps was the Microsoft concept around 2012 that future development and computing would be done on cloud platforms, which would provide both the development tools and the infrastructure on which those applications would run. But even such a construct relied on the virtual machines of its time, and PaaS and cloud computing in general rely on virtual machines for running workloads still today.
Serverless goes a step beyond the virtual machine environment. If there is a bug in the virtual machine or flaw in the virtual machine management environment, there remains a possible point of failure. By embedding needed application functions in the cloud, then calling on them through software events when they're needed, "we're taking that idea (platform computing) a step further" and freeing it from the specifics of VM or container software and virtualized workload management.
So how does that fit in with hybrid cloud computing? So far the discussion of serverless has been about how it does everything in the cloud. But it doesn't have to, said Townsend.
He cited the example of an IT staff needing to provision a new employee with a laptop. The type of laptop is defined and a supervisor approves the purchase from his mobile phone. That approval triggers a message to a function on AWS Lambda that invokes a purchase system that places an XML-based order with Dell.
"That's a serverless function integrated with an on-premises system. This is hybrid serverless," said Townsend.
While it may sound easy to set up, there's a number of integration issues still to be resolved. "Where is the security in that model?" he asked. If an auditor wants to reconstruct the audit trail of the purchase, how does he know a database entry corresponds with the supervisor's approval and the actual details of the executed purchase?
If the function has the power to execute purchases, "how do I make sure only authorized users are triggering it?" he asked.
Charles Babcock is an editor-at-large for InformationWeek and author of Management Strategies for the Cloud Revolution, a McGraw-Hill book. He is the former editor-in-chief of Digital News, former software editor of Computerworld and former technology editor of Interactive ... View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Cybersecurity Strategies for the Digital EraAt its core, digital business relies on strong security practices. In addition, leveraging security intelligence and integrating security with operations and developer teams can help organizations push the boundaries of innovation.