It is always better not to reinvent the wheel. Therefore, we would like to explore what tools are already available and provide the platform, framework, and features that make microservices development and deployment easier.
Throughout the book, we have used the Spring Cloud extensively, due to the same reason; it provides all the tools and platform required to make microservice development very easy. Spring Cloud uses the Netflix Open Source Software (OSS). Let us explore Netflix OSS—a complete package.
I have also added a brief overview about how each tool will help to build good microservice architecture.
Netflix OSS center is the most popular and widely-used open source software for Java-based microservice open source projects. The world's most successful video renting service is dependent on it. Netflix has more than 40 million users and is used across the globe. Netflix is a pure cloud-based solution, developed on microservice-based architecture. You can say that whenever anybody talks about microservices, Netflix is the first name that comes to mind. Let us discuss the wide variety of tools it provides. We have already discussed many of them while developing the sample OTRS app. However, there are a few which we have not explored. Here, we'll cover only the overview of each tool, instead of going into detail. It will give you an overall idea of the practical characteristics of microservices architecture and its use in Cloud.
Netflix Nebula is a collection of Gradle plugins that makes your microservice builds easier using Gradle (a Maven-like build tool). For our sample project, we have made use of Maven, therefore we haven't had the opportunity to explore Nebula in this book. However, exploring it would be fun. The most significant Nebula feature for developers is eliminating the boilerplate code in Gradle build files, which allows developers to focus on coding.
Once your build is ready, you want to move that build to Amazon Web Services (AWS) EC2. Aminator creates and packages images of builds in the form of Amazon Machine Image (AMI). Spinnaker then deploys these AMIs to AWS.
Spinnaker is a continuous delivery platform for releasing code changes with high velocity and efficiency. Spinnaker also supports other cloud services, such as Google Computer Engine and Cloud Foundry.
Eureka, as we have explored in this book provides a service that is responsible for microservice registration and discovery. On top of that, Eureka is also used for load-balancing the middle-tier (processes hosting different microservices). Netflix also uses Eureka, along with other tools, like Cassandra or memcached, to enhance its overall usability.
Note
Service registration and discovery is a must for microservice architecture. Eureka serves this purpose. Please refer to Chapter 4, Implementing Microservices for more information about Eureka.
Microservice architecture is of no use if there is no inter-process or service communication. The Ribbon application provides this feature. Ribbon works with Eureka for load balancing and with Hystrix for fault tolerance or circuit breaker operations.
Ribbon also supports TCP and UDP protocols, apart from HTTP. It provides these protocol supports in both asynchronous and reactive models. It also provides the caching and batching capabilities.
Hystrix tool is for circuit breaker operations, that is, latency and fault tolerance. Therefore, Hystrix stops cascading failures. Hystrix performs the real-time operations for monitoring the services and property changes, and supports concurrency.
Zuul is an edge server or proxy server, and serves the requests of external applications such as UI client, Android/iOS app, or any third-party consumer of APIs offered by the product or service. Conceptually, it is a door to external applications.
Zuul allows dynamic routing and monitoring of requests. It also performs security operations like authentication. It can identify authentication requirements for each resource and reject any request that does not satisfy them.
Note
You need an edge server or API gateway for your microservices. Netflix Zuul provides this feature. Please refer to Chapter 5, Deployment and Testing for more information.
Atlas is an operational monitoring tool that provides near real-time information on dimensional time-series data. It captures operational intelligence that provides a picture of what is currently happening within a system. It features in-memory data storage, allowing it to gather and report very large numbers of metrics very quickly. At present, it processes 1.3 billion metrics for Netflix.
Atlas is a scalable tool. This is why it can now process 1.3 billion metrics, from 1 million metrics a few years back. Atlas not only provides scalability in terms of reading the data, but also aggregating it as a part of graph request.
Atlas uses the Netflix Spectator library for recording dimensional time-series data.
In Cloud, no single component can guarantee 100% uptime. Therefore, it is a requirement for successful microservice architecture to make the entire system available in case a single cloud component fails. Netflix has developed a tool named Simian Army to avoid system failure. Simian Army keeps a cloud environment safe, secure, and highly available. To achieve high availability and security, it uses various services (Monkeys) in the cloud for generating various kinds of failures, detecting abnormal conditions, and testing the cloud's ability to survive these challenges. It uses the following services (Monkeys), which are taken from the Netflix blog:
- Chaos Monkey: Chaos Monkey is a service which identifies groups of systems and randomly terminates one of the systems in a group. The service operates at a controlled time and interval. Chaos Monkey only runs in business hours with the intent that engineers will be alert and able to respond.
- Janitor Monkey: Janitor Monkey is a service which runs in the AWS cloud looking for unused resources to clean up. It can be extended to work with other cloud providers and cloud resources. The schedule of service is configurable. Janitor Monkey determines whether a resource should be a cleanup candidate, by applying a set of rules on it. If any of the rules determines that the resource is a cleanup candidate, Janitor Monkey marks the resource and schedules a time to clean it up. For exceptional cases, when you want to keep an unused resource longer, before Janitor Monkey deletes a resource, the owner of the resource will receive a notification a configurable number of days ahead of the cleanup time.
- Conformity Monkey: Conformity Monkey is a service which runs in the AWS cloud looking for instances that are not conforming to predefined rules for the best practices. It can be extended to work with other cloud providers and cloud resources. The schedule of service is configurable.
If any of the rules determines that the instance is not conforming, the monkey sends an e-mail notification to the owner of the instance. There could be exceptional cases where you want to ignore warnings of a specific conformity rule for some applications.
- Security Monkey: Security Monkey monitors policy changes and alerts on insecure configurations in an AWS account. The main purpose of Security Monkey is security, though it also proves a useful tool for tracking down potential problems, as it is essentially a change-tracking system.
- Successful microservice architecture makes sure that your system is always up, and failure of a single cloud component should not fail the entire system. Simian Army uses many services to achieve high availability.
In a cloud environment, nothing is static. For example, virtual host instance changes frequently, an IP address could be reused by various applications, or a firewall or related changes may take place.
Edda is a service that keeps track of these dynamic AWS resources. Netflix named it Edda (meaning a tale of Norse mythology), as it records the tales of cloud management and deployments. Edda uses the AWS APIs to poll AWS resources and records the results. These records allow you to search and see how the cloud has changed over time. For instance, if any host of the API server is causing any issue, then you need to find out what that host is and which team is responsible for it.
These are the features it offers:
- Dynamic querying: Edda provides the REST APIs, and it supports the matrix arguments and provides fields selectors that let you retrieve only the desired data.
- History/Changes: Edda maintains the history of all AWS resources. This information helps you when you analyze the causes and impact of outage. Edda can also provide the different view of current and historical information about resources. It stores the information in MongoDB at the time of writing.
- Configuration: Edda supports many configuration options. In general, you can poll information from multiple accounts and multiple regions and can use the combination of account and regions that account points. Similarly, it provides different configurations for AWS, Crawler, Elector, and MongoDB.
- If you are using the AWS for hosting your microservice based product, then Edda serves the purpose of monitoring the AWS resources.
Vector is a static web application and runs inside a web browser. It allows it to monitor the performance of those hosts where Performance Co-Pilot (PCP) is installed. Vector supports PCP version 3.10+. PCP collects metrics and makes them available to Vector.
It provides high-resolution right metrics available on demand. This helps engineers to understand how a system behaves and correctly troubleshoot performance issues.
Archaius is a distributed configuration management tool that allows you to do the following:
- Use dynamic and typed properties
- Perform thread-safe configuration operations
- Check for property changes using a polling framework
- Use a callback mechanism in an ordered hierarchy of configurations
- Inspect and perform operations on properties using JConsole, as Archaius provides the JMX MBean
- A good configuration management tool is required when you have a microservices-based product. Archaius helps to configure different types of properties in a distributed environment.
Fenzo is a scheduler library for Apache Mesos frameworks written in Java. Apache Mesos frameworks match and assign resources to pending tasks. The following are its key features:
Ice provides a bird's eye view of cloud resources from a cost and usage perspective. It provides the latest information of provisioned cloud resources allocation to different teams that add value for optimal utilization of the cloud resources.
Ice is a grail project. Users interacts with the Ice UI component that displays the information sent via the Ice reader component. The reader fetches information from the data generated by the Ice processor component. The Ice processor component reads data information from a detailed cloud billing file and converts it into data that is readable by the Ice reader component.
Along with Security Monkey, Netflix OSS also makes use of Scumblr and Fully Integrated Defense Operation (FIDO) tools.
Scumblr is a Ruby on Rails-based web application that allows you to perform periodic searches and store/take action on the identified results. Basically, it gathers intelligence that leverages Internet-wide targeted searches to surface specific security issues for investigation.
Scumblr makes use of Workflowable gem to allow setting up flexible workflows for different types of results. Scumblr searches utilize plugins called Search Providers. It checks the anomaly like following. Since it is extensible, you can add as many as you want:
- Compromised credentials
- Vulnerability/hacking discussion
- Attack discussion
- Security-relevant social media discussion
FIDO is a security orchestration framework for analyzing events and automating incident responses. It automates the incident response process by evaluating, assessing and responding to malware. FIDO's primary purpose is to handle the heavy manual effort needed to evaluate threats coming from today's security stack and the large number of alerts generated by them.
As an orchestration platform, FIDO can make using your existing security tools more efficient and accurate by heavily reducing the manual effort needed to detect, notify, and respond to attacks against a network. For more information, you can refer these following links: