Patterns to be used judiciously: 2 Microservices

Patterns to be used judiciously: 2 Microservices

  • "I wish I had read this article five years ago."
  • "Spot on". "Nice read" . "Excellent piece." "Superb."
  • "Very informative, good to read the practical points of consideration around business, architecture and design."
  • “This is such an insightful post Graham-thank you! We will be sharing it!”

A solution architect works in the gap between enterprise architects and software architects. This is one of several articles written to help solution architects understand the software architecture of enterprise applications, and to supplement the syllabuses covered in our courses to industry certificates for architects of all threee kinds.

Don't divide your monolith into microservices until you have read this article top to bottom!

Contents: 1 Introduction. 2 Case study: monolith. 3 Case study: microservices. 4 Decoupling of microservices. 5 Upsides and downsides of microservices. 6 Dos and don'ts of microservices. 7 Motivations. 8 Trade off. 9 Six Principles.

(By the way, I moved discussion of design patterns often, but not necessarily, associated with Microservices, such as Domain-Driven Design and Event-Driven Archiecture, into the preceding article. Find it under Further Reading.)

Preface

For decades, themes in my architect training courses have been:

  • Think about the wider context.
  • Don't forget the numbers.
  • Balance tradeoffs between options

You can find the same messages in the philosophy of the highly-regarded economist Thomas Sowell, which I edit thus: Since no system or solution can be perfect; we must

  • trade off between imperfect designs
  • tolerate some flaws, inequities and risks
  • measure outcomes and
  • incrementally adjust to address issues arising,

Questions to ask of a proposed design option include:

  • how does it compare to other options?
  • what does it cost?
  • what evidence do you have?

Is a microservices architecture the right option for you? Will it lead to a simpler, more efficient, more effective or more maintainable application? If your enterprise application does not process scores of thousands of transactions per second, and many transactions require access to several related data entites, then using a pattern designed for higher throughout, that distributes the contents of a cohesive data store across a network, adds complexity and comes with the downside of the 4Ds - to be discussed.

The system of interest in this article is an enterprise application used by actors when performing activities in business roles and processes. It captures business data, stores it, applies business rules to it, and provides business data to actors that need it.

The application maintains a substantial data store, which records facts about things the business wants to monitor or direct. Its scope may be defined by identifying a) the use cases the users use it for, and b) the set of data entities they create and use.

Typically, software architects, hierarchically decompose an enterprise application of this kind, into smaller and smaller subsystems. The hierarchy in the C4 model is

  • context,
  • containers,
  • components,
  • code/classes.

Some object-oriented design enthusiasts in the early 1990s promoted decoupling and distributing fine-grained classes - at the bottom level of the decomposition hierarchy. This was so far overdone that, a decade later, Martin Fowler published his rule for distributed objects:

  • "Don't distribute your objects!".

From the bottom up, you may cluster fine-grained classes into a deployable (and potentially distributable) component using the cohesion criterion that those classes create and/or use data stored in one coherent data structure.

From the top down, a microservices architecture divides what?could?be deployed as one application, maintaining a large data structure, into separately deployed components, each maintaining a smaller data structure. My rule is an echo of Fowler's rule for objects:

  • "Don't divide a procedure or a data structure without a good reason."

1 Introduction

Again, typically, software architects decompose an enterprise application, hierarchically, into smaller and smaller modules. For more than half a century (at least since Parnas, 1972) the primary cohesion criterion used to cluster operations into a module has been to cluster operations that act on the same data structure.

In the late 1990s, given the need to modularize increasingly large enterprise applications (maintaining increasingly large databases) followers of the component-based design (CBD) movement divided a large database into discrete divisions, and designed a component to maintain each division. Note however that, in CBD, one component might directly read the data maintained by another.

The origin of microservices

The term?microservices?was used by?James Lewis?in a workshop for software architects in 2012. The idea was/is to further "decentralize data management" and decouple appication components. By 2014 James Lewis and Martin Fowler described the microservices architectural style (as Fowler still defines it today) as

“an approach to developing a single application as a?suite of small services.

  • each?running in its own “process" [or container]
  • communicating with lightweight mechanisms, often an HTTP resource API.
  • built around business capabilities [aka business functions]
  • independently deployable?by fully automated deployment machinery.
  • [with] a?bare minimum of centralized management?of these services,
  • [possibly implemented using] different languages and data storage technologies."

By the way, I deprecate the use of the term service for a structural component, but we have to live with it.

The scope of a microservice

I don't find Martin Fowler's reference to "business capabilities" useful. The concept of a capability is loose; its granularity, breath and scope are unclear. A microservice might correspond to one "capability" or "function" in a business capability/function hierarchy, but that is far from guaranteed.

Generally speaking, a microservice is

  • not necessarily small
  • not a service in the sense of “an act performed for another” (an operation)
  • not a component you must deploy separately anyway.

Rather, a microservice is

  • sometimes quite large.
  • a building block, component or module of an application
  • a component of what could potentially be a monolithic application

A microservices architecture is a kind of service-oriented architecture in which what could be coded and deployed in one "monolithic" application layer, is divided into several separately deployed components, each maintaining its own data store.

How to scope a microservice from the top-down?

This microft article says: "As a general principle, a microservice should be no smaller than an aggregate, and no larger than a bounded context." The implication is that an application's domain model might, potentially, be decomposed four times, into

  • bounded contexts - each divided into
  • microservices - each divided into
  • aggregates entities - each divided into
  • entities (perhaps corresponding to tables in a database).

Since the C4 model has three levels (container, component, class), I reckon only a very large application is likely to need four levels of decomposition.

A small application might be divided directly into aggregates (as in the earlier article on Domain-Driven Design). In other words, small application = microservice.

How to scope a microservice from the bottom up?

The term "microservice" only makes sense by comparison with the "macro" thing people call a "monolithic" application that maintains a large persistent data structure in one database. Given an application is naturally defined by

  • the use cases the users use it for
  • the set of data entities that users create and use.

the simplest way to scope a microservice is by drawing a line around a) a subset of the use cases and/or b) a subset of "monolithic" data model in which data entities are related.

2 Case study: the design of a monolith

The business requirement is to

  • schedule and record the movements of resources between locations
  • maintain descriptions of them, and monitor their current state
  • record events, such as the introduction, inspection and removal of resource types and resource instances.

The application users will enter scores of transactions that each create, read, update and delete elements of the stored data, to reflect changes in the state of the real world.

The application needs generic infrastructure components for static content and security.

No alt text provided for this image
Logistics app - monolith

Every so-called "monolith" is modularised in some way. The illustration divides the application layer into three modules or components. We'll return to look at those after we look at the data layer.

The data layer

The persistent data is recorded in the "monolithic" data structure of one data store, which contains three kernel entities: location, movement and resource.

No alt text provided for this image
Monolothic data store structure

A well-drawn entity-relationship diagram is a powerful artifact for understanding the business supported by an enterprise application. (The data model above is simplified and generalized from two examples I studied while working for a global systems integrator.)

The application layer

The application layer of an enterprise application is responsible for processing several/many transactions, each acting on one or more data entities in a persistent data structure of several/many related entities.

Modularisation into three components

The application layer of a monolithic application is not truly monolithic. It is modularized in some way. So, let us divide the application layer in our case study into three sister components. The fa?ade directs each transaction to the component responsible for it.

  • The location component receives transactions that identify a location data entity.
  • The resources component receives transactions that identify a resource data entity.
  • The movement component receives transactions that identify a movement data entity.

Each sister component is encapsulated behind an interface. How far you separate interfaces from components that implement them is up to you, and nothing so far here dictates how the code inside a component is organised.

Inside each of the three components

Each of the three sister components might be coded using one of these design patterns.

  • Transaction script - each transaction is coded as a procedure. Transactions scripts may share smaller (perhaps data entity centric) subroutines.
  • Domain model - a kernel entity class acts receives the transactions, and for each, it orchestrates operations performed by smaller entity-based classes.

Since the two patterns aren't a million miles apart, a solution architect might leave the choice to the software architect. If you want to know more, read this earlier article.

Coordinating the three components

The trouble, of course, is that cross-component transactions need special attention. Wherever one transaction/command affects two components, they must be coordinated. The transaction may be

  • orchestrated by an overarching transaction command hander, or
  • completed by choreography between the components, or

Or else, completed in a mix of both ways, using the GRASP pattern.

What's good about a monolith?

The advantages of a (more or less modularized) monolith reflect the difficulties created by dividing it. You may choose to do it when you want some or all the following benefits.

  1. Simpler code, and deployment of it
  2. Simpler management of the run-time
  3. Lower use of messaging and network technology
  4. Faster response time (less messaging)
  5. Less duplication of data in discrete data stores.
  6. Fewer data disintegrities and issues arising from them.
  7. Simpler analysis of the data in one (rather than several) data stores
  8. Simpler business operations, with no need for "compensating transactions"

3 Case study: carving microservices out of a monolith

The graphic below reshapes our monolithic application. There is now one application layer component for each of the three data stores - which each contain one kernel entity and several related data entities.

No alt text provided for this image
Logistics app - after a design pattern in the Microsoft Azure documentation.

The data layer

The data structure has been divided and spread across three discrete data stores (for locations, movements and resources). It is easy say the scope of microservice corresponds to a "bounded context". However, the boundary is not always obvious. We draw boundaries with particular interests in mind, notably:

  • non-functional quality trade offs (such as performance v flexibility)
  • whether there is a realistic prospect of reusing a microservice in any other application

Fowler wrote of "decentralizing data management". However, a data manager should be very much concerned about the integrity of the data in the three data stores.

The application layer

A microservices architecture presumes a data-oriented modularisation of the app layer. It divides the app layer into components corresponding to the physical data stores. And it puts the components in containers which can be distributed and scaled up separately - a physical design consideration.

However, the logical data model (relational or not) remains one coherent whole. The complexity in it does not disappear if you divide and distribute between data stores. It reappears in messaging.

Wherever logical relationships span physical data stores, there will be dependencies between application components. Often, the dependencies will be two-way. So, to complete some procedures will involve messaging between components. And physically decoupling the app components creates new complexities that didn't exist before, like compensating transactions.

Note 1: If a procedural transaction script is in one component and one container, along with a copy of any subroutines it shares, the transactions scripts can a) be distributed and scaled up separately, and b) would not need to communicate (though they do meet in the data layer).

Note 2: on its own, a microservice is not "object-oriented". If you want to code a microservice in an object-oriented style using a rich domain model, you can. If you want to code a microservice as a bunch of transaction scripts acting on database tables, sharing some data-centric subroutines, you can.

Why be wary of microservices?

Beware over-enthusiasm for newly-named design patterns.

  • Middleware vendors propose design options that maximise the use of their technologies.
  • Software engineers want every fashionable design option on their CV.
  • CIOs speak of "microservices" as meaninglessly as they used to speak of "SOA".

But not everyone is enthusiastic: "The biggest mistakes we made building microservices emphasises the issue of complexity".

De-coupling components (by location, by time, or in other ways) is not a goal, it is a means to some particular ends. It helps in some ways and hinders in others. If you're selling the idea of microservices without explaining the problems they can create, then you're in sales rather than education.

  • "As a child of the "component based development" movement in the 1990s I enjoyed this article. Issues that existed then still exist today, if obscured by cloud and silver bullet promoters. I am fed up with being told that state management across inter-dependent microservices is no problem so long as everything is stateless, idempotent, observable etc. Designs are unraveled by undocumented 'not my problem' assumptions that don't reveal themselves as issues until after implementation."

4 Decoupling of microservices

A microservice (a component in the application layer, of what could be a monolithic application) is decoupled from its sister microservices in at least the first and possibly all of three ways

  1. Decoupled by location: a microservice is deployable in its own container and so scalable on its own.
  2. Decoupled by time: microservices may communicate over a network using an asynchronous protocol or messaging technology. (Even though - logically - there is a synchronous dependency between microservices.)
  3. Decoupled by data encapsulation: a microservice accesses data entities maintained by sister microservices only via their APIs. (This is open to interpretation, and discussed in sections below.)

How far should the three sister microservices be decoupled by time, location and data encapsulation? It is commonly proposed they should be physically decoupled in an Event-Driven Architecture and connected using the Saga design pattern discussed in the earlier article.

However, given that the three microservices are logically coupled by the need for data integrity, it is at least questionable whether it is wise to run any one microservice on its own, and whether it could ever be reused within a different application.

Aside on degrees of code isolation

For more a technology/tool-oriented view of modularization options, the table shows different degrees of "code isolation" (here, the term "module" is technology specific.) The recommendation is to start with the simplest option on the left, and move from left to right only when needed.

No alt text provided for this image
Degress of code isolation

5 Upsides and downsides of microservices

Upside of division into microservices

Motivations are listed here and discussed in more depth later. There are four questionable motivations.

  1. To maintain data stores?already?distributed and separately managed. (That describes the mess enterprise architecture was supposed to tidy up.)
  2. To separate what?must?be coded using different technologies? (You’ll do that anyway.)
  3. To enable very high throughput, or scalability towards it. (Do you really need it? Can you refactor if the need arises?)
  4. To migrate a large legacy application for operation in "the cloud". (Why make that migration hard for yourself - better just lift and shift to begin with?)

There are two better motivations:

  1. to facilitate agile development, and
  2. to make reusable application components.

The 4 Ds as downsides of dividing into microservices

As Craig Larman warned, decoupling today for a tomorrow that may never come is time not well spent.

Advances in software application infrastructure have facilitated the decentralisation, distribution and physical decoupling of the components in a modular application structure. But decoupling physically is not decoupling logically, and the inter-component dependencies may be bi-directional.

While physically decoupling microservices may increase agility, it leads also to the 4Ds:

  1. Duplication of information in different places
  2. Dis-integrities and the complexity of compensating transactions
  3. Delays in?processes slowed by inter-actor messaging
  4. Data analysis difficulties?where data is needed from several places.

And to complex system integrations.

Aside: enterprise architects have long struggled to prevent these difficulties, due to the many forces pressing on CIOs, including the “buy before build” principle.

6 Dos and don'ts of microservices

Don't divide a monolith into microservices without a) motivations and b) analysis of the trade offs. This section collects some notes on dos and don'ts.

KISS and YAGNI

Technology options and design options are different. A genuine need for different data storage technologies leads to discrete data apps. But the microservices vision is different. It is to divide what could be one coherent persistent data structure into several.

Some claim this is the way to achieve?high throughput, scalability and availability, and low latency. Yet.

  • Throughput? A regular database can handle a million transactions a minute, and likely far exceeds the demands of your enterprise application.
  • Scalability? Most enterprise applications never approach the scale and complexity of Google or Amazon, so YAGNI applies
  • Availability? Every distinct data server an app needs reduces the availability of the whole.
  • Latency? Accessing one data store is faster than messaging between several.
  • KISS? Dividing a monolith into microservices leads to the 4Ds (data duplication, dis-integrity, delays and difficulties with cross-organisational data analysis) and the complexity of analysing and designing compensating transactions.

Do consider Conway's law and the Bezos mandate

Conway's law ("Any organization that designs a system will inevitably produce a design whose structure is a copy of the organization's communication structure") has a corollary.

Graham's corollary: "Any system designer who decomposes a system into loosely-coupled subsystems will inevitably assign the development of those subsystems to different to units in the sponsor's organization structure, or more widely."?

My corollary can be seen in "the Bezos mandate", the idea of a "microservices architecture" and in other software system design practices

For sure, small teams are good, and can be more agile. But a large system is still a large system, and how tightly or loosely subsystems are integrated depends on the circumstances. Designers should make decisions on the basis of understanding and making trade offs between design options.

Don't mindlessly conflate different design options

The decision to divide a monolith into microservices is often associated with other decisions for which the motivations and trade-offs ought to be considered separately.

  • Larger or smaller data stores
  • Procedural and/or object-oriented application modularization
  • Orchestrated and/or choreographed subsystem coordination
  • Synchronous and/or asynchronous messaging
  • In-prem and/or cloud software deployment.

Many permutations of these options are possible. All good designers start by understanding the motivations for and trade-offs between alternative designs. Directing developers down particular paths without addressing the trade-offs is a root cause of problems in practice.

Directing designers to mindlessly choose one option rather than another is lazy teaching, lazy learning, and can be the source of massive over complexity in software design. The beginning of wisdom for a solution architect is to understand that making a solution work doesn't mean it is the best solution, or even close to it.

Don't mindlessly implement a design pattern

Most design patterns promoted under the banner of "agile architecture" and "microservices architecture" are not new. The long-term trend has been towards distribution and flexible deployment of code. Application layer components can be deployed in "containers" , which are shiftable between servers and managed separately. Here's a design pattern.

https://www.serverless.com/blog/why-we-switched-from-docker-to-serverless

OK, that is a solution architecture, but what is the problem?

So, match the solution to the problem

One article on microservices uses Walmart and Spotify as exemplars. But what Walmart did is obscure (shifting apps onto scalable infrastructure does not imply microservices). And Spotify's core business operation (streaming data files from servers to clients) is very unlike that of most enterprises. As the article says:

  • “Spotify’s microservices are built in very loosely coupled architectures.?There aren’t any strict dependencies?between individual components. They are difficult to monitor since thousands of instances are running at the same time. Microservices are prone to create increased latency: instead of calling a single process. Spotify is calling a lot of services, and these services are calling other services too, so the latency grows through each of these calls.”... “If we consider microservices on an organization level, the negative trade-off is clearly the increase in the complexity of operations.”

Different kinds of business problem require different kinds of IT solution. Microservices may not be a good solution when

  • scalability is not a prime concern
  • response time is a prime concern
  • each microservice requires access to data maintained by another
  • you want to monitor what is going on and debug.

Do understand the impacts of scale

On a graph, development difficulty increases disproportionately with scale, as Brookes suggested in his famous, “There is no silver bullet” article. Increases on different scales have different impacts.

  • Increases on a logical scale (data types maintained, messages types sent, code written) increase the time or number of people required to do the work.
  • Increases on a physical scale (volume of data stored, throughput of messages) affect the choice of design patterns and technologies.

Aside: If your interest is in minimizing the amount of code and data loaded into the memory of an application server to process one transaction, or minimizing the resources needed to process high-throughput transactions in parallel, then I suspect the transaction script pattern is optimal. Because after encapsulating a transaction in its own component and container, you can scale it to match the demand for that particular transaction. But I can't prove it.

Do minimize complexity

The "iron triangle of management" is well known. If you're asked to work faster, cheaper and better, you can meet two of those requirements, but not all three. The "iron triangle of coding" is the general challenge of writing code that is all three of:

  • the minimal code
  • the easiest to understand code
  • the easiest to amend code.

Occasionally, all three qualities may align. Sometimes, two of them align. Sometimes, striving for one undermines both of the others.

Dividing a "monolith" into "microservices" might hinder all three! Not to mention (a reader tells me) the need to worry about correlation IDs, backwards compatibility of interfaces. centralised logging, multiple point of failure, retries and idempotency, semantic interoperability, and the observability of chatty interactions.

You might naively assume dividing up a monolithic application will optimize your use of cloud resources and allow for infinite scalability. But before you do, you should ask.

  • Is it necessary - is the application remotely like Spotify or Amazon?
  • Will it consolidate a sub-optimal or inefficient modular design?
  • Will it needlessly burden messaging and network technology?
  • Will it complicate the code, deployment of the code, and management of the run-time - be difficult monitor, debug and trace?
  • Will it complicate cross-data store data analysis and business operations, requiring "compensating transactions" ?

And in operation, will it perform better or worse, cost more or less?

More don'ts

For sure, you may have good reasons to develop, deploy and integrate small services (applications or application components) in scenarios discussed below. But dismembering data structures and transactions doesn't just hinder finding the data to process some cross-service update or enquiry events, it also creates "accidental complexities". So, generally speaking:

  • Don’t elaborate a design for non-functional requirements that don't exist.
  • Don’t introduce complexity you don’t need (while recognising the irreducibility of required complexity).
  • Don’t divide a coherent data structure without good reasons.
  • Don’t divide a coherent procedure without good reasons.
  • Don't deouple components if you prioritize speed, integrity and simplicity over bein able to manage, run and change them separately.

Do consider the granularity v messaging trade off

Smaller subsystems are easier to build on their own, but they must be joined up to make one application-level system. And all is trade-offs,since given one system to design:

  • Smaller components = More messaging.

However small or large your components, you still have the same requirements to meet, same use cases/transactions to process, same business rules to code., same data to maintain, and same data integrity requirements.

Consider the macro requirement / context

Sometimes the requirement is for a mash up, and no monolithic application is practical. Other times, although dividing one application into several is a design option, it is far from a mandatory requirement.

Is the macro requirement for use case(s) that access several distinct data structures, currently held in different stores, perhaps using different technologies?

If yes, then the end user requires a “mash up” of discrete applications, which you might do well to hide behind an API Gateway. Fine, but there is no plausible “monolithic” application in this case.

Is the macro requirement for use cases that access one coherent data structure, which can readily be stored in one data store?

If yes, then division of the application layer into components - coded separately - has been a common practice for decades. However, dividing the data layer into discrete data stores can create difficulties (below) you might rather do without. It can lead to needlessly complex and frequent messaging between microservices.

Consider cross-component transactions and dependencies

Some transactions need access only one kernel data entity and/or its close associates. Others require to access more than one kernel data entity. Creation and deletion dependencies tend be in opposite directions.

  • Creation dependencies: typically, volatile data depends on stable data. The birth/creation of a transient entity depends on existence or state of a more persistent entity. E.g. to create/schedule a movement, the movement component must check the locations are open on the day of the movement, and check the resource is not already scheduled for movement in the same time period.
  • Deletion dependencies: typically, the death/deletion of a persistent entity depends on existence or state of some more transient entities. E.g. a location cannot be removed or closed while there are movements scheduled to or from that location.

Consider options for cross-component transactions

Suppose a transaction directed to the movement component needs to access or even update data maintained by the location and resources components. Design options include:

  1. More procedural, as in the Transaction Script pattern
  2. More object-oriented, as in the Domain Model pattern

In the latter case, the need to process creation and deletion events means there are bi-directional. dependencies between the sister components. Martin Fowler suggests using "lightweight" communication mechanisms can be fine, especially between the components of one application. Not all messaging needs to go via heavyweight middleware. A designer might use RESTful remote procedure calls between microservices.

Consider session state management

A microservice may statefully hold transient session state data. Session state may be replicated across parallell servers, or held on the one server that a load balancer remembers for the duration of a "sticky session" . Alternatively if scalability demands microservices are stateless, then they must store and retrieve session state data in/from a data store, or else get/send session state data on messages from/or a user interface.

7 Motivations exlored in more detail

What is the motivation? Why divide an application into microservices? Of six motivations that have been advanced, two are interesting, two are not, and two are questionable.

To maintain data stores already distributed and separately managed

This is not interesting, because it describes the application portfolio most enterprises already have. Integrating discrete applications is a system integration task as it ever has been.

To separate what must be coded using different technologies

This is not interesting, because such application components are naturally discrete and separately developed. It is advisable to not to mix more technologies than you need.

To enable scalability or very high throughput

Don’t design for a scalability problem you don’t have. Most businesses are unlike Google or Netflix. Very few business applications need to scale beyond what a conventional database application can handle. A decade ago, one reported their regular database - with a couple of solid state drives, can handle 16 thousand transactions per second. More recently, Oracle TimesTen In-Memory Database achieved?144 million?transactions per second, using a benchmark workload with 80% SQL selects and 20% SQL updates.

https://www.dhirubhai.net/pulse/scaling-sql-millions-transactions-per-second-single-database-hood/.

Suppose scalability really does matter, then how to divide an application into components that are scalable perfectly to match demand? Surely the optimal design is to code each transaction as a procedure in its own container? Then, each transaction component can be deployed and scaled up or down to match the demand for that particular transaction type?

(The transaction scripts might have to duplicate what would normally be factored out into common subroutines, since exceptional requirements require exceptional designs, for which a price must be paid).

Does that fit the microservices architectural style Fowler had in mind?

To migrate a large legacy application for operation in “the cloud"

The much-touted idea is to deploy application components in “containers” that can be shifted between servers, and managed separately. The question is - why? And will migrating applications to the cloud merely consolidate inefficient software design patterns?

Suppose your legacy monolithic app is running fine, it is monitored in real time and secure. Do you need to migrate into the cloud? Suppose the answer is yes - you are convinced migrating the application into the cloud will be beneficial. On to the next question: must you divide the application layer microservices? And if yes, should you simply deploy the components as they are - or refactor them?

IBM's work to automate application modularization does little to “refactor” the modular structure of a legacy application. It merely draws boundaries or “seams” between components in the legacy application structure - then allows designers to group them into larger components, each deployed separately behind its API.

IBM give some reasons for refactoring a legacy application into microservices, but all may be questioned, and some feel like healing a self-inflicted wound.

“Lift and shift does not scale.”

Is scaling really needed? (See motivation 3 above.) Again, to scale up to handle a high throughput transaction, surely the optimal design would be to code that transaction as procedure in its own microservice? And if your legacy application is already modularized in a different, more object-oriented, way, then IBM's refactoring algorithm will consolidate that sub-optimal design.

“A large legacy application is very difficult to administer in the cloud.”

Then why deploy it in the cloud? And why would it be easier to administer scores of interconnected microservices? If the legacy application didn’t need automated start up and load balancing before, why does it need it now? If that is a consequence of division into microservices, then it sounds like healing a self-inflicted wound.

"Developers had to restructure millions of lines of code into smaller microservices through an expensive, time-consuming, largely manual and often error-prone process”

Why did migration to the cloud require them to do that? Because cloud servers are so expensive, their use must be scaled down to the minimum? Or because this restructuring was a naive strategic mandate from a CTO, CIO or EA?

"The goal is to leverage the cloud’s inherent operational efficiency, economic, agility and security benefits.”

Wrt efficiency and economy: Does the migration slow transaction processing by a) replacing local or synchronous calls by remote calls or asynchronous messaging? b) increasing network traffic and use of messaging technologies?

Wrt agility: Does migration leave the underlying database untouched, so microservices are coupled to each other via that database? If two microservices handle two transactions that both update the same data entity, then they cannot be run properly without each other, and data management is not decentralized. Does that fit what Fowler calls the microservices architectural style?

To facilitate agile development

This seems a common motivation - to divide work between smallish teams that can each develop and deploy a microservice quickly, then maintain and extend it with minimal disruption to what other teams are doing. Typically, the data store of a microservice can only be accessed via its API, but see the trade-offs below, and remember the 4 Ds.

To make reusable application components

The impossible dream is to build new user interfaces and enable new processes simply by orchestrating and/or choreographing existing components (small, distributed, server-side application/database components) that were magically designed in anticipation of new requirements.

The challenge is to do this regardless of the different domain-specific languages used in different business contexts, without creating a dependency on centralized server-side resources and without creating a change management headache.

In our case study, it seems unrealistic to think we could simply plug the Locations, Movements or Resources microservice into a different macro application. To do that, we'll probably have to re-design the microservices for use in another context, with different requirements, thus creating a dependency on a centralized software component.

8 Trade offs

The microservices pattern can be used well, and badly. For sure, centrally managing all the stored data in one enterprise is impossible. However, one can make a case for centrally managing all the data within one “bounded context” in which the meaning of terms is defined in one “domain-specific language". One may distribute even that data between discrete data stores, provided that the motivations for doing so are traded off against the downsides. Various trade-offs are discussed below.

Agile development trade-offs

It is important to recognize that agile development principles can be in conflict.

One classic trade-off is between keeping it simple and decoupling components for separate development. Decoupling physically what is logically-coupled leads to the 4D complications discussed above

Another classic trade-off is between

  • “you ain’t gonna need it” and
  • “design for future flexibility".

Suppose you build version 1 of an application on top of the slimmest, simplest, possible database structure. The API of the application encapsulates that data structure. Naturally, changes to the data structure are likely to be reflected in changes to the API.

Predictably, it turns out that version 2 requires the database to be extended and restructured. For as long as the persistent data structure is growing and evolving, then (however you modularize the application) it may prove difficult to define a stable API to the data layer.

Once the persistent data structure of an application is stable, agile software development is a natural way to proceed. Before then, refactoring costs can be considerable.

Sociological trade-offs

As Conway pointed out in 1968, development team structures tend to reflect software architecture structures, and vice-versa. Still, software sociology – assigning different application components to different teams - cannot remove dependencies between those components.

The sociological benefit to development team operations of decoupling microservices can (by allowing data dis-integrity) prove costly to business operations. Business process issues arise when data maintained by one microservice is not up to date and consistent with data maintained by other microservices. Asynchronous integration and stale caches create the risks of:

  • scheduling to move a resource to a location on a day it is closed
  • booking a hotel room for a day it has already been booked
  • failing to recognize a suspect has a criminal record.

Allowing such a mistake to happen leads to the complexity of having to design and implement “compensating transactions” to recover from the mistake. Sometimes recovery is impossible.

Modularity trade-offs

Simpler and smaller components means more frequent and complex inter-component messaging.

  • Larger components: Fewer, longer, processes. Less messaging. Looser coupling.
  • Smaller components. More, shorter, processes. More messaging. Tighter coupling.

In a microservices architecture, as the complexity of the architecture grows, it can become harder to see which component is having issues. Understanding what’s happening in the system can be difficult because any slow down or error in one component may affect other component(s).

Excessive modularization and decoupling leads to excessive messaging.

In the worst example reported to me, dividing one e-commerce application into 200 microservices meant that a single client-server transaction could require scores or hundreds of messages between microservices. Following advice to deploy those microservices on different servers, and connect them via a message broker, the complexity and performance overheads were staggering. They soon ran out of space to store the event log. One business event had become countless technical events of no practical interest or use to the business.

Four ways to reduce the excessive messaging.

  • Undo some decoupling. Co-locate closely-related components. Convert asynchronous calls to synchronous calls.
  • Group smaller components. for deployment in one container
  • Group smaller messages into larger ones, for transmission at one time
  • Refactor operations in fine-grained object-oriented classes or components into longer procedures.

“The biggest issue in changing a monolith into microservices lies in changing the communication pattern. A naive conversion from in-memory method calls to RPC leads to chatty communications which don't perform well. Instead, you need to replace the fine-grained communication with a coarser -grained approach.” Martin Fowler

Data management trade-offs

Martin Fowler tends to be agin’ enterprise-wide design thinking. He is for local agility and decentralization of data management. His idea is to subdivide an enterprise's persistent data into smallish data structures, and assign ownership of each structure to one microservice, whose API is the single source of truth for that data's current state.

Similarly, Jeff Bezos is agin' shared memory and in favor of local agility and encapsulation of data behind APIs,. His famous mandate speaks of barring any “dirty read”.

However, challenges arise wherever there are logical relationships between entities in different subsets of the overall data schema (or referential integrity rules between tables) and (for this or other reasons) data is or must duplicated in different data stores.

Among design options are these three:

  • More procedural: Each component has access to same data. Integrity rules may be maintained in the data layer, by a DBMS. Such centralized data management tends to hinder separate development, testing and deployment of the components.
  • More object-oriented: Each component maintains its own micro data store. This does not remove coupling between them. It moves relationships from the data layer into components coupled by application layer messaging.
  • Data duplication: Each component holds a “cache” of whatever data it needs that is maintained by the other microservices. This implies additional data synchronization processes to refresh that cached data, now and then.

The second and third options can lead to one or more of the 4 Ds and the need for complex system integrations (great for the integration technology vendor).

9 Six principles to keep in mind

In conclusion, here are six principles to keep in mind.

There is no silver bullet

All design is trade-offs, you can’t have everything. Don’t let your eagerness to use the latest middleware technologies, cloud computing and fancy design patterns obscure the need to remember the following.

Understand the motivations and trade offs

Before you make modularization and technology choices, understand the data processing requirements and their impact on design decisions.

KISS and YAGNI

Keep the design simple (KISS) consistent with known and predictable requirements. If you ain’t gonna need it (YAGNI), then don’t use it.

As Craig Larman has warned, decoupling now for future requirements that may never arise is time not well spent. Why complicate the design, deployment and management of an application to meet requirements (extremely high throughput, volatile scalability, or reuse of application components in other applications) that are unrealistic?

Use lightweight communication mechanisms where possible

As Fowler suggests, although message brokers and workflow engines have their place, not all messaging needs to go via heavyweight middleware.

Smart end points, dumb pipes

As this (another of Fowler's principles) suggests, business rules are better coded in applications than in messaging middleware.

In practice, business rules appear throughout the layers of an enterprise application. Why are rules more usually distributed than co-located?

Firstly, some rules are best located in the user interface code, especially constraints on the values of data entry fields. For example, an email address must include the @ symbol, or a country code must be one of a list.

Secondly, some rules are best coded as near to the persistent data as possible, most obviously, referential integrity constraints and other data quality rules. (Some of these rules may be duplicated in user interface code for performance or usability reasons).

The remaining business rules may be coded as pre or postconditions of operations of code in a business logic layer between the user interface and the database.

Business rules engines have their place. However, few applications have particularly complex business rules. People don't like depending on niche tools that require specialist knowledge. And even where such tools are used, it is impractical to use them for all the rules discussed above.

Choose design patterns with care

The microservices architectural style does not dictate the software design pattern used within a microservice. The first article listed below says a rich domain design pattern might suit a complex application, but the transaction script pattern is simpler, and might make it easier to optimize the scaling of an application to handle different transactions with different throughput rates.

Further reading

A solution architect works in the gap between enterprise architects and software architects. This is one of several articles written to help solution architects understand the software architecture of enterprise applications, and to supplement the syllabuses covered in our courses to industry certificates for architects of all threee kinds.

Appendix: Left overs

Microservices as "business capabilities"

The microservices architectural style is “an approach to developing a single application as a?suite of small services, each?running in its own “process" [or container], communicating with lightweight mechanisms, built around business capabilities, independently deployable and [with] a?bare minimum of centralized management.” Martin Fowler

What is a "business capability". What cohesion criteria bring its operations together in a business capability, and gather its operations into a coherent interface definition?

Business architects impose a hierarchical "functional decomposition" or "capability map" over atomic business activities. The hierarchy might have 3 to 7 levels. Which level are we talking about?

In practice, the division of a monolith into microservices is more directly based on identifying cohesive subdivisions of the persistent data structure maintained by the monolith. The requirements for each microservice can be expressed in the form of the interface(s) it provides to its subdivision of the larger data structure.

Readers Q&A

Q1) How to scale an extremely object-oriented design to optimize the resources used by transactions?

A1) Every case is different. How about we ask:

  1. What percentage of application dev and maintenance cost is spent on server resources?
  2. How wide are the transaction throughput variations?
  3. How predictable are those throughput variations?
  4. How much cost will be saved by spinning up and tearing down containers?

Different answers could lead us to:

  • scale up/out to the maximum possible throughput
  • schedule scaling up/out at the most demanding days/times
  • refactor the code to encapsulate the transactions rather than the objects
  • buy a larger server or mainframe?

A reader tells me: "a good data virtualization tool can take care of cross data store duplications, dis-integrities and data analysis as if it was a single database." But that sounds (to me anyway) like the first, more procedural option. And if you need a significant amount of cross data store analysis, why add another technology and complexities to do what could done more simply and performantly in a single database?

Q2) how about we design such that two sister microservices (A and B) act as clients of child microservice (X) that offers an API to one shared persistent data store?

A2) Jeff Bezos might say: If client microservice A (via X) reads persistent data created and maintained by client B (via X), that is a "dirty read" . And Martin Fowler might say: If A and B update the same data, they share ownership of it, and are coupled by dependence on one database schema.

E.g. If client microservice A needs a telephone number added to the customer table, either B will have to know about it, or via a succession of such changes, the supposedly shared database API offered by X will become one for A and one for B.)

Some technology-specifics

Wrapping up applications behind APIs and calling them “services” is one thing. The complexities caused by distribution is another thing.

  • "Replacing method calls and module separations with network invocations and service partitioning within a single, coherent team and application is madness in almost all cases." Link

There follow some notes from Linked in on technologies.

From Docker to Serverless

https://www.serverless.com/blog/why-we-switched-from-docker-to-serverless

Motivations for Kubernetes

What percent of enterprise applications really need to scale beyond what a monolithic application can handle? People talk of deploying scores or hundreds of containers, and needing Kubernetes to manage the complexity. On source on Kubernetes says:

  • "Running containers in production is not a picnic or a funny thing. It requires a lot of effort and computing; it requires you to solve problems such as fault tolerance, elastic scaling, rolling deployment, and service discovery. This is where the need for an orchestrator like Kubernetes comes in. There are other orchestration platforms, but it’s Kubernetes that has gained enormous traction and the support of major cloud providers.
  • Kubernetes, containerization, and the micro-services trend introduce new security challenges. The fact that Kubernetes pods can be easily spun up across all infrastructure classes leads by default to a lot more internal traffic between pods. This also means a security concern, and the attack surface for Kubernetes is usually larger. Also, the highly dynamic and ephemeral environment of Kubernetes does not blend well with legacy security tools."

The same sources lists motivations that may be questioned.

  1. The need for a running environment, always. Isn't availability a feature of the cloud in general? IBM mainframes?reportedly deliver 99.999%?availability, more than enough for most enterprise apps.
  2. Better resource utilization. You mean you're managing cloud costs by scaling each microservice's resources down the minimum it needs? Increasing the complexity of application management? Increasing response time?
  3. Vendor agnostic. Isn't REST vendor agnostic?
  4. Branch integration with other products/branches. Do you mean (direct or copy) reuse of microservice X from application A inside application B? Is that commonly wanted and practical, bearing mind X may depend on other microservices inside application A?
  5. Taking containerized products to production. OK the development environment must be as like to production as possible. How containerized must an application be for using Kubernetes to be significantly better than using Docker?
  6. Auto scaling? Do most enterprise apps need scaling? Again, are you really trying to manage cloud costs by paring each microservice's resources down to the minimum? And if you want optimal scalability, might you do better to code each transaction script in its own container?

There are three types of autoscaling. Cluster autoscaling adjusts your cluster’s number of worker nodes to optimize your nodes’ resources. Horizontal pod autoscaling adjusts the number of pods in your deployment based on the pods’ CPU and memory utilization. Vertical pod autoscaling adjusts the CPU and memory of your pods to meet the application’s real usage.

Note on service mesh v API

Quoted from a Linkedin post

" In a microservices architecture, apps trade the rigidity and stability of the call stack for the flexibility and chaos of the network. Concerns such as latency, outage retries, security, and traceability that were not a concern with a call stack become a concern with a service call. Service mesh is a pattern that has arisen to take these concerns out of the hands of coders so that they can stay focused on coding business solutions.

  • ... use a service mesh to manage, secure, and monitor their services. The traffic between intra-application services is what a service mesh is best suited for.
  • API gateways should, in contrast, be used to manage interactions between your business and your partners or between one internal business unit and another.

A service mesh comes in a variety of patterns, but the ideal pattern you should utilize is a sidecar proxy running in containers. Although a service mesh overlaps heavily with API management, security, resilience, and monitoring, it is best viewed as a cloud technology since it is so intertwined with containers and is meant to support cloud-native apps - the apps designed to run on public cloud and also private (on-premises) cloud containers."


Mark Goetsch MSCS, MSC

Enterprise Architect and Computational Social Science

1 个月

Microservices are used for responsive architectures. This exists where the volume of work has large variances over multiple periods of time. The environment changes to manage times when there are 30 transactions to thousands and even millions and then back to maybe 50. To manage this with a traditional architecture is going to be very limited with significant spend. I have architected systems like this in world-wide production that could not be practically built using a monolithic architecture.

回复
Darmawan Yeo

Technology Enthusiast | Enterprise Architect | Security and Data Management | Software Development

2 个月

Great insight. Thank you.

回复
Nathan R.

Senior Fullstack Engineer | Tech Lead | Software Architecture | Microservices | Payments | Kubernetes | Nodejs | AWS | EKS | MongoDB | Vuejs | GraphQL | Prisma | TypeScript | Ionic

5 个月

I wish I had read this article five years ago.

回复
Ken Hales

Visionary strategist / transformational thought leader - Systems and Software Engineering and Enterprise Architecture

9 个月

Spot on

回复
Jack Jansonius

Software tester/developer Python/SQL

11 个月

Graham Berrisford, Very much agree with your statement that monoliths should not be replaced by microservices.? Unfortunately, here you don't get to the alternative to these 2 architecture styles, namely: service-oriented architectures (SOA).? I read that alternative very clearly a few years ago in a white paper: "There are three prominent application architectures today, based on the relationships between the services: monoliths (tightly coupled), microservices (decoupled), and (though falling out of favor) service-oriented architectures (loosely coupled). " Thus, microservices are not an example of loose coupling but of decoupling.? Within monoliths, stepwise refinement leads to complexity reduction; splitting a process into a hierarchy of manageable sub-processes, which are thus executed in a single process flow.? When microprocesses are applied, however, a process is split up into successive (!) sub-processes, which actually results in a considerable increase in complexity (process spaghetti):? Microservices = distributed monoliths = SOA done wrong.? Complexity reduction within an SOA is achieved by stepwise refinement of services rather than processes.

回复

要查看或添加评论,请登录

Graham Berrisford的更多文章

  • The sociology / biology analogy

    The sociology / biology analogy

    In this talk, Heinz von Foerster said: “an emergent new paradigm in which we look at both biological systems, living…

    2 条评论
  • The role of EA wrt systems thinking

    The role of EA wrt systems thinking

    Though many don’t want to acknowledge it, much discussion in philosophy, “systems thinking” and “management science”…

    27 条评论
  • Social sytems thinking - part II

    Social sytems thinking - part II

    This article picks up where Social systems thinking part I left off. It adds more system theory ideas, like double loop…

    11 条评论
  • Service-orientation in EA and BA

    Service-orientation in EA and BA

    Great advice! This article unscrambles many meanings of the terms "service" and "interface", and discusses how…

    25 条评论
  • On Zachman's framework for documenting enterprise systems

    On Zachman's framework for documenting enterprise systems

    "Great read" A comprehensive architecture framework gives advice on processes, products and people. This article is a…

    10 条评论
  • A nominalist's viewpoint

    A nominalist's viewpoint

    This is the first article in a series that will give you a world view or mental framework that I find helpful, and…

    9 条评论
  • Rules, violations, consciousness and free will

    Rules, violations, consciousness and free will

    "Thank you for putting this together! This is the first time I have ever considered many of [these] ideas." (Comment on…

    5 条评论
  • A systems thinking triad

    A systems thinking triad

    The thing that qualifies thinking as "systems thinking" is the application of a system theory's principles. If you say…

  • A theory of types

    A theory of types

    This article picks up from where the Description and reality article left off. It addresses how we describe things…

  • Social systems thinking - part I

    Social systems thinking - part I

    This first article on social system thinking picks up where my earlier article on "System Theories" left off. Contents:…

    2 条评论

社区洞察

其他会员也浏览了