<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Architecture on Brave New Geek</title><link>https://bravenewgeek.com/tag/architecture/</link><description>Recent content in Architecture on Brave New Geek</description><generator>Hugo</generator><language>en-us</language><lastBuildDate>Mon, 02 Nov 2020 15:52:40 -0600</lastBuildDate><atom:link href="https://bravenewgeek.com/tag/architecture/index.xml" rel="self" type="application/rss+xml"/><item><title>Getting big wins with small teams on tight deadlines</title><link>https://bravenewgeek.com/getting-big-wins-with-small-teams-on-tight-deadlines/</link><pubDate>Mon, 02 Nov 2020 15:52:40 -0600</pubDate><guid>https://bravenewgeek.com/getting-big-wins-with-small-teams-on-tight-deadlines/</guid><description>&lt;p&gt;Part of what we do at Real Kinetic is give companies confidence to ship software in the cloud. Many of our clients are large organizations that have been around for a long time but who don’t always have much experience when it comes to cloud. Others are startups and mid-sized companies who may have some experience, but might just want another set of eyes or are looking to mature some of their practices. Whatever the case, one of the things we frequently talk to our clients about is the value of both serverless and managed services. We have found that these are critical to getting big wins with small teams on tight deadlines in the cloud. Serverless in particular has been key to helping clients get some big wins in ways others didn’t think possible.&lt;/p&gt;</description></item><item><title>Microservice Observability, Part 2: Evolutionary Patterns for Solving Observability Problems</title><link>https://bravenewgeek.com/microservice-observability-part-2-evolutionary-patterns-for-solving-observability-problems/</link><pubDate>Fri, 03 Jan 2020 14:18:10 -0600</pubDate><guid>https://bravenewgeek.com/microservice-observability-part-2-evolutionary-patterns-for-solving-observability-problems/</guid><description>&lt;p&gt;In &lt;a href="https://bravenewgeek.com/microservice-observability-part-1-disambiguating-observability-and-monitoring/"&gt;part one&lt;/a&gt; of this series, I described the difference between monitoring and observability and why the latter starts to become more important when dealing with microservices. Next, we’ll discuss some strategies and patterns for &lt;em&gt;implementing&lt;/em&gt; better observability. Specifically, we’ll look at the idea of an &lt;a href="https://bravenewgeek.com/the-observability-pipeline/"&gt;observability pipeline&lt;/a&gt; and how we can start to iteratively improve observability in our systems.&lt;/p&gt;
&lt;p&gt;To recap, observability can be described simply as the ability to ask questions of your systems without knowing those questions in advance. This requires capturing a variety of signals such as logs, metrics, and traces as well as tools for interpreting those signals like log analysis, SIEM, data warehouses, and time-series databases. A number of challenges surface as a result of this. &lt;a href="https://twitter.com/clintsharp"&gt;Clint Sharp&lt;/a&gt; does a great job &lt;a href="https://cribl.io/blog/the-observability-pipeline/"&gt;discussing&lt;/a&gt; the key problems, which I’ll summarize below along with some of my own observations.&lt;/p&gt;</description></item><item><title>Authenticating Stackdriver Uptime Checks for Identity-Aware Proxy</title><link>https://bravenewgeek.com/authenticating-stackdriver-uptime-checks-for-identity-aware-proxy/</link><pubDate>Tue, 29 Jan 2019 14:46:43 -0600</pubDate><guid>https://bravenewgeek.com/authenticating-stackdriver-uptime-checks-for-identity-aware-proxy/</guid><description>&lt;p&gt;&lt;a href="https://cloud.google.com/stackdriver/"&gt;Google Stackdriver&lt;/a&gt; provides a set of tools for monitoring and managing services running in GCP, AWS, or on-prem infrastructure. One feature Stackdriver has is “uptime checks,” which enable you to verify the availability of your service and track response latencies over time from up to six different geographic locations around the world. While Stackdriver uptime checks are not as feature-rich as other similar products such as &lt;a href="https://www.pingdom.com/"&gt;Pingdom&lt;/a&gt;, they are also completely &lt;em&gt;free&lt;/em&gt;. For GCP users, this provides a great starting point for quickly setting up health checks and alerting for your applications.&lt;/p&gt;</description></item><item><title>API Authentication with GCP Identity-Aware Proxy</title><link>https://bravenewgeek.com/api-authentication-with-gcp-identity-aware-proxy/</link><pubDate>Fri, 25 Jan 2019 11:21:53 -0600</pubDate><guid>https://bravenewgeek.com/api-authentication-with-gcp-identity-aware-proxy/</guid><description>&lt;p&gt;&lt;a href="https://cloud.google.com/iap/"&gt;Cloud Identity-Aware Proxy (Cloud IAP)&lt;/a&gt; is a free service which can be used to implement authentication and authorization for applications running in Google Cloud Platform (GCP). This includes &lt;a href="https://cloud.google.com/appengine/"&gt;Google App Engine&lt;/a&gt; applications as well as workloads running on &lt;a href="https://cloud.google.com/compute/"&gt;Compute Engine (GCE)&lt;/a&gt; VMs and &lt;a href="https://cloud.google.com/kubernetes-engine/"&gt;Google Kubernetes Engine (GKE)&lt;/a&gt; by way of &lt;a href="https://blog.realkinetic.com/http-to-https-using-google-cloud-load-balancer-dda57ac97c"&gt;Google Cloud Load Balancers&lt;/a&gt;.&lt;/p&gt;
&lt;p&gt;When enabled, IAP requires users accessing a web application to login using their Google account and ensure they have the appropriate role to access the resource. This can be used to provide secure access to web applications without the need for a VPN. This is part of what Google now calls &lt;a href="https://cloud.google.com/beyondcorp/"&gt;BeyondCorp&lt;/a&gt;, which is an enterprise security model designed to enable employees to work from untrusted networks without a VPN. At Real Kinetic, we frequently bump into companies practicing &lt;a href="https://www.onelogin.com/blog/the-death-star-a-lesson-in-cybersecurity"&gt;Death-Star security&lt;/a&gt;, which is basically relying on a hard outer shell to protect a soft, gooey interior. It’s simple and easy to administer, but it’s also vulnerable. That’s why we always approach security from a perspective of &lt;a href="https://en.wikipedia.org/wiki/Defense_in_depth_(computing)"&gt;&lt;em&gt;defense in depth&lt;/em&gt;&lt;/a&gt;.&lt;/p&gt;</description></item><item><title>The Observability Pipeline</title><link>https://bravenewgeek.com/the-observability-pipeline/</link><pubDate>Wed, 12 Sep 2018 11:37:24 -0500</pubDate><guid>https://bravenewgeek.com/the-observability-pipeline/</guid><description>&lt;p&gt;The rise of cloud and containers has led to systems that are much more distributed and dynamic in nature. Highly elastic microservice and serverless architectures mean containers spin up on demand and scale to zero when that demand goes away. In this world, servers are very much cattle, not pets. This shift has exposed deficiencies in some of the tools and practices we used in the world of servers-as-pets. It has also led to new tools and services created to help us support our systems.&lt;/p&gt;</description></item><item><title>Building a Distributed Log from Scratch, Part 5: Sketching a New System</title><link>https://bravenewgeek.com/building-a-distributed-log-from-scratch-part-5-sketching-a-new-system/</link><pubDate>Tue, 23 Jan 2018 12:08:53 -0600</pubDate><guid>https://bravenewgeek.com/building-a-distributed-log-from-scratch-part-5-sketching-a-new-system/</guid><description>&lt;p&gt;In &lt;a href="https://bravenewgeek.com/building-a-distributed-log-from-scratch-part-4-trade-offs-and-lessons-learned/"&gt;part four&lt;/a&gt; of this series we looked at some key trade-offs involved with a distributed log implementation and discussed a few lessons learned while building NATS Streaming. In this fifth and final installment, we’ll conclude by outlining the design for a new log-based system that draws from the previous entries in the series.&lt;/p&gt;
&lt;h3 id="the-context"&gt;The Context&lt;/h3&gt;
&lt;p&gt;For context, &lt;a href="https://nats.io/"&gt;NATS&lt;/a&gt; and &lt;a href="https://nats.io/documentation/streaming/nats-streaming-intro/"&gt;NATS Streaming&lt;/a&gt; are two different things. NATS Streaming is a log-based streaming system built on top of NATS, and NATS is a lightweight pub/sub messaging system. NATS was originally built (and then open sourced) as the control plane for Cloud Foundry. NATS Streaming was built in response to the community’s ask for higher-level guarantees—durability, at-least-once delivery, and so forth—beyond what NATS provided. It was built as a separate layer on top of NATS. I tend to describe NATS as a dial tone—ubiquitous and always on—perfect for “online” communications. NATS Streaming is the voicemail—leave a message after the beep and someone will get to it later. There are, of course, more nuances than this, but that’s the gist.&lt;/p&gt;</description></item><item><title>Building a Distributed Log from Scratch, Part 4: Trade-Offs and Lessons Learned</title><link>https://bravenewgeek.com/building-a-distributed-log-from-scratch-part-4-trade-offs-and-lessons-learned/</link><pubDate>Thu, 18 Jan 2018 16:01:13 -0600</pubDate><guid>https://bravenewgeek.com/building-a-distributed-log-from-scratch-part-4-trade-offs-and-lessons-learned/</guid><description>&lt;p&gt;In &lt;a href="https://bravenewgeek.com/building-a-distributed-log-from-scratch-part-3-scaling-message-delivery/"&gt;part three&lt;/a&gt; of this series we talked about scaling message delivery in a distributed log. In part four, we’ll look at some key trade-offs involved with such systems and discuss a few lessons learned while building NATS Streaming.&lt;/p&gt;
&lt;h3 id="competing-goals"&gt;Competing Goals&lt;/h3&gt;
&lt;p&gt;There are a number of competing goals when building a distributed log (these goals also extend to many other types of systems). Recall from &lt;a href="https://bravenewgeek.com/building-a-distributed-log-from-scratch-part-1-storage-mechanics/"&gt;part one&lt;/a&gt; that our key priorities for this type of system are performance, high availability, and scalability. The preceding parts of this series described at various levels how we can accomplish these three goals, but astute readers likely noticed that some of these things conflict with one another.&lt;/p&gt;</description></item><item><title>Building a Distributed Log from Scratch, Part 3: Scaling Message Delivery</title><link>https://bravenewgeek.com/building-a-distributed-log-from-scratch-part-3-scaling-message-delivery/</link><pubDate>Mon, 08 Jan 2018 16:10:40 -0600</pubDate><guid>https://bravenewgeek.com/building-a-distributed-log-from-scratch-part-3-scaling-message-delivery/</guid><description>&lt;p&gt;In &lt;a href="https://bravenewgeek.com/building-a-distributed-log-from-scratch-part-2-data-replication/"&gt;part two&lt;/a&gt; of this series we discussed data replication within the context of a distributed log and how it relates to high availability. Next, we’ll look at what it takes to scale the log such that it can handle non-trivial workloads.&lt;/p&gt;
&lt;h3 id="data-scalability"&gt;Data Scalability&lt;/h3&gt;
&lt;p&gt;A key part of scaling any kind of data-intensive system is the ability to partition the data. Partitioning is how we can scale a system linearly, that is to say we can handle more load by adding more nodes. We make the system &lt;em&gt;horizontally&lt;/em&gt; scalable.&lt;/p&gt;</description></item><item><title>Building a Distributed Log from Scratch, Part 2: Data Replication</title><link>https://bravenewgeek.com/building-a-distributed-log-from-scratch-part-2-data-replication/</link><pubDate>Wed, 27 Dec 2017 12:26:55 -0600</pubDate><guid>https://bravenewgeek.com/building-a-distributed-log-from-scratch-part-2-data-replication/</guid><description>&lt;p&gt;In &lt;a href="https://bravenewgeek.com/building-a-distributed-log-from-scratch-part-1-storage-mechanics/"&gt;part one&lt;/a&gt; of this series we introduced the idea of a message log, touched on why it’s useful, and discussed the storage mechanics behind it. In part two, we discuss data replication.&lt;/p&gt;
&lt;p&gt;We have our log. We know how to write data to it and read it back as well as how data is persisted. The caveat to this is, although we have a durable log, it’s a single point of failure (SPOF). If the machine where the log data is stored dies, we’re SOL. Recall that one of our three priorities with this system is high availability, so the question is how do we achieve high availability and fault tolerance?&lt;/p&gt;</description></item><item><title>Building a Distributed Log from Scratch, Part 1: Storage Mechanics</title><link>https://bravenewgeek.com/building-a-distributed-log-from-scratch-part-1-storage-mechanics/</link><pubDate>Thu, 21 Dec 2017 15:54:17 -0600</pubDate><guid>https://bravenewgeek.com/building-a-distributed-log-from-scratch-part-1-storage-mechanics/</guid><description>&lt;p&gt;The log is a totally-ordered, append-only data structure. It’s a powerful yet simple abstraction—a sequence of immutable events. It’s something that programmers have been using for a very long time, perhaps without even realizing it because it’s so simple. Whether it’s application logs, system logs, or access logs, logging is something every developer uses on a daily basis. Essentially, it’s a timestamp and an event, a &lt;em&gt;when&lt;/em&gt; and a &lt;em&gt;what&lt;/em&gt;, and typically appended to the end of a file. But when we generalize that pattern, we end up with something much more useful for a broad range of problems. It becomes more interesting when we look at the log not just as a system of record but a central piece in managing data and distributing it across the enterprise efficiently.&lt;/p&gt;</description></item><item><title>Service-Disoriented Architecture</title><link>https://bravenewgeek.com/service-disoriented-architecture/</link><pubDate>Sun, 07 Jun 2015 16:03:22 -0500</pubDate><guid>https://bravenewgeek.com/service-disoriented-architecture/</guid><description>&lt;p&gt;&lt;em&gt;“You can have a second computer once you’ve shown you know how to use the first one.” -Paul Barham&lt;/em&gt;&lt;/p&gt;
&lt;p&gt;The first rule of distributed systems is don’t distribute your system until you have an observable reason to. Teams break this rule on the regular. People have been talking about service-oriented architecture for a long time, but only recently have microservices been receiving the hype.&lt;/p&gt;
&lt;p&gt;The problem, as &lt;a href="http://martinfowler.com/bliki/MicroservicePremium.html"&gt;Martin Fowler observes&lt;/a&gt;, is that teams are becoming too eager to adopt a microservice architecture without first understanding the &lt;a href="http://highscalability.com/blog/2014/4/8/microservices-not-a-free-lunch.html"&gt;inherent overheads&lt;/a&gt;. A contributing factor, I think, is you only hear the success stories from companies who did it right, like Netflix. However, what folks often fail to realize is that these companies—in almost all cases—didn’t start out that way. There was a long and winding path which led them to where they are today. The inverse of this, which some refer to as &lt;a href="http://www.thoughtworks.com/radar/techniques/microservice-envy"&gt;microservice envy&lt;/a&gt;, is causing teams to rush into microservice hell. I call this service-&lt;em&gt;disoriented&lt;/em&gt; architecture (or sometimes disservice-oriented architecture when the architecture is DOA).&lt;/p&gt;</description></item><item><title>If State Is Hell, SOA Is Satan</title><link>https://bravenewgeek.com/if-state-is-hell-soa-is-satan/</link><pubDate>Sun, 08 Mar 2015 12:33:18 -0600</pubDate><guid>https://bravenewgeek.com/if-state-is-hell-soa-is-satan/</guid><description>&lt;p&gt;More and more companies are describing their &lt;a href="http://nginx.com/blog/microservices-at-netflix-architectural-best-practices/"&gt;success stories&lt;/a&gt; regarding the switch to a service-oriented architecture. As with any technological upswing, there’s a clear and palpable hype factor involved (Big Data™ or The Cloud™ anyone?), but obviously it’s not just puff.&lt;/p&gt;
&lt;p&gt;While microservices and SOA have seen a staggering &lt;a href="http://www.enterprisecioforum.com/en/blogs/enadhan/secrets-behind-rapid-growth-soa"&gt;rate of adoption&lt;/a&gt; in recent years, the mindset of developers often seems to be stuck in the past. I think this is, at least in part, because we seek a mental model we can reason about. It’s why we build abstractions in the first place. In a sense, I would argue there’s a comparison to be made between the explosion of OOP in the early 90’s and today’s SOA trend. After all, &lt;strong&gt;SOA is as much about people scale as it is about workload scale&lt;/strong&gt;, so it makes sense from an organizational perspective.&lt;/p&gt;</description></item><item><title>Modularizing Infinitum: A Postmortem</title><link>https://bravenewgeek.com/modularizing-infinitum-a-postmortem/</link><pubDate>Thu, 27 Dec 2012 16:04:16 -0600</pubDate><guid>https://bravenewgeek.com/modularizing-infinitum-a-postmortem/</guid><description>&lt;p&gt;In addition to getting the code migrated from &lt;a href="https://code.google.com/p/infinitum-framework/"&gt;Google Code&lt;/a&gt; to &lt;a href="https://github.com/infinitumframework"&gt;GitHub&lt;/a&gt;, one of my projects over the holidays was to modularize the Infinitum Android framework I’ve been working on for the past year.&lt;/p&gt;
&lt;p&gt;Infinitum began as a SQLite ORM and quickly grew to include a REST ORM implementation,  REST client, logging wrapper, DI framework, AOP module, and, of course, all of the framework tools needed to support these various functionalities. It evolved as I added more and more features in a semi-haphazard way. In my defense, the code was organized. It was logical. It made &lt;em&gt;sense&lt;/em&gt;. There was no method, but there also was no madness. Everything was in an appropriately named package. Everything was coded to an interface. There was no duplicated code. However, modularity — in terms of minimizing framework dependencies — wasn’t really in mind at the time, and the code was all in a single project.&lt;/p&gt;</description></item></channel></rss>