avoiding speed bumps on the road to microservices
play

AVOIDING SPEED BUMPS ON THE ROAD TO MICROSERVICES Scott Shaw - PowerPoint PPT Presentation

AVOIDING SPEED BUMPS ON THE ROAD TO MICROSERVICES Scott Shaw Head of Technology, ThoughtWorks Australia 1 MICROSERVICE ENVY GOOGLE TRENDS DATA service oriented architecture microservices 2 THE SPEED BUMPS X 3 THE SPEED BUMPS X


  1. AVOIDING 
 SPEED BUMPS 
 ON THE ROAD TO MICROSERVICES Scott Shaw Head of Technology, ThoughtWorks Australia 1

  2. MICROSERVICE ENVY GOOGLE TRENDS DATA service oriented architecture microservices 2

  3. THE SPEED BUMPS X 3

  4. THE SPEED BUMPS X DDD REST Automation Cloud DevOps Logging Monitoring Resilience Testing with CDCs Conway Postel 3

  5. THE SPEED BUMPS X Data Aggregation DDD REST Automation Cloud DevOps Logging Monitoring Resilience Testing with CDCs Conway Postel 3

  6. THE SPEED BUMPS X Access Control & Security Data Aggregation DDD REST Automation Cloud DevOps Logging Monitoring Resilience Testing with CDCs Conway Postel 3

  7. THE SPEED BUMPS X Managing Change Access Control & Security Data Aggregation DDD REST Automation Cloud DevOps Logging Monitoring Resilience Testing with CDCs Conway Postel 3

  8. Aggregating Data 4

  9. SINGLE DATASTORE PRINCIPAL 5

  10. SINGLE DATASTORE PRINCIPAL 5

  11. SINGLE DATASTORE PRINCIPAL 5

  12. BUT AS A SYSTEM EVOLVES… 6

  13. BUT AS A SYSTEM EVOLVES… 6

  14. BUT AS A SYSTEM EVOLVES… 6

  15. BUT AS A SYSTEM EVOLVES… 6

  16. BUT AS A SYSTEM EVOLVES… 6

  17. BUT AS A SYSTEM EVOLVES… 7

  18. BUT AS A SYSTEM EVOLVES… 7

  19. JIA YANG’S STORY 8

  20. JIA YANG’S STORY 8

  21. SIDEBAR: SERVICE COMPOSITION THE MONOLITHIC APPROACH Customers JOIN in the EC tax regime Tax Regime Service 9

  22. SIDEBAR: SERVICE COMPOSITION NAIVE SERVICE IMPLEMENTATION tax geography Customers 
 in the EC Countries 
 customers in the EC 10

  23. SIDEBAR: SERVICE COMPOSITION COMPOSED SERVICES tax geography Countries in the EC GET … 
 ?country_list=UK,NL,SE... customers Customers in the EC

  24. SIDEBAR: SERVICE COMPOSITION COMPOSED SERVICES tax geography Countries in the EC GET … ? fi lter=https://geo/countries?r=ec customers GET Customers in the EC

  25. AGGREGATING DATA tax geography Countries in the EC customers Customers in the EC 12

  26. AGGREGATING DATA tax geography Countries in the EC customers How do we know 
 if these states 
 are consistent? Customers in the EC 12

  27. AGGREGATING DATA tax geography Changes in EC Membership Reacts to 
 Events to rescue! event streams customers How do we know 
 if these states 
 are consistent? Changes in 
 customer status 12

  28. AGGREGATING DATA tax geography customers 13

  29. AGGREGATING DATA tax geography customers GET https://integration-toolkit.com/customers/events 13

  30. AGGREGATING DATA tax geography customers GET https://integration-toolkit.com/customers/events 13

  31. IMPLEMENTING EVENTS OPTION 1: CHUCK ‘EM IN THE DB 14

  32. IMPLEMENTING EVENTS OPTION 2: HIPSTER BATCH Tax Geography Customer Shared Storage (S3) 15

  33. IMPLEMENTING EVENTS OPTION 3: SPECIAL-PURPOSE EVENT STORE Geography Event Subscription JS Customers Event Store 16

  34. IMPLEMENTING EVENTS OPTION 3: SPECIAL-PURPOSE EVENT STORE Geography “Projections” Event Subscription JS Customers Event Store 16

  35. Delegated Authority & Access Control 17

  36. DELEGATED ACCESS MANAGEMENT JWT ADFS OpenID 2.0 HMAC OAuth 2.0 SAML v2 OpenID Connect 18

  37. DELEGATED ACCESS MANAGEMENT JWT ADFS OpenID 2.0 HMAC OAuth 2.0 SAML v2 OpenID Connect 18

  38. FENDY’S STORY 19

  39. FENDY’S STORY 19

  40. THE OLD WORLD OF PERIMETER SECURITY credentials Identity 
 End User Provider Application token token cookie veri fi cation Web 
 Application 20

  41. THE OLD WORLD OF PERIMETER SECURITY credentials Identity 
 End User Provider Application token token cookie veri fi cation Web 
 Application stateless? 20

  42. THE OLD WORLD OF PERIMETER SECURITY credentials Identity 
 End User Provider Application token token cookie veri fi cation Web 
 Application stateless? whose identity? 20

  43. THE OLD WORLD OF PERIMETER SECURITY credentials Identity 
 End User Provider Application token token cookie veri fi cation Web 
 Application token token 20

  44. VARIOUS APPROACHES ▫︎ 2-Way SSL/TLS ▫︎ HMAC signing ▫︎ JWT ▫︎ NTLM/WIF/ADFS ▫︎ SAML v2 ▫︎ OAUTH 2.0 ▫︎ OPENID Connect 21

  45. VARIOUS APPROACHES ▫︎ 2-Way SSL/TLS ▫︎ HMAC signing Ask these questions ... ▫︎ JWT ▫︎ NTLM/WIF/ADFS ▫︎ SAML v2 ▫︎ OAUTH 2.0 ▫︎ OPENID Connect 21

  46. VARIOUS APPROACHES ▫︎ 2-Way SSL/TLS ▫︎ HMAC signing Ask these questions ... ▫︎ JWT • Considered both authentication 
 ▫︎ NTLM/WIF/ADFS and authorisation? ▫︎ SAML v2 ▫︎ OAUTH 2.0 ▫︎ OPENID Connect 21

  47. VARIOUS APPROACHES ▫︎ 2-Way SSL/TLS ▫︎ HMAC signing Ask these questions ... ▫︎ JWT • Considered both authentication 
 ▫︎ NTLM/WIF/ADFS and authorisation? ▫︎ SAML v2 ▫︎ OAUTH 2.0 ▫︎ OPENID Connect 21

  48. VARIOUS APPROACHES ▫︎ 2-Way SSL/TLS ▫︎ HMAC signing Ask these questions ... ▫︎ JWT • Considered both authentication 
 ▫︎ NTLM/WIF/ADFS and authorisation? ▫︎ SAML v2 • Based on open standards? ▫︎ OAUTH 2.0 ▫︎ OPENID Connect 21

  49. VARIOUS APPROACHES ▫︎ 2-Way SSL/TLS ▫︎ HMAC signing Ask these questions ... ▫︎ JWT • Considered both authentication 
 ▫︎ NTLM/WIF/ADFS and authorisation? ▫︎ SAML v2 • Based on open standards? ▫︎ OAUTH 2.0 ▫︎ OPENID Connect 21

  50. VARIOUS APPROACHES ▫︎ 2-Way SSL/TLS ▫︎ HMAC signing Ask these questions ... ▫︎ JWT • Considered both authentication 
 ▫︎ NTLM/WIF/ADFS and authorisation? ▫︎ SAML v2 • Based on open standards? ▫︎ OAUTH 2.0 • Simple enough to be widely used? ▫︎ OPENID Connect 21

  51. VARIOUS APPROACHES ▫︎ 2-Way SSL/TLS ▫︎ HMAC signing Ask these questions ... ▫︎ JWT • Considered both authentication 
 ▫︎ NTLM/WIF/ADFS and authorisation? ▫︎ SAML v2 • Based on open standards? ▫︎ OAUTH 2.0 • Simple enough to be widely used? ▫︎ OPENID Connect • Supports a modern web integration strategy? 21

  52. VARIOUS APPROACHES ▫︎ 2-Way SSL/TLS ▫︎ HMAC signing Ask these questions ... ▫︎ JWT • Considered both authentication 
 ▫︎ NTLM/WIF/ADFS and authorisation? ▫︎ SAML v2 • Based on open standards? ▫︎ OAUTH 2.0 • Simple enough to be widely used? ▫︎ OPENID Connect • Supports a modern web integration strategy? 21

  53. VARIOUS APPROACHES ▫︎ 2-Way SSL/TLS ▫︎ HMAC signing Ask these questions ... ▫︎ JWT • Considered both authentication 
 ▫︎ NTLM/WIF/ADFS and authorisation? ▫︎ SAML v2 • Based on open standards? ▫︎ OAUTH 2.0 • Simple enough to be widely used? ▫︎ OPENID Connect • Supports a modern web integration strategy? • Has proven implementations? 21

  54. VARIOUS APPROACHES ▫︎ 2-Way SSL/TLS ▫︎ HMAC signing Ask these questions ... ▫︎ JWT • Considered both authentication 
 ▫︎ NTLM/WIF/ADFS and authorisation? ▫︎ SAML v2 • Based on open standards? ▫︎ OAUTH 2.0 • Simple enough to be widely used? ▫︎ OPENID Connect • Supports a modern web integration strategy? • Has proven implementations? 21

  55. EXAMPLE OPENID CONNECT FLOW End 
 User 
 access code access code App access code OpenID 
 Resource Resource id token Connect id token Provider Another Another {“iss":"op.example.com", � Resource Resource "c_hash":"HK6E_P6Dh8Y93mRNtsDB1Q", � "email_verified":"true", � "sub":"10769150350006150715113082367", � “azp”:”another_resource", � “email":"sshaw@thoughtworks.com", � “aud”:[”resource”, “another_resource”], � "iat":1353601026, � "exp":1353604926 } 22

  56. BEWARE PKI secrets Also Need ssshh! How to 
 • CSRF manage and 
 • Nonce distribute? • Correct implementation keys • Expire • Revoke • Distribute 23

  57. Managing Change 24

  58. MANAGING CHANGE DOES YOUR SYSTEM LOOK LIKE THIS? ? 25

  59. MANAGING CHANGE MAYBE IT SHOULD LOOK LIKE THIS INSTEAD 26

  60. MANAGING CHANGE MAYBE IT SHOULD LOOK LIKE THIS INSTEAD JUICE! 26

  61. RYAN’S STORY 27

  62. RYAN’S STORY 27

  63. BACK TO THE TAX EXAMPLE … tax geography customers 28

  64. BACK TO THE TAX EXAMPLE … tax geography customers 28

  65. BACK TO THE TAX EXAMPLE … tax geography customers 28

  66. BACK TO THE TAX EXAMPLE … tax geography customers Assignment 28

  67. BACK TO THE TAX EXAMPLE … tax geography customers And 
 from 
 here Some logic 
 Some logic 
 from here from here Assignment 28

  68. BACK TO THE TAX EXAMPLE … tax But How? geography customers And 
 from 
 here Some logic 
 Some logic 
 from here from here Assignment 28

  69. HOW TO MANAGE THE CHANGE 1. DO NOTHING 
 May be better than the chaos of not having clear ownership and accountability 2. ONE BIG VERSION CHANGE 
 Version all your services, test them together, release them together 29

Recommend


More recommend