Overview
Syllabus
Intro
Serverless encourages functions as deploy units, coupled with third party services that allow running end-to-end applications without worrying about system operation. New serverless patterns are just emerging Security with serverless is easier Security with serverless is harder
MISCONCEPTIONS
IT'S MARKETING (CLOUD REBRANDED)
SERVERLESS == CLOUD
Serverless was first used to describe applications that significantly or fully depend on 3rd party applications / services ('in the cloud') to manage server-side logic and state.
SERVERLESS IS (NO MANAGEMENT OF) SERVERS
OPINIONATED FRAMEWORK FOR COMPUTE
PRIVATE CLOUD
THEN, ALONG CAME CONTAINERS
CONTAINERS ARE TEH HAWTNESS
SCALING BUILT IN
PAY FOR WHAT YOU USE IN 100MS INCREMENTS
WITH SERVERLESS SYSTEM ADMINISTRATION IS (MOSTLY) LOWER
LEAN STARTUP FRIENDLY
GREAT, WHAT'S THE CATCH?
OPS BURDEN TO RATIONALIZE SERVERLESS MODEL (SPECIFICALLY DEPLOY)
STATELESS FOR REAL NO MEMORY PERSISTENCE ACROSS FUNCTION RUNS
RELIABILITY
SERVERLESS USE CASES
RUN A WEB APPLICATION
SECURITY IS THE SAME AND DIFFERENT
WHAT USED TO BE SYSTEM CALLS IS NOW DISTRIBUTED COMPUTING OVER THE NETWORK
SERVERLESS SHIFTS ATTACK SURFACE TO THIRD PARTIES
LETS TRY A SAMPLE APPLICATION IN AWS
SURFACE AREA REDUCTION!
SURFACE AREA EXPANSION!
USE A THIRD-PARTY SERVICE FOR CONFIG CHANGES
INTEGRATION TESTING
Application layer
TIMEOUTS AND EXECUTION RESTRICTIONS
Serverless encourages functions as deploy units, coupled with third party services that allow running end-to-end applications without worrying about system operation. • New serverless patterns are just emerging • Security with serverless is easier Security with serverless is harder
Taught by
LASCON