SLIDE 1
AVOIDING SPEED BUMPS ON THE ROAD TO MICROSERVICES
Scott Shaw Head of Technology, ThoughtWorks Australia
1MICROSERVICE ENVY
2service oriented architecture microservices GOOGLE TRENDS DATA
AVOIDING SPEED BUMPS ON THE ROAD TO MICROSERVICES Scott Shaw - - PowerPoint PPT Presentation
AVOIDING SPEED BUMPS ON THE ROAD TO MICROSERVICES Scott Shaw - - PowerPoint PPT Presentation
AVOIDING SPEED BUMPS ON THE ROAD TO MICROSERVICES Scott Shaw Head of Technology, ThoughtWorks Australia 1 MICROSERVICE ENVY GOOGLE TRENDS DATA service oriented architecture microservices 2 THE SPEED BUMPS X 3 THE SPEED BUMPS X
SLIDE 2
SLIDE 3 3
X THE SPEED BUMPS
SLIDE 4 3
X THE SPEED BUMPS
DDD REST Automation Cloud DevOps Logging Monitoring Resilience Testing with CDCs Conway Postel
SLIDE 5 3
X
Data Aggregation
THE SPEED BUMPS
DDD REST Automation Cloud DevOps Logging Monitoring Resilience Testing with CDCs Conway Postel
SLIDE 6 3
X
Data Aggregation Access Control & Security
THE SPEED BUMPS
DDD REST Automation Cloud DevOps Logging Monitoring Resilience Testing with CDCs Conway Postel
SLIDE 7 3
X
Managing Change Data Aggregation Access Control & Security
THE SPEED BUMPS
DDD REST Automation Cloud DevOps Logging Monitoring Resilience Testing with CDCs Conway Postel
SLIDE 8 4
Aggregating Data
SLIDE 9
SINGLE DATASTORE PRINCIPAL
5 SLIDE 10
SINGLE DATASTORE PRINCIPAL
5 SLIDE 11
SINGLE DATASTORE PRINCIPAL
5 SLIDE 12 6
BUT AS A SYSTEM EVOLVES…
SLIDE 13 6
BUT AS A SYSTEM EVOLVES…
SLIDE 14 6
BUT AS A SYSTEM EVOLVES…
SLIDE 15 6
BUT AS A SYSTEM EVOLVES…
SLIDE 16 6
BUT AS A SYSTEM EVOLVES…
SLIDE 17 7
BUT AS A SYSTEM EVOLVES…
SLIDE 18 7
BUT AS A SYSTEM EVOLVES…
SLIDE 19
JIA YANG’S STORY
8 SLIDE 20
JIA YANG’S STORY
8 SLIDE 21
SIDEBAR: SERVICE COMPOSITION
9Customers in the EC tax regime
JOIN
Tax Regime Service
THE MONOLITHIC APPROACH
SLIDE 22
SIDEBAR: SERVICE COMPOSITION
10NAIVE SERVICE IMPLEMENTATION
geography customers tax
Countries in the EC Customers in the EC
SLIDE 23
Countries in the EC
SIDEBAR: SERVICE COMPOSITION
COMPOSED SERVICES
geography customers tax
Customers in the EC GET … ?country_list=UK,NL,SE...
SLIDE 24
GET Countries in the EC
SIDEBAR: SERVICE COMPOSITION
COMPOSED SERVICES
geography customers tax
Customers in the EC GET … ?filter=https://geo/countries?r=ec
SLIDE 25
Customers in the EC Countries in the EC
AGGREGATING DATA
12geography customers tax
SLIDE 26
Customers in the EC Countries in the EC
AGGREGATING DATA
12geography customers tax
How do we know if these states are consistent?
SLIDE 27
AGGREGATING DATA
12geography customers tax
How do we know if these states are consistent?
Events to rescue!
Reacts to event streams Changes in customer status Changes in EC Membership
SLIDE 28
AGGREGATING DATA
13geography customers tax
SLIDE 29
AGGREGATING DATA
13geography customers tax
GET https://integration-toolkit.com/customers/events
SLIDE 30
AGGREGATING DATA
13geography customers tax
GET https://integration-toolkit.com/customers/events
SLIDE 31
IMPLEMENTING EVENTS
14OPTION 1: CHUCK ‘EM IN THE DB
SLIDE 32
IMPLEMENTING EVENTS
15OPTION 2: HIPSTER BATCH Shared Storage (S3)
Geography Customer Tax
SLIDE 33
IMPLEMENTING EVENTS
16OPTION 3: SPECIAL-PURPOSE EVENT STORE
Event Store JS
Customers Geography
Event Subscription
SLIDE 34
IMPLEMENTING EVENTS
16OPTION 3: SPECIAL-PURPOSE EVENT STORE
Event Store JS
Customers Geography
Event Subscription “Projections”
SLIDE 35 17
Delegated Authority & Access Control
SLIDE 36
OpenID 2.0
DELEGATED ACCESS MANAGEMENT
18HMAC
SAML v2
OAuth 2.0
OpenID Connect
ADFS
JWT
SLIDE 37
OpenID 2.0
DELEGATED ACCESS MANAGEMENT
18HMAC
SAML v2
OAuth 2.0
OpenID Connect
ADFS
JWT
SLIDE 38
FENDY’S STORY
19 SLIDE 39
FENDY’S STORY
19 SLIDE 40
THE OLD WORLD OF PERIMETER SECURITY
20cookie
token credentials token verification
Identity Provider End User Application Web Application
SLIDE 41
THE OLD WORLD OF PERIMETER SECURITY
20cookie
token credentials token verification
Identity Provider End User Application Web Application
stateless?
SLIDE 42
THE OLD WORLD OF PERIMETER SECURITY
20cookie
token credentials token verification
Identity Provider End User Application Web Application
stateless?
whose identity?
SLIDE 43
THE OLD WORLD OF PERIMETER SECURITY
20cookie
token credentials token verification
Identity Provider End User Application Web Application
token token
SLIDE 44
VARIOUS APPROACHES
▫︎ 2-Way SSL/TLS ▫︎ HMAC signing ▫︎ JWT ▫︎ NTLM/WIF/ADFS ▫︎ SAML v2 ▫︎ OAUTH 2.0 ▫︎ OPENID Connect
21 SLIDE 45
VARIOUS APPROACHES
▫︎ 2-Way SSL/TLS ▫︎ HMAC signing ▫︎ JWT ▫︎ NTLM/WIF/ADFS ▫︎ SAML v2 ▫︎ OAUTH 2.0 ▫︎ OPENID Connect
21Ask these questions ...
SLIDE 46
VARIOUS APPROACHES
▫︎ 2-Way SSL/TLS ▫︎ HMAC signing ▫︎ JWT ▫︎ NTLM/WIF/ADFS ▫︎ SAML v2 ▫︎ OAUTH 2.0 ▫︎ OPENID Connect
21Ask these questions ...
- Considered both authentication
and authorisation?
SLIDE 47
VARIOUS APPROACHES
▫︎ 2-Way SSL/TLS ▫︎ HMAC signing ▫︎ JWT ▫︎ NTLM/WIF/ADFS ▫︎ SAML v2 ▫︎ OAUTH 2.0 ▫︎ OPENID Connect
21Ask these questions ...
- Considered both authentication
and authorisation?
SLIDE 48
VARIOUS APPROACHES
▫︎ 2-Way SSL/TLS ▫︎ HMAC signing ▫︎ JWT ▫︎ NTLM/WIF/ADFS ▫︎ SAML v2 ▫︎ OAUTH 2.0 ▫︎ OPENID Connect
21Ask these questions ...
- Considered both authentication
and authorisation?
- Based on open standards?
SLIDE 49
VARIOUS APPROACHES
▫︎ 2-Way SSL/TLS ▫︎ HMAC signing ▫︎ JWT ▫︎ NTLM/WIF/ADFS ▫︎ SAML v2 ▫︎ OAUTH 2.0 ▫︎ OPENID Connect
21Ask these questions ...
- Considered both authentication
and authorisation?
- Based on open standards?
SLIDE 50
VARIOUS APPROACHES
▫︎ 2-Way SSL/TLS ▫︎ HMAC signing ▫︎ JWT ▫︎ NTLM/WIF/ADFS ▫︎ SAML v2 ▫︎ OAUTH 2.0 ▫︎ OPENID Connect
21Ask these questions ...
- Considered both authentication
and authorisation?
- Based on open standards?
- Simple enough to be widely used?
SLIDE 51
VARIOUS APPROACHES
▫︎ 2-Way SSL/TLS ▫︎ HMAC signing ▫︎ JWT ▫︎ NTLM/WIF/ADFS ▫︎ SAML v2 ▫︎ OAUTH 2.0 ▫︎ OPENID Connect
21Ask these questions ...
- Considered both authentication
and authorisation?
- Based on open standards?
- Simple enough to be widely used?
- Supports a modern web integration
strategy?
SLIDE 52
VARIOUS APPROACHES
▫︎ 2-Way SSL/TLS ▫︎ HMAC signing ▫︎ JWT ▫︎ NTLM/WIF/ADFS ▫︎ SAML v2 ▫︎ OAUTH 2.0 ▫︎ OPENID Connect
21Ask these questions ...
- Considered both authentication
and authorisation?
- Based on open standards?
- Simple enough to be widely used?
- Supports a modern web integration
strategy?
SLIDE 53
VARIOUS APPROACHES
▫︎ 2-Way SSL/TLS ▫︎ HMAC signing ▫︎ JWT ▫︎ NTLM/WIF/ADFS ▫︎ SAML v2 ▫︎ OAUTH 2.0 ▫︎ OPENID Connect
21Ask these questions ...
- Considered both authentication
and authorisation?
- Based on open standards?
- Simple enough to be widely used?
- Supports a modern web integration
strategy?
- Has proven implementations?
SLIDE 54
VARIOUS APPROACHES
▫︎ 2-Way SSL/TLS ▫︎ HMAC signing ▫︎ JWT ▫︎ NTLM/WIF/ADFS ▫︎ SAML v2 ▫︎ OAUTH 2.0 ▫︎ OPENID Connect
21Ask these questions ...
- Considered both authentication
and authorisation?
- Based on open standards?
- Simple enough to be widely used?
- Supports a modern web integration
strategy?
- Has proven implementations?
SLIDE 55
EXAMPLE OPENID CONNECT FLOW
22access code
OpenID Connect Provider Resource
access code
Another Resource
id token
{“iss":"op.example.com", "c_hash":"HK6E_P6Dh8Y93mRNtsDB1Q", "email_verified":"true", "sub":"10769150350006150715113082367", “azp”:”another_resource", “email":"sshaw@thoughtworks.com", “aud”:[”resource”, “another_resource”], "iat":1353601026, "exp":1353604926 }
access code id token
Resource Another Resource End User App
SLIDE 56
BEWARE PKI
23ssshh! secrets How to manage and distribute? keys
Also Need
- CSRF
- Nonce
- Correct implementation
- Expire
- Revoke
- Distribute
SLIDE 57 24
Managing Change
SLIDE 58
MANAGING CHANGE
25DOES YOUR SYSTEM LOOK LIKE THIS?
?
SLIDE 59
MANAGING CHANGE
26MAYBE IT SHOULD LOOK LIKE THIS INSTEAD
SLIDE 60
MANAGING CHANGE
26MAYBE IT SHOULD LOOK LIKE THIS INSTEAD
JUICE!
SLIDE 61
RYAN’S STORY
27 SLIDE 62
RYAN’S STORY
27 SLIDE 63
BACK TO THE TAX EXAMPLE …
28geography customers tax
SLIDE 64
BACK TO THE TAX EXAMPLE …
28geography customers
tax
SLIDE 65
BACK TO THE TAX EXAMPLE …
28geography customers
tax
SLIDE 66
BACK TO THE TAX EXAMPLE …
28geography customers
tax
Assignment
SLIDE 67
BACK TO THE TAX EXAMPLE …
28geography customers
tax
Assignment Some logic from here Some logic from here And from here
SLIDE 68
BACK TO THE TAX EXAMPLE …
28geography customers
tax
Assignment Some logic from here Some logic from here And from here
But How?
SLIDE 69
HOW TO MANAGE THE CHANGE
291.DO NOTHING May be better than the chaos of not having clear ownership and accountability 2.ONE BIG VERSION CHANGE Version all your services, test them together, release them together
SLIDE 70
HOW TO MANAGE THE CHANGE
291.DO NOTHING May be better than the chaos of not having clear ownership and accountability 2.ONE BIG VERSION CHANGE Version all your services, test them together, release them together
#fail
SLIDE 71
MANAGING CHANGE
30geo cust tax assignment
SLIDE 72
MANAGING CHANGE
30geo cust tax assignment
Temp Team
SLIDE 73
MANAGING CHANGE
31geo cust tax assignment
?
SLIDE 74
MANAGING CHANGE
31geo cust tax assignment
Long-term ownership can’t be ambiguous
SLIDE 75
SUMMARY
321.MICROSERVICES More than a grab-bag of techniques and tools 2.MINDSET SHIFT State Perimeter Punctuated equilibrium Events Endpoints Continuous evolution
SLIDE 76
SUMMARY
321.MICROSERVICES More than a grab-bag of techniques and tools 2.MINDSET SHIFT State Perimeter Punctuated equilibrium Events Endpoints Continuous evolution
SLIDE 77
SUMMARY
321.MICROSERVICES More than a grab-bag of techniques and tools 2.MINDSET SHIFT State Perimeter Punctuated equilibrium Events Endpoints Continuous evolution
SLIDE 78
SUMMARY
321.MICROSERVICES More than a grab-bag of techniques and tools 2.MINDSET SHIFT State Perimeter Punctuated equilibrium Events Endpoints Continuous evolution
SLIDE 79 33
THANKS!
http://www.thoughtworks.com/radar sshaw@thoughtworks.com @scottwshaw