This is the most-attended ServerlessConf yet, with talks that overwhelmingly highlight the business value of serverless.
As Simon Wardley illustrates so well in his keynote, there are reliable cycles in tech. Something useful is introduced, there is a swervy process of discovering best practices, and then its value is solidified. For successful technologies, adoption isn’t linear—it’s exponential. Dismissed at first as a trend by naysayers, suddenly they turn around to find it everywhere.
That’s really what ServerlessConf 2019 has made clear. Serverless is increasingly a go-to strategy for companies who have their eye on the bottom line—it just makes good business sense.
Speakers came from companies like Expedia, Capital One, Optum, and T-mobile. People weren’t spending time on stage hashing out ideas and possibilities, they were talking about the impact they’ve seen from adopting it across their mission-critical production.
Read the full summary below, or skip straight to the themes you care about:
In a cloud world, we can directly see how much each service costs and compare it against our revenue for providing the feature.
As Simon Wardley points out, this means we can optimize our code for business needs as well as technological needs. We can see when the cost of running something simply isn’t worth the revenue it provides, and make changes.
This makes serverless valuable not only as a technology, but as a value-add business tool.
MJ Ramachandran (VC at ForgePoint Capital) clearly demonstrated the ROI of serverless in his lightning talk:
Sean Mare from GIA—the entity that created the 4Cs of rating diamonds and remains the company jewelers rely on to rate and verify their precious stones—just put their mission-critical gemstone grading application on the cloud. It’s their key source of revenue company-wide, and now it’s serverless.
GIA’s ingestion data—detailed photos of gems—is its own microservice, which makes it easy to iterate on, and opens up opportunities and features as a benefit of leveraging native services. They give reports back to clients via a GraphQL API powered by AppSync. It’s an active-active multi-region set-up that ensures robust reliability; clients can count on access to their reports.
The system currently has ~40M records in DynamoDB, 56TB of data, a 0.3 second response time, 100% uptime, and 0 dedicated support engineers. That’s the power of serverless.
Selling it to your CEO
You’re sold on serverless; how do you sell everybody else?
Matt Lancaster (Accenture) has some advice: touting its low cost probably isn’t going to work. You have to speak directly to problems that keep CEOs up at night.
For example, a power company had an outdated website and notification system that would go down when demand peaked. When Accenture tried to tell them serverless would lower their infrastructure costs by 99%, they didn’t care. The message they needed to hear was: “We can build you a system that never goes down. When you need to contact 10,000 residents at once with a power outage alert, you’ll be able to without issues.”
And Matt highlighted the ways in which serverless makes it easier for companies to keep experimenting and innovating—something critical in saturated industries, where it’s ever harder to increase profit margins and find new streams of revenue, and they rely on successful experiments (think: rewards programs, etc) to increase shareholder value.
Subbu Allaraju (Expedia) says, at the end of the day, business needs come first, and teams should align themselves with value generation. They should prefer solutions that are faster, better, and cheaper, and challenge the primitives offered to them.
Yes, building something new might take 3 months, but what is the value add for the customer? If the value is there, you should do it. Don’t let inertia get in your way.
Our own Jared Short and Forrest Brazeal gave a talk last year on selling serverless throughout your organization as well. Check it out!
Serverless makes it easier to grow and change
Sam Kroonenberg shared A Cloud Guru’s journey from a single serverless function—a serverless monolith—to 43 serverless microservices.
The coolest takeaway? Their site has grown significantly in traffic over the past few years, but they didn’t have to change their architecture very much. They just had to add more dev teams.
Serverless is more than just functions
As Ben Kehoe (iRobot) explains, infrastructure as code is really the definition of serverless. Function definitions are just a small part of a working system. Much of serverless is linking all these disparate systems and resources together.
Donna Malayeri (Google Cloud Platform) and Jonathan Altman (Capital One) both had a whole slide that proclaimed: “Serverless is more than FaaS!”
Focus on managed services
Joseph Emison (Branch Insurance) takes a service-full approach to serverless development, leaning heavily on managed services. Why spend time building what you can buy? Use your effort to create unique business value instead.
Branch Insurance’s infrastructure costs for powering their app are small, with the biggest chunk going to ElasticSearch. “Please,” Joseph says to AWS, “make ElasticSearch serverless!”
The catch? It wasn’t the most straightforward. They ended their demo with a call for better tooling and methods.
Donna Malayeri (Google Cloud Platform) owned the day 2 keynote with a bold message: containers aren’t the enemy.
Yes, if you can get away with using only Lambda, then you should do it. But some companies aren’t able to do that yet. They need to run traditional web apps, choose machine characteristics (like RAM), or run for an hour or more.
A hybrid of containers and serverless makes serverless more accessible, and can ultimately be a way to spread adoption to the mainstream.
.@lindydonna: “if you don’t want to code differently, use containers” I’d phrase this as “if you can’t yet code differently...”, I don’t think we should encourage people to think it’s fine not to evolve, even if it’s slowly due to constraints #Serverlessconf
The cloud, as our own Jared Short says, is full of surprises. If something is tricky to do serverless-ly right now, in a few months something will probably come along to make it easier.
As the Trek10 team was helping GIA design their new serverless gemstone grading service, they knew they wanted the client-facing API to run on GraphQL. After they planned out the architecture and got ready to start development, AppSync went into beta. It simplified things so much that they changed course on the spot and used AppSync.
And they weren’t the only ones. Several companies, including Branch Insurance, latched on to AppSync before it was even GA. That’s just how the cloud moves.
Tooling to address the gaps
As Jonathan Altman (Capital One) said, “There’s probably a serverless solution, or will be soon, that provides the capability you need.”
One tool that was getting a lot of buzz was Stackery, a visual way to work with YAML and CloudFormation. Stackery (along with the Serverless Framework), got a special nod from Tim Wagner, the former GM of Lambda, for the ways in which they are making it easier to develop on Lambda.
“To make this work, we need an ecosystem,” Tim said.
But current tooling is still lacking
Ben Kehoe (iRobot) said in the same breath that CloudFormation was perhaps his favorite thing from AWS, but also that he “wasn’t defending the current state of CloudFormation.”
Subbu Allaraju (Expedia) admitted that, even though Expedia is several years into their serverless journey and has thousands of production services, they are still not at a place where he could call them in a state of serverless adoption, saying, “the primitives don’t exist for all our use cases.”
He also encouraged an open mind as the community moves to expand the capabilities of serverless. “We should look at Docker’s tooling and instead of making fun, we should ask what stuff is there that we should have, borrow, or think about.”
Erica Windisch (IOpipe) admitted that configuring Kinesis streams is “really hard, but sort of easier than before,” implying that at least people are noticing gaps and moving to fill them.
As Ben Kehoe put it, “we need to expect more and do better.”
What’s up next for serverless?
According to Tim Wagner (former GM Lambda), we’ve nailed event handling. We’re doing pretty good mobile and web backends. The next stage in serverless is state.
In short: Tim wants to use serverless for supercomputing tasks. He beta launched today a double-NAT-punching system that allows 2-way networking between Lambda functions.
It works by using API Gateway as a broker to let Lambdas register, find each other, and set up connections. The new beta lets you have parent-child or peer-to-peer relationships so Lambdas can benefit from direct coordination and value-sharing without intermediate SNS/SQS/S3 data transit.
A handful of talks focused on this next stage of serverless: big data, machine-learning models, and tools such as NumPy and pywren coming out of academia.
Sage serverless advice
As always, ServerlessConf 2019 was a great chance to pick up some helpful insights from the best minds in the industry.
For security, look to your functions first
We read the OWASP Top 10 for Serverless and CSA 12 Most Critical Risks and think we’re at the cutting edge of security. But, as Mark Nunnikhoven (Trend Micro) points out, the main thing companies need to be doing is looking at their own functions.
The #1 security threat in serverless? Misconfigurations. 100s of millions of records have gotten breached from S3.
He offers four pillars of serverless security to make sure what you wrote works as you intend, and only as you intend.
The excuse is mostly because a one thing - you feel bad with yourself when you are not as effective as you used to be. Show your employees that their temporary ineffectiveness is a company investment. I don't believe that we don't want to learn #Serverlessconf#Serverless
Sam Kroonenberg (A Cloud Guru) says: avoid chaining Lambda invocations, or you’ll take a performance hit. Sam had a lot of detailed info about how A Cloud Guru’s approach to serverless changed over the years as they grew, so if you’re looking down that road right now, his full talk is worth a watch.
Alex DeBrie (Serverless, Inc) champions DynamoDB as a much better for serverless than relational databases, and offers some DynamoDB best practices:
Understand the data model (with added protip: avoid Scan and FilterExpression)
Use advanced features only when you’re ready for them, but when you’re ready for it, Sparse indexes, Transactions, and DynamoDB streams are pretty powerful
Start with on demand pricing
And you should ignore some of the supposed official “DynamoDB best practices” (like only having one table?). Alex runs an online DynamoDB Guide for anyone who wants a full DynamoDB + serverless primer.
Our own Ryan Brown recommends ways to improve efficiency without cutting corners—like throwing in a last-minute hack without documenting it. Don’t build a lego unless you really must. You can, for instance, check out AWS IoT services to see what functionality they have that you could use. There’s a lot of great stuff hidden under IoT labels that nobody checks.
And if you’ve ever spent weeks building a hack-y workaround for a lacking feature, that was then swiftly integrated into the core service, you can share your woes with him on Twitter via hashtag #spacklepunched.
Serverless is opening new opportunities for maximizing business value while saving developer time.
Which, as Simon Wardley points out, doesn’t mean it’s going to lead to idle thumbs or slashed IT budgets. Case in point: as coal got cheaper, we built more things that ran on coal and our demand for it increased. After the computer was invented, we thought we would use less paper, but with readily-available printers in every office, we used more than ever. When we make things easier or more efficient, we use more of it.
Serverless is a form of enablement and power. It’s going to continue to change the development landscape as it proliferates, unlocking all kinds of unforeseen use cases along the way. Get ready.
Watch the talks
Videos will be going live on the ServerlessConf site in the next few weeks! Check back to watch all the talks you missed in full.