Serverless: from hype to reality?

Since the era of time-sharing and the mainframe, computing has been about servers and clients, and many of the core concepts of early operations remain fundamentally intact even after decades of evolution

Although the cloud paradigm seems to be a radical shift, it’s still properly understood as a type of server-client relationship. A relatively new trend, serverless computing, seems to be challenging this longstanding model, and the concept of “NoOps” is gaining some attention. The details, however, are a bit more complex.

Traditional, code has been divided into back-end code on servers and front-end code on clients, or any device that taps into the back-end. This is true in cloud installations as well, as the divide between the cloud and client devices remains. Serverless computing aims to bring some of this back-end code to client devices, allowing apps and websites to be more self-contained and avoid having to rely on a discrete server or cloud. Ultimately, serverless computing hopes to reduce or even eliminate the need for managing servers.

Servers Still Matter

Despite the ambitious name, serverless computing will not eliminate servers. Serverless computing is similar in principle to edge computing, as it brings typical server functionality to local devices, and it’s a natural extension of the cloud concept. The term serverless is a misnomer in a technical sense. When it comes to management and reducing expenses, however, serverless computing can simplify operations and reduce server-related costs.

Major cloud platforms already support serverless infrastructure. Amazon Web Services Lamba is gaining popularity, as are Google Cloud Functions and Azure Functions, among others. These tools tie into their host platforms’ greater ecosystem, providing robust capabilities, and each provider touts the flexibility and agility provided. As with other cloud options, businesses only pay for what they use. The responsive nature of serverless computing provides excellent scalability both in terms of performance and in cost. For uses where demand fluctuates greatly, serverless computing provides significant benefits, and even companies with relatively stable demand might benefit from the streamlined interface it provides. Growing companies might be able to avoid hiring in-house personnel to manage servers.

New IT Paradigms

In theory, companies able to adopt serverless practices will be able to eliminate IT roles by delegating server operations to the cloud. In practice, however, staff reductions might be minimal. Programmers and server administrators have different skill sets, and asking developers to become experts at security is unrealistic in most environments. Similarly, server administrators often lack the skills needed to work as software developers. While some positions might be eliminated, the practical effect of serverless operations will likely be creating a more cohesive IT team, with developers and administrators working together. Application code and serverless code will need to be delineated carefully, and employees will need to acquire a broader base of knowledge to detect potential pitfalls.

Containers provide a means of relying on more traditional concepts while taking advantage of cloud-based operations, while the serverless idea provides even more abstraction from these concepts. Still, experts agree that both technologies will continue playing a valuable role going forward. Container-based operations, currently, can scale to larger sizes than can serverless operations, and inherent limitation to the serverless concept mean some of these limitations are likely to remain. Furthermore, containers offer more control, which is crucial for many operations. While many uses are well served by serverless operations, containers will continue carving out a significant role in the field.

The serverless concept involves sending authentication data and other information across the internet, compared to containers and more traditional solutions that can keep much of this information on servers. Developers need to ensure this information is sent safely. Furthermore, debugging can be more challenging when using serverless infrastructure, and debugging information used during development can leak critical information if it isn’t removed. Perhaps the biggest threat, however, is moving security tasks from security experts to application developers. By removing the need for server management, serverless operations mean that companies can bake server operations into their code, and developers without security experience will be tasked with keeping code safe. Code audits and consultations can help, but having security experts on staff will be as important as ever.

One of the industry leaders who believes serverless IT will be transformative is Nick Rockwell, CTO at The New York Times. We spoke to him about the trend back in December. If you missed the podcast, catch it below.

The serverless idea has compelling advantages, and its adoption will continue at a rapid pace. However, changing the fundamentals of operations always comes with risks and challenges. While the move is appropriate in many cases, companies must exercise caution and keep up with potential threats, and employees must have a deep understanding of how the concept changes security. The serverless tools provided by cloud providers are powerful, but they must be used properly to cut back on costs and ensure critical information is kept safe.