Securing Serverless

Guy Podjarny published a great blog post discussing the Serverless space from a security perspective. I highly recommend reading it as it touches on some great points, going over both the security benefits and possible risks.

Two points he made definitely stood out to me, and the first was the concept of a greater attack surface. When I explain FaaS (Functions as a Service) to people, many immediately equate a function as being synonymous to a simple API endpoint. To a degree, they are correct. Then, what’s the difference, and why should we look at security in regard to both from different perspectives? I believe the differentiator becomes how the endpoint is exposed, and what its purpose is.

Standard API endpoints will often belong to a broader application or set of microservices that reside behind a shared layer of security. This could be dedicated network hardware, hardened reverse proxies, etc. As a security minded developer, you develop your endpoint and consider the possible client side attack vectors (Guy points to the OWASP Top Ten guide (Open Web Application Security Project) which is a great place to start; Thomas Ptacek also has a great list here); then possibly move on to write another endpoint, which will share these concerns, all the time relying on that first level layer of security.

When you start developing a suite of functions, things can start to get fragmented. Dependencies start to change between functions, software versions might differ, and the ways the functions are triggered may require different configurations on the network/gateway layer.

The second point that stood out was around monitoring: There are countless battle-tested monitoring solutions out there, but the way functions are deployed and used within an underlying architecture might leave them completely out of their scope. Guy makes a great point about how many of these products are agents that rely on long running processes to keep an eye on and collect from. In order to monitor functions, different techniques need to be implemented for short-lived and hot processes.

All of these are great problems to have and point to fast moving innovation in already fast moving industries. You’ll see most vendors and platforms already tackling these issues and building solutions into their products. This space is still young! Here at Iron, we’re committed to helping make IronFunctions become a respected open source solution for delivering FaaS to wherever you want to deploy it.

Announcing Project Picasso – OpenStack Functions as a Service

We are pleased to announce a new project to enable Functions as a Service (FaaS) on OpenStack — Picasso.

The mission is to provide an API for running FaaS on OpenStack, abstracting away the infrastructure layer while enabling simplicity, efficiency, and scalability for both developers and operators.

Picasso can be used to trigger functions from OpenStack services, such as Telemetry (via HTTP callback) or Swift notifications. This means no long running applications, as functions are only executed when called.

Picasso is comprised of two main components:

  • Picasso API
    • The Picasso API server uses Keystone authentication and authorization through its middleware.
  • IronFunctions
    • Picasso leverages the backend container engine provided by IronFunctions, an open-source Serverless/FaaS platform based on Docker.

Resources

 

We’ve created some initial blueprints to show what the future roadmap looks like for the project.

You can try out Picasso now on DevStack by following the quick start guide here. Let us know what you think!

If you’re interested in contributing or just have any questions, please join us on the #OpenStack channel in Slack.

Announcing IronFunctions Open Source

 

logo-black-400wToday we’re excited to announce IronFunctions, our first major open source project.

IronFunctions is a serverless microservices platform that you can run anywhere; on public, private, and hybrid clouds, even on your own laptop. The world is moving towards hybrid/multi-cloud, so should your serverless platform.

It runs on top of the popular orchestration frameworks (Kubernetes, Mesosphere), inside PaaS runtime environments (CloudFoundry, OpenShift), and on bare metal.

Functions are packaged using Docker so it supports any language, any dependencies, and can run anywhere. It will also eventually support other container technologies, and today it supports the Lambda function format for easy portability and will soon support others as well.

IronFunctions is written in Go, extremely fast, and written with scalability and operability in mind.

Finally, it’s being driven by our team at Iron.io that is unashamedly taking credit for coining the term serverless dating back to 2011 and 2012. We’ve launched billions of containers through our flagship serverless job processing service IronWorker, and now bring this knowledge and experience to IronFunctions to round out our portfolio of products with synchronous capabilities.

So without further ado, we’d love your help in building an amazing platform and community. Fork the repo and please give us pull requests and create issues!

The Project: https://github.com/iron-io/functions

Join our Slack room: http://get.iron.io/open-slack

The Press Release: http://www.marketwired.com/press-release/ironio-releases-first-open-source-project-2175887.htm

Join the conversation: https://news.ycombinator.com/item?id=12961296

Thanks for supporting Iron.io for the past 5+ years.

Chad Arimura
CEO, Iron.io

Delivering on the Promise of Multicloud Lambda-like Functionality

multicloud-takeoff

In February, we launch a beta called Project Kratos. It promised to bring Lambda-like functionality to any cloud – public, private, hybrid or on-premises. As we quickly approach Q4, February seems like a long time ago, but so much has happened since then.

Over the past seven months, serverless computing has gained momentum as more than just the hot topic of the moment. Because it allows enterprises to build and deploy applications and services at scale on flexible platforms that abstract away physical infrastructure, it’s quickly becoming a must have for the modern enterprise. It will soon be a competitive advantage for those already implementing it.

Our journey with serverless has also moved from a project announcement full of promises to the solution that is widely available today.  First, in April, we announced the general availability of its multicloud solution. Since then, we’ve systematically partnered with leading cloud providers to support multicloud development.

In April, Iron.io announced its partnership with Mirantis to bring event-driven, serverless functionality to the OpenStack community. The joint solution enables enterprise developers using OpenStack to deliver applications and services faster through the serverless experience provided by Iron.io.

In May, Iron.io announced its collaboration with Cloud Foundry Foundation, home of the industry-standard multi-cloud platform, to integrate the Iron.io API with the Cloud Foundry platform.

In June, Iron.io brought the serverless experience to Red Hat OpenShift — a pairing that provided users with an end-to-end environment for building and deploying applications at scale, without the headaches of complex operations.

And in August, Iron.io announced its strategic partnership with Mesosphere, enabling microservices and serverless computing for modern data centers. Joint customers using Mesosphere’s Data Center Operating System (DC/OS) with Iron.io could experience enhanced flexibility to develop their hybrid cloud strategy and run distributed job processing across heterogeneous environments.

Yesterday, we added an announcement that serverless functionality is now available on Cloud Foundry and Iron.io supports Diego as a runtime for Iron.io workloads. Iron.io is now able to be deployed on top of Cloud Foundry, run inside of Cloud Foundry, and scale out Cloud Foundry containers.

Wow. I was here for all of it and it still seems like a lot, but it’s only the beginning. The Iron.io team is committed to bringing a serverless experiences to developers and companies far and wide.

If you want information on how we define serverless and why the world is moving this way, check out Chad Arimura’s presentation Best Practices for Implementing Serverless Architecture from the O’Reilly Software Architect conference or Dave Nugent and Ivan Dywer’s great Fireside Chat about serverless computing.

Cloud Foundry and Iron.io Deliver Serverless

iron_cloudfound

This week, the Cloud Foundry Summit is happening in Frankfurt. If you are there, give us a shout. The Iron.io team is there and would love to meet with you. It looks to be a great conference.

We at Iron.io have been fortunate to have been a member of the Cloud Foundry Foundation for several years. It’s focus on high scalability, auto-scaling, and multicloud support matches what Iron.io delivers to its customers.

Today, Cloud Foundry and Iron.io took this commitment to a new level with the announcement that we are working together to bring a true multicloud serverless experience to the thousands of enterprises using Cloud Foundry. Companies can now offer their developers serverless functionality. That means developers can run code without provisioning or managing servers across multiple clouds. This is a key requirement for enterprises that maintain specific data types in an on-premises or private cloud environment.

Iron.io also announced its support for Diego as a runtime for Iron.io workloads; Iron.io is now able to be deployed on top of Cloud Foundry, run inside of Cloud Foundry, and scale out Cloud Foundry containers.

If you want to schedule a meeting at this week’s Cloud Foundry Summit in Frankfurt, or schedule a chat with those of us holding down the fort in the office, fill out this Contact Us form and we’ll get a meeting/call set up.

OpenShift Ecosystem: Iron.io Brings a Serverless Experience to OpenShift

There has been a lot of buzz around the Serverless trend lately; what it really means and what are its merits. At the end of the day it’s really just a new way to treat certain workloads – background jobs. How does this new pattern fit in the context of developing cloud native applications and operating container platforms such as Red Hat OpenShift?

LAYING THE FOUNDATION

Delivering continuous innovation to customers often leads to continuous pressure on the developers to build and ship software… well, continuously. Smart companies are doing all they can to empower their development teams with the right culture to encourage productivity, and the right tools to make it happen. Emerging as the foundational layer for many organizations’ application development efforts is a container application platform, with OpenShift as a leading choice.

As infrastructure resources continue to be commoditized, and as services continue to be exposed as APIs, having a foundational layer is critical to bring everything together. This is especially important when dealing with multiple distributed applications and multiple distributed teams, as containerized applications, workloads, and services need a unifying environment. Continue reading “OpenShift Ecosystem: Iron.io Brings a Serverless Experience to OpenShift”

Massive Content, Validation & Serverless: Cloud Expo 2016 Recap

Cloud Expo Banner

The Cloud Expo was held June 7-9, 2016 in New York City, and Iron.io sent a team to present our vision for the future, collaborate with other attendees and answer questions. Below is a summary of three technical sessions representative of the Containers track at the conference:

Continue reading “Massive Content, Validation & Serverless: Cloud Expo 2016 Recap”

Buzzwords: Microservices, Containers and Serverless at Goto Chicago

Goto Chicago Dave Speaking

It was an honor to give a talk on the future of Serverless at goto Chicago, an enterprise developer conference running from May 24 to 25, 2016. As you can see from the full room, containers, microservices and serverless are popular topics with developers, and this interest extends across a wide swath of back-end languages, from Java to Ruby to node.js. Unfortunately, the talk was not recorded, so I’m providing these notes (and my slide deck) for those who could not attend.

The Evolution of Deployed Applications

Before we look forward into the future of Serverless, let’s look back. We’ve seen a historical evolution in deployed applications at multiple different levels. Whereas before the unit of scale was measured by how many servers you could deploy, we’ve moved through rolling out virtual machines to the current pattern of scaling our containerized infrastructure. Similarly, we’ve seen a shift from monolithic architectures deployed through major releases to containerized, continuously-updated microservices. This paradigm is Iron.io’s “sweet spot,” and we’re leading the enterprise towards a serverless computing world.

Continue reading “Buzzwords: Microservices, Containers and Serverless at Goto Chicago”

Get a Job, Container: A Serverless Workflow with Iron.io

This post originally appeared on DZone

My previous post, Distinguished Microservices: It’s in the Behavior, made a comparison between two types of microservices – real-time requests (“app-centric”) and background processes (“job-centric”). As a follow up, I wanted to take a deeper look at job-centric microservices as they set the stage for a new development paradigm — serverless computing.

Of course, this doesn’t mean we’re getting rid of the data center in any form or fashion — it simply means that we’re entering a world where developers never have to think about provisioning or managing infrastructure resources to power workloads at any scale. This is done by decoupling backend jobs as independent microservices that run through an automated workflow when a predetermined event occurs. For the developer, it’s a serverless experience.

Continue reading “Get a Job, Container: A Serverless Workflow with Iron.io”

Distinguished Microservices: It’s in the Behavior

This post originally appeared on DZone

Microservices is more than just an academic topic. It was born out of the challenges from running distributed applications at scale; enabled by recent advancements in cloud native technologies. What started as a hot topic between developers, operators, and architects alike, is now catching on within the enterprise because of what the shift in culture promises — the ability to deliver software quickly, effectively, and continuously. In today’s fast-paced and ever-changing landscape, that is more than just desirable; it’s required to stay competitive.

Culture shifts alone are not enough to make a real impact, so organizations embarking down this path must also examine what it actually means for the inner workings of their processes and systems. Dealing with immutable infrastructure and composable services at scale means investing in operational changes. While containers and their surrounding tools provide the building blocks through an independent, portable, and consistent workflow and runtime, there’s more to it than simply “build, ship, run.”

Continue reading “Distinguished Microservices: It’s in the Behavior”