In this episode of Open Waters, we talk with our own Bob Kepford, creator of the weekly newsletter The Weekly Drop, to discuss Open Source Serverless solutions. Bob presented this topic at DrupalCon Seattle and it was very well received. You can catch the recording on the DrupalCon site.
Pro Project Pick: Serverless Framework
Interview with Bob Kepford
- The big question: What is Serverless?
- What are the 4 pillars of serverless?
- What are the advantages and disadvantages?
- What do I have to know to get started?
- As a site owner, why would I consider using serverless?
- What are the security implications when using serverless?
- Who are the big players who are adopting and/or providing serverless solutions?
Transcript
Mark Casias: Welcome to Mediacurrent's Open Waters podcast, a podcast about open source solutions. I'm Mark Casias, and with me is Bob Kepford.
Bob Kepford: Hello, everybody.
Mark: And Mario Hernandez.
Mario Hernandez: Hey everyone.
Mark: Y'all having a good week this week?
Bob: I can't complain.
Mario: That's very good. Nice weather here in LA.
Mark: All right. Very good. So go ahead, Mario, what are we gonna be talking about?
Mario: Well, today we are going to be talking with our own Bob Kepford, the creator of the weekly newsletter, the Weekly Drop, which we hope you are all subscribed to. And he is going to be talking about open-source serverless solutions. Bob presented this topic at DrupalCon Seattle recently, and it was really well received. So we're real excited to have him and explained to us what this is all about.
Mark: Cool. But first we're going to have Bob the host, not Bob the guest, give us our Pro Project Pick for the week. What you got there, Bob?
Bob: I have a project called the serverless framework. So I presented about this in part of my talk at DrupalCon that it basically simplifies the whole process of getting started writing serverless code and deploying serverless projects. So it's a very useful project.
Mark: We will, of course, have a link to that in the show notes that we will provide with this episode. All right, Bob, the guest, step up. Bob, the host, back off. Let's get this started. First, let's start with the big question. Exactly what is serverless?
Bob: Well, first off the term or the name serverless is a bit of a misnomer. There are actual servers that are still involved. It's not any type of magic, but I have four pillars of serverless that kind of, the way I describe it. It is service-based, so you're paying for a service, not a server. It's a cloud runtime. So you might, you're basically executing your code in the cloud on a provider, not on a server that you manage, and the pricing is usage based. So you're paying for the amount of time your code runs or how ever many executions, but you're not paying for idle time. And then, number four, it's a managed infrastructure so you're not managing any of this infrastructure. It's managed for you, so auto scaling and all that kind of stuff is the way it functions. And that is, I call that I have an acronym for that called a SCUM. So service-based cloud runtime, usage based pricing, managed infrastructure, SCUM.
Mark: I just want to know who made that up, Bob?
Bob: Mark made that up.
Mark: Thank you very much.
Mario: Oh, wow. Yeah. Cool.
Bob: He came up with the acronym portion of it, I changed the order around to work. I had another acronym, but I can't even remember what it was now. This one's so much better.
Mario: Yeah. I like it. So let me ask you, Bob, what are, you mentioned those four pillars and those obviously seem like, you know, a lot of them seem like advantages, but if you can summarize some of the advantages and disadvantages of serverless what would those be?
Bob: Yeah. So one of the big advantages of serverless is once you kind of understand how to do a serverless project and what's a good fit for it, the time to market is much faster than a traditional lamp stack or a server stack where you're deploying servers or you've been using, you know, a platform as a service provider. So you get your time to market faster. Your investment in infrastructure is smaller, and the overall risk that you're taking on is a lot less because you're not spending all that time validating your idea on infrastructure and deployment and things like that that you would typically have to set up if you're going for the more traditional route.
Mark: Cool. That makes perfect sense. You said that very well. Thank you. What do I need, what else do I need to know to get started? Bob: So in order to get started with serverless, I think the main thing is just to understand what your use case is and keep your scope very limited, try to take an approach of microservices where you're just trying to solve one simple problem. And if I would say like technical knowledge wise, the two most popular languages that are supported pretty much across the board with all the providers are Python and Node.js, so if you know Node.js or, you know, Python very well, you're going to be able to get started pretty quickly. And I would just say like, start something simple, like maybe a web form handler and the code you would write for that is going to be almost identical to what you would write for a traditional node or Python form handler. So there's not so much about technical that you need to know that's different. It's just, it's going to be running in a container that won't live for very long. It'll, it'll get spun up and then if it's not being used, it'll get spun down. So you just got to kind of realize that, and I play around with it and just, you know, it's a learning process. It's a very different approach.
Mario: Good. So that's from the technical point of view, but as a site owner, why should I consider using serverless? And I'm interested in knowing the advantages of the site itself, like what advantages my site will get from this, but also maybe from a budgeting point of view. As a site owner, I'm interested in obviously saving money or being able to get more out of my money. And so how does serverless help me with those two things?
Bob: Yeah. So one of the really good use cases for serverless is if you have a static site. So, like I say, you're running Gatsby or another static site generated website, and you, you kind of lose some of the functionality you would get with WordPress or Drupal. You can augment your static site with serverless. So, an example of that would be if you needed a little dashboard for your user's account, and you needed to be able to query that stuff from from a backend service. So you could, you can have a very narrow scope of code to just do that one job, or let's say you need a kind of a smart contact form. You could run a serverless function to handle that form. And the big advantage of doing it that way versus, say, running a PHP server or a node server, is that you don't have to keep the security updates on that server.
Bob: You're not maintaining a server, so you don't have that maintenance cost. You don't have to keep developers available to make those upgrades whenever a security release comes out because the cloud providers pretty much taking care of that for you, they're running the server and you don't even have to care about it. The other advantage is cost for site owners. You're only paying for your use. So I'll use AWS as an example. AWS runs a service called Lambda, which basically is a function as a service. So just think of it this way. You know, you write a function that solves the returns an answer to a question, well, you're actually paying for every time that function is executed instead of 24/7. So you're not repaying for that server to be up all the time. You're only paying for it whenever it's actually being used. And with AWS, if you start off with one of their plans, you get a million Lambda executions a month for free. And then the cost per execution of the function is very low. So you could end up spending anywhere from zero to just a few bucks a month to provide something that if you were to pay for, you know, a server to run might cost you, you know, 20 or 30 bucks a month or a few hundred dollars a month.
Mario: That's pretty impressive. I remember the days when, you know, running websites, it will require you to, to purchase a new hardware. And then things like that, that alone will cost you like $14,000. This was, you know, five, 10 years ago. And so that's quite a bit of savings there.
Bob: There was this one other thing you mentioned about the buying the hardware. I think one way to think about this is, is that this kind of the natural evolution of technology where you, we used to have to buy servers, physical hardware, you know, spend thousands of dollars on equipment. And then, people began doing that for you and you would pay a hosting company for that and they would actually host your website on a physical device. and then virtualization came along and it got cheaper so that they could have a server and then just sell you a portion of it. And then people began to automate that process like AWS. Then you see, you know, hosting companies that were specialized in something like Drupal, so Aquia or Pantheon, and you're paying for the ability to host a Drupal site. And what serverless really is, is just the next iteration of that evolution of technology. It's where I don't even manage PHP on the server anymore, or node on the server or Ruby or whatever, they manage it. I just pick it from a dropdown. Okay, I just want to use node version eight and then I just write my code and upload it to the service and it runs. So I'm not actually even managing a full project and there's just my one function. And if I want to use a function on another version of node, I can do that. So it's just kind of more of an abstraction away from what we used to do. We're paying for less basically.
Mario: And this is important to know that this is not Drupal specific. This is, this applies to any type of app development that you're working on. So just to clarify that.
Bob: Yeah. Yeah. So if it's a web service, I mean, one of the big uses for serverless is internet of things applications. So if you have a smart device, a lot of times they're needing to do things off of the device. You know, they like, there's some tasks that it just keeps the device is so small and doesn't have as much power, it's not capable of doing. So it'll actually call out to the internet and then wait for a response. So a really good use case for serverless is supporting those types of devices.
Mario: Yeah. Earlier you mentioned, you know, you don't have to worry about security updates cause, you know, the provider will take care of that for you, but are there any security implications when using serverless? Any concerns that I should be aware of as a site owner or as a product owner when using this type of service?
Bob: Yeah. There's definitely a things you should be aware of. One of them is, is that you still do have some responsibility for security. I'll just use an example that I recently had. I've deployed several functions to my AWS account back last year, nd then the version of node that I deployed them using the version of node I wrote the code in is no longer supported. So AWS actually sent me an email saying that they were going to spin down my functions. They weren't going to work anymore unless I updated them to node eight. So I went in and, you know, thankfully it didn't require any code changes on my part. My code still worked perfectly just the way it did before, but you, you're still responsible for the code that you write, making that secure. And so you've got to be careful in the way you handle secrets and you need to make sure your connections are, you know, you're using HTTPS, so just kind of the basic web security best practices still apply.
Mark: So who would you say are the big players who are adopting and, or providing serverless solutions?
Bob: The big providers in the space and I'll name them in order of kind of their popularity, at least as far as I know. AWS is the big one, they've been doing it the longest and they, from my experience, have the most broad support for pretty much anything you'd want to do. So AWS, then I would say probably Microsoft Azure is really expanding their offering and they have some really compelling products and then also Google Cloud. So Google has been really going after this market pretty, pretty hard. They have Google Cloud and they also have Firebase. So they have kind of two, they're not identical, but they do have a little bit of overlap. So Firebase is more than just a cloud-based database system. It's actually something that provides authentication functions as a service media management and things like that. But all these providers provide everything you would need to have a fully serverless application. And then there are many other smaller or less, you know, full feature providers. Cloudflare is a good one to think about. So yeah, there's, there's, we're seeing a lot of expansion, and as far as adoption, that's harder to pin down. I am, I did read a blog post a while back that mentioned quite a few very large companies that were using serverless. And the whole idea of serverless is actually evolving all the time. So I think it's, it's hard to say a lot of companies are talking about doing it and either some, some level of adopting it, whether they're just starting or they've they've got some stuff migrated over.
Mario: All right. So, host Bob, do you have any questions for guest Bob?
Bob: Yeah. So let's see. So have you, Bob, have you used this on any actual client projects?
Mark: Great question, Bob, go ahead and answer.
Bob: Yes. I don't think I'm at liberty to talk about it. But I would say that I have a current project where we're, we're using serverless. And I can talk a little bit about that because I think it's a really good use case for this type of approach. If you, so what we're doing is we're running a GraphQL server, and we're basically using GraphQL as a data normalization. So that is running in a Lambda function. So we're only paying for, you know, the execution of the API calls. We're not paying for it to be running all the time. So, and it's less maintenance for us to keep that patched and secure. So that's just one use case and that's actually working with Drupal and working with Gatsby and working with React, so that can come alongside your existing projects that you use. All right. Well, cool, Bob.
Mario: Thank you, Bob the guest, thank you very much for joining us and great question, Bob, the host. And that's it for today's show. Thanks for joining us. If you're looking for more useful tips, technical takeaways, and creative insights, visit mediacurrent.com/podcast for more episodes and to subscribe to our newsletter. And thanks for playing.