Monday, February 29, 2016

Microservice and Monolithic architectures exemplified

We'll use an example of an application to illustrate the differences between Microservice architecture and Monolithic architecture.  Let us take an e-commerce application which has the purpose of selling products online. In general all applications from this category require functionalities for browsing through available products, purchase them and placing orders which are later managed by administrators. And of course most of the e-commerce websites have some content which must be easily editable at any time from an administration dashboard.

Monolithic architecture


In the below diagram it is presented an e-commerce web application built following a monolithic architecture. As seen in the below diagram the data of the web application is stored in a single database. Products, website content, orders placed by customers and inventory information all stored in the same place. The web application has multiple purposes, first and most important to allow customers to browse through products and allow them to buy, secondly managing orders, content and maybe offering customers the possibility to create an account for managing different settings and subscriptions.
In this case the application built on a monolithic architecture offers both a web interface written using HTML, CSS and JavaScript and an Application Programming Interface which can be used by the clients such as Android or IOS smartphone apps.

E-commerce web application built using Monolithic architecture
E-commerce web application built using Monolithic architecture

Scaling for this kind of applications can be done both horizontally and vertically. The later means that the production machine will get its hardware improved by adding additional RAM memory, disk storage or adding a better CPU. Scaling vertically can be achieved by installing the same version of the application on multiple nodes and putting a load balancer between the nodes and the browser clients or API clients.

Microservice architecture


The below diagram shows a possible way to build the described e-commerce web application in a microservice architecture. As seen below the application was split into multiple small services each having its own purpose, managing orders, managing products and managing content. 
Each small service has its own database which contains the generated or used data by that particular service, so basically we do not have a big database but rather multiple small databases. This represents one of the big advantages of microservices because scaling of the database horizontally becomes possible. Of course that a data consistency issue appears when a complex flow, which passes through multiple services, fails somewhere in the middle of the processing. Assuring data consistency requires now a lot of extra effort, something which was previously easily achieved using database transactions.
The earlier mentioned API Gateway stands in front of the clients and incorporates the API offered by all microservices such that the clients know only about that API and are not aware of the other services behind it. This can be compared to the fa├žade design pattern in which a single entry point for the clients is offered. Following this architecture makes it easier to later change the implementation or the API of the services as long as the API of the Gateway still remains the same.
Using Microservice architecture offers more options for scaling the application, for example one can install half of the services on one node and the other half on the other node. One can install each service on a separate node or even install each service twice on two different nodes, but then most probably a load balancer is needed.

E-commerce web application built using Microservice architecture
E-commerce web application built using Microservice architecture

In future posts we'll have look over the advantages and disadvantages of Microservice architecture and over its use in practice.


Wednesday, February 24, 2016

Introduction into Microservice architecture

The purpose of this post and future related ones is to understand which are the advantages and disadvantages of Microservice architecture. This blog post is meant to get you familiar with this topic and represents a first step towards reaching the end goal.
Understanding what microservice architecture is and then identifying the advantages and the disadvantages of this architecture, it is first required to define some concepts like software architecture and software pattern. 
Software architecture refers to the high level structures of a software system, the discipline of creating such structures, and documentation of these structures. These structures are needed to reason about the software system. Each structure comprises software elements, relations among them, and properties of both elements are relations. The architecture of a software system is a metaphor, analogous to the architecture of a building. Wiki
As microservices architecture is an architectural pattern let us have a look over its definition. An architectural pattern is a general, reusable solution, to a commonly occurring problem in software architecture within a given context. Architectural patterns are similar to software design pattern but have a broader scope. The architectural patterns address various issues in software engineering, such as computer hardware performance, limitations, high availability and minimization of a business risk. Some architectural patterns have been implemented within software frameworks. Wiki
Because the microservice architecture comes in contrast with the monolithic architecture let us shortly review what a monolithic architecture is. 
In software engineering, a monolithic architecture describes an architecture in which the application single-tiered software application, its user interface and data access code are combined into a single program from a single platform. A monolithic application is self-contained, and independent from the other computing applications. The design philosophy is that the application is responsible not just for a particular task, but can perform every step needed to complete a particular function. Martin Fowler article
Today, some personal finance applications are monolithic in the sense that they help the user carry out a complete task, end to end, and are “private data silos” rather than parts of a larger system of applications that work together. Martin Fowler article
Microservice architecture can be defined as an architectural pattern or style in which a software system is developed as a group of smaller services, each running in its own process and communicating with each other using lightweight mechanism such as HTTP. The services should be built around business capabilities and should be independently deployable. The services should be small, highly decoupled and should focus on doing small tasks, facilitating a modular approach for building a system.

Motivation


The development of monolithic applications becomes slower as the application grows, so does grows the frustration of the developers. Large applications are hard to manage and most often doing a small change takes days to identify the impact and hours to write the code, afterwards it might take few days to pass review sessions and run automated suite of tests. These issues are some of the causes which made developers to welcome the microservice architecture which breaks down things into manageable pieces.
Following this architecture means that a big team can be split into smaller teams organized around microservices, these small teams become autonomous and fully responsible of their developed service. Fear of change will not prevent developers to fix issues or create new features, besides this the efficiency and the development speed is visible increased.
Developers feel more comfortable when managing smaller code bases than managing a monolithic one, this means that creativity is stimulated and development frustration is less likely to appear.
Another great thing which is achieved using this architecture is that developers are kind of forced to develop the application into a modular way; it also allows reusing services over multiple applications.

More about microservices..

In future posts we'll discuss more about Microservice architecture vs Monolithic architecture, advantages and disadvantages of Microservices and putting this architecture to practice.

Saturday, January 30, 2016

StreamInsight components

Streams of data


Just as Microsoft SQL Server was designed to allow developers to manage static data, StreamInsight was designed to work with streams of data. But what does a stream of data me

an? Well a stream of data is a sequence of pieces of information, for each such piece of information a certain time is associated with it. Usually the associated time is the date-time of creation.

Such streams of data can be produced by countless devices which vary from smoke sensors, temperature sensors to smartphones, robots, web applications, hosting servers or trading applications. 

Event


An event can be defined as a basic unit of data processed by the StreamInsight server, each event encapsulates a piece of information thus we can say that a stream contains a sequence of events. Each event consists of two parts, the header and the payload.

The header defines the event kind and temporal properties of the event. All the temporal properties are application-based and supplied by the data source rather than a system time supplied by the StreamInsight server. All the timestamps use the .Net DateTimeOffset data type, also StreamInsight normalizes all times to UTC date-time automatically.

The payload is a .NET data structure which holds the data associated with the event, the fields of the data structure can be defined by the developer. Each field can have a .NET data type e.g. int, float, string etc.

Query


The same way as a fisherman uses a fishing net to catch fish from a river, we can use a StreamInsight query to retrieve relevant information from a stream of data. The results of the query are received incrementally for as long as we need.

One can define a myriad of queries starting from simple ones like selecting all events which fulfill a certain condition, to more complex like selecting certain events which appear in a window of 3 minutes.

The main difference between StreamInsight and a database is that StreamInsight never stores the data, a query is kept active all time while the server is running. Every time a new event appears it triggers a new computation and generates a new result. Of course if we are interested we can store the results of the queries.

Source



Devices which are data producers become sources of data for the StreamInsight application. One can define multiple sources of data which go into the StreamInsight server and against which queries are executed.

Sink


We have sources of data which become streams of data and queries which are executed against them, but how can we get our hands on the query results? Well we can define a sink in which StreamInsight will send the result of the defined queries. Also in this case we can define multiple custom sinks, some might represent a conventional database or an user interface in which users can acknowledge the information immediately.

StreamInsight components working together




As seen in the architecture diagram from above, one can define source of events like smartphones, fire sensors, smoke sensors, temperature sensors, server logs or event historical data. This platform allows developers to aggregate all these events by defining LINQ queries, the results of these queries are then passed to any developer defined sink like monitoring devices, monitoring applications or even data warehouses.

Saturday, January 2, 2016

StreamInsight

StreamInsight is a platform developed by Microsoft which allows developers to create and deploy complex event processing (CEP) applications. This platform is based on the existing .NET Microsoft platform and it enables developers to implement robust and highly efficient CEP applications. There are a lot of possible event sources, some of the most relevant are:

  • Financial trading applications
  • Web analytics
  • Manufacturing applications
  • Server monitoring applications

One can use this platform to easily create tools to monitor data from multiple sources for meaningful patterns, trends, exceptions and opportunities. Analyzing and correlation can be done incrementally while data is produced (in real time) without storing it first, which translates in to having a low latency application. As a source of events historical data can also be used.

Key Benefits


In the following I will try to talk about the most important features and advantages offered by this platform.

Highly optimized performance and data throughput


StreamInsight supports highly parallel execution of continuous queries over high-speed data because it implements a lightweight streaming architecture. The use of in-memory cache and result computation done incrementally provide an excellent performance with high data throughout and low latency. In StreamInsight all processing is automatically triggered by incoming events based on defined queries. Also the platform provides the functionality for handling out-of-order events and in addition static reference or historical data can be accessed and included in the low-latency analysis.

.NET development environment


Microsoft created the .NET development environment in which programming languages like C#, tools like Visual Studio and services like SQL Server can be easily integrated and used for applications development while still keeping the loose coupling between them. StreamInsight is included in this environment in which one can easily develop fast and robust applications. Developers can write their CEP applications using C#, leveraging the advanced language platform LINQ (Language Integrated Query) to create queries.

Given the fact that there is a large community of the developers already familiar with these Microsoft technologies the cost and time of the development of a CEP application is significantly reduced.

Flexible deployment capability


StreamInsight platform provides two ways of deployment scenarios. First is a fully integrated into the developed application as a hosted (embedded) DLL. The second way is deploying StreamInsight as a stand-alone server with multiple applications and users sharing the server. This means that one can develop multiple, independent, applications which use the same StreamInsight instance. The CEP server runs in a wrapper such as an executable or the server could be packaged as a Windows Service.

Extensibility


StreamInsight allows developers to extend its functionality by giving them the possibility to define their own operators, functions and aggregates to be used in queries and define specific event types against which to run the defined queries.

One of the great things about StreamInsight is that it was designed to seamlessly integrate with any domain specific business logic. This means that the platform does not come with any implemented functionality for specific business sectors but it allows developers to plugin any specific business logic.

CEP Query Visualization and Analysis


Microsoft StreamInsight provides a stand-alone Event Flow Debugger which is a powerful GUI tool that enables visual inspection of a continuous query. One can use this graphical tool to quickly inspect the query tree, replay data processing and perform analysis.


Latest version


Currently the latest version of StreamInsight is 2.3, this was released together with SQL Server 2014 on the first of April 2014. Release 2.3 contains only a licensing update, so any code written against the previous version, 2.1, will still work.


In the future posts about StreamInsight I will present some of its most important components.

Robert Rusu

Saturday, December 26, 2015

Introduction to event stream processing


Today most of the businesses are actively monitoring data streams and application messages in order to detect business events or situations and take time-critical actions. Even though plans are made for businesses, events are the real drivers of the enterprise today because they represent changes in the state of the business.

Unfortunately, as it happened in case of data management in pre-database days, every usage area of business events today tends to build its custom infrastructure to filter, process, aggregate and propagate events.

Building efficient, scalable systems for monitoring and processing events has been a major research interest in recent years. As new technologies rise and existing ones are expanding the sources of relevant events is growing exponentially. A lot of technologies have been proposed, including Data stream management, complex event processing and asynchronous messaging. 

One can observe that all these systems share a common processing model but differ in query language features. Besides, some applications might have different requirements related to the consistency of the data which might translate in tradeoffs between insensitivity to event arrival order and system performance. It is clear that some applications require that events are processed in the order in which they arrive or were created, while others are more concerned with high throughput. If exposed to the user and handled in the system, user can specify the consistency requirements per query and the system would adjust itself at runtime to guarantee consistency and manage system resources.

Event stream processing use case


As an example let us consider a financial services company that actively monitors financial markets, individual trader activity and monitors financial markets. Having a desktop application, a trader can track a moving average of the value of an investment portfolio. From the business perspective it is required that the average is updated continuously as stock updates arrive and trades are confirmed. A second application running on the trading floor would extract events from live news feeds and correlates these events with market indicators to infer market sentiment, impacting automated stock trading programs. 

The query would filter patterns of events, correlated across time and data values. In order to bring value to the business, this application needs to provide the information as soon as possible, late events might result in a retraction. Meanwhile a third application might be running in the compliance office monitors trader activity and customer accounts, to watch for law violations, bad intentioned actions or institution guidelines. This queries might run until the end of the trading day or even until it finished processing all the events from that day. These applications carry out similar computations but differ significantly in their workload, requirements for consistency guarantees and response time.

The example illustrates that most real-world enterprise applications are complex in functionality and might incorporate different technologies that need to be integrated and are required to achieve high accuracy and consistency. In following posts I will write about a solution which can be used for building applications from the area of event stream processing. The solution is a platform developed by Microsoft and it is named StreamInsight.

Saturday, August 22, 2015

Setup CAS server tutorial

Prerequisites 

For setting up the CAS server the following must be installed:
I assume that you have knowledge of all these technologies and I will not go into many details about them.

Setup CAS server project

CAS uses Maven to build a deployable package which can be installed into a Java servlet container. In this tutorial we'll use Tomcat as a container.

Also CAS server makes use of Maven overlay which makes the setup very easy and provides default configurations and flows which can be easily updated to your needs.

To make things faster I will provide below the pom.xml which contains only the dependency to the cas server webapp and the configured maven overlay build plugin. Importing the pom.xml as a maven project into an IDEs such as Intellij will generate an overlays folder which contains the defaults of CAS server, browsing through them will help you understand how it works. 

<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
  <modelVersion>4.0.0</modelVersion>

  <groupId>com.blogspot.robertrusu.cas</groupId>
  <artifactId>cas-server</artifactId>
  <version>1.0-SNAPSHOT</version>
  <packaging>war</packaging>

  <name>cas-server</name>
  <url>http://maven.apache.org</url>

  <properties>
    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
 <cas.version>4.0.2</cas.version>
  </properties>

  <dependencies>
        <dependency>
            <groupId>org.jasig.cas</groupId>
            <artifactId>cas-server-webapp</artifactId>
            <version>${cas.version}</version>
            <type>war</type>
            <scope>runtime</scope>
        </dependency>

    </dependencies>

    <build>
        <plugins>
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-war-plugin</artifactId>
                <version>2.6</version>
                <configuration>
                    <warName>cas</warName>
                    <overlays>
                        <overlay>
                            <groupId>org.jasig.cas</groupId>
                            <artifactId>cas-server-webapp</artifactId>
                            <excludes>
                                <exclude>WEB-INF/cas.properties</exclude>
                                <exclude>WEB-INF/classes/log4j.xml</exclude>
                            </excludes>
                        </overlay>
                    </overlays>
                </configuration>
            </plugin>
            <plugin>
                <groupId>org.apache.maven.plugins</groupId>
                <artifactId>maven-compiler-plugin</artifactId>
                <version>3.2</version>
            </plugin>
        </plugins>
        <finalName>cas</finalName>
    </build>
 
</project>


Configuration of CAS server


You will need to copy into yourTomcatInstallationPath/conf/cas folder two configuration files, to be easier for you can take them from github and later change them to fit your needs.
  • cas.properties contains CAS configuration which can be changed at runtime without the need to build the web application again. Of course after changing the configuration you will need to reload the application or restart tomcat.
  • log4j.xml contains the logging configuration for CAS server
It is very important to change in cas.properties the configuration which points to the location of log4j.xml otherwise the server will not be deployed successfully.

log4j.config.location=yourTomcatInstallationPath/cas/cas/log4j.xml

You will need to create in your project a spring configuration xml file which will replace the one from the cas-webapp dependency at build time. The file name must be propertyFileConfigurer.xml and its location must be inside your project at:
src/main/webapp/WEB-INF/spring-configuration/propertyFileConfigurer.xml
The file contains the location of the CAS server configuration which will be picked at runtime, when deploying the webapp in Tomcat. The content is the following (just replace yourTomcatInstallationPath):

<?xml version="1.0" encoding="UTF-8"?>

<beans xmlns="http://www.springframework.org/schema/beans"

       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"

       xmlns:context="http://www.springframework.org/schema/context"

       xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.1.xsd

       http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context.xsd">

    <context:property-placeholder location="file:yourTomcatInstallationPath/conf/cas/cas.properties"/>

</beans>



Build it and run it

  • Build the webapp using: mvn clean install
  • Copy the obtained cas.war file into yourTomcatInstallationPath/webapps
  • Start tomcat (startup.bat)
  • Visit http://localhost:8080/cas
You will see the default look of the CAS server together with a login form. To test it you can use the dummy username "casuser" and its password "Mellon".  
These are configured in next xml file overlays/org.jasig.cas.cas-server-webapp-4.0.2/WEB-INF/deployerConfigContext.xml in the primaryAuthenticationHandler bean. 

If you are not able to access the CAS server web application after you deployed the war file into tomcat checking the container logs or the CAS logs will probably help you to fix the issue. 


The end!

As you've seen I did not get into to much details and kept it short. I will try to make some posts on how to further configure the server to use some various authentication handlers or how to register cas clients. If you have any suggestions please leave a comment below. 

To better understand CAS I suggest that you also read the following article CAS - Central Authentication Service which contains an introduction into CAS and also a lot of useful resources to get you started. 

 Robert Rusu

Update: Even if at the time when I wrote this tutorial the CAS Server had version 4.0.2, the same steps can be applied, maybe small adjustments might be needed like using the latest configuration samples.

Wednesday, March 11, 2015

CAS - Central Authentication Service

Introduction


This post will give you a brief overview of what is CAS - Central authentication service as a protocol and CAS solution which is an solution for web services implemented by JASIG - Java in Administration Special Interest Group.

Before you dive in, there are some things you need to know like:

  • What is multi-sign-on? We have multi-sign-on when we have multiple web applications, each having their own login form. Most probably for each of them you need to use different usernames and passwords
  • What is single-sign-on? We can describe this as being able to login only once in order to access multiple web applications. From my point of view the most obvious example is Google, one needs to login only once to access all Google services like Gmail, Google Drive, Google+ or Google analytics.

CAS - the protocol


CAS is a single-sign-on protocol which allows users to access multiple web services by providing only once their authentication credentials, usually their username and password.

The involved entities in such a protocol would be the CAS server, the registered to CAS web service and the client web browser. Obviously the CAS server would hold an CAS application instance. A registered service is a service which will become accessible by the user after he successfully logs in, a user would use a web browser to access the service.

One of the best way to get you started with understanding CAS protocol is to follow the sequence diagram which is available on JASIG's website at http://jasig.github.io/cas/4.0.x/protocol/CAS-Protocol.html.

CAS - the application


CAS, the application, developed by JASIG is an open source software that implements CAS protocol.

The application consists of a server component which is written in Java. CAS developers also used Spring Webflow and Spring MVC framework which in my opinion is a very good thing as it allows other developers to improve or customize CAS according to their needs easier by just being able to understand these common used frameworks.

CAS has libraries for different authentication methods like authenticating user against LDAP or database. Also its very easy to configure your own authentication handler, for example an authentication handler which calls an external service.

As the registered services must also implement the CAS protocol there are client implementations in different programming languages like Java, C#, PHP or Perl.


When is CAS useful and when its not useful?


CAS is useful when you want to allow users to access multiple web applications by requiring them to authenticate only once instead of multiple times. Obviously you cant have multiple users with same username, this means that you might want to have only one place in which you store usernames and passwords.

One of the most problematic issue which I've found in CAS is that it does not allow you to group registered services which are accessible by a user after authenticating in CAS. For example if I have four registered services, after an user with a certain role logs in he should be able to access only first two of the four services and a second user with other privileges should be able to access only the last two of the services. From the short research which I've done there is no support for this. A way to solve this is to have two CAS instances running or another would be to customize CAS to work with something similar to ACL - Access Control List.


Useful resources


Even if I am not an expert in developing applications which implement CAS protocol or use CAS application as a solution for single-sign-on I wanted to share what I know and I hope that this will help other developers to get them started with CAS. I will also try to create a blogpost in which to describe a step by step and from scratch CAS installation and configuration. 

You're feedback and comments are more than welcome!

Good luck!
Robert Rusu