Conf42 Cloud Native 2022 - Online

Survival Guide for Java Architect in the Cloud Era

Video size:

Abstract

Currently, we see several cases of security breaches that caused a loss of millions, either as credibility or as new fines. As a result, new data protection laws emerge. Betting on information security guarantees quality and helps prevent these headaches, in addition to avoiding scandals that could make a software project unfeasible. The company and its team are aware of the importance of safety and prevention; it is necessary to develop a DevSecOps culture. In this talk, you will learn more about this working model and how to prevent you or someone on your team from being responsible for the next security disaster.

Summary

  • Otavio Santana: Why should a move to cloud and why should I keep it? He talks about how we can increase our experience in the cloud. Everything is around cloud. Why not move to the cloud right now?
  • Cloud computing is a model for enabling builders convenient on demand network. The main goal here is to focus more infrastructure where cloud native is more about infrastructure than soft development. Success is faster innovation without impacting stability.
  • Right now we have 1000 of definition of cloud native. To me cloud native is a set of good practice to optimize an application in the cloud through three steps, containers, orchestration and finally automation. It's an engineering approach and everything is about trade off.
  • And finally let's talk about the survival guide. How can we handle with cloud Java and how we can move our application to the cloud. These survival guide today is a flight plan. And basically the idea and the analogy with the flight plan is exactly like that.
  • The first level or none. We are not using cloud yet, but we'd like to use the first point on that moment is to understand the methodology to move our application far as possible. Make it more observable and modifiable to go to optimization through hybrid cloud.

Transcript

This transcript was autogenerated. To make changes, submit a PR.
Hello everyone, my name is Otavio Santana. I'm glad to be here today. Let's talk about cloud, these survival guide for the Java activate cloud era. Right now we're going to cover why should a move to cloud and why should I keep it and how can I increase my interaction with cloud, especially the cloud native techniques and tools. A little bit about me my name is Otavio Santana. Today I am distinct engineer at Soup innovation. Besides that I enjoy a lot open source. That's why I become Java champion Oracle Ace, member of TSP as a chief member Apache Eclipse committer. I enjoy the Java could. So I'm also working several specifications, mainly in Jakarta ee microprofile right now a member of CLCF, Linux foundation and Phenos. Besides that, when I do have free time, I enjoy to write book and articles, especially about cloud, Java and architecture. But today is not about me, it's about how we can increase our experience in the cloud, right? Everything is around cloud. We enjoy cloud. Cloud is so lovely, why not move to the cloud right now? Previously we need to understand why we are doing that. If you take a look at the whole history, we could see that in 2001 we had the agile manifesto where the main focus was to have a time integration between developers or engineers and a user where we know the right direction doing incremental delivery. After that we could see in around 2010. So we don't have the exactly time in DevOps because we don't have DevOps manifesto. But what do you know, it is after the agile where we put also the operation on that future to have tight integration to deliver fast and fast and fast. Fast of course with quality. And then we finally understood as well that okay, we need to think about security not in the reactive way, but as prevention. Right now we are able to put security in a process these to avoid any kind of SQL protection, some data leak or any kind of thing that might impact and security of our organization and our technology. For sure we know the writer of cloud and what does cloud mean? Cloud computing is a model for enabling builders convenient on demand network. Yes, and blah, blah blah, blah. It belongs to NIS National Institute of Standard and Technology. But to me cloud is basically somebody else's problem. Where I delegate these issue to somebody else, you solve to me probably. You know that analogy between pizza and cloud where we put cloud and pizza both as service. We started with on premise where we need to do everything by our hands like make at home the pizza and move through, go dine out and have everything fade for us right. That is soft in a sense. On the someone else problem perspective. The idea is, okay, I want to do everything by my bare hands, I need to have knowledge, infrastructure, everything. But I had less time to focus on my business and I want to increase the experience on my business. So I delegate the hardware to somebody else. I pay somebody else to handle the hardware to me. So it is infrastructure as a service, but sometimes it is not enough, right? I want to focus even more on my business perspective. So I delegate the hardware and the operation on that. In these case I will use path or platform as service where I just need to write a code, I don't need to do something else, for example platform, Sage, Heroku and so on. And these last step is I don't want to handle anything, I just want to use it. So I delegate the hardware plus the operation and finally the software knowledge to create these software. So the Gmail suites, the G suites, I feel like that. So I delegate everything to another companies to make my life easier and several perspectives. But it doesn't matter. In each scale we are in abstraction. The whole point about cloud is why won with that. So we want success. And to us success is faster innovation without impacting these stability. Okay, that sounds impossible, but that's what we are looking for with cloud. At least that's what we're trying to achieve. Okay, that's why right now we have several options of cloud providers and service. We started with yes, infrastructure as a service, platform as a service and software as a service. And right now we have more flavors of service in the cloud. So you probably have heard about cas, that is container as a service, where we provide containers. And also we have decision process as a service, database as a service management event, streaming as a service, back end as a service or serverless and so on. The main point here is those are new service and we try to put a category on that situation where caused it is between yas and cases. And these manage application service such as database as a service and serverless are unspecialization of cases. Okay, but these is a new discussion. It's not stuttered. And every time that we talk about cloud, we are living in a cloud trained moment where we had cloud, just cloud was a buzzword around technology. Right now it is not anymore. Then we moved to cloud. Ready? Moved to cloud friend. Finally, right now we are living in a cloud native era where everybody's talking about cloud native. But wait, what does cloud native means? Unfortunately, I have a bad news. You. That is, I have no idea what does that mean, and I'm being to tell you what I guess nobody knows because cloud native become a kind of hakuna matata where everybody has your perspective. These about that definition, okay, if you go to several articles, several discussions probably these discussion this article, this book has your own definition about cloud native. Each company probably has own definition and you might have your own definition about cloud native. Let's go on some samples here. For example, in the pivotal website, cloud native is an approach to building and running application that explode and take advantage of the cloud computing model. There is this amazing book here, or learning path attaching cloud native application. The main goal here is to focus more infrastructure where cloud native is more about infrastructure than soft development. There is this book here, cloud native development partner and best practice. It has a similar ideology around cloud native to the previous book. Indeed they have a new word third that means in deployment, deploy, up and replace and scale. So it's more about infrastructure than soft development. Then we have this book that put everything around soft development in some level of cloud native. So today cloud native is more than a tool set, is a complete architecture and philosophical approach. So everything is around cloud native. In the past we had waterfall, right now we are living in the agile methodology and the next move to you is move to cloud native where everything is around cloud. We also have CNCF that is an organization around cloud native by Linux foundation that has your own definition as well. So cloud native technology empower organization to build run scalable application. It has several simple approach, okay, container service, mesh, microservice. But as you can see it's abstract enough to fit everything because it's too abstract and it looks like more a marketing and sales pitch, they are technical perspective. But anyway we saw several articles around, okay, if you create an application that is container based or it's ready to cloud and it was burned in these cloud, okay, it's a cloud native application. And be happy with that. The whole point here is today is to explain to you that right now we have 1000 of definition of cloud native. And that is okay, that if you have no idea, what does that mean? Because right now the whole market has no idea either. Okay, so every article might have a different perspective of cloud native because it's a new trend. These everybody is looking at. And yes, I have my own definition as well based on the previous book that I read and article as well. So to me cloud native is a set of good practice to optimize an application in the cloud through three steps, containers, orchestration and finally automation. And yes, we talked about what we want to achieve with cloud. That is innovation without impact and use stability in the software development. And that is these expectation, right? So we want to be like Apollo, closer to the sun and the highest as possible. However, the reality is we become Icarus where you fall as closer we go to the clouds. That's sad, but unfortunately that's true. And we have a thousand challenge when talk about soft development plus cloud. Besides the political area discussions and something like that, we also have technical challenge to us. We have security routes, Opengrid database and language backups optimization such as CI cts at a stand for as software developers, architecture and senior engineer. We must know that everything is around trade off, right? We need to handle with complexity, we handle with risk, we handle with cost. And also we need to handle with the knowledge management. These I need to know what everybody knows. And I need to move these right person to the right team to the right knowledge. These is this amazing book that is fundamental of soft architecture. It's an engineering approach and everything is about trade off. Okay. When I mentioned the sauce, probably it might is more expensive, however it has less risk. When you go to yas it might be cheaper than a sauce. However, I need to handle with more stuff. I need to handle with more details that I usually don't need to handle when I go as fast. Okay. And yes, I talked to why we are moving to the cloud, the history reason, the expectation, what we want to achieve, the challenge. And finally let's talk about the survival guide. How can we handle with cloud Java and how we can move our application to the cloud. These survival guide today is a flight plan. Oh wait, what do you mean about flight plan? Because a flight plan is a plan to go to somewhere in the cloud, right? So it's a plan. So we need to define the routes, these schedule, these definition, the external points like weather equipment, the crew, the internal tails and of course with security, with safety to keep our organization moving while everything is moving on. That's why we have etops. And basically the idea and the analogy with the flight plan is exactly like that. I need to know where am I, how far I want to go. I need to check the internal conditions, the external condition, the budget, and more precisely these safety. Remember the point I want to achieve a success is move faster. If doubt impact our organization. And that's the question that we want to answer with the flight plan. Where are we? These should we go next? How do I get there? Because in the flight plan if it's too far. Sometimes you're not able to go directly between Sao Paul and Brazil to Japan. We need to have stops for example. Because once it's too far, I need to create scales on that stops. And that's the idea I need to understand where am I and where I want to go. It is if it is too far, maybe do cases and to understand everything around it. And every time when we talk about abdominal framework in the cloud, we need to talk about the maturity models that we have so far. Frameworks adoption that we have so far. Right now I believe every cloud provider has your own definition or one information about the framework of cloud adoption to that cloud providers. Okay. And that is okay. In the soft development you probably know the Richard maturity model where we simply call cloud rest. Where we have application that wants to go to these perfect state of art of rest application where we start with none and go through hype media controls these hate was and that is exactly what we want to achieve with cloud. And the flight plan is basically that it's a growing of cloud for sure. It's not a good name. Yes these might be impact religion thing, but the idea is to start with none and then go to most optimized as possible. And let's move on to that flight plane idea. The first level or none. We understood that there is no cloud adoption. We are not using cloud yet, but we'd like to use the first point on that moment is to understand the methodology to move our application far as possible. So I need level o, so need to create MVP or a buck, create a small application, prepare if everything is okay, expand, optimize to finally self sustain. Okay, so a buck put prepare to production, go to production, create more steps, optimize these step to using automation and then finally self sustain. Once we understood these methodology and want to move to these cloud, let's move to the initial step. We have a little bit of automation of observability or law on existent cloud adoption. Also I mentioned before, the idea is to handle risk and cost and especially the complexity because the complexity is the main key on that situation. Okay, we need to understand that as much risk I have, I need to think how to decrease that complexity because the risk is on the part that I have no idea how to handle or I understand that's hard to maintain or to keep moving. There is this amazing book, the philosophy of soft design where the main focus is exactly to talk about complexity. So take a look on that. Okay, we went to none, we understood the methodology, we moved to initial where, okay, I need to understand and measure the risk and these complexity around cloud. And let's put some automation on our application. So let's move application that I have to the cloud. And right now let's put a little bit more CI ACD practice to become natural in the cloud environment. It doesn't matter if it's Amazon, Google, Microsoft or Oracle. And the first advice you in the level three is make it more observable and modifiable. How? With infrastructure as a code? With infrastructure as a code we have more transparency on what you're doing. It's more observable, more testable, it has more security. Unfortunately it's a goodbye that, okay, it works on my machine. You're not able to make this joke anymore because the whole infrastructure is these code. And if I want you to do any kind of modification, I need to have my code that's totally observable and transparent to me. The next step of infrastructure code is Gitops where I have a merge of several amazing approach. I have infrastructure code plus prs and plus CI CD where I have git a single source of truth, a git as a single place to operate. And all chains are observable and verifiable in both areas in the development side and operation side. Again default. And for example, right now I'm using these application with Java eleven and I want to move to the next lts that is Java 17. What can I do? I can create a pr with that modification in the infrastructure. If everything is okay, I will run these CI. If everything is okay, I merge this application to the cloud. Once everything is amazing, I'm in the merge, it's automatically deploying application with the latest version in the kit. If something goes wrong and only was able to check on production, that's sad, but sometimes happened you were able to do a kit revert and these return to previous version of the code. Okay, so with GitHub, the integration between infrastructure code, prs and cis, indeed you make your code more observable, verifiable and use git as a single source of true to both to developers and operations. The last step. Okay, I understood these. No, because I had the methodology, I moved to understand the complexity around cloud. I started to do automation in my application. I make it more observable and modifiable to finally go to optimization through hybrid cloud. And every time that I talk about cloud automation, there is several amazing tips. For example, there is this amazing book here, 19 things every college engineer should know that has and I'll highlight, I really recommend to you read once and twice these use managed service please sometimes, okay? If you are using some past products, if you don't have nobody in your team that knows that deeply, okay. Or maybe you don't have budget. So focus on development and use cases. For example, it is okay if you are running kubernetes, okay? That's not an issue. Keep it simple please. The source code, the management for soft delivery and containers are magic. So those are just a highlight of these book. Please take it and read it. And the chocolate application right now is so classic. I don't need to go deep on that. But if you never heard about it, please Google it to go deep on your application. Those books are classics. Could but code especially to the Java developers. So the effective Java to optimize your code style and design code where Joshua Block wrote several tips Joshua Block was one of the person who wrote a collection API Ddd domain driven design to make your code closer to the business. Remember DevOps and Java methodology, clean architecture and clean code by Robin Martin, the uncle Bob please read carefully these books. Read once, read twice. It's okay to review the book once you read it, especially to have more information. And every time that I talk about cloud native these is a link between microservice. Okay, should I move to microservice just because everybody else is doing? The answer to that is a no, right? You don't need to move to microservice only because everybody else is doing indeed, there is three amazing books where you should go and read. Two by Sanjeevan and one by Naga. And these three books has two things in common. Those books are talking about microservice and those books also has. These books also have a warning about okay, not everything is around microservice. Sometimes it's okay to keep the model application. I put the highlight on ET booking and okay, just because Netflix and Amazon are using it does not mean that you are Netflix and Amazon. Like your problem said, you are not everybody, you are unique. Your company is unique, has minimal requirements. Please pay attention that okay, especially because it matters to us. And remember the colors law. If the organization there's no structure, probably the software will follow these trends to make our life easier and advice we have this amazing book, the best practice in soft architecture in the cloud era. It is in English and it is for free. Please take a look at this QR code. Go deep on that where we have several tips about cloud developments. It is agnostic most of these time. However, there are several tips to these other developers. Okay, I want to know more about cloud. How can I use DevOps with DDD and a cloud integration with Kubernetes? These are agnostic but these is also performance training, something like that. So if you want to take a look, want to learn more, take and read it. And yes, that is it. Again, hopefully you enjoy my application. Thank you everybody again, please follow me on Twitter. My name is otas santana. My twitter is at archapjava and if you have any questions please let me know. So send me an email, send me a twitter, any kind of thing. Thank you, bye bye and that is it. See you soon.
...

Otavio Santana

Distinguished Software Engineer @ Zup Innovation

Otavio Santana's LinkedIn account Otavio Santana's twitter account



Awesome tech events for

Priority access to all content

Video hallway track

Community chat

Exclusive promotions and giveaways