[cs615asa] Meetup Summary - Serverless NYC @ Pivotal

Bradford Smith bsmith8 at stevens.edu
Mon Apr 30 14:23:31 EDT 2018


I attended the Serverless NYC @ Pivotal meetup on April 26, 2018.
The event was hosted by Pivotal at their office in New York.

Links:
https://www.meetup.com/Serverless-NYC/events/248972823/
https://github.com/projectriff/riff

The meetup started with Wayne Scarano of SGA giving an overview of
what serverless architecture meant. Then the main talk featured Mark
Fisher of Pivotal presenting a demo of the platform that he and his
team are developing. That platform is called "riff" with the recursive
acronym "riff is for
functions". Most of Mark's talk was live demo with some explaination
of how the platform worked. riff is built on Kubernetes, when you
deploy a function a container is created for that function as well as
the riff invoker for the language the function is written in, then it
spins up a sidecar container which
will handle all the event processing that will trigger your function.

I chose this meetup because serverless and containerization in general
seems to be one of the hot new things related to systems
administration and I didn't know much about it. This event seemed like
it would be a good introduction.

I was hoping to hear a bit more about how it might impact security and
systems administration, but the meetup was more targeted at
developers. Nevertheless, security did come up in the talk, serverless
in general is a step toward reducing the attack surface, when all
you're running is a single function rather than a whole virtual
instance there is a lot less to attack. Similarly if the
container a function is running in somehow becomes compromised it will
be trivial to kill it (and in the case of Kubernetes, another will
automatically replace it). The idea among developers is that
serverless is replacing systems administrators; however, from a
systems administration point of view it is simply shifting the work
from one company to another (that being the cloud
hosting companies). While it may eliminate systems administration jobs
at the end companies it makes systems administrators at cloud hosting
companies much more important. This to me seems like the industry is
moving closer to fewer (single?) points of failure; however, the talk
mentioned that at some point in the future (potentially using riff) it
may be trivial to switch cloud hosting
providers.

Overall, the talk was interesting, but I think the industry should
continue to be aware that "serverless" still runs on servers somewhere
and that a greater reliance on it will probably result in more central
points of failure (i.e. AWS, Google, Azure). AWS can already take out
a significant portion of the
Internet if it has issues, just something to keep in mind when
exploring these new technologies.

Bradford Smith


More information about the cs615asa mailing list