Professional Documents
Culture Documents
A Framework For Evaluating Continuous Microservice Delivery Strategies
A Framework For Evaluating Continuous Microservice Delivery Strategies
Delivery Strategies
Martin Lehmann
Faculty of Technology
Westerdals Oslo School of Arts, Communication and Technology
Oslo, Norway
martin@lehmann.tech
Frode Eika Sandnes
Faculty of Technology Faculty of Technology, Art and Design
Westerdals Oslo School of Arts, Communication Oslo and Akerhus University College of
and Technology Applied Sciences
Oslo, Norway Oslo, Norway
sanfro@westerdals.no frode-eika.sandnes@hioa.no
ABSTRACT 1. INTRODUCTION
The emergence of service-oriented computing, and in partic- Continuous Delivery is a fairly simple task in a monolithic
ular microservice architecture, has introduced a new layer of system [7]. Here, all required configurations are instructions
complexity to the already challenging task of continuously that are used to build, test and deploy the monolithic appli-
delivering changes to the end users. Cloud computing has cation. With a low release frequency, such as a few times a
turned scalable hardware into a commodity, but also im- day, it is feasible to maintain a continuous stream of releases
poses some requirements on the software development pro- manually. Automation can be achieved by simply introduc-
cess. Yet, the literature mainly focuses on quantifiable met- ing a single build server that builds, tests, and deploys the
rics such as number of manual steps and lines of code re- system whenever it detects that new code is pushed to the
quired to make a change. The industry, on the other hand, revision control system. The way software is developed and
appears to focus more on qualitative metrics such as increas- deployed, as well as server technology, has changed dramati-
ing the productivity of their developers. These are common cally over the last decade. Focus has shifted from distributed
goals, but must be measured using di↵erent approaches. task scheduling [19, 20] and the configuration management
Therefore, based on interviews of industry stakeholders a of servers [6, 17, 18] to microservices-based systems and de-
framework for evaluating and comparing approaches to con- ployment to cloud infrastructure [28].
tinuous microservice delivery is proposed. We show that it A microservice-based system [7, 24], however, introduces
is possible to efficiently evaluate and compare strategies for a whole new set of complications. In a relatively large sys-
continuously delivering microservices. tem with hundreds of microservices, the system may require
hundreds, or even thousands, of deployments in a single day.
Moreover, the deployment roles and responsibilities may be
CCS Concepts divided between di↵erent individuals. A single person, or
•Software and its engineering ! Software version even team, will not realistically be able to manually han-
control; Programming teams; dle the influx of new versions and changes in a production
system.
The literature addressing the quality the software deploy-
Keywords ment pipeline [15] mostly employs quantitative measures.
Continuous deployment; microservices; deployment strat- Frequent metrics include number of steps to perform a de-
egy; evaluation framework; cloud computing; microservice ployment and lines of code to change the configuration. Al-
architectures though useful, such metrics do not consider the changes to
projects over time. For example, the number of lines of code
required to make a change does not directly give any indica-
Permission to make digital or hard copies of all or part of this work for personal or
classroom use is granted without fee provided that copies are not made or distributed
tion of the value added by the same change. Furthermore,
for profit or commercial advantage and that copies bear this notice and the full cita- aspects such as testability [13] of the software system are
tion on the first page. Copyrights for components of this work owned by others than crucial to a large-scale development project, yet testability
ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or re-
publish, to post on servers or to redistribute to lists, requires prior specific permission
has received limited attention in the research literature.
and/or a fee. Request permissions from permissions@acm.org. Individuals responsible for the development must usually
ICC ’17, March 22 2017, Cambridge, United Kingdom decide which underlying technology stack to choose. This is
c 2017 ACM. ISBN 978-1-4503-4774-7/17/03. . . $15.00 a challenging task where poor choices are expensive. More-
DOI: http://dx.doi.org/10.1145/3018896.3018961 over, there are few tools that can help navigate the com-
plex and rapidly changing landscape of available options and tinues to function under network failures.
tools for packaging, testing, deploying, and scaling services.
This work therefore proposes a framework to help evaluate 2.1 Software Deployment
such technologies, so that one may commit to the most suit- Wahaballa et al. [27] define software deployment as ”all of
able technology stack. the activities that make a software system available for use”.
Following this definition, deployment is something every sin-
gle provider of an online service must handle in some way.
2. BACKGROUND Deployment strategies can be simple, such as logging onto
Talwar et al. [23] define a service as a piece of software a server and manually editing some code in an interpreted
that encapsulates and presents some useful functionality, language running in production. On the other end of the
and can be part of an overall system. In other words, a ser- spectrum, they can involve comprehensive code review pro-
vice is a specialized, autonomous, stand-alone server. The cesses followed by running a pre-built artifact through sev-
idea of splitting a large application’s code base into multiple eral suites of automated tests, multiple testing environments
services is often referred to as Service-Oriented Architecture for manual quality assurance involving layers of bureaucracy,
(SOA) [25, 3]. and finally deploying the new changes to a controlled sub-
Evans and Fowler [11] used the term domain about the set of the production servers, known as blue/green deploy-
subject area to which a piece of software is applied. In this ment5 , and a fraction of the end users of the service, known
context, the entire set of services is a software expression of as canary release6 .
the domain: it both contains the data, and provides means Software deployment dominates system administration co-
of accessing and manipulating them. A domain has multiple st, and configuration is a major error source [23]. As the
contexts, especially in large projects. It is therefore impor- popularity of service-based computing rises, so does the im-
tant to define bounded contexts1 in which a model applies portance of answering which deployment approach is the
[11]. A project should initially be a monolith, and be de- best fit for the context [22].
composed into microservices the domain is explored and the Talwar et al. [23] define and compare four di↵erent ap-
project grows in size and complexity [16]. proaches to deployment of services: manual, script-based,
Each client in a system is an expression of a bounded language-based, and model-based as a function of scale, com-
context. A client has traditionally meant either a desktop plexity, and susceptibility to change. They also define sev-
application or a website, rendered to static assets (HTML, eral evaluation metrics, which they call Quality of Manage-
CSS, and JavaScript) on the server before being sent to the ability for the deployment configuration, namely:
end user’s web browser. In a system with only microser-
vices and clients, the client connects directly to one or more 1. Lines of code (LOC) for deployment configuration.
services. It is then the client’s task to combine data in a
meaningful way and display the result to the user. 2. Number of steps involved in deployment.
With the emergence of front-end JavaScript frameworks
3. LOC to express configuration changes.
such as Google’s AngularJS2 and Facebook’s React3 , as well
as mobile apps, it has become a common practice to build an 4. Time to develop and deploy a change.
API (Application Programming Interface) gateway4 in addi-
tion to the clients. An API gateway is similar to the classic Based on these criteria, they conclude that for systems
façade pattern [14] from object-oriented programming. The with few deployed services and configuration changes, a man-
responsibility of the API gateway is to combine data from ual solution is the most reasonable approach. Few deployed
the various microservices within the bounded context, and services with comprehensive configuration changes call for a
expose the data to the client through a tailored web API. In script-based approach. Larger environments where changes
this pattern, each API gateway represents a single bounded involve dependencies prefer language-based solutions. Fi-
context. nally, a model-based approach is ideal for large systems
Villamizar et al. [25] conclude that there are several ben- where the underlying service design is a↵ected by the de-
efits to being able to publish a system as a set of smaller ser- ployment. This is mirrored in terms of configuration [23].
vices that can be managed independently. Specifically, they In summary, there are multiple areas to look at in future
point to independence in development, deployment, scaling, research related to cloud computing and microservices. Per-
operation, and monitoring as a key enabler for companies to haps most prevalent is the need for an evaluation of various
manage large applications with a more practical methodol- strategies and tools for deployment automation. One way
ogy, and scale individual development teams more easily. to approach this can be development of tools for quantita-
Relevant to this discussion is also the CAP theorem. Also tive comparison of deployment automation strategies. Look-
known as Brewer’s theorem, it states that it is impossible for ing at deployment configuration as source code allows using
a system to simultaneously guarantee consistency, availabil- techniques from software engineering for this evaluation.
ity and partition tolerance [5], where consistency refers to Armour [2] stated that a software system is not in itself a
all nodes seeing the same data at the same time, availability product, but a container for knowledge; code is, indeed, exe-
refers to all requests receiving a response indicating success cutable knowledge. While his focus is on domain knowledge
or failure and partition tolerance means that a system con- as it lives within software systems, it is possible to apply
1
this idea to any code: as Spinellis [21] points out, code is
http://martinfowler.com/bliki/BoundedContext.html an executable specification, so expressive and concise code
2
https://angularjs.org/ is self-documenting in a way that never rots.
3
https://facebook.github.io/react/
4 5
https://www.nginx.com/blog/building-microservices- http://martinfowler.com/bliki/BlueGreenDeployment.html
6
using-an-api-gateway http://martinfowler.com/bliki/CanaryRelease.html
Another of Talwar et al.’s [23] key findings is that main- one fails. This points back to the CAP theorem, and raises
tainability and documentability are proportional to the num- the question of how to replicate data and ensure consistency
ber of lines of code, and that the number of steps and lines across multiple cloud providers.
of code are both reduced with the introduction of more so-
phisticated deployment tools. 2.4 Summary
First, provisioning and maintaining the microservice run-
2.2 Continuous Delivery and DevOps time is a key concern. It ties in with the CAP theorem,
Continuous delivery (CD) can be said to be a combina- stating that consistency, availability, and partition tolerance
tion of two ideas [26], namely continuous integration (CI) is an unattainable goal.
and continuous deployment. Continuous integration is the Second, cloud computing is an important factor when dis-
practice of integrating changes into the mainline early (e.g., cussing microservices, as many of the key advantages of a
master branch if the team uses Git for version control). Con- microservice architecture come into play when computing
tinuous deployment is the practice of deploying changes to resources are virtually unlimited. A system of microservices
the end users as soon as they make it into the mainline. naturally requires more resources such as CPU cycles and
Combined, these render a development workflow where RAM than a monolithic system, as the microservice-based
developers frequently merge their changes into the product- system comprises multiple runtimes and databases. If com-
ion-ready version of the code base, and those changes are puting resources are not limited, however, this isolation al-
immediately deployed to the end users. This way of devel- lows both scaling and deployment of independent services.
oping may introduce a need for feature management such as This has become a realistic scenario due to the rise of cloud
blue/green deployment and canary release. providers.
Continuous Delivery is only a part of a deployment strat- Third, the deployment regime in the organization plays
egy, but deserves specific attention because of its potential a large role in the selection of a deployment strategy. It is
organizational impact. With a monolithic architecture, it essential to contrast how often the organization wishes to de-
may be feasible to have a dedicated operations (ops) team ploy changes to the end users with how often the infrastruc-
and still deploy new features and fixes to the end users some- ture allows deployment. Automating the process takes work
what continuously, as the team will only have to deal with a and introduces a learning curve. The deployment pipeline
single artifact. Even if they need to deploy it multiple times should therefore be tailored to suit the needs of the organi-
per day, tools can be developed to quickly verify and deploy zation.
the artifact. In a microservice context, however, with mul- Fourth, the expressiveness and readability of the code that
tiple services and teams each selecting their own technology specifies the deployment strategy is a key factor in cutting
stacks and deployment habits, it quickly becomes infeasi- the learning curve for the deployment strategy. As the con-
ble for a dedicated operations team to manually verify and figuration code grows, its quality can be measured using
deploy each service as it receives changes. Furthermore, hav- tools from the software engineering field—not just deploy-
ing to provide the ops team with a production-ready package ment.
for them to verify and deploy whenever a change is made to Fifth, selecting a deployment strategy may have a sig-
the code base introduces unnecessary overhead for the de- nificant organizational impact. For example, introducing
velopment teams. This requires an organizational shift of DevOps to enable continuous delivery in an organization
deployment responsibility to the development teams, known that previously had a centralized team responsible for de-
as DevOps [10]. ployments requires the organization to distribute these re-
sponsibilities to the developers, and possibly introduce new
2.3 Measuring Continuous Delivery roles. In a sizeable organization, this distribution of respon-
sibility can be challenging, because it a↵ects the workflow
Several studies have specifically attempted to measure the
of everyone responsible for the development, ranging from
quality of a deployment pipeline [23, 25, 12], and others have
developers to managers. DevOps also a↵ects processes for
focused on only a specific part of the pipeline [21, 8]. Given
identifying and resolving problems with the software.
that deployment configuration is indeed code, it becomes
Last, there are multiple ways of measuring quality of de-
relevant to look to metrics designed to measure code quality
ployment approaches. In particular, architecturally signifi-
in general with regard to architecture [4].
cant requirements of the deployment strategy may require
Chen [9] introduces the concept of architecturally signifi-
so many changes to the existing code base that the strategy
cant requirements (ASRs), referring to the architectural re-
is unfeasible for the organization.
quirements imposed upon the service itself by the deploy-
ment strategy.
One important factor described by Chen [9] is which archi- 3. EVALUATION FRAMEWORK
tecturally significant requirements the deployment strategy The evaluation framework is designed to assist system
imposes on the project. While Chen considers architecting architects in selecting a strategy and technology stack for
for continuous delivery in a broad sense, di↵erent strategies implementing continuous delivery in a microservice-based
will impose fewer or more architecturally significant require- software system. We define a strategy as the combination
ments of di↵ering types on the code base of the actual ser- of technological components and organizational measures
vice. More architecturally significant requirements can make taken to achieve continuous delivery.
the transition to a continuous delivery set-up more difficult,
more time consuming, and thus more expensive. 3.1 Overview
One particular architecturally significant requirement is We have based the framework on a combination of expe-
considered by Addo et al. [1], who describe an architecture riences documented in the existing literature as well as two
for automatically routing traffic to other cloud providers if interviews of industry professionals. We interviewed two
technical team leaders at FINN.no, Norway’s leading actor 3.3 Deployment Abstraction
in the online classified ads market and a frontrunner in Nor- Deployment abstraction concerns the learning curve for
way for adopting modern technological trends. Their system developers in order to efficiently deploy their services. De-
comprises hundreds of microservices, and new changes are ployment abstraction can be evaluated as a group of criteria.
delivered to the end users tens of times per day by multi- First, the number of manual steps a developer must take
ple autonomous teams. As a result, they have faced and between finishing their changes and deploying a verified ar-
countered many of the problems discussed here. We focused tifact to the end users is a key indicator of the strategy’s
on their e↵orts towards automating continuous microservice quality in this regard.
delivery by interviewing the infrastructure team lead, as well Second, given that code is executable knowledge [2] [21],
as the lead developer on a team that has completely auto- the expressiveness of the deployment configuration and learn-
mated their software delivery process. ing required to use it must be considered relatively to that
The framework itself is a set of criteria uncovered as im- of other strategies.
portant to the development and delivery process through We define the following three levels of deployment config-
the existing literature and the interviews. Each criterion is uration expressiveness.
accompanied by a unit. These units can be used both to
give a general overview of the strategy, and compare it to 1. Highly expressive: no highly error-prone manual steps,
other strategies. little learning required.