Back to all videos

Top 5 Designing for Cloud Principles

By John Savill's Technical Training

Cloud ArchitectureSystem DesignDevOps PracticesCybersecurity Principles
Share:

Here's a comprehensive summary of the YouTube video transcript, maintaining the original language and technical precision:

Key Concepts

  • Designing for Failure (Tin Soldiers): Treating resources as ephemeral and replaceable, building for constant failure.
  • Elasticity and Scale: Dynamically adjusting the number of instances to match demand, scaling horizontally.
  • Modularity and Microservices: Breaking down applications into smaller, independent components.
  • Infrastructure as Code (IaC) and Safe Deployment: Defining infrastructure and deployments through code for repeatability and automation.
  • Governance and Security: Implementing policies, controls, and security measures at every layer.

1. Designing for Failure (Tin Soldiers)

The core principle is to shift from treating cloud resources as unique, precious "snowflake" instances that require meticulous care to viewing them as ephemeral and replaceable. This means designing systems with the expectation that failures will occur regularly, and failure is a normal state.

  • Multiple Instances: Maintain multiple instances of any resource, distributed across blast radiuses (e.g., Availability Zones within a region) to ensure redundancy. Avoid dependencies between Availability Zones to prevent a single AZ failure from impacting the entire region.
  • State Management: Minimize where state lives. For stateful layers like relational databases, ensure high availability with replicas in other AZs or regions. Consider database solutions with multiple writable instances (e.g., NoSQL with eventual consistency like Cosmos DB).
  • Observability: Implement comprehensive observability across all layers: cloud resource, OS, framework, app code, and end-to-end synthetic transactions. This is crucial for detecting failures, healing by replacing instances, and understanding system behavior for continuous improvement.
  • Global Distribution: Aim for multiple regions, ideally running active-active, with each region capable of operating independently. Within regions, consider cells that are self-contained services.
  • Resiliency at Every Component: Avoid single points of failure. For critical global services like load balancers (e.g., Azure Front Door), have backup solutions (e.g., Azure Traffic Manager).
  • Intelligent Code: Implement retries with exponential backoffs (increasing wait times between retries) and circuit breakers to prevent overwhelming failing services. Circuit breakers should ideally have fallback paths for degraded functionality.

2. Elasticity and Scale

The number of instances should be dynamic, matching the incoming demand and workload.

  • Horizontal Scaling: Add and remove instances based on workload changes, rather than vertical scaling (making instances bigger), which often requires downtime.
  • Seasonality: Recognize and plan for workload seasonality (hourly, daily, weekly, monthly, or even multi-year events like the Olympics or tax seasons).
  • Scaling Triggers: Use metrics like CPU utilization or queue depth to trigger scaling events.
  • Proactive Scaling: For known seasonality, proactively add instances ahead of peak load to avoid performance degradation during scaling. Machine learning can assist in preemptive scaling.
  • Scale to Zero: Where possible, scale down to zero during idle periods, especially using serverless technologies that charge only for work done.
  • Cost Optimization: By reducing the number of instances when not required, costs are reduced. Continuously reassess resource types and "skews" for better performance or cost-efficiency. Utilize advisor recommendations for cost optimization.
  • Staying Current: Requires understanding new capabilities and changes in cloud services.

3. Modularity and Microservices

Avoid monolithic applications. Instead, aim for modular components or microservices that communicate via APIs.

  • Independent Scaling: Allows individual components to be scaled based on their specific load.
  • Failure Isolation: Limits the impact of a failure to a specific component rather than the entire system.
  • Platform as a Service (PaaS) and Software as a Service (SaaS): Leverage PaaS or SaaS solutions where possible to reduce operational responsibility and benefit from built-in reliability and simpler scaling mechanisms.

4. Infrastructure as Code (IaC) and Safe Deployment Practices

The ability to recreate instances at will necessitates defining everything as code.

  • Code-Defined Infrastructure: All configurations, including cloud infrastructure, instances, database schemas, and configurations, should be defined as code (e.g., Bicep for Azure, Terraform for multi-cloud).
  • Version Control: IaC allows for version control of configurations, making it easy to track changes.
  • DevOps Pipelines: Integrate IaC with DevOps pipelines for safe, automated deployments. This includes rolling out updates to test environments first, then to production in stages with quality gates.
  • Nothing Everywhere at Once: Implement changes gradually. Never deploy a change to all instances simultaneously.
  • Rolling Updates: With multiple instances, update and patch OS, runtime, or app code without downtime. This can be done by draining and replacing instances in batches, or by adding new instances with the updated code before draining the old ones.
  • Bake Time: Allow a "bake time" after updating a batch of instances to monitor their performance and functionality before proceeding with the next batch.
  • Automated Pipelines: Use pipelines for code deployment to increase efficiency and reduce human error.
  • Limited Human Access: Minimize direct human access to production environments. Standard permissions should be read-only, with elevated permissions only granted during incident scenarios.
  • Cloud Provider Rollout Strategy: Understand how cloud providers roll out changes (e.g., canary, pilot regions) and leverage pilot regions for dev/test environments to detect issues early. Continuous testing with good observability is crucial in these regions.

5. Governance and Security

Governance and security must be integrated from the outset, not as an afterthought.

  • Policy Enforcement: Implement guardrails and regulatory requirements as policies enforced at the cloud provider's control plane. This ensures that deployments meet requirements before provisioning.
  • Tagging: Use tags for metadata (owner, environment, service, patch status) to understand and manage resources. Enforce required tags through policy.
  • Management Groups: Utilize management groups for hierarchical control of requirements.
  • Cost Management: Use budgets for cost control and awareness. Leverage machine learning for cost anomaly detection and alerts.
  • Cloud Center of Excellence (CCoE): Establish a CCoE to drive key patterns, processes, and learnings for cloud services.
  • Leverage Best Practices: Utilize existing architecture documentation, landing zones, and modules provided by cloud providers to avoid reinventing the wheel.
  • Zero Trust Security: Adopt a zero trust model, granting only the minimum possible permission and least privilege/access required for a resource or user to function.
  • Minimize Access: Limit network flows, human access, and permissions for all entities (humans, agents, pipelines).
  • Managed Identities: Use managed identities inherent to cloud resources for authentication to other services, avoiding the need to store secrets.
  • Key Vaults: Store secrets, certificates, and keys in a secure key vault, not in code or configuration files.
  • Passkeys: For human authentication, use passkeys (FIDO2 standard) for phishing resistance and domain name spoofing protection.
  • Encryption Everywhere: Encrypt data at rest, in transit, and ideally in use (confidential compute). Manage encryption keys in a key vault, even for SaaS services.
  • Defense in Depth: Implement multiple layers of security, like an onion.
  • Network Security: Remove public endpoints unless absolutely necessary. Use secure public endpoints with Web Application Firewalls (WAFs). Prefer private endpoints integrated with virtual networks. Limit network communications using Network Security Groups (NSGs) or App Security Groups (ASGs) and firewalls.
  • Continuous Threat Detection: Scan for vulnerabilities in code, dependencies, and images. Use signals from various sources to correlate and detect threats, leveraging AI for analysis and hunting.

Conclusion

The five core principles for designing cloud systems are: designing for failure by treating resources as ephemeral, implementing elasticity and scale to match demand, adopting modularity and microservices, leveraging infrastructure as code for safe and automated deployments, and embedding governance and security throughout the design and operational lifecycle. By adhering to these principles, organizations can build robust, scalable, cost-effective, and secure cloud-native applications.

Chat with this Video

AI-Powered

Hi! I can answer questions about this video "Top 5 Designing for Cloud Principles". What would you like to know?

Chat is based on the transcript of this video and may not be 100% accurate.

Related Videos

Ready to summarize another video?

Summarize YouTube Video