14 May 2020 What does serverless computing mean?

Serverless computing is a cloud computing execution model in which the cloud provider runs the server, and dynamically manages the allocation of machine resources. Pricing is based on the actual amount of resources consumed by an application, rather than on pre-purchased units of capacity.It can be a form of utility computing. Serverless computing can simplify the process of deploying code into production. Scaling, capacity planning and maintenance operations may be hidden from the developer or operator. Serverless code can be used in conjunction with code deployed in traditional styles, such as microservices. Alternatively, applications can be written to be purely serverless and use no provisioned servers at all. This should not be confused with computing or networking models that do not require an actual server to function, such as peer-to-peer (P2P).

A Serverless app can simply be a couple of lambda functions to accomplish some tasks, or an entire back-end composed of hundreds of lambda functions. Serverless supports all runtimes offered within the cloud provider chosen. Serverless is developed by Austen Collins and maintained by a full-time team. Imagine if you give all of your time in building amazing apps and then deploying them without giving any of your time in managing servers. Serverless computing is something that lets you to do that because the architecture that you need to scale and run your apps is managed for you. The infrastructure has always been an issue for the developers. Serverless computing is a big solution for them as it relieves that burden from them.

Serverless computing is the technology of abstracting the servers, operating systems, and the infrastructures. It is a cloud computing execution model in which the cloud provider dynamically manages the allocation of the machine resources. When we are building the serverless application, it helps us in taking our minds off from the infrastructure concerns because we do not need to manage any of the servers. The developers can dedicate their focus on their core products instead of worrying about managing operating systems or configurations for it. In this way lot of time and energy of the developers be saved. They can make use of single services (like S3 for storage or Auth0 for identity management) and elastic computer platforms like AWS Lambda or Microsoft Azure to execute code. Such serverless systems can grow, scale, and evolve without requiring the developer’s efforts of remembering to patch the web servers again and again.

Most, but not all, serverless vendors offer compute runtimes, also known as function as a service (FaaS) platforms, which execute application logic but do not store data. The first "pay as you go" code execution platform was Zimki, released in 2006, but it was not commercially successful.In 2008, Google released Google App Engine, which featured metered billing for applications that used a custom Python framework but could not execute arbitrary code.iCloud, released in 2010, offered FaaS support for Python.

AWS Lambda, introduced by Amazon in 2014, was the first public cloud infrastructure vendor with an abstract serverless computing offering. It is supported by a number of additional AWS serverless tools such as AWS Serverless Application Model (AWS SAM) Amazon CloudWatch, and others.

Serverless is sometimes mistakenly considered as more secure than traditional architectures. While this is true to some extent because OS vulnerabilities are taken care of by the cloud provider, the total attack surface is significantly larger as there are many more components to the application compared to traditional architectures and each component is an entry point to the serverless application. Moreover, the security solutions customers used to have to protect their cloud workloads become irrelevant as customers cannot control and install anything on the endpoint and network-level such as an intrusion detection/prevention system (IDS/IPS).

This is intensified by the mono-culture properties of the entire server network. (A single flaw can be applied globally.) According to the protege, the "solution to secure serverless apps is close partnership between developers, DevOps, and AppSec, also known as DevSecOps. Find the balance where developers don’t own security, but they aren’t absolved from responsibility either. Take steps to make it everyone’s problem. Create cross-functional teams and work towards tight integration between security specialists and development teams. Collaborate so your organization can resolve security risks at the speed of serverless.

Serverless computing is covered by International Data Center Authority (IDCA) in their Framework AE360. However, the part related to portability can be an issue when moving business logic from one public cloud to another for which the Docker solution was created. Cloud-Native Computing Foundation (CNCF) is also working on developing a specification with Oracle.