We are delighted to be able to share our fifth monthly architects' newsletter with you, which we will send on the last Friday of every month. InfoQ strives to facilitate the spread of knowledge and innovation within this space, and in this newsletter we aim to curate and summarise key learnings from news items, articles and presentations created by industry peers, both on InfoQ and across the web. We aim to keep readers informed and educated about emerging trends, peer-validated early adoption of technologies, and architectural best practices, and are always keen to receive feedback from our readers.

News

KubeCon/CloudNativeCon Highlights

Two of the year's biggest cloud computing events have taken place over the past month, and this has resulted in a deluge of announcements that are of interest to architects designing "cloud native" systems. A key takeaway at KubeCon/CloudNativeCon North America was that it is now an "exciting time for boring infrastructure". Many of the CNCF-hosted technologies are maturing and reaching general availability 1.0 releases, and standards are emerging that will allow the realisation of the CNCF goal of homogenising core cloud technology interfaces and providing pluggability. For example, the CNCF distributed tracing OpenTracing API is now supported by OpenZipkin, Jaeger and LightStep; and there is much discussion on the emerging "OpenEvent" proposed standard for a specification for a common, vendor-neutral format for event data.

AWS re:invent - 21st Century Architectures

Highlights of the the AWS re:invent conference included a release of AWS EKS, a managed Kubernetes service, "serverless" RDBMS, DynamoDB Global tables and automated backup (made possible by the release of DynamoDB Streams last year), and a plethora of machine learning and IoT announcements. In addition, Amazon CTO Werner Vogels presented a keynote, "21st Century Architectures", which focused on designing systems for availability, reliability and resilience. Tools to be added to an architect's toolbox in 2018 include the ability to design evolutionary architectures, create shared understanding around worth-based development, and laying foundations for resilience testing and Chaos Engineering.

2018: The Year of DevEx?

As discussed by Fintan Ryan at RedMonk, the next year also promises to bring more on the (re-)emerging topics of application development "appdev" and developer experience "devex" within the cloud space. As container and infrastructure components are being pushed further down into the stack -- with Kubernetes being a clear winner in the orchestration space -- the focus moves upwards to the continuous delivery of business value through the writing and rapid deployment of cohesive units of (serverless?) code in combination with the assembly of relevant vendor services. The challenge for architects include balancing development friction, vendor lock-in, system resilience, and cost.

Case Studies:
Event-Driven Architectures

Events, Flows and Long-Running Services: A Modern Approach to Workflow Automation

Recent discussions around the microservice architectural style has promoted the idea of event-driven-architectures to effectively decouple services. Domain events are very effective for decentralised data-management, generating read-models or tackling cross-cutting concerns. However, care should be taken not to implement complex peer-to-peer event chains. Using commands to coordinate other services can reduce coupling even further. In a recent InfoQ article Bernd Rücker and Martin Schimak explore a modern approach to business workflow automation, using events, and argue that in the past the BPM and workflow engines were very vendor-driven -- which led to many horrible "zero-code" tools in the market -- but now many lightweight and easy-to-use workflow automation frameworks exist, and many of them are even open source. Rücker and Schimak encourage architects to explore these tools in order to create understandable systems, and prevent the time being wasted in the creation of bespoke state machines within applications.

Event Sourcing in an Unreliable World

Examples of event sourced systems are commonly from domains like e-commerce that are process-oriented, with incoming commands that generate events, and where we are in control of the process. But there are domains without processes, where we are collecting external events; domains that are intrinsically unreliable with event sources and transports that are unreliable. Jan Stenberg has summarised a very informative talk on event sourcing in the real (and unreliable) world that was presented by Lorenzo Nicora at the recent Skills Matter muCon microservices conference in London. A key takeaways is that if you are working in an unreliable world with high scalability requirements, then a "weak-write consistency model" may be a good fit. Try not to make sense of events on write; instead, we should focus on building consistent read models. This can be thought of a a "write fast, think later" approach.

This edition of The Software Architects' Newsletter is brought to you by:

Spring Boot for Microservices

Spring Boot is an opinionated Java framework, for building microservices based on the Spring dependency injection framework. Spring Boot allows developers to create microservices through reduced boilerplate, configuration, and developer friction. This is a similar approach to the two other frameworks we’ll look at [Dropwizard and Wildfly Swarm]. Spring Boot does this by:

• Favoring automatic, conventional configuration by default
• Curating sets of popular starter dependencies for easier consumption
• Simplifying application packaging
• Baking in application insight (e.g., metrics and environment info)

Event sourcing and the GDPR: A Follow-up

A recent article by Michiel Rook, "Forget me please? Event sourcing and the GDPR" on the topic of event sourcing and how this will be impacted by the upcoming EU General Data Protection Regulation (GDPR) generated much discussion. Accordingly, Rook has written a follow-up piece that attempts to address the concerns raised. Possible solutions to "forget" Personally Identifiable Information (PII) include: removing data from projections; not storing PII in events, but instead storing this somewhere else; creating a private event stream per customer; and implementing crypto trashing / crypto shedding / crypto locking to encrypt PII, and then destroying the key whenever an associated "forget" request is received.

Finally, if you are not familiar with the GDPR regulations -- which will affect any exchange or storage of data from an EU country from May 2018 -- then Arto Santala has written a more general introduction to GDPR from a software developer's perspective, which provides a good starting point.

To get notifications when InfoQ publishes content on this topic follow Event Driven Architecture on InfoQ. You can also follow DevEx on the site.

This is the fifth issue of a monthly newsletter, focusing exclusively on software architecture. We thought it would be valuable for you to get a quick overview of things you might like to keep an eye on. If this is not the case, you can unsubscribe using the link below.

Forwarded email? Subscribe and get your own copy.