The Software Architects' Newsletter
January 2021
View in browser

Our forty-second issue of the Architects' Newsletter again focuses on the topic of "Cloud Computing for the Enterprise". We believe this topic will span several phases of the diffusion of the innovation curve, with a bias towards the early adoption phase. The majority of organizations use some form of cloud computing, from VMs to storage and data processing. The use of cloud platform/function as a service (PaaS and FaaS) is also becoming increasingly popular, and new related architectural patterns are emerging.

We believe that understanding all the emerging patterns, antipatterns, and technologies related to these topics is essential for a software architect.


A Cloud-Native Architecture for a Digital Enterprise

In a recent InfoQ article, Lakmal Warusawithana, argued that a company can benefit from integrating and exposing its business capabilities as APIs. API-led integration provides a platform to enable enhanced digital experiences for consumers.

He continued by stating that cloud-native applications are all about dynamism, and microservice architecture is critical to accomplish this goal. Combining cloud-native technologies with an API-led integration platform can enable increased productivity by providing agility, flexibility, and scalability through automation and the adoption of managed services.

Sysdig: Container Security Shifting Left, Docker Usage Shrinking

As recently reported on InfoQ, the Sysdig 2021 container security and usage report highlights a trend for cloud and container security to "shift left". Yet, many of the analyzed container images are still lacking in basic security provisions.

One tool for runtime security that according to Sysdig has seen growing adoption is Cloud Native Computing Foundation (CNCF) Falco project. Originally created at Sysdig and later donated to CNCF, Falco analyzes Linux system calls to detect unusual behavior such as privilege escalation using privileged containers, ownership and mode changes, execve, shell, and SSH usage, and so on.

Cloudflare's Origin CA Issuer: An Extension to the K8s Cert-Manager

Cloudflare has released "Origin CA Issuer", an extension to cert-manager, a native Kubernetes certificate management controller. Integrating with Cloudflare Origin CA, the extension makes it easier to create and renew Cloudflare Origin Certificates.

For many years, Cloudflare has recommended that site owners install a TLS certificate on their web servers so they can encrypt traffic from the content delivery network (CDN) endpoint to the origin. However, until now implementing this as a site owner was not straightforward.

Azure Well-Architected Framework

Last year, Steef-Jan Wiggers reported on the introduction of the Azure Well-Architected Framework, which provides customers with a set of Azure architecture best practices to help them build and deliver well-designed solutions. This framework has continued to evolve over the past several months.

The Azure Well-Architected Framework consists of five pillars of architectural best practices: cost management, operational excellence, performance efficiency, reliability, and security. Each intends to help customers optimize their workloads against Azure best practices and specific business priorities.

Customers can also leverage the Well-Architected Assessment Review, an online survey, which delivers an assessment based on the five pillars. Once a customer completes the series of questions, scores are provided based on the chosen pillars along with a set of actionable recommendations.


Case Study

Recap of AWS re:Invent 2020

This year the annual re:invent conference organized by AWS was run as a free virtual event spread over three weeks. During multiple keynotes and sessions, AWS announced new features, improvements, and cloud services.

On the very first day of the conference, Amazon announced EC2 Mac instances for macOS, adding after many years a new operating system to EC2. This is mainly targeted at processes that only run on macOS, like building and testing applications for iOS, macOS, tvOS, and Safari. The first part of Andy Jassy's keynote was focused on announcements related to computing options and serverless technologies. AWS introduced new instance types on different processors and EC2 families, including Intel Xeon M5zn instances, Graviton2-powered C6gn instances, Intel-powered D3/D3en instances, memory-optimized R5b instances, and AMD-powered G4ad GPU instances. See InfoQ's coverage here.

There were announcements about Lambda and serverless deployments: billing granularity is reduced from 100ms to 1ms which reduces costs for every single Lambda function automatically, the availability of functions with up to 10 GB of memory, and 6 vCPUs was added. One more new feature is the support for container images as a packaging format, to simplify the transition from current container-based workloads to serverless functions. To know more about AWS Lambda updates, see InfoQ's article.

Adding Amazon ECS Anywhere and Amazon EKS Anywhere, AWS will make the container orchestration software used in ECS and EKS freely available to deployments outside AWS, including other cloud providers. This will provide increased integration and lower latency and will follow the path of Microsoft and Google that already offer Azure AKS and Google Anthos for free.

During the first keynote, the public preview of AWS Proton, a new managed deployment service for container and serverless applications, was announced. With AWS Proton, customers can automate and manage infrastructure provisioning and code deployments for serverless and container-based applications. See InfoQ's coverage here. ECR Public Repositories is a public container registry to store, manage, share, and deploy container images globally.

This content is an excerpt from a recent InfoQ article from Renato Losio: "Recap of AWS re:Invent 2020". The full article discusses announcements related to storage, databases, networking, machine learning, and more.

To get notifications when InfoQ publishes content on these topics, follow "cloud computing", "cloud architecture", and "cloud-native" on InfoQ.

Missed a newsletter? You can find all of the previous issues on InfoQ.


Attend upcoming events by InfoQ and level-up on the skills most in-demand in 2021

Which software trends, best practices, and solutions should be part of your software roadmap? How can you apply the experiences and insights from world-class practitioners to your projects? Where should you develop your skills this year?

Join us at our upcoming InfoQ Live and QCon Plus virtual events to level-up on the practices, patterns, and skills most in-demand in 2021.

QCon Plus (May 17-28): Uncover emerging trends and practices from the world’s most innovative software professionals.

If you are a senior software engineer, architect, or team lead and want to take your technical learning and personal development to a whole new level this year, join us at QCon Plus this May 17-28.

Early topics include:

  • Leading Full Cycle Engineering Teams
  • Compiling to Native Code
  • Modern Data Pipelines
  • The Monolith is Dead, Long Live the Monolith
  • Events Rule Everything Around Me
  • Continuous Delivery, Workflows, and Platforms

Save up to $200 for QCon Plus (May 17-28). Secure your spot before Feb 6th.

InfoQ Live (Feb 16): Embracing observability in distributed systems.

No system is completely reliable, especially distributed systems, and debugging production is hard. If you are unsure how to use observability to build and manage dependencies in your distributed systems, deep-dive with world-class practitioners and discover how to implement observability in every stage of the software development life cycle—design, development, testing, and deployment.

Agenda and speakers include:
  • How to Avoid Cascading Failures in Distributed Systems by Laura Nolan, Site Reliability Engineer @Slack, Contributor to Seeking SRE, & SRECon Steering Committee
  • True Observability Needs High-Cardinality by Pierre Vincent, Head of SRE @weareglofox

Save your spot for only $19.95*.

*100% of net ticket revenue will be donated to non-profit organizations, supporting diversity & inclusion in software.

This edition of The Software Architects' Newsletter is brought to you by:


Cloud-Native Apache Cassandra

Apache Cassandra is going cloud-native. The foundations for building Cassandra in the cloud are available in open-source - projects like that include a Kubernetes operator, a management sidecar, a metrics collector, a configuration builder, and a NoSQL testing system.

In this article you'll learn about how open source projects like Kubernetes,, Prometheus, Envoy and, can be combined into a cloud-native data service.


InfoQ strives to facilitate the spread of knowledge and innovation within this space, and in this newsletter we aim to curate and summarise key learnings from news items, articles and presentations created by industry peers, both on InfoQ and across the web. We aim to keep readers informed and educated about emerging trends, peer-validated early adoption of technologies, and architectural best practices, and are always keen to receive feedback from our readers. We hope you find it useful, but if not you can unsubscribe using the link below.


Forwarded email? Subscribe and get your own copy.