关键字: [Amazon Web Services re:Invent 2023, Serverless, Serverless, Saas, Architectures, Multi-Tenanted, Integration]
本文字数: 2700, 阅读完需: 14 分钟
视频
如视频不能正常播放,请前往bilibili观看本视频。>> https://www.bilibili.com/video/BV1eN4y1e7NZ
导读
您是否计划在亚马逊云科技上使用 Serverless 构建新的软件即服务(SaaS)应用程序?您想将现有的SaaS应用程序现代化为 Serverless 应用程序,并想了解更多关于多租户的信息吗?在本论坛中,探索亚马逊云科技中 Serverless 的基础知识。了解Amazon Lambda、Amazon API Gateway和事件驱动集成服务;如何构建第一个 Serverless 应用程序;以及如何处理 SaaS 应用程序的多租户架构。
演讲精华
以下是小编为您整理的本次演讲的精华,共2400字,阅读时间大约是12分钟。如果您想进一步了解演讲内容或者观看演讲全文,请观看演讲完整视频或者下面的演讲原文。
经过多年与软件供应商客户的多轮对话,演讲者已经注意到了一些明确的趋势,这些趋势正推动着无服务器架构和软件即服务(SaaS)解决方案的广泛应用。像Any Company这样的企业正渴望借助这些新技术实现关键业务目标。
Their primary concerns revolve around reducing the cost of maintaining infrastructure and servers. The current model employed by Any Company requires the configuration and operation of dedicated servers for each tenant, such as EC2 instances. Even with auto-scaling, they still have to pay for running costs, regardless of actual usage. Small tenants, like a single-location restaurant, may experience sporadic workloads, leading to idle resources and unnecessary expenses. By adopting a serverless architecture, customers only pay for what they use, directly aligned with their tenants’ activities. As the speaker puts it, “In most cases, we don’t need to pay for idle resources.”
For example, a small restaurant tenant may experience very low usage during off-peak hours. But Any Company still has to pay for 24/7 EC2 instance costs. With serverless technology, costs will be directly proportional to the number of events and scaled down when not in use.
Besides saving costs, clients also desire to modernize their legacy codebases, which have become increasingly complex and difficult to update. Restaurant management software still contains legacy code that dates back to the early 2000s. After years of additions and modifications, it has become a tangled mess of spaghetti code. Deploying updates without introducing new bugs is a rare occurrence. Serverless allows them to focus on business logic unhindered by legacy constraints. As the speaker states, it permits “writing business logic that adds value and makes customers happy directly.”
Consider the difficulties faced by Any Company in updating and adding new features based on legacy code. The complexity resulted in errors with every deployment. Serverless will enable them to innovate faster by removing legacy barriers.
Finally, customers want to improve operational efficiency so they can respond more quickly to market changes. Currently, even minor alterations require allocating new infrastructure and instances. As the speaker describes it, “It’s difficult for new tenants to join our system. Every time a new tenant comes on board, we have to allocate new infrastructure and VPCs as well as new EC2 instances.” Serverless eliminates this burden, enabling faster adaptation.
Whenever Any Company adds a new restaurant tenant to its current system, they must manually initiate a new EC2 server tailored to that specific customer. With the use of a serverless architecture, tenants can be added instantly without the need for capacity planning and waiting times.
To demonstrate patterns and examples in a presentation, the speaker introduced a scenario involving a fictional restaurant management software-as-a-service company called Any Company. Their software handles various functions for restaurants – accepting orders, sending them to the kitchen, managing menus, and handling supplies. Although this example is targeted at restaurants, the speaker pointed out that attendees should consider how to apply this solution to their own business and usage scenarios.
The speaker then outlined the evolution of Any Company’s solutions over time. Initially offered as a downloadable software package with a permanent license fee, it required customers to install and manage the software themselves, often resulting in poor experiences when hardware failed.
Any Company decided to offer a hosted hosting option, using dedicated EC2 instances for each customer tenant. However, due to the largely unchanged legacy codebase, versions still dated back to the 2000s. They hoped to adopt a serverless architecture to provide a true software-as-a-service solution.
The speaker also mentioned the diversity of Any Company’s clients – ranging from small, single-location restaurants to large global enterprises, such as companies with chains of restaurants across multiple brands and locations. He emphasized the importance of identifying tenants early on, whether at the company level or individual site level. As he put it, “Determining how tenants are defined will help you determine how to manage authentication, permissions, data, and more; it’s essential to consider this during the design process from the outset.”
For example, a large enterprise client might be a parent company of multiple acquired restaurant chains around the globe. The definition of tenants may occur at the parent company level or individual site level, affecting architectural decisions such as data isolation.
Lastly, the speaker listed the current issues with Any Company’s hosted architecture:
For irregular, sporadic small tenants, there is an excess of idle resources. Even when utilization is low, fees for EC2 instances continue.
Due to the legacy code, the delivery speed of new features is slow. Complexity increases the likelihood of errors during deployments.
New tenant onboarding is cumbersome. Configuring infrastructure and EC2 servers for each tenant is time-consuming.
难以实现的三方集成,如与物流和供应商系统的对接,一直是企业面临的挑战。为了应对这些问题并实现平台的现代化,许多企业开始寻求无服务器软件即服务的解决方案。这种技术的主要优势在于消除了对服务器管理的需求,使得开发者能够专注于业务逻辑并加速产品上市。
无服务器技术的核心理念是基于实际使用的按需扩展,无需进行容量规划。用户只需为流经系统的实际请求或事件付费,而在没有活动时,无需为空闲容量付费。正如一位专家所说,“在大多数情况下,我们不会为空闲状态付费。”这种模式将使用量的成本与使用者直接挂钩,有助于大幅提升利润率。
例如,一家餐厅可以通过自动扩展来应对订单高峰期,而不是维持固定的容量。只有在高峰时段用餐时,才需要支付费用,而不是持续运行服务器。
从客户的角度来看,软件即服务还带来了诸多好处。他们可以轻松地使用软件,而无需承担任何基础设施或服务器管理的负担。对于软件供应商而言,软件即服务提高了运营效率,增强了应对市场动态的灵活性,并倾向于通过减少服务器开支来提高利润。
亚马逊云科技采用了“控制面+应用”的无服务器方法。控制面提供了共享服务,以支持租户上线、身份管理、监控等。公司将专注于使用无服务器构建核心应用程序。
一些常用的无服务器服务包括:CloudFront(用于内容交付和边缘缓存)、API Gateway和AppSync(用于API管理)、Cognito(用于身份管理)、Lambda(用于计算)、DynamoDB(用于数据库)、S3(用于对象存储)以及SQS、SNS和EventBridge(用于集成)。这些完全托管的服务可以自动扩展,无需进行容量规划。用户只需为实际使用情况付费,而无需为空闲状态付费。通过将这些服务组合在一起,用户可以构建高度可扩展的应用程序,而无需管理任何服务器。
云前端在Amazon S3中缓存静态资产如HTML/CSS/JS。前端JavaScript调用Amazon API网关中的API。API网关调用Amazon Lambda函数。Lambdas与数据库(如Amazon DynamoDB)互动。然而,简单地复制每个租户专用的栈并不能很好地扩展。演讲者提倡采用共享的多租户方法。但这带来了一些挑战,例如邻居噪音、数据隔离和后续部署影响等问题,他将在稍后解决这些问题。
关于前端,演讲者讨论了用于识别租户的URL选项。一个简单的方法是使用所有租户共享的通用域名。但这种方法缺乏租户上下文。其他选择是在路径中添加租户ID,为每个租户分配子域名,或允许使用自定义域名。实施后两种方法需要更多的努力,包括在Amazon ACM中颁发野卡SSL证书,管理Amazon Route 53中的DNS,以及可能需要额外的Amazon CloudFront分布。为了简化,他建议在认证期间使用包含租户ID的共享域。
例如,任何公司都可以为大企业租户使用自定义子域提供定制的品牌标识。但是,为所有租户管理证书和DNS记录并不易于扩展。
在登录流程中,演讲者指出,用户输入用户名而不是密码是第一步。这允许集成企业租户使用的外部身份提供者。对于使用本地身份系统的用户,系统会提示输入密码。
该系统使用OpenID Connect,这是一个基于OAuth 2.0和JSON Web Tokens(JWT)的开放标准身份验证协议。在验证凭据后,身份提供者将返回包含用户、租户ID和其他详细信息签署的JWT。
例如,大型餐厅连锁可能希望使用SAML或OIDC集成自己的单点登录提供商。任何公司都可以通过首先识别租户然后再进行身份验证来允许这一点。
JWT用作调用后端API的访问令牌。但是,需要一个额外的组件,即称为Lambda授权器, 以在每个请求上验证令牌才能允许访问。正如演讲者所解释的,授权器是一个检查令牌是否未过期、是否未被篡改且签名正确、然后查看某些声明和属性以确定用户是否有权访问的Lambda函数。
接收方可能需花费较长时间处理请求,这可能导致接收方失败,因此需要执行重试操作。由于接收方的吞吐量有限,异步队列模型能够提供可靠的信息传递、持久性以及重试功能,同时使得发送方无需等待响应。发布-订阅模式进一步扩展了这些功能,将每条消息分发给多个感兴趣的订阅者。为了说明这一点,演讲者将通过在餐厅系统中应用这些异步模式的例子来进行解释:当应用程序中的菜单发生更新时,系统还会向一个触发Lambda函数生成用于打印的PDF版本的SQS队列发送消息。当供应商的价格列表被上载到S3时,系统将向一个SQS队列发送通知,该队列会调用一个Lambda函数来解析数据并将其转入DynamoDB。
- 从DynamoDB中提取订单详细信息。
- 使用Lambda函数更新厨房显示器。
- 在准备就绪时,通过SNS向服务员发送通知。
- 发布订单完成事件。
Step Functions具有可视化的、分支/并行处理的和错误处理功能。正如专家所说,“我们按转换数量付费,而不是运行时间。”他建议在工作流程输入中包含租户ID,以便在整个过程中进行跨步骤跟踪。例如,任何公司都可以利用Step Functions来协调处理订单的多个步骤的工作流程。这使得在工作流图上可视化步骤并添加错误处理成为可能。最后,他讨论了部署和更新的话题。建议使用基础设施即代码、测试环境、小型/频繁更改以及自动化持续集成/持续部署(CI/CD)管道。更改应采用波浪形式推出——按地区、租户层或其他分片方法——以减少影响范围。
Finally, the speaker presented various solutions for migrating from existing hosting platforms to the new serverless SaaS architecture. Every company is building it in parallel to minimize disruptions before encouraging customers to switch. Strategies include achieving feature parity, incentivizing early adopters, or forcing deprecation on a specific date. The goal is to disable the old platform as soon as possible. For example, a company may offer discounted prices to motivate customers to migrate to the new serverless version. They hope to rapidly shut down the old servers after migrating the tenants. In summary, he highlighted the benefits of serverless SaaS: automatic scaling, pay-as-you-use model, cost reduction, and consistency with tenant usage; removal of server management accelerates development; tenant context is crucial for aggregating multi-tenant data; and event-driven systems generate scalable and efficient architectures. Serverless and SaaS are an obvious powerful combination. By focusing on business logic and leveraging Amazon Web Services services, companies can quickly provide innovative software to customers.
下面是一些演讲现场的精彩瞬间:
演讲者详细探讨了如何运用亚马逊云科技的服务,例如Route 53、CloudFront和ACM,以可扩展且高效的方式来实现多租户架构。
演讲过程中,重点强调了Amazon Cognito和JSON Web Token如何在系统中共享安全的用户身份验证。
通过Lambda中的自定义授权器,可以返回一个包含租户ID、站点ID以及其他在系统中传递的有用信息的上下文对象。
借助DynamoDB和S3以及租户ID作为键值,实现了在利用亚马逊云科技的托管服务的同时支持多租户功能。
亚马逊云科技的服务,如S3、SQS、Lambda和DynamoDB协同工作,使得无缝集成和处理来自第三方供应商的数据成为可能。
亚马逊云科技的领导团队鼓励与会者参加re:Invent的50多个SaaS会议和100多个无服务器会议,以助力构建无服务器SaaS解决方案。
总结
一位演讲者在会议上探讨了如何在亚马逊云科技上构建无服务器软件即服务(SaaS)架构。他详细阐述了无服务器技术的优势,例如自动扩展能力、按需付费模式以及无需管理服务器等。
为了说明这一点,演讲者以一家虚构的餐厅管理软件公司为例,讲解了多租户池模型中租户上下文的重要性。他强调了应使用租户ID对数据进行分区、管理身份和认证以及在整个系统中提供上下文环境。
此外,演讲者还展示了一些常见的无服务器模式,如基于API网关和Lambda的REST API设计,利用SQS队列进行异步处理,以及运用EventBridge规则和Step Functions实现事件驱动的工作流程。他强调,在进行集成时,应传递租户上下文以确保适当的隔离。
演讲者还强调了实施无服务器技术的一些最佳实践,如将基础设施作为代码编写、遵循持续集成与持续部署(CI/CD)管道以及采用渐进式更新策略。他认为,无服务器技术和SaaS可以相互补充,消除冗余工作,使得供应商能够更专注于满足客户的需求。
演讲原文
https://blog.csdn.net/just2gooo/article/details/134795424
想了解更多精彩完整内容吗?立即访问re:Invent 官网中文网站!
2023亚马逊云科技re:Invent全球大会 – 官方网站
点击此处,一键获取亚马逊云科技全球最新产品/服务资讯!
点击此处,一键获取亚马逊云科技中国区最新产品/服务资讯!
即刻注册亚马逊云科技账户,开启云端之旅!
【免费】亚马逊云科技“100 余种核心云服务产品免费试用”
【免费】亚马逊云科技中国区“40 余种核心云服务产品免费试用”
亚马逊云科技是谁?
亚马逊云科技(Amazon Web Services)是全球云计算的开创者和引领者,自 2006 年以来一直以不断创新、技术领先、服务丰富、应用广泛而享誉业界。亚马逊云科技可以支持几乎云上任意工作负载。亚马逊云科技目前提供超过 200 项全功能的服务,涵盖计算、存储、网络、数据库、数据分析、机器人、机器学习与人工智能、物联网、移动、安全、混合云、虚拟现实与增强现实、媒体,以及应用开发、部署与管理等方面;基础设施遍及 31 个地理区域的 99 个可用区,并计划新建 4 个区域和 12 个可用区。全球数百万客户,从初创公司、中小企业,到大型企业和政府机构都信赖亚马逊云科技,通过亚马逊云科技的服务强化其基础设施,提高敏捷性,降低成本,加快创新,提升竞争力,实现业务成长和成功。