Table of Contents for
Programming for PaaS

Version ebook / Retour

Cover image for bash Cookbook, 2nd Edition Programming for PaaS by Lucas Carlson Published by O'Reilly Media, Inc., 2013
  1. Cover
  2. Programming for PaaS
  3. Programming for PaaS
  4. Dedication
  5. Preface
  6. 1. The Cloud for Developers
  7. 2. What Is PaaS?
  8. 3. Types of PaaS
  9. 4. Moving Legacy Apps to PaaS
  10. 5. Writing New Apps for PaaS
  11. 6. Mobile Apps on PaaS
  12. 7. A Look at Core Services
  13. 8. Why Not PaaS?
  14. 9. The Future of PaaS
  15. 10. Resources
  16. Index
  17. Colophon
  18. Copyright

Chapter 2. What Is PaaS?

Developers are migrating to PaaS to get their jobs done faster and better.

Faster: because you spend less time setting up and managing servers, or waiting for someone else to do it.

Better: because PaaS lets you implement best practices without thinking about it.

Developers all have their own unique sets of considerations and challenges. Before writing this book, I myself had challenges rooted in a childhood web success that turned into what would have been a crushing failure had I not learned some critical lessons that strongly influence how I write code today.

Conjuring a Website

In 1996, my family signed up for an Internet connection and received a shared hosting account tied to our Internet Service Provider. I downloaded Fetch, a free FTP client, and found a Webmonkey tutorial that taught me the basics of HTML. I entered my FTP credentials and was on my way. When I fully realized anyone in the world could see my Hello World web app, I was hooked. A simple “hello” transformed the rest of my life.

I love magic. I find it fascinating how you can prepare for days or even weeks, practicing detailed finger work for a trick that can last a few seconds. I wanted to combine my passion for doing magic tricks with my passion for this new toy called the Web. So I created my first web page, a page for magicians to exchange ideas and tricks. It started out as a simple HTML page and quickly grew into a dynamic PHP website that I called The Conjuring Cabaret.

As the community grew, The Conjuring Cabaret became more and more dynamic, adding content, functionality, and design. Many magicians contributed magic tricks and tips. There were tests that visitors had to pass in order to get in to see those tricks, making sure that only real magicians could access this inner sanctum.

The site grew to the point that it needed its own server. The Conjuring Cabaret was hosted on a dedicated box, and I was thrilled. By 2001, it was among the top magic websites, with hundreds of tricks and thousands of members. I was installing and configuring Apache and MySQL and spent countless nights tuning things to be just right.

Then one day I woke up and the website was not working. I tried to log into the server. No luck. I tried to email the managed server provider and didn’t hear back. I kept emailing them, and a few days later, when they finally replied, they said, “Sorry, your server died.”

I said, “What do you mean my server died?”

Like many developers before and since, I had never gotten around to backing up my server. I lost all of the data, all of the magic tricks, and all of the users. Ironically, that server had performed a magic trick of the highest order: it made everything disappear.

That was the end of my first website.

It was a painful episode and a pivotal moment for me, deeply influencing my professional life. Years later, I was able to realize a dream that came out of that pain when I began to use Platform-as-a-Service and founded a PaaS provider called AppFog.

Early Options for Developers

Episodes of scaling problems and losing data are unfortunately common, mainly because application developers have had only a few options in the last generation. Chief among them were shared web hosting and dedicated web hosting. Now we can add into the mix a powerful, relatively new alternative called Platform-as-a-Service. Before we look more deeply at PaaS, let’s examine the first two options.

Shared Web Hosting

Traditionally, shared web hosting has been the easiest way for web developers to get started. Examples include GoDaddy, Yahoo!, Comcast, and many ISPs to this day.

The central concept revolves around an FTP account. You get credentials for your FTP application server. That server hosts thousands, sometimes tens of thousands, of websites. Usually the server is large, but it can very quickly get bogged down. If one or two of those websites start to get popular, even with a powerful server, it might be enough to soak up all of the resources. The result: tens of thousands of websites could become very slow or might not even respond.

The upside to shared hosting is price. Shared hosting is cheap, sometimes even free. Also, it’s a hands-free account. You don’t have to do security patches. You don’t have to manage the software. You don’t have to know anything about how the software is written. All you need to know is how to write some HTML code; you hand it over, and everything else is handled for you. But because it’s so inexpensive, your provider can’t afford to handle things well at all times. It can’t scale. It can’t go beyond its capabilities, but it usually does work for simple situations.

While it’s an economy of scale for the hosting provider, it’s not a reliable system for putting up a storefront, a complicated website, or even a site that you want your clients to be able to reliably visit to get your contact information.

Another pitfall of shared hosting is security. Your code can be on the same system as over 10,000 other pieces of code. Keep in mind that a normal website can easily get hundreds of security attacks every day. Multiply that by tens of thousands of pieces of code that aren’t yours, and you can see the risks involved in running a production site on a shared system.

Despite its disadvantages, developers still find shared web hosting useful to host personal web pages, to put up simple ideas, and to try out new ideas. It’s useful for development when you’re not sure if you want to invest the kind of money it would take to run your own servers, and when you don’t need to scale yet. The trouble is that when you do need to scale, it can become a painful process to move from a shared to a dedicated system.

Dedicated Hosting

Developers, especially web developers, have traditionally used shared web hosting to get started because it’s cheap and easy. When they look to graduate beyond that, they often turn to dedicated web hosting. This could be as simple as hosting your own server at home using your Internet connection. But there are several other options that provide varying degrees of service and scalability.

Here is a generalized list of dedicated hosting options, sorted by decreasing order of control (and typically, performance):

  • Colocated servers

  • Managed servers

  • Virtual private servers

  • Infrastructure-as-a-Service

Let’s now take a look at each of these in more depth.

Colocated servers

With colocation, you usually buy your servers yourself. Then you ship them to a high-bandwidth data center where you pay a monthly fee. The colocation facility gives you Internet access and sometimes will even help debug or restart a server. But in addition to the up-front costs of the machines, you are responsible for maintaining and managing the servers.

Managed servers

The term “managed server” is a bit of a misnomer. In reality, the management of the server can be quite limited. If the RAM becomes corrupt, they will replace it for you. If there are hardware issues, the provider will replace your hardware. But while they replace disks or RAM, they do not replace your data, so it’s critical to make sure that you have off-site backups.

There are various benefits to using managed servers. Often you do not have to buy the servers yourself; you lease them from the same provider that is hosting and managing them. They are faster than some of the other dedicated alternatives, as well as more reliable and more robust. Managed servers can and do die, but they usually don’t die very quickly. You generally have to wait for a disk failure, which on average could take a year or two. Compare that to the ephemeral servers on Amazon Web Services, which could die in a matter of days or weeks. The downside is that provisioning new servers can easily take anywhere from weeks to a month.

Virtual private servers

Virtual private servers, or VPS, are similar to managed servers, but virtualized. In desktop environments, you may be familiar with Parallels, VirtualBox, and Fusion. For server-side virtualization, the tools of the trade (known as hypervisors) include XenServer, KVM, Virtuozzo, Vserver, and Hyper-V.

Virtualization allows large servers with many terabytes of RAM and hundreds of processor cores to be subdivided into smaller virtual servers with gigabytes of RAM and one to four cores. This makes these servers a lot easier to start, run, and replace than non-virtualized dedicated servers.

Virtualization technology allows for each virtual machine to act independently of one another in terms of security, isolating processes and tenants in a much more comprehensive way than sharing servers through multitenant shared hosts all on a single Apache instance. Each virtual machine has its own root account and, if compromised, does not have access to any other of the virtual machines.

The downside to VPS can be that since the underlying physical resources can be shared, you can still run into issues where a neighboring tenant is hogging your CPU or disk I/O, which can slow down your applications unless you plan for these kinds of inconsistencies.

Infrastructure-as-a-Service

IaaS is like an on-demand elastic VPS with an API. It is the fastest version of dedicated web hosting in the sense of provisioning. But it is still considered to be dedicated web hosting because you still get root access. The largest effective difference from other kinds of hosting is that you can go from requesting new servers to having them up and running in about 30 seconds. They can be dedicated real servers, but usually are virtual servers. Virtualization is accomplished with software that ranges from VMware’s vSphere to Xen from Citrix all the way to Microsoft Hyper-V. The most popular Infrastructure-as-a-Service is Amazon Web Services, which uses Xen to virtualize its hardware.

With IaaS, what you get are dedicated servers with dedicated IP addresses. They start out as a blank slate, so you have to do all the system administration: install the software, install Apache, configure Apache, secure the server, tune the server, tune Apache, tune MySQL, add the accounts, distribute passwords, set up SSH, put the SSH keys in, install the packages, upgrade the packages, and make sure your app works with the versions of software included on the machine.

The benefits of IaaS are the ability to provision as many servers as you need and the ability to do so very quickly on demand. The downside is that those servers are generally slower than their dedicated alternatives. They also offer less performance and they are less reliable, so they tend to be ephemeral, meaning that they go down without notice. You have to design your system to be able to handle servers dying at will, adding a layer of complication.

Comparing costs

The cost structures for the various forms of dedicated web hosting are vastly different.

In the colocated version, you have the initial fixed costs associated with buying the machines. You’re only renting space in the colocation facility, though, so the ongoing costs are significantly lower compared to similar IaaS usage. Many large applications go the colocation route, investing in their own hardware to take advantage of the monthly cost savings. This is also known as increasing capital expense (capex) in order to reduce daily operating expense (opex). Colocation costs vary but can start at around $1,000 per month for a rack, which can hold up to 16 servers. Keep in mind, however, that you’re still in charge of maintaining and managing the machines. You will need to go in, install the machines, wire them together, and maintain them in person as they fail.

On the other end of the spectrum is Infrastructure-as-a-Service. With IaaS, you pay an hourly cost based only on the resources you need (also known as increasing opex to reduce up-front capex). Generally there are a wide variety of different combinations from which to pick, including different CPU speeds, disk sizes, and I/O performance.

Since IaaS is typically priced by the hour and has no long-term commitment, it’s very handy for cases in which you need to provision many servers and use them for a short amount of time—performing a vast calculation over a specified amount of data, for example. How would such a scenario impact your budget?

Let’s suppose you’re going to sequence DNA. You have a set problem and you have a set piece of data. Using Infrastructure-as-a-Service, you can spin up a thousand servers, sequence the DNA over a set period of time, and then shut the servers down. You only pay for the hours that the servers were running. Instead of buying a thousand servers that sit around doing nothing after you’ve finished sequencing the DNA, you set up only what you need for the time you need it.

Web applications tend to live much longer than a DNA sequencing can take, which might on the surface seem to favor capex over opex, because you can make long-term commitments. This can make IaaS seem economically unfavorable for hosting web applications. However, web applications might experience spikes. If you’re preparing to go on a talk show or a news program, you need to be prepared to handle the resulting traffic to your website. With a colocated facility, you would have to order the servers, wait a few weeks, then bring them in and have them configured, which could take another few weeks. With Infrastructure-as-a-Service, you can make an automated API call 24 hours a day and add a thousand servers to your system that can be available within minutes. After the traffic diminishes, you can deprovision the servers and only have to pay for the time that you used.

The general problem with Infrastructure-as-a-Service is that since the servers are ephemeral, you need to have some kind of persistent block storage so that you can keep your data. For example, if you have a MySQL database and the server goes down, you don’t want to lose that data. You must have the data persisted on block storage or some other similar persistent storage technology. These and other services add additional hourly charges.

Infrastructure-as-a-Service is an à la carte system. You can add services as you need to and then pay for them on an hourly basis.

PaaS: The Best of Both Worlds

As a developer, the general tendency is to start out with shared hosting. Soon you might experience a need to have more power and control, so you move into dedicated hosting. You feel a rush because you now have ultimate control. You’re excited to be tuning your servers and learning how to make them run faster. You’re excited because your website loads faster and it can handle more users.

However, the excitement quickly dissipates as time goes on, because the overhead of taking care of those servers day after day wears you down. You want the power and control that come with dedicated servers, but before too long your servers get hacked into and you are fully responsible for fixing them. Then the database gets corrupted, and you have to restore your backups on your own.

But wait, there’s more! It’s not only the time and effort of managing your machines. When the server dies at 4 a.m. (and it always does so at the most inconvenient times), you are always ultimately responsible for fixing it. If you’re at dinner, you have to go. If you’re at a wedding, you have to go. If you’re on vacation, you have to go. This is why pagers exist—for doctors and system administrators.

In short, from a developer’s point of view, shared web hosting is easy but does not provide enough control and power, and dedicated hosting is powerful but provides too many distractions and too much overhead. Until the advent of Platform-as-a-Service, there was never an in-between.

Combine the power of dedicated hosting together with the ease of shared hosting and you get Platform-as-a-Service.

The Developer’s Holy Grail

Let’s return briefly to the example in which you’ve made a TV appearance and your website suddenly experiences a spike in traffic. The problem with dedicated hosting is moving from a single server to 100 servers. It’s a potential nightmare because you’ll need to hire a team of people to help manage those 100 servers. With Platform-as-a-Service, moving from a single server behind your app to 100 servers can take seconds. All you do is move a slider from the left to the right.

As you’ll see, Platform-as-a-Service can provide the power, speed, reliability, and scalability that you wanted with dedicated hosting, and yet be as simple to use as shared hosting. You might go so far as to say that Platform-as-a-Service is the developer’s Holy Grail of scalability and reliability.

This enhanced reliability comes courtesy of one of the key tenets of scalable architecture in the modern web development era: N-tier architecture.

Sharing the Load

With N-tier application architecture, you don’t put your app logic on the same servers as your database servers or caching servers or load balancers. You have different layers of servers that handle different aspects of the application independently.

You do this for horizontal scalability, so that you can add more capacity by simply adding more of a certain kind of service in parallel and then configuring the software to distribute the load. So now you have gone from having a single server to at least three or four layers of servers, or tiers. Within each of those tiers, you’re replicating for failover and high availability.

This architecture is what you usually end up piecing together when you are using dedicated servers. But every Platform-as-a-Service has N-tier built into it from the start. It’s packaged into the offerings as a de facto standard from the ground up, blending a best-of-breed approach to dedicated web hosting with a simple deployment strategy for deploying your code.

Language Considerations

There are a number of different approaches to Platform-as-a-Service. Some vendors focus on a single programming language, meaning you’ll be restricted to working only with Java, or PHP, or Python, or Node.js.

Other PaaS vendors let you choose from a variety of different languages. On the one hand, a multilanguage provider has the benefit of being a one-stop shop. On the other hand, you will sometimes have a more highly tuned environment with a single-language PaaS provider. In general, the most widely used PaaS systems tend to be multilanguage.

One should also be aware of vendor lock-in issues. Some Platform-as-a-Service providers require you to program against their APIs, and once you have tied your code to their APIs it can be very difficult to move it anywhere else. If this is simply at the level of database services, your code can still remain quite portable. However, if there are custom libraries and custom code APIs, it can be problematic and sometimes impossible to compartmentalize these integration points to the point that you can quickly move your app to another PaaS provider.

PaaS Pricing

Almost every Platform-as-a-Service provider lets you try it for free. Usually you can set up at least a few applications for free. This is a useful way for developers to get started and familiarize themselves with Platform-as-a-Service. Once you want to deploy a production application, there are many options, with pricing models that vary depending on which platform you choose. Rates for production-ready apps in PaaS can run from as little as $20 per month to thousands of dollars per month.

For example, with one leading PaaS service you can deploy applications for free, but when you want to scale those applications and add more instances behind them (making them production-ready), you start paying on a per-instance basis. Those instances can each cost $30–40 a month. If you want background processing, that is another $30–40 a month. So, with some Platform-as-a-Service providers, the price can grow quickly as your application needs to scale.

Other platforms have different pricing models. Some charge based on how many virtual machines you use. Others charge on a resource consumption model. With AppFog, you have a set amount of RAM; within that amount of RAM you can deploy as many applications, or as many instances behind those applications, as you want. The monthly fee is based on how much RAM you need, not how you use it. dotCloud has a similar model.

Is PaaS Really New or Just IaaS++?

Several questions arise. Is Platform-as-a-Service a new concept? Or is it simply an extension of Infrastructure-as-a-Service? Is the “big idea” the concept of APIs with provisioning servers? Or is Platform-as-a-Service a new and separate kind of idea?

There is a strong case to be made that IaaS and PaaS are very different from one another and that Platform-as-a-Service is not a feature of Infrastructure-as-a-Service. Fundamentally, it comes down to what is important to each service.

What are the central concepts behind IaaS and PaaS? Another way to ask this question is this: what are their atomic units?

Looking at atomic units

An atomic unit is the least divisible unit of interest for an entity. What is the least common factor? What is the base indivisible aspect that people care about? In math, it’s numbers (or even more fundamentally, sets). In physics, it’s equations. In chemistry, it’s molecules. In biology, it’s cells.

This applies in the business world, as well. For McDonald’s, it’s hamburgers. For Barnes & Noble, it’s books. For Coca-Cola, it’s a can of Coke. It is the base unit that the company cares most about.

Figuring out the atomic unit for a company is both enlightening and limiting. Enlightening because it gives you a focus—it lets you rally to what you are good at—and limiting because it is incredibly difficult to be as good at selling anything outside the purview of your atomic units. Few companies who try to have multiple atomic units are able to succeed.

The atomic unit does not have to be as specific as the examples just given. For Amazon.com, it’s anything you can warehouse and ship in a box. For Netflix, it’s digital media in various forms. For Procter & Gamble, it’s household items.

When it comes to sorting out atomic units, there is a major amount of confusion in the cloud. Part of the reason for this confusion is that many different companies who sell many different atomic units are being grouped together. One way to make sense of it all is by understanding the atomic units of these companies at a generic level.

IaaS versus PaaS

For Infrastructure-as-a-Service, the atomic unit is resources. By resources, we mean servers, disks, networks, and IP addresses. IaaS is all about providing these resources on demand. For example, when you look at Amazon Web Services, all the tools center around resources, all the documentation is about resources, all development is focused on resources, and the main thing people use it for is resources. Other IaaS examples include Rackspace, GoGrid, and Joyent.

For Platform-as-a-Service, the atomic unit is applications. What is an application? It’s a system. It’s a combination of code and all the services that communicate with that code at any point in time. It is not a resource. In fact, an app is composed of many individual resources all tied together. The amount of effort required to connect those resources together is often underestimated. That’s why companies hire IT departments and why system administrators are always in demand. Going from a single host running Apache and MySQL all in one to a system architecture with separate load balancers, caching servers, app servers, and database servers with redundancy and failover involves a lot of work, both up front and later on in maintenance.

The other thing that PaaS does is configure and manage IaaS from an apps perspective. Tools like Cloud Formation are great, but they approach IaaS management from a resources perspective. Apps see the world in a much different way than resources do.

Apps, unlike resources, do not tend to come and go frequently. The need for on-demand hourly pricing, while highly useful for IaaS, is not as important with this model, except when you temporarily burst app usage or you’re in a test/dev scenario.

In short, Platform-as-a-Service providers deal with code and services. The responsibility of those providers is to manage and maintain the code, to run the services, and to make certain that the connections between everything remain up and running at all times.

PaaS: A Vital Tool for Modern Apps

Application development has drastically changed in the last generation. From the early days of code running on computers the size of buildings to client/server architectures and now modern REST APIs, the tools used to build and run code have changed as well.

Moving Toward Higher-Level Languages

Let’s return to an earlier example: when you want to sequence DNA, you want to do it as quickly as possible, so you use low-level languages like C and Assembly to get as much performance as you can.

In PaaS, the tendency is more toward building out web applications, and latency is not as critically important. The quality that is valued more highly for the types of applications that run on PaaS is the ability to create things quickly and connect them quickly. The higher-level languages—the dynamic scripting languages like Ruby, PHP, Python, and Node.js—are better suited to this than some of the lower-level languages.

Thus, the tendency within PaaS is toward languages that a few decades ago were thought of merely as scripting languages. Now they have become powerful tools for businesses to power their applications. Facebook, one of the biggest sites on the Internet, uses PHP to power its systems. Yahoo! also used PHP. Twitter was initially built on Ruby. LinkedIn used Ruby, then changed to Node.js. So you can see a proliferation of web content being built on dynamic languages.

Managing the Backend

The new generation of languages is also breeding a new style of development: quick iterations on smaller sections of code, faster production of applications that are smaller and at scale. The applications that are generally being built are API-type applications. Examples of these kinds of applications (on a larger scale) include Gmail, Twitter, and MobileMe, which use APIs to communicate with their web frontends. Those same APIs can be used in the context of mobile applications, making sure that a mobile app can register users and that users can communicate with each other. This all must happen through APIs and backend services.

Managing the backend for a mobile application can easily take more time than building it in the first place, which is why Platform-as-a-Service is such a vital tool. If you have a mobile app that gets on the Apple App Store’s top 10 list, you need to make sure that your backend application can scale with the needs of your user growth and can handle millions of users accessing it from their phones every minute. Traditionally, this has taken armies of IT and ops people. Platform-as-a-Service gives you the ability to manage hundreds or even thousands of backends simply with a slider, rather than with a team of people.

In case this remains unclear, it should be stated that PaaS puts control and power into the hands of the developer. At long last, that pager has been rendered unnecessary. PaaS won’t eliminate code bugs, obviously, but hardware and infrastructure failure should not be concerns for developers anymore.

Conjuring Confidence

Years after I lost my own website, Platform-as-a-Service emerged. With PaaS emerged the opportunity to get apps up and running faster and more easily than ever before. Now backing up applications can happen with a click of a button. You don’t have to worry about servers going down because there are people out there worrying for you. PaaS renews confidence and vigor for all of the applications that modern developers deploy.

The days of dreaded phone calls where people tell you that your servers have died will become history as you adopt PaaS and utilize it to its full potential.