In the last post of this series, we discussed the evolution of microservices and API ecosystems and what are the different benefits microservices and APIs offer when it comes to building large, scalable, and efficient systems. As I said in the last part (actually as uncle Ben said this), with great power comes great responsibility and the same thing applies to microservices and API architectures. These complex systems bring a lot of challenges with them and we will discuss those challenges in this part.
There are many challenges when it comes to adopting microservices or dealing with microservice architectures. We will be discussing a few of the important ones in this blog post.
Complexity: Complexity comes in different forms, either it can be design complexity or operational complexity. In the case of microservice architecture design, you have to deal with both of those.
- Design: When it comes to distributed systems, complexity is given. But, one way to mitigate this complexity is to create optimal abstractions. The effective modularization of the complex monolith can be done with proper and accurate service boundary definitions but creating those service boundary definitions is hard as well. That’s where design thinking comes into the picture. Defining clear boundaries and responsibility for each service is complicated and developers have to use a data-centric approach to arrive at a proper conclusion here. As compared to microservice design, API design is mature and has defined standard practices. API design thinking helps to identify the right service boundaries and helps to establish loose coupling between services so that implementation details don’t leak through.
Operational: The main benefit of using microservices is you can develop, deploy and upgrade every service independently. This same benefit becomes the biggest pain point for many small teams who are trying to adopt microservice architectures as now there are maybe 60 services to be managed by 10 people and that operational load is very high. Maintaining, and continuously monitoring these complex architectures becomes very hard after some point. Some of the major pain points in operations management are:
- Optimizations and scaling
- Fault tolerance
Communication: Microservices have to communicate with each other to get desired things done. There need to be some infrastructure layer configs to enable resource sharing across services which ultimately enables these microservices to talk to each other. These configurations, if not optimized properly can result in high latency and error rate.
Security: As discussed in the above point, microservices use infrastructure layer configs to talk to each other. This along with multi-environment (multi-cloud as well as on-prem) deployments, results in even less visibility and creates many vulnerable points. This collectively increases the risk of a security attack.
Microservice frameworks in general come with many challenges when it comes to security, some of them are as follows:
- Data is distributed so maintain privacy, confidentiality, and integrity is hard.
- Setting up access control and service level authentication is tricky and makes services more prone to attack sometimes.
- Finding the origin of the attack and affected services can be tricky depending on the size of the architecture.
Most of the challenges we discussed above have some common origins and the most common one being less visibility in the system due to complex architectures and infrastructure. Observability into these microservice architectures and APIs can help us to understand these complex interactions better and help us solve design issues, operational issues, communication issues as well as security issues.
How? Going forward in this series, we will discuss API Observability and how we can use it to solve these complex but very important issues in API and Microservices ecosystem.
Until then, if your organization is using microservice architecture and exploring Observability solutions, feel free to check out Hypertrace, which is a modern API Observability platform. If you are in transition and want to learn more about Observability and instrumentation, join our slack community to interact with folks who have been through this transition or going through this transition.