Can you use Serverless Everywhere? Any Drawbacks?
Rohit Akiwatkar Mar 9 Updated on Sep 13, 2018
Update: I recently wrote a post on different use cases of serverless. A list of 10 serverless use-cases which is a good introduction to the areas in which serverless can be useful. Though the article is AWS focused, these ideas can obviously be used elsewhere.
As a huge promotor of serverless, I am very positive about its future. But I feel bad when this technology is falsely lauded as a panacea for all the future applications.
A discussion on the drawbacks of this technology will give new developers and cloud architects a complete picture.
For the beginners
Serverless architectures refer to applications that significantly depend on third-party services (knows as Backend as a Service or “BaaS”) or on custom code that’s run in ephemeral containers (Function as a Service or “FaaS”), the best-known vendor host of which currently is AWS Lambda.
Despite the name, it does not actually involve running code without servers. The name “serverless computing” is used because the business or person that owns the system does not have to purchase, rent, or provision servers or virtual machines for the back-end code to run on.
Below are some of the prominent drawbacks in serverless technology
Problems Due to Third-Party API Systems (Simply Vendor Lockin!!)
Startups are agile boats, but the decisions you make initially have rippling consequences over time. There is a reason why cloud providers offer $100,000 initial credit to early-stage startups.
Once you make your initial infrastructure on a particular cloud it becomes very difficult to migrate out of it. Vendor control, multitenancy problems, vendor lock-in, and security concerns are some of the problems due to the use of third-party APIs.
Lack of Operational Tools
The developers are dependent on vendors for debugging and monitoring tools. Debugging distributed systems is difficult and usually requires access to a significant amount of relevant metrics to identify the root cause. But recently many tools have come up in the serverless ecosystem for -
Monitoring - Epsagon, IOpipe, Dashbird, Stackery
Security - PureSec, Sync, TwistLock
Decisions about how small (granular) the function should be, take the time to assess, implement and test. It gets cumbersome to manage too many functions, and ignoring granularity will end up creating mini-monoliths.
AWS Lambda, for now, limits you to how many concurrent executions you can be running on all your lambdas. The problem here is that this limit is across your whole AWS account. Some organizations use the same AWS account for both production and testing. That means if someone, somewhere in your organization does a new type of load test and starts trying to execute 1,000 concurrent Lambda functions, you’ll accidentally Denial of service (DoS) your production applications.
Integration testing serverless apps are tough. The units of integration with Serverless FaaS (i.e. each function) are a lot smaller than with other architectures and therefore we rely on integration testing a lot more than we may do with other architectural styles.
Problems related to deployment, versioning, and packaging also exist. You may need to deploy a FaaS artifact separately for every function in your entire logical application. It also means you can’t atomically deploy a group of functions. On top of it, there’s no concept of versioned applications so atomic rollback isn’t an option. You may need to turn off whatever event source is triggering the functions, deploy the whole group, and then turn the event source back on.
Architectural components such as serverless databases, frameworks, libraries are not mature and developers don't have a wide range of choices.
Other drawbacks are performance related issues in functions, security vulnerability (susceptible to DoS attack), event-driven architectural problems such as - snowball effect due to cascading events, asynchronous side-effects, and poison messages.
The serverless code can be used in conjunction with code written in traditional server style, such as microservices. For example, part of an application could be written as microservices using compute instances and another part could be written as serverless code. Alternatively, very few application could be written that uses no provisioned servers at all, being completely serverless.
If there is any other drawback which you want me to discuss, please mention in the comment section. Looking forward to the views of Dev community.