When running applications in the cloud, one concern that organizations have is the level of visibility and control they have over the system. As applications move to the cloud, you expect the same level of monitoring — or in fact, an improved approach to monitoring as compared to traditional monitoring. With traditional server-client applications, if something is wrong with the server or database, you can easily identify the cause, as the number of servers and databases is comparatively fewer.
However, today’s cloud-native applications are very complex, with distributed architectures spreading across numerous instances and databases. They require a completely different level of monitoring. This is why built-in monitoring is an essential consideration when choosing a cloud vendor.
To understand just how important a built-in monitoring solution is, let’s look at what changes when you move to the cloud, and why built-in monitoring is essential to run applications reliably in the cloud.
Monitoring microservices apps
If you’ve adopted the modern DevOps approach to building and shipping applications, you’re likely on the path to structuring your app as a collection of microservices. The microservices architecture requires you to decompose your app into various services, each of which are built and managed by small, independent, cross-functional teams. The more you go down this path, the more complex your application architecture becomes, and the more important cloud monitoring becomes.
Managing this complexity in-house will drive any Ops team crazy. Only with the help of managed cloud services can you run complex microservices apps at scale. Importantly, built-in cloud monitoring brings end-to-end visibility across services, and deep visibility into each service’s performance. You can easily see how one service’s performance affects another. For example, how does latency in a particular database affect the performance of e-commerce search results, and in turn the number of transactions? You can drill down into the database’s logs to find the exact root cause for the latency. This type of cross-service monitoring and root cause analysis is necessary when running microservices apps in the cloud. It’s hard to implement this in an in-house data center, but modern cloud vendors build this level of monitoring into their platforms, making it easy to monitor distributed microservices applications.
Monitoring distributed infrastructure
With each service independent of other services, each team has the freedom to choose what type of infrastructure to power their services with. For some services, cloud-based VMs may work just fine, but for others that may have fluctuating traffic and are short-term in nature, containers may be a better bet. And for some services that may support (for example) a real-time stock trading app that needs extremely low latencies, it may need to be kept on-premises and managed in-house. All this results in an application stack that is distributed across many types of infrastructure. However, when monitoring, you want to view how applications perform irrespective of the type of infrastructure that powers them.
Leading cloud vendors today provide multiple types of computing services to suit each need. Whether it’s VMs, containers, serverless computing, or integration with data centers, they give you freedom to choose how to run your applications. At the same time, they provide robust APIs to integrate services across the spectrum, and monitor these integrated services using a single pane of glass. For example, Alibaba Cloud’s CloudMonitor is a versatile monitoring service that can report on the performance of a range of services like Elastic Compute Service (ECS), Relational Database Service (RDS), Server Load Balancer, Block Storage, and more. It provides end-to-end visibility of all your resources in the Alibaba Cloud platform. As a built-in monitoring service, Alibaba has configured a variety of default metrics that cover most day-to-day monitoring tasks. Even if you have custom metrics to be tracked, you can set them up in CloudMonitor. It has a powerful Alarms feature which you can configure to receive notifications via email, text, or another monitoring application. As you adapt to running applications in the cloud, a modern monitoring tool like CloudMonitor gives you the confidence you need.
Staying secure in the cloud
As you move to the cloud, security should not be an afterthought, but the first thing you consider. However, security in the cloud is completely different from traditional security. The cloud adopts a shared responsibility model, where the cloud vendor is responsible for security “of” the cloud, and you, as a customer, are responsible for security “in” the cloud. As long as you choose a leading cloud vendor, you won’t need to worry about the first part. But the second part, security “in” the cloud, is something you need to know and care about. Security “in” the cloud means you ensure that the data you store in the cloud is secured using the tools and capabilities provided by the vendor. You are responsible for who can access this data, and how they use it. You decide how it’s shared across the public Internet, and with other applications.
Allibaba Cloud provides numerous services to help you secure your applications. The most important service related to security in the cloud is the Resource Access Management service, which controls access and permissions to your various resources and data stored in Alibaba Cloud. It needs to be configured appropriately so that only the people and services that need to see a certain piece of data have access to it.
When designing access to various parts of the system, another service that is helpful is Key Management Service(KMS). It lets you encrypt data, and share access keys with people and services who need access to this data. (Remember that when designing access controls, you need to operate on the principle of least privilege.)
Despite all your efforts to secure data, there are bound to be vulnerabilities that show up as the system changes and evolves. To help protect against these, Alibaba Cloud offers Server Guard, a tool that proactively scans your system for common vulnerabilities like Trojans, and open vulnerabilities. It works by installing a lightweight agent on each server, and thus gives you an inside view of your resources.
As you move more and more of your applications and workloads to the cloud, you need a reliable vendor that you can count on for the long run. The cloud platform you choose needs to support end-to-end monitoring for all your resources in the cloud, no matter how many services you run, or which types of infrastructure you run them on. With these high expectations, the cloud vendor needs to make the cloud a safe place to run your applications by providing necessary security tools for access management, data encryption, and threat detection. And finally, all these services should be built into the cloud platform. You should not have to wire third-party services together. Built-in cloud monitoring is essential to cloud computing, and is something you should look for when choosing a cloud vendor.
Twain began his career at Google, where, among other things, he was involved in technical support for the AdWords team. His work involved reviewing stack traces, and resolving issues affecting both customers and the Support team, and handling escalations. Later, he built branded social media applications, and automation scripts to help startups better manage their marketing operations. Today, as a technology journalist he helps IT magazines, and startups change the way teams build and ship applications.