What Is Serverless Computing, and How Can It Benefit Your Team?
When it comes to computing models, federal agencies have thankfully evolved beyond the mainframe. There is cloud computing, edge computing and even fog computing.
However, as agencies eye automation in key elements of their IT, and as the Office of Management and Budget prepares new policy guidance on automation technologies, there is another model federal IT leaders should consider — and which some already are: serverless computing.
In a serverless architecture, agencies can reduce their computing costs compared to traditional cloud environments, experts say, and can maintain computing environments with less effort. They also gain agility and the ability to upgrade their underlying code and software in a more seamless fashion.
Serverless is still new in federal IT today, but could become more promising in the years ahead. “We are starting to see more of a shift towards serverless in some agencies, not all. It is still relatively nascent,” Dan Tucker, vice president at Booz Allen Hamilton, who leads the company’s digital platform capability team, tells MeriTalk.
Scott Buchholz, CTO for Deloitte’s government and public services practice, agrees. “I would characterize it as ‘toe in the water,’” he says of federal serverless adoption. “It’s new. It’s different. People are trying to figure out whether they’re comfortable using it.”
MORE FROM FEDTECH: Find out how federal IT leaders can adapt to accelerating technological change.
What Is Serverless Computing?
As Microsoft explains on its website, there are still cloud-based servers involved in serverless computing, but it is a fully managed service. That means that “the setup, capacity planning, and server management are invisible to you because they’re handled by the cloud provider.”
Traditionally, developers need to provision and configure servers, install software and manage the infrastructure. In the serverless model, all of that is taken care of by the cloud vendor.
“Serverless architectures are event-driven, highly scalable, and only use resources when a specific function or event occur,” Microsoft notes. “You only pay for the resources you use or the time your code is running. Developers use serverless architectures for many purposes including web and mobile apps, Internet of Things (IoT) back ends, image manipulation, and processing events from software as a service (Saas)-based applications.”
According to Buchholz, in the commercial sector, Deloitte is increasingly seeing a shift to a “NoOps” model, in which server administrators and operators are turning into engineers over time.
“As people look to move from reactive administration to proactive engineering, the number of people that need to do the job starts to decrease and the nature of the job changes,” he says. “And what we’re really seeing happening is people move and change the nature of operations from being a manual process to an automated process.”
As part of this growing trend, “CIOs are taking their automation efforts to the next level with serverless computing,” Deloitte’s Ken Corless, Mike Kavis and Kieran Norton write in a research report.
As they note, in serverless computing, cloud service providers “dynamically and automatically allocate the compute, storage, and memory based on the request for a higher-order service (such as a database or a function of code).”
Traditionally, with cloud, agencies needed to create and provision such IT resource allocations manually.
However, with serverless, the end goal is “to create a NoOps IT environment that is automated and abstracted from underlying infrastructure to an extent that only very small teams are needed to manage it. CIOs can then invest the surplus human capacity in developing new, value-add capabilities that can enhance operational speed and efficiency,” the Deloitte experts say.
MORE FROM FEDTECH: Find out how edge computing benefits feds.
What are the Benefits of Serverless Computing?
- Serverless Computing Reduces Costs. One of the major benefits of serverless architectures is reduced cost. In serverless models, agencies do not pay by reserved computing capacity they have on hand but by their actual usage. Applications often have either very low but consistent usage or spiky utilization rates when demand for capacity surges, Buchholz notes. Often, though, agencies never use all of the capacity they have set aside for their apps. Serverless can save agencies 70 to 90 percent, depending on the system, he says, though highly utilized systems will produce less savings.
“Basically, in a serverless architecture, the computing instance is spun up only as needed, and billing for the cloud service (in most cases) is based on the running time,” says Shawn McCarthy, director of research at IDC Government Insights.
-
Serverless Computing Requires Less Manpower. Another benefit of serverless is that it requires less manpower to manage the system. “The effort to manage a serverless system in a NoOps environment where the cloud vendors are doing most of the heavy lifting is significantly less,” Buchholz says.
-
Serverless Computing Allows IT Teams to Be More Agile. A third key benefit of serverless is increased agility. “If you think about it, you have far less people involved in touching the process,” Buchholz explains. “Therefore, developers can, in many cases, write code, push a button and just deploy it.”
As long as agencies have processes in place “to make sure they don’t blow things up, essentially, you have got a lot more agility.”
Larry Carvalho, research director of IDC’s Platform as a Service practice, agrees on that front. “The main benefits of serverless are quick development due to abstraction of all developer processes, rapid scaling and low costs,” he says. “Agility and associated benefits to time to market help in digital transformation efforts.”
How Federal Agencies Can Use Serverless Architectures
It’s important to note that serverless architecture should not be used for everything. The apps that are the best candidates for the model are those that are discrete, limited in scope and that have limited user populations, Buchholz says.
“Those are easy places to start,” he says, “to understand the nature of what you’re doing,” as well as the trade-offs and security concerns.
Most organizations do not put major, critical systems in serverless architectures, Buchholz acknowledges. The goal is to get comfortable with the model and how the technology deployment, release management, incident management and other factors play out.
Then, agencies “will be able to make a more informed decision” about how much they want to use serverless.
“I’ve seen it used in circumstances where an agency has a large data set they want to do something with, such as sorting and reporting, but they don’t need the full data set to always be available,” McCarthy says.
MORE FROM FEDTECH: Find out what digital twin technology is and how agencies can use it.
How to Select the Right Serverless Computing Vendor
If an agency wants to move toward serverless,” they need to look at whether they will have an ongoing need for a specific computer function, or if it really is a one-off or a seldom-used solution,” McCarthy says.
“Serverless prices tend to be cheaper if it’s seldom used, but it may not be if they are constantly spinning up the service for additional uses,” he says.
Carvalho notes that agencies “have a number of solutions available on GovCloud and should evaluate their applications if they suit a serverless architecture.”
Often, though, he says, “the cost of refactoring an application is much lower that the benefits gained from adopting a serverless architecture.”
Some of the key serverless players are also key cloud service providers, including Microsoft and Google.
If agencies do decide to adopt serverless computing, they should make sure they have the personnel and skill sets to take advantage of the benefits of the model, Buchholz says.
“In some cases, there is technical change, [but] in many cases there is not,” he says. Agencies that adopt serverless use a different set of processes and controls for their computing needs.
“How do we do it in ways that enable DevOps, better security?” he says. “How do we use this an opportunity to potentially rethink the way we are using doing testing and validation?”