Not everyone at Netflix was convinced that moving to microservices was the smart play. Adrian Cockcroft, a technology fellow at Battery Ventures and former cloud architect at Netflix, had to do some groundwork to convince them. In a wide-ranging conversation with Andreessen Horowitz's Frank Chen and Martin Casado, Cockcroft discusses how Netflix bet the company on microservice architecture—and the incredible innovations that have resulted. Listen to the full podcast from Andreessen Horowitz's a16z.com, here.
Cloud-based services will change everything you think you know about apps and security. But don’t take our word for it; just ask Adrian Cockcroft, VP of cloud architecture strategy at AWS and former cloud architect at Netflix.
“Half the company thought this was stupid.”—Adrian Cockcroft, former Netflix cloud architect
In a wide-ranging conversation with Andreessen Horowitz’s Frank Chen and Martin Casado, Cockcroft discusses how Netflix bet the company on microservices architecture—and the incredible innovations that have resulted.
Listen to the full a16z podcast here. Here are six key takeaways.
1. It helps to move quickly and carry a big stick
When Netflix morphed from being a snail-mail DVD delivery service to a streaming media powerhouse, the company knew it had to make fundamental changes. For one, it needed to move out of its own data center and into the cloud. It also transitioned from a monolithic, Oracle-based database to a microservices architecture—which involves splitting apps into small modular processes that can be deployed independently. And through this process, Netflix underwent a cultural change, reorganizing its developers into smaller, product-focused teams.
Interestingly, making all these enormous changes at the same time actually made it easier to get buy-in, says Cockcroft.
“Incremental change is a good theory, but in practice you need to have a big enough stick to hit everybody with to make everybody move at once,” he says. “The big stick was that we didn’t have enough data center capacity to support streaming.”
2. Prepare to overcome deep-rooted cultural resistance
Even then, not everyone at Netflix was convinced that moving to microservices was the smart play. Cockcroft had to do some groundwork to convince them.
“Half the company thought this was stupid, a few of us thought we could make it work, and other people were a bit more gung ho,” he says. He rounded up a posse of pioneers who thought the idea might work, stuck them in a room together, and started to build things in the cloud to figure out what the real challenges were.
“The trick is to get a small team, go very deep, and run a whole bunch of little projects, so you can learn as much as possible with the smallest possible input.”
3. Microservices architecture improves app security
The traditional way of protecting an enormous database in a data center involves stacking enough security appliances in front of it to keep the bad guys out. But there are grave disadvantages to this approach. “If there’s a little bit of PCI required in this tiny corner of the monolith, the entire thing is now subject to PCI and SOX compliance and all the other things,” Cockcroft says. And once that monolithic database is breached, the bad guys have access to everything inside it.
Splitting that database into a bunch of services in the cloud adds new layers of complexity to security and compliance, Cockcroft admits. But breaking it up into multiple services means you can lock down the parts you really need to protect, while being nimbler with lower-risk services. “By splitting it up into pieces you can have most of the app be extremely agile and innovative while having the bits that need to be safe be extremely safe.”
4. Microservices architecture forces your developers to write more reliable code
In a highly nimble environment where apps are updated multiple times each day, there simply isn’t time to do a full review of every change and get sign-off. So the only person who knows the exact state of each service is the developer who touched it last, says Cockcroft.
“It sounds scary until you realize that each of them is controlling a very small piece of the system, and the aggregate behavior of the system turns out to be really robust and reliable,” he says.
Making the developers responsible for the performance of their code also forces them to adopt better practices. Nobody wants to spend their weekends fixing something they broke.
“If you put a developer on call, they write really reliable code and don’t release code on Friday afternoons,” he says. “They learn a bunch of practices about what it’s like to be on call and not break things.”
5. Microservices architecture leads to better app performance
When you turn to microservices, you’re distributing your workload to groups who own and have been tasked with creating and perfecting one container. Their entire focus is on making that container as simple yet powerful as it can be. Not only does that process result in more secure containers, but your app also receives a direct performance lift when all containers are continuously optimized.
6. Microservices architecture allows large enterprises to act like startups
Delivering services in the cloud allows an organization to move at the speed of business, potentially turning operations from a cost center into a product.
Industry by industry, large siloed enterprises are waking up to the reality that adopting the cloud and microservices architecture isn’t just a competitive advantage—it’s a matter of survival.
“There is an existential threat here,” Cockcroft says. “If you’re doing quarterly releases and your competitor is doing daily releases and continuous delivery, you’re going to fall so far behind in the user experience you’re just going to suffer. The companies doing well at bringing in the cloud, DevOps, and microarchitecture are really starting to accelerate off into the distance.”
Netflix recognized the need for a technology-driven business transformation. Their decision to morph from being a snail-mail DVD delivery service to a streaming media powerhouse required a fundamental shift away from a monolithic data center model to a microservices architecture centered around applications. Digital transformation is a journey, not a destination. Every company has a different route and is at a different place in that journey. The key is taking that first step.
Mike Convertino is F5 Networks’ first Chief Information Security Officer (CISO). Convertino brings to F5 nearly 30 years of experience in providing enterprise-level information security, cloud-grade information systems solutions, and advanced cyber capability development. His professional experience spans security leadership and product development at a wide array of organizations including the U.S. government, Fortune 500 companies, and security start-ups.