Modal Title
Cloud Native Ecosystem Containers Edge Computing Microservices Networking Serverless Storage
Grab a Snapshot of Your Container Image with Checkpoint
Mar 11th 2023 6:00am, by Jack Wallen
How to Identify Your Wasteful Processes
Mar 6th 2023 7:00am, by Sean Scott
5 Things to Consider When Building a Kubernetes Platform
Mar 2nd 2023 10:00am, by Ram Iyengar
TrueNAS SCALE Network Attached Storage Meets High Demand
Mar 2nd 2023 7:13am, by Jack Wallen
How Do We Cultivate Community within Cloud Native Projects?
Feb 27th 2023 12:48pm, by Rynn Mancuso
Check for Container Image Vulnerabilities with Trivy
Mar 18th 2023 6:00am, by Jack Wallen
Grab a Snapshot of Your Container Image with Checkpoint
Mar 11th 2023 6:00am, by Jack Wallen
How to Work with Containers in TrueNAS
Mar 4th 2023 6:00am, by Jack Wallen
From a Fan: On the Ascendance of PostgreSQL
Mar 3rd 2023 7:12am, by Josh Long
Analyst Report: What CTOs Must Know about Kubernetes and Containers 
Feb 28th 2023 6:14am, by Jess Lulka
Rich Harris Talks SvelteKit and What’s Next for Svelte
Mar 20th 2023 3:00am, by Loraine Lawson
The Distance from Data to You in Edge Computing
Mar 19th 2023 6:00am, by Paul Scanlon
7 Hardware Devices for Edge Computing Projects in 2023
Mar 15th 2023 6:42am, by Charles Mahler
The Need for Speed: Why Eleventy Leaves Bundlers Behind
Mar 10th 2023 8:18am, by Loraine Lawson
What the Heck Is the Edge — and Why Should You Care?
Mar 8th 2023 10:00am, by Glauber Costa
What Is Microservices Architecture?
Feb 23rd 2023 4:22am, by Eric Schabell
Java's History Could Point the Way for WebAssembly
Jan 12th 2023 3:00am, by B. Cameron Gain
Limiting the Deployment Blast Radius
Nov 15th 2022 8:14am, by Steven Lohrenz
Do ... or Do Not: Why Yoda Never Used Microservices
Oct 25th 2022 6:00am, by Samar Abbas
The Gateway API Is in the Firing Line of the Service Mesh Wars 
Oct 17th 2022 7:00am, by B. Cameron Gain
Palo Alto Networks Adds AI to Automate SASE Admin Operations
Mar 17th 2023 6:00am, by Chris J. Preimesberger
TrueNAS SCALE Network Attached Storage Meets High Demand
Mar 2nd 2023 7:13am, by Jack Wallen
How Secure Is Your API Gateway?
Feb 28th 2023 5:16am, by Andrew Stiefel
Bullet-Proofing Your 5G Security Plan
Feb 24th 2023 7:24am, by Anand Oswal
What David Flanagan Learned Fixing Kubernetes Clusters
Feb 17th 2023 10:54am, by Loraine Lawson
TriggerMesh: Open Sourcing Event-Driven Applications
Mar 13th 2023 12:14pm, by Jessica Wachtel
Ably Touts Real-Time Starter Kits for Vercel and Netlify
Mar 8th 2023 10:56am, by Loraine Lawson
Going Serverless on AWS Lambda? Recognize Potential Risks 
Mar 6th 2023 5:00am, by Sarabjeet Chugh
Portainer Shows How to Manage Kubernetes at the Edge
Feb 13th 2023 12:32pm, by Loraine Lawson
Serverless Doesn’t Mean DevOpsLess or NoOps
Feb 10th 2023 6:58am, by Shlomi Kushchi
Historical Data and Streaming: Friends, Not Foes
Mar 20th 2023 4:00am, by Michael Drogalis
Bosch IoT and the Importance of Application-Driven Analytics
Mar 9th 2023 8:30am, by Jay Runkel
How to Work with Containers in TrueNAS
Mar 4th 2023 6:00am, by Jack Wallen
From a Fan: On the Ascendance of PostgreSQL
Mar 3rd 2023 7:12am, by Josh Long
TrueNAS SCALE Network Attached Storage Meets High Demand
Mar 2nd 2023 7:13am, by Jack Wallen
Frontend Development Software Development Typescript WebAssembly Cloud Services Data Machine Learning Security
Rich Harris Talks SvelteKit and What’s Next for Svelte
Mar 20th 2023 3:00am, by Loraine Lawson
The Distance from Data to You in Edge Computing
Mar 19th 2023 6:00am, by Paul Scanlon
Build Machine Learning Apps in Your Notebook with Tecton
Mar 15th 2023 6:00am, by Richard MacManus
Veteran C++ Developer Says Python Is Best Starter Language
Mar 13th 2023 10:58am, by Loraine Lawson
Web App Development Sans JavaScript, with Microsoft Blazor
Mar 11th 2023 4:00am, by David Eastman
Rich Harris Talks SvelteKit and What’s Next for Svelte
Mar 20th 2023 3:00am, by Loraine Lawson
Real-time Analytic Databases — Thing or Not a Thing?
Mar 17th 2023 4:57pm, by Chad Meley
Apache Cassandra: The Data Foundation for Real-Time AI 
Mar 17th 2023 7:00am, by Matt Kennedy
You'll Soon Be Using Vulnerability Exploitability eXchange
Mar 15th 2023 7:45am, by Steven J. Vaughan-Nichols
MIT-Created Compiler Speeds up Python Code
Mar 14th 2023 11:38am, by Loraine Lawson
JavaScript or WebAssembly: Which Is More Energy Efficient and Faster?
Jan 30th 2023 9:51am, by Loraine Lawson
What TypeScript Brings to Node.js
Dec 26th 2022 3:00am, by Paul Ferrill
Improve your TypeScript Skills with Type Challenges
Nov 11th 2022 3:00am, by Danni White
TypeScript on Mars: How HubSpot Brought TypeScript to Its Product Engineers
Aug 19th 2022 10:00am, by George Kemp and Duncan Walter
PayPal Enhances JavaScript SDK with TypeScript Type Definitions
Aug 17th 2022 12:38pm, by Jessica Wachtel
MIT-Created Compiler Speeds up Python Code
Mar 14th 2023 11:38am, by Loraine Lawson
Can WebAssembly Solve Serverless's Problems?
Mar 3rd 2023 5:13am, by B. Cameron Gain
Figma Targets Developers While it Waits for Adobe Deal News
Feb 27th 2023 9:42am, by Richard MacManus
Is WebAssembly Really the Future? 
Feb 24th 2023 7:38am, by B. Cameron Gain
How WebAssembly Offers Secure Development through Sandboxing
Feb 10th 2023 8:51am, by Jeff Goldman
Multiple Vendors Make Data and Analytics Ubiquitous
Mar 20th 2023 5:00am, by Andrew Brust
Let’s Talk about Cloud Threat Hunting 
Mar 16th 2023 7:33am, by Guilherme (Gui) Alvarenga
A Deep Dive into the Security of IAM in AWS 
Mar 14th 2023 8:44am, by Robert Kimani
Informatica Launches Freemium AI-Powered Integrator
Mar 10th 2023 7:20am, by Chris J. Preimesberger
Salesforce Gets on the GPT-3 Train with EinsteinGPT
Mar 7th 2023 11:36am, by Chris J. Preimesberger
Multiple Vendors Make Data and Analytics Ubiquitous
Mar 20th 2023 5:00am, by Andrew Brust
Apache Cassandra: The Data Foundation for Real-Time AI 
Mar 17th 2023 7:00am, by Matt Kennedy
Palo Alto Networks Adds AI to Automate SASE Admin Operations
Mar 17th 2023 6:00am, by Chris J. Preimesberger
OpenAI's GPT-4 Can Analyze Visual Images, Pass Bar Exam
Mar 16th 2023 9:31am, by Kimberley Mok
Stephen Thaler Claims He's Built a Sentient AI
Mar 16th 2023 8:10am, by David Cassel
Check for Container Image Vulnerabilities with Trivy
Mar 18th 2023 6:00am, by Jack Wallen
Defining DORA-Like Metrics for Security Engineering
Mar 17th 2023 9:00am, by Daniel Koch
So You Want to Be an API Security Expert?
Mar 16th 2023 9:42am, by Byron McNaught
Let’s Talk about Cloud Threat Hunting 
Mar 16th 2023 7:33am, by Guilherme (Gui) Alvarenga
Why Your APIs Aren’t Safe — and What to Do about It
Mar 16th 2023 6:20am, by Heather Joslyn
Platform Engineering Operations CI/CD Tech Life DevOps Kubernetes Observability Service Mesh
Simplify CI/CD with a General-Purpose Software Catalog
Mar 14th 2023 6:24am, by Zohar Einy
Enabling DevOps Control for Those Who Need It Most — Developers
Mar 13th 2023 6:46am, by Venkat Thiruvengadam
Setting Kubernetes Standards with Platform Engineering
Mar 10th 2023 7:39am, by Zohar Einy
Which Features Does Your Platform Engineering Portal Need?
Mar 7th 2023 4:00am, by B. Cameron Gain
XSS Vulnerability Discovered in Backstage Software Catalog
Mar 3rd 2023 3:00am, by Robert Kimani
Defining DORA-Like Metrics for Security Engineering
Mar 17th 2023 9:00am, by Daniel Koch
Palo Alto Networks Adds AI to Automate SASE Admin Operations
Mar 17th 2023 6:00am, by Chris J. Preimesberger
Why Audit Logs Are Important
Mar 16th 2023 8:34am, by James Walker
Unlocking the Power of Security Orchestration
Mar 13th 2023 9:59am, by Aviram Shmueli and Daniel Begimher
Enabling DevOps Control for Those Who Need It Most — Developers
Mar 13th 2023 6:46am, by Venkat Thiruvengadam
Simplify CI/CD with a General-Purpose Software Catalog
Mar 14th 2023 6:24am, by Zohar Einy
IBM Donates SBOM Code to OWASP
Mar 7th 2023 7:51am, by Steven J. Vaughan-Nichols
Slim.AI: Automating Vulnerability Remediation for a Shift-Left World
Feb 21st 2023 10:00am, by John Amaral
DevPod: Uber's MonoRepo-Based Remote Development Platform
Jan 26th 2023 3:00am, by Jessica Wachtel
Top 5 Considerations for Better Security in Your CI/CD Pipeline
Jan 20th 2023 8:52am, by Ali Bidabadi
Stephen Thaler Claims He's Built a Sentient AI
Mar 16th 2023 8:10am, by David Cassel
How Tech Leaders Are Managing Anxieties after SVB Failure
Mar 15th 2023 10:59am, by Heather Joslyn and Colleen Coll
Chatops: Where Automation, Collaboration and DevOps Culture Meet
Mar 15th 2023 8:19am, by Blair Rampling
What We Can Learn from Twitter's Outages
Mar 13th 2023 9:00am, by Jennifer Riggins
Congress and AI
Mar 13th 2023 6:00am, by Steven J. Vaughan-Nichols
Historical Data and Streaming: Friends, Not Foes
Mar 20th 2023 4:00am, by Michael Drogalis
Defining DORA-Like Metrics for Security Engineering
Mar 17th 2023 9:00am, by Daniel Koch
Chatops: Where Automation, Collaboration and DevOps Culture Meet
Mar 15th 2023 8:19am, by Blair Rampling
Build Machine Learning Apps in Your Notebook with Tecton
Mar 15th 2023 6:00am, by Richard MacManus
Is Cluster API Really the Future of Kubernetes Deployment?
Mar 14th 2023 10:00am, by Steve Francis
Is Cluster API Really the Future of Kubernetes Deployment?
Mar 14th 2023 10:00am, by Steve Francis
Can WebAssembly Solve Serverless's Problems?
Mar 3rd 2023 5:13am, by B. Cameron Gain
5 Things to Consider When Building a Kubernetes Platform
Mar 2nd 2023 10:00am, by Ram Iyengar
Developer Guardrails with Custom Kubernetes Resource Validators
Mar 2nd 2023 9:32am, by Wito Delnat
Iter8: Simple A/B/n Testing of Kubernetes Apps, ML Models
Mar 1st 2023 10:00am, by Michael Kalantar
Why Audit Logs Are Important
Mar 16th 2023 8:34am, by James Walker
5 Steps to Effective Cloud Detection and Response 
Mar 15th 2023 10:30am, by Faith Kilonzi
Know the Hidden Costs of DIY Prometheus
Mar 14th 2023 9:46am, by George Hamilton
Setting Kubernetes Standards with Platform Engineering
Mar 10th 2023 7:39am, by Zohar Einy
How to Identify Your Wasteful Processes
Mar 6th 2023 7:00am, by Sean Scott
Ambient Mesh: Sidestepping the Sidecar
Mar 1st 2023 8:44am, by Jeff Goldman
Service Mesh Demand for Kubernetes Shifts to Security
Oct 27th 2022 11:04am, by B. Cameron Gain
AmeriSave Moved Its Microservices to the Cloud with Traefik's Dynamic Reverse Proxy
Sep 8th 2022 2:02pm, by Ann R. Thryft
Can You Now Safely Remove the Service Mesh Sidecar?
Sep 8th 2022 9:19am, by B. Cameron Gain
eBPF or Not, Sidecars are the Future of the Service Mesh
Aug 12th 2022 10:00am, by William Morgan
Cloud Native Ecosystem / Microservices

Build or Buy? How to Think About Assembling Software in the Cloud

Microservices: Should you build or buy? An evaluation.
Oct 31st, 2019 1:00pm by
Featued image for: Build or Buy? How to Think About Assembling Software in the Cloud

Jevon MacDonald
Jevon MacDonald has spent the last decade building high technology businesses. He is the co-founder and CEO of Manifold, the cloud-native marketplace company. Before Manifold, he was co-founder and CEO of GoInstant that was acquired in 2012 by Salesforce for $100 million. After the acquisition, he worked for Salesforce as GM, Service Cloud Mobile. Before that, he worked at Dachis Group, Firestoker.com and silverorange.com.

It’s that eternal business dilemma: what do I build, and what do I buy? There have never been as many ways for software organization teams to build and assemble their most critical business applications, which is both exciting and confusing at the same time.

Forward-thinking software teams are taking a new approach these days, compared to how much older monolithic applications were constructed. This approach involves breaking apart complex functionality into small, dedicated services — often referred to as microservices.

Microservice applications might rely on a combination of homegrown code, open-source projects maintained by communities, or third-party managed services. This approach improves reliability by making it easier to identify and fix bad code in one microservice without having an adverse effect on other parts of the application, and makes it easier for applications to fail gracefully when they do run into problems.

Microservices also allows companies to spend one of their most precious assets — a software developer’s time — only on the components that are unique to their business or that differentiate them from the competition. It’s easier than it ever before to find the bits and pieces of your application that aren’t critical to your business and replace them with professionally built components managed by someone else.

But outsourcing these components brings its own risks: how do you know that a certain component — such as a billing system or a logging tool — is going to be around in a few years? Software developers know how to build software; that’s the default. But now that we can shop for software in addition to building it, you can be good at building software and bad at evaluating managed solutions.

If you’re under the gun to modernize an application and need to figure out the best microservices-inspired path forward, first consider the following questions:

  • Which parts of your application are you spending way too much time operating?
  • Which parts of your application can be replaced by a similar service from a best-in-class third-party service provider?
  • Which projects keep getting pushed down your road map because other problems take precedence?

Once you’ve done this triage process, you should have a better understanding of which parts of your application are critical to your business, and which parts are necessary but require far more development time and ongoing management than makes sense.

Those mandatory-but-annoying parts likely make up most of your application, and they’re prime candidates for an external service. At many companies, when you’ve decided what parts of your application you’re going to get from outside your development team, the next steps play out in two ways: open source projects, or managed services.

Open source projects: Drawing from the breadth and depth of open source projects that can be used within applications is a fundamental component of building modern software, and this is a tempting approach for companies that know building a certain component isn’t the best use of their time yet want to avoid the fees associated with managed services. And there’s a growing business opportunity for companies built around open source projects that are heavily invested in providing quality services.

You’ll have to invest some time and effort if you want to take the open source plunge, because implementing and managing open source projects can be complicated. You’ll also want to live up to the spirit of open source development by contributing code that makes that project work in your environment, especially because creating a downstream fork of an open-source project means you’re solely responsible for ongoing maintenance. Look for projects that have active communities with frequent contributions.

This approach works best for components that aren’t the most critical parts of an application, but are still very important; the most critical parts of your application are likely best served by your own developers, who understand your specific needs or managed services with uptime guarantees. Investing in an open source project that helps you run your business appeals to an awful lot of current and potential employees, and could also help you unlock key insights about application performance and reliability.

Managed services: Sometimes it makes more sense for companies to completely outsource parts of their application to third-party providers. Larger, well-funded providers can provide some peace of mind that the component you need is going to be active and maintained for a long time, and in some cases, it’s more than worth it to pay for the convenience.

Another factor to consider: how much customization work are you going to have to do to get a managed service to work with your application? No managed service is truly plug and play; they all require some level of effort around evaluation and integration. But open source projects can be more difficult to implement without professional support, according to studies.

If your application has a lot of custom needs, you’re probably better of starting with an open source project, absorbing everything from that project you can while contributing the changes needed to make it work in your environment back to the community. If your application just needs the basics, a managed service provided by a trustworthy vendor is the best bet.

Once you’ve decided that a managed service is your best option, now comes the hard part. Before any external service touches your application, you’ll need to properly evaluate, price, and integrate that service.

Evaluation: Make sure you understand the problem you’re trying to solve well enough to evaluate the solution; if you don’t understand how the service in question will impact your workflow and business, it doesn’t really matter what you’re trying to compare or evaluate.

Are you looking to replace an important part of your application? Make sure the provider produced clearly written documentation that spells out exactly how the service works, and make sure you understand the support options that will be available to you as a customer. You might not need a strict service-level agreement for a less-critical part of your application, but you don’t want to be surprised by the terms should a costly outage occur.

The next part of the evaluation process involves actually playing around with the code in your application. Does the provider offer a sandbox environment, or a trial period? It’s best to get a feel for how the service was designed and developed, and how those choices will work with your application, before moving any further.

Pricing: Once you understand how the service will work with your application, you need to figure out how much this service will cost over time, especially as your application scales.

Services that charge by the API call can cause unpleasant surprises as customers hit preset limits, so understanding how overages work and how the provider offers billing alerts is another key step. It’s also important to understand how much it will cost to change your plan or implementation details if your business needs change; some managed services are far more complicated and expensive to move past than others, which means you’ll want to make sure such a service will meet your needs as your business grows and changes.

Integration: Once you’re satisfied with the features and the pricing plan, you’ll need to actually get the managed service up and running with your application, and this can be the trickiest part of the whole process. Developers and operations engineers need to be on the same page at this step, which means you’ll need to have an understanding of what will happen to the application if (and when) the service fails.

The basic dashboards provided by managed services might not be enough for your monitoring and observability needs, so understanding how the component fits in with the rest of your tools is also extremely important. Your integration testing process will need to be updated in line with the new managed service, which could introduce new problems that went undetected in the evaluation process.

Bottom line: Around 90% of the time, it makes much more sense to buy than build.

After all, that’s one reason why so many companies are moving to the cloud; managing hardware is expensive in both cost and time, and any of the Big Three cloud providers is most likely much, much better than your company at managing data center infrastructure.

The same is true for a lot of the software components you’ve traditionally used to build an application. What’s important to you today may not be important to you for very long, which means you might have to spend all that time and effort rebuilding and maintaining your own code. And some aspects of your business might change regularly, while others stay constant; understanding which components are which is a very important part of this overall process.

In 2019, your tech organization is likely responsible for driving innovation across your business. Innovation is all about speed, utility, and delivering value, and that’s really difficult to do when you’re sitting around trying to maintain all the tools that are built. External providers are going to push your company forward, because all they care about is delivering new value to their customers.

Even if you only wind up going through this process and coming to the understanding that you need to build your own components, you stand a much better chance of doing the right thing and understanding what it will cost. Software development teams have never had so much choice; embrace the process of understanding what to build and what to buy, and you’ll build better applications.

Feature image via Pixabay.

Group Created with Sketch.
SHARE THIS STORY
RELATED STORIES
4 Cloud Security Considerations for Financial Services Firms How Do We Cultivate Community within Cloud Native Projects? Why Kubernetes Has Emerged as the 'OS' of the Cloud How to Identify Your Wasteful Processes Docker Swarm, a User-Friendly Alternative to Kubernetes
RELATED STORIES
What Is the Docker .env File and How Do You Use It? Grab a Snapshot of Your Container Image with Checkpoint Our 2023 Site Reliability Engineering Wish List TrueNAS SCALE Network Attached Storage Meets High Demand I Need to Talk to You about Kubernetes GitOps
THE NEW STACK UPDATE A newsletter digest of the week’s most important stories & analyses.