Serverless Computing: An Overview
by Matt Ferrari
Co-founder and Former CTO
This is the first in a series of technical blog posts this year to help healthcare IT leaders learn more about serverless computing.
Serverless computing is not a new arrival to the healthcare IT landscape - it’s been around for years. But it wasn’t until recently that it has become a prevalent way for software organizations to rearchitect and remodel the way they execute and distribute software. So, let’s start this series by looking at what serverless computing is, identify a few ways each of the three public clouds are using serverless computing and explore three advantages to healthcare IT organizations in using serverless.
First, serverless computing is an execution model that runs inside the public cloud where the cloud provider (Amazon, Microsoft or Google) runs the server and dynamically allocates the resources the machine uses. Pricing is based on the amount of resources consumed by your application, rather than paying for pre-purchased units. So, it’s true utility pricing or utility computing. When you are running a serverless function, you write a line of code and are charged based off the compute and resources it takes to actually run that line of code, but you are not paying for anything when the code is not executed. These small pieces of code are typically called functions. When code is optimized properly, this pricing model creates some viable ways to reduce costs. Examples within healthcare applications may be pulling a patient image out of the Electronic Health Record (EHR) set or running a search on symptoms based on patient population.
The advantage to software developers using serverless is substantial. Because they are not managing servers, they are not allocating their time to managing operating systems, patching, intrusion detection, protecting from malware, etc. They can spend their time focused on improving the application’s performance and user experience.
Sometimes you will see analysts refer to serverless computing as FaaS or Function as a Service. This distinguishes it from IaaS (Infrastructure as a Service) or Platform as a Service where you are logging into an interface. Another immediate payoff is there is no licensing fee, such as traditional Operating System or Database licensing, as there are with most of the enterprise level software in play at many healthcare data centers. This can reduce costs at a time when many healthcare providers and payers are desperate to do so. Say you run a pharmacy in a hospital and it’s open from 8 a.m. – 8 p.m. Right now, that organization is paying for some level of compute resources 24/7 though they are only actually using compute resources half of that time. By going serverless, they will only be charged when the code is queried, or in other words, being used.
Serverless in the Public Clouds
Serverless technology continues to be a massive investment from the public cloud along with AI and Machine Learning. Here’s a brief snippet of just a few of the ways the public clouds are using serverless.
Amazon Web Services
Amazon made serverless computing popular on their platform via AWS Lambda making it possible to run code without having to manage any servers, bringing the advantages mentioned above. AWS also has other services at the compute layer or serverless. One of them is FarGate, which provides serverless compute for Container technology. It scales and manages the infrastructure that allows you to run your container platform without having to actually manage container clusters. And, outside of compute, AWS has other serverless functions as well. To name just a few, there is S3 (Simple Storage Solutions) which makes it possible to interact with a web interface or API to provide IAM (Identity Access Management) so you can store and retrieve data anywhere on the web through a secure protocol. S3 is one of the most popular services with AWS, and its serverless! There’s also EFS (Elastic File System) which is a serverless storage service that allows a healthcare organization to scale on demand, and then it shrinks automatically when you remove files. And, Aurora is an on-demand My SQL compatible version that auto starts, shuts down and scales based on the app’s needs. It doesn’t charge you for the database runtime unless something is actually happening inside the healthcare application. AWS also has many serverless technologies on the AI/Machine Learning side as well.
Now let’s turn our attention to Microsoft who is employing serverless computing functions in many ways on the Azure cloud. The most common is Azure Functions. This is similar in purpose to Lambda. You’re executing code in the language of your choice – usually C#, Java, Java Script, Python or Powershell with Microsoft, and you are only charged when the code runs. You can also run serverless on top of Kubernetes and elastically provision Kubernetes environments without having to manage those resources. Azure Function has simplified integration with Azure services and other SaaS (Software as a Service) offerings. This has made a fast-growing use case for Azure serverless. To learn more about what you can do with Azure Functions, read this overview from Microsoft.
And on the Google Cloud side of public clouds…they’ve been doing serverless for a long time. Google Cloud Functions was first introduced in 2016, allowing developers to spin up code on demand in response to events. Google is their own customer in a way too – running multiple versions of their own applications like App Engine on top of their serverless. The concept behind App Engine is zero server management and configuration deployment so developers are free to focus on building scalable apps without any ongoing management. Then there’s Cloud Run, a serverless technology that runs a stateless web-based container on a managed platform, and runs it on top of Kubernetes. Cloud Run is built upon a Knative, an open standard that enables portability of your applications. Read more about how Google Cloud Run runs stateless containers serverlessly here in InfoWorld.
Use Cases for Serverless in Healthcare
While there are many practical use cases for serverless in healthcare, not the least of which is cost optimization, I’ll address three here and go deeper in my next blog post in this series.
I’ve mentioned the time and resources serverless computing can save in managing and maintaining infrastructure. No healthcare IT department I’ve ever seen had too many resources, so being able to reallocate team is a big win. They won’t have to worry about operational issues like managing operating systems, patch management schedules, and intrusion detection – since there’s nothing for an attacker to log into. This will free up the IT professionals who have been focused on managing the infrastructure and can now focus instead on protecting the data itself and helping with app performance.
Because there’s nothing to log into, intrusion detection, as one example, is not at the same level of threat that has to be monitored. Letting the admins control IAM (Identity and Access Management) from serverless applications using a single interface is something all three clouds have focused on from a security perspective. That single interface arms your team with the ability to monitor everything they need to in one place. You must stay diligent on the topic of code vulnerability scanning and remediation, no matter the platform or architectural approach.
CI/CD (Continuous Integration/ Continuous Deployment)
If you and your team are not already in discussions about CI/CD, read up because you will be very soon. I’ll talk more about this in my other blog series on Next-Gen Managed Services. For now, know that by leveraging serverless computing you don’t have to run infrastructure. If you are running CI/CD pipeline as infrastructure now, you have to tear down and destroy that ephemeral infrastructure or virtual machine before you can redeploy. There is automation out there that helps with this, but the most efficient way to deploy those models at scale is to use serverless because you only have to update the lines of code to redeploy.
In future posts in this series I’ll be looking at more specific use cases for serverless computing in healthcare and talking more about how I’ve seen healthcare organizations put serverless to good use. For now, I hope that’s enough to get you as excited about the potential of serverless computing to improve security, re-allocate your resources, and get to better cost containment and savings.