Accelerate Spring Apps to Cloud at Scale—Discussion with Azure Spring Cloud Customers

SpringOne 2020
Accelerate Spring Apps to Cloud at Scale –
Discussion with Azure Spring Cloud Customers
Adib Saikali -- Principal Platform Architect, VMware @asaikali
Asir Selvasingh -- Principal PM Architect, Java on Azure, Microsoft @asirselvasingh
September 2020
+

©Microsoft Corporation
Azure
Adib Saikali
Principal Platform Architect
Adib is helping customers build
cloud native applications using
Spring Cloud.
Adib is a co-organizer of the
Toronto Java User Group and
Toronto Cloud Foundry Meetup

Azure
Asir Selvasingh
Principal PM Architect
Java on Microsoft Azure
On-point for everything developers
need to build, migrate and scale Java
applications on Azure.
Started software engineering career in
the early days of Java, in 1995, and
built enterprise products, applications
and open source projects.

Azure
Azure Spring Cloud - GA
A fully managed service for Spring Boot microservices
More choices and full integration into Azure’s ecosystem and services
Fully managed
infrastructure
Built-in app
lifecycle
management
Ease of
monitoring
Enterprise ready

Azure
Fully Managed Infrastructure – Azure Spring Cloud
▪ Built-in native Spring Cloud
components
▪ Config Server
▪ Service Registry
▪ Distributed Tracing
▪ Circuit Breaker
(upcoming)
▪ Blue/Green for zero downtime
▪ Auto Horizontal Scale based
on metrics or schedule
▪ VNET (private network) to
secure your app and traffic
Azure Database
for MySQL
Azure Cosmos DB
Azure Cache
for Redis
User Git Repository
Azure Spring Cloud
agents
Azure Spring Cloud
VMware Tanzu
Build Service
Azure Kubernetes Service
Service
Binding
Config
Source
Service RuntimeUser Environment
App 1 App 2 App N Config Server Service Registry Lifecycle Mgmt.
Log Stream Data Encryption
App Resiliency
Azure DevOps
CI/CD
GitHub
Jenkins
Custom Domain Self-Diagnostics
Metrics Tracing Managed IdentitiesLogs Service Principals
Azure Monitor Azure Active Directory

Simplify your cloud development for Spring applications
Responsibilities
DIY with Spring
Boot
Azure Spring
Cloud Service
Application
iteration,
debugging
CI/CD
Build and
manage Clusters
Host Spring
Cloud
Middleware
Monitoring and
logging
Scaling
Patching
Support
Customer VMware Microsoft
Azure Database
for MySQL
Azure Cosmos DB
Azure Cache
for Redis
User Git Repository
Azure Spring Cloud
agents
Azure Spring Cloud
VMware Tanzu
Build Service
Azure Kubernetes Service
Service
Binding
Config
Source
Service RuntimeUser Environment
App 1 App 2 App N Config Server Service Registry Lifecycle Mgmt.
Log Stream Data Encryption
App Resiliency
Azure DevOps
CI/CD
GitHub
Jenkins
Custom Domain Self-Diagnostics
Metrics Tracing Managed IdentitiesLogs Service Principals
Azure Monitor Azure Active Directory

Azure
Jonathan Jones
Technical Lead, Group Finance IT
Jonathan is currently the technical lead for the
Group Finance Target Architecture (GFTA)
programme, which is re-building Swiss Re's Group
Finance business area to be cloud native.
Before this Jonathan has held various lead Java
developer roles, all in the financial services sector.

Azure
[Swiss Re Architecture]
• Cloudflare proxies requests to the Spring
Cloud Gateway application
• Spring Cloud Gateway routes to the back-end
services using the Eureka service registry
• Back-end services can call other back-end
services via Eureka look-ups
• The managed identities of the back-end
services are used to access Key Vault,
Microsoft Graph and to retrieve static content
from Azure Storage
• Azure Spring Cloud ensures logs and metrics
are sent to Log Analytics and Application
Insights, respectively
• Azure Database for PostgreSQL is accessed via
JDBC
Swiss Re - Azure Spring Cloud Architecture

Azure
Armando Guzman
Principal Software Engineer
Armando is modernizing and securing
the technology used by 131 grocery
stores employing over 10,000 team
members.
He is responsible for the approach,
development, and implementation of
the technical solution for both
eCommerce and overall online digital
presence leveraging Azure.

Azure
Peter Verstraete
Java Software Crafter
Peter is lead developer of a team
responsible for delivering a major new
application that will support an important
Liantis business process. And this with a
clear focus on realizing a solution which is
ready to be hosted on the Azure platform.

Tell us about your workflow. What tools are
you using and how often do you deploy?

How do you keep your end users happy and
achieve SLOs? How do you fix issues?

What were your security considerations in
using Azure Spring Cloud?

What does cloud native software
development mean to you and what advice
do you have for Spring devs considering
cloud?

Azure
Build your cloud-native solutions today!
Get started --
o Deploy Spring apps to Azure Spring Cloud using quickstart
o Learn using a self-paced workshop on GitHub
o Learn more about implementing solutions on Azure Spring Cloud
o Migrate your Spring Boot, Spring Cloud and Tomcat apps to Azure Spring Cloud
o Wire Spring apps to interact with Azure services
o For feedback and questions, please reach out to spring-team@microsoft.com

Azure
Related Sessions @ SpringOne
Bootiful Azure Spring Cloud
By Josh Long (Spring Developer Advocate, VMware) and Julien Dubois (Cloud
Developer Advocate, Microsoft)
Supercharge Your Spring Boot Apps!
By Kylie Liang (Principal PM Lead, Microsoft) and Rory Preddy (Senior Cloud
Advocate, Microsoft)
Accelerate Spring Apps to Cloud at Scale -- Discussion with Azure Spring
Cloud Customers
By Adib Saikali (Principal Platform Architect, VMware) and Asir Selvasingh
(Principal PM Architect, Java on Microsoft Azure)
Visit the Microsoft Azure sponsor page to access resources and request a
meeting with Azure and Spring experts

Discussion Questions and Answers

Tell us about your workflow. What tools are
you using and how often do you deploy?
Swiss Re, Raley’s and Liantis

Azure
Jonathan Jones, Swiss Re
• All our Java developers work with IntelliJ. Our Angular developers mainly use VS Code. We use Azure DevOps, so all of
our git repositories; work items and pipelines are hosted there. Our software is built using Maven.
• In Azure DevOps we use Azure Pipelines (so, maybe regrettably, we have lots of YAML). We separate Continuous
Integration and Deployment into separate pipelines. So our CI pipelines execute with each commit and run all the unit
tests and integration tests, etc. The pipeline artifact produced by that pipeline is then automatically deployed to our
development subscription by its respective CD pipeline.
• One thing that is extremely important to us is automated testing. We practice Test Driven Development and have the
basic principal that you need to be able to write good tests with good assertions for anything you deliver. With Spring
Boot we have an excellent framework that supports this strategy. We are productive thanks to the fact we have a lot of
very experienced and capable Java developers in our teams.
• Our infrastructure is deployed via the terraform task in Azure DevOps and we were happy that a provider was available
early for Azure Spring Cloud.

Azure
Armando Guzman, Raley’s
• Raley’s uses Jira for Agile Planning, Terraform for Infrastructure as Code, IntelliJ as an IDE, Azure DevOps for source
control and CI/CD. Our Java applications are built using Maven and stored in Azure Artifacts.
• Our pipelines in Azure DevOps are a mixture of classic and YAML pipelines but we are migrating all builds to be YAML
based. We are also investigating migrating from classic releases to YAML.
• Developers can deploy to our Development Environment from topic branches. Deployments to our Staging Environment
are automatic and triggered by a pull request merging to master. Deployments to Production are also done with
Pipelines but are triggered by a product owner approving the release.
• Our infrastructure is deployed using Terraform in Azure DevOps pipelines and we rely on the Azure providers. We have
separate repos for Terraform modules we want to reuse and separate pipelines for each logical resource in Azure. For
example we have a pipeline each for API Manager, Application Gateway and Azure Spring Cloud.
• Raley’s is an Azure shop, and we continue to find Azure meets all our infrastructure and development needs.

Azure
Peter Verstraete, Liantis
• Mature software factory used by 15+ agile development teams, with:
o IntelliJ for both Java and Angular development, Maven as build tool.
o Bitbucket (GIT) as VCS, using GIT Flow workflow practices (PR's to ensure code quality).
o Jenkins with CI jobs (including multibranch pipelines), custom deploy jobs, automation tool to
generate/manage jobs
o SonarQube for additional quality assurance.
o Nexus as repository manager.
o Integration between JIRA, Bitbucket and Jenkins.
• Deploy to PROD: responsibility of agile development team
• Azure provides building block that help to extend our current software factory
• POC: Jenkins 'Infrastructure as Code' pipeline to create/destroy an Azure Spring Cloud setup.

How do keep your end users happy and
achieve SLOs? How do you fix issues?
Liantis, Swiss Re and Raley’s

Azure
• When it comes to keeping the end users happy, dynamic scaling to handle peak loads is very important. Azure
Spring Cloud covers this prerequisite by providing the Auto Scaling in/out feature (now in preview). We’ve
been able to evaluate this feature successfully by doing several load tests with various ramp up/down
scenarios. One of the nice things is you can scale up a service based on metrics of another service (or even
another resource), which gives the possibility to anticipate on coming load to the first service.
• What is appealing about application monitoring is that everything you need is available through the Azure
portal:
o Distributed tracing with Application map as a starting point, to investigate performance/failures.
o Drilldown to transaction details.
o Access to logs.
o Performance monitoring via metrics.
o Currently we are further looking into the possibilities of alerts and custom dashboards.
o The integration of log streaming into the Azure Toolkit for IntelliJ plugin is very helpful during functional
testing of deployed services.

Azure
• At all times, but especially during financial closing periods it's important we run a stable, accurate and performant service
for our business.
• We expose Spring Boot actuator endpoints on all our services, including the Spring Cloud Gateway. These are
automatically monitored, and any failures raise tickets in our incident management system.
• The application map feature of Application Insights provides distributed tracing and enables us to get a mostly clear
picture of how applications inside our instance are working with each other. We are looking forward to Azure Spring
Cloud implementing the latest version of the App Insights Java agent, so we get monitoring of the JDBC calls too.
• Recently we have started to integrate the Azure Spring Cloud horizontal autoscale. Some of our services during financial
closing periods get particularly busy and the ability to adjust the number of instances based on metrics (like heap size,
number of requests) should enable us to meet peak demand without manual work or over provisioning of resources.
• We also have the application logs sent to a Log Analytics workspace and to have more real time feedback the Log Stream
feature of Azure Spring Cloud is used often, especially in development environments.
• Ultimately, we keep our end users happy by running a reliable and performant system but also by providing an
environment where we gain the businesses trust to allow a regular deployment of features, which work as intended.

Azure
• As part of the Unified Commerce team I am responsible for enrollment in our Loyalty program, Order Processing and
Personalized Offers. All these services must remain stable and online 24 hours a day. It’s amazing how many customers
shop for groceries in the middle of the night!
• We also have reoccurring events, product offers, $5 Mondays. These events drive customers to our site on a regular basis
resulting in predictable peaks. These known events are monitored closely, and we use Azure Monitor to send alerts
whenever thresholds are exceeded. Currently we ensure enough headroom is always available to handle our peaks, but
we are investigating Azure Spring Cloud autoscaling and moving to Application Gateway 2.0 since that also supports
autoscaling.
• Our developers are very happy with Log Stream and Log Aggregation in Azure Spring Cloud to help debug and pinpoint
problems quickly. All defect fixes must be peer reviewed using Pull Requests, deployed to our staging environment and
communicated before deploying to production.
• Azure Spring Cloud has allowed Raley’s to quickly develop and deploy new apps while exceeding customer and developer
expectations.

What were your security considerations in
using Azure Spring Cloud?
Raley’s, Liantis and Swiss Re

Azure
• A major component of security involves protecting the network and zero trust. Azure Spring Cloud supports deploying to
private VNets allowing Raley’s to utilize Azure API Manager and Azure Application Gateway to protect our services from
outside and inside the network.
• Azure Spring Cloud also natively supports Azure Key Vault. Raley’s was able to move application secrets to Azure Key
Vault. After adopting Azure Key Vault for our Spring Applications we also migrated our Azure DevOps Pipeline secrets to
Azure Key Vault.
• Azure Spring Cloud also supports Spring Configuration Server allowing us to keep our configuration in git repos and
update configuration using Pull Requests and Azure Pipelines.
• Azure Spring Cloud allows us to meet and improve on our security posture while providing peace of mind that our
services are secure.

Azure
• When it comes to identity and access management, Liantis has a solution in place based on one of
the leading IAM providers. Using a custom Spring Boot starter, integrating this solution with Spring
Security is a smooth process. It works perfectly in services deployed in Azure Spring Cloud.
• For now secrets are stored in configuration. Although they are protected by encryption, we decided
to move our secrets to Azure Key Vault. This makes the management of secrets much easier.
At Liantis we have company-wide and component-specific secrets. We decided to store the different
kind of secrets in separate Azure Key Vaults. Recently, Microsoft released a new version of its Key
Vault SpringBoot starter which supports such an approach.

Azure
• Clearly in a move to the public cloud security is one of our primary considerations. Swiss Re are following the CSA CCM
(Cloud Security Alliance, Cloud Controls Matrix) and anything we do has to be compliant with that. All the Spring Boot
applications we deploy are checked for CVEs and we simply can't deploy the software should there be any known
vulnerabilities. We also have automated smoke tests after new deployments, which check that key aspects of our
security policy have not been mutated by the deployment.
• By using a PaaS like Azure Spring Cloud we try to lower our attack surface by delegating activities like network
management and compute management to Microsoft. The less moving parts we must configure and maintain, the
better. This is demonstrated further by Microsoft taking responsibility for patching the Java versions and exposing a
fine-grained permission model for Azure Spring Cloud.
• The system assigned managed identity Azure Spring Cloud provides to each application is important, as we use this to
bootstrap access to Azure Key Vaults, access Microsoft Graph and authenticate to where we store the static content in
Azure Storage.
• Important as well is we minimize the exposure of our applications, so all the back-end services run on private IP
addresses. All ingress comes through our Spring Cloud Gateway application which is shielded by Cloudflare; whose
capabilities include a Web Application Firewall (WAF).

What does cloud native software
development mean to you and what advice
do you have for Spring devs considering
cloud?
Swiss Re, Raley’s and Liantis

Azure
• Well firstly for me cloud native doesn't necessarily mean microservices. Our teams are building services that are decomposed to a level
which makes sense to us. We want to take advantage of the public cloud, but we want to maximize the time we spend on interacting with
our business and delivering value through software. "Cloud native" ultimately must provide tangible results which our business sponsors
recognize. Clearly platforms like Azure Spring Cloud help, as they take away implementation and management effort which is not our core
competency.
• In terms of what we do:
1) we try and give our product teams autonomy and ownership. Self-service is a critical factor – we have to be able to make progress
without waiting for service requests and long fulfilment chains
2) We remove as much friction as possible from the development process
3) We have no magic. Everything we create and deploy must have a representation in git.
4) All of our services expose clean and consistent APIs
5) We never compromise on security. So we create a baseline, which we maintain and improve over time
6) We automate the monitoring of our software as much as possible and we try to automate the response to that monitoring as much
as possible
• I think one piece of advice that has worked well for us is whether you target the cloud or not is to get the basics right i.e. start off from day
one doing all the "right" things i.e. everything in git, automated tests, automated builds, automated deployments.

Azure
• Cloud native to me means creating applications that can take advantage of Cloud Services. Cloud native software
development must facilitate rapid development, CI/CD, and autoscaling to name a few key features. Cloud native
software development allows developers to focus on the application logic, innovate and quickly bring value to the
business team.
• Azure Spring Cloud supports all these feature while eliminating the need to spend infrastructure and development
resources deploying, configuring and testing to ensure features are setup correctly.
• Adopting Azure Spring Cloud has made our developers more productive, allowed them to focus on the application and
business logic without needing to worry about the underlying infrastructure all while adding in demand technologies and
skills to their resumes!
• Adopting Azure Spring Cloud shifts the management of Kubernetes, OS patches and updates to the experts at Azure
making our development and business teams more productive.

Azure
• The Spring Framework together with Spring Boot and Spring Cloud helps to improve the application or microservice
development process. Different kind of boilerplate aspects are taken care of. And the frameworks help developers
to use architectural principles, design patterns, enterprise integration patterns or distributed system patterns more
easily.
A supporting platform/ecosystem (with capabilities such as DevOps pipelines, centralized logging & monitoring,
security, discovery, centralized configuration, scaling, ...) is a must:
o to streamline the development process.
o to act as the hosting platform for the developed microservices.
• By adding Azure and Azure Spring Cloud to the trio Spring/Boot/Cloud, you remove a major burden from your IT
organization to setup/maintain such a supporting ecosystem.
• It allows our agile development teams to focus on producing business value/functionality without worries.

Accelerate Spring Apps to Cloud at Scale—Discussion with Azure Spring Cloud Customers

More Related Content

What's hot (20)

Similar to Accelerate Spring Apps to Cloud at Scale—Discussion with Azure Spring Cloud Customers (20)

More from VMware Tanzu (20)

Recently uploaded (20)

Accelerate Spring Apps to Cloud at Scale—Discussion with Azure Spring Cloud Customers