The microservices honeymoon is over. When starting a new project or revamping a legacy monolith, teams started looking for alternatives to microservices. The Modular Monolith, or 'Modulith', is an architecture that reaps the benefits of (vertical) functional decoupling without the high costs associated with separate deployments. This talk will delve into the advantages and challenges of this progressive architecture, beginning with exploring the concept of a 'module', its internal structure, public API, and inter-module communication patterns. Supported by spring-modulith, the talk provides practical guidance on addressing the main challenges of a Modultith Architecture: finding and guarding module boundaries, data decoupling, and integration module-testing. You should not miss this talk if you are a software architect or tech lead seeking practical, scalable solutions.
About the author
With two decades of experience, Victor is a Java Champion working as a trainer for top companies in Europe. Five thousands developers in 120 companies attended his workshops, so he gets to debate every week the challenges that various projects struggle with. In return, Victor summarizes key points from these workshops in conference talks and online meetups for the European Software Crafters, the world’s largest developer community around architecture, refactoring, and testing. Discover how Victor can help you on victorrentea.ro : company training catalog, consultancy and YouTube playlists.
These are the slides from a talk "DNS exfiltration using sqlmap" held at PHDays 2012 conference (Russia / Moscow 30th–31st May 2012) by Miroslav Stampar.
SQL Server 2005 introduced enhancements to security including:
1. Authentication can specify SSL or mutual authentication with client certificates. Authorization establishes login credentials and permissions within a database.
2. A new security model separates users from schemas, allowing dropping a user without breaking applications. Users have a default schema and objects are contained within schemas.
3. Cryptography support provides encryption, decryption, signing and verification functions including symmetric and asymmetric keys. Permissions in SQL 2005 allow finer-grained control at the row level and module execution context.
Path traversal attacks aim to access files outside a webroot folder by exploiting how web servers handle special directory traversal characters like "..". An attacker can use these characters in a request to climb the directory structure and potentially read sensitive files. They may also try encoding the special characters to bypass security filters. To prevent this, servers should carefully filter user input, ensure only authorized directories are accessible, and keep sensitive files outside public folders.
This document provides a design overview of the Web Accessible Alumni Database software. It includes deployment diagrams, architectural designs, data structure details, use case realizations, and interface designs. The system allows alumni to complete surveys, add and update their entries, and search for other alumni to email. It consists of a web server and client using HTML and JSP. The designated faculty member can make changes to surveys, collected data fields, and email capabilities.
OrientDB is a multi-model NoSQL document database that provides both graph and document structures and queries. It supports ACID transactions, schema-full and schema-less modes, HTTP/binary protocols, and allows both SQL-like and native graph queries. OrientDB provides APIs for Java, JRuby and other languages to interface with the database.
O documento descreve as principais funcionalidades do jQuery, uma biblioteca JavaScript que simplifica a interação com elementos HTML e eventos. Em poucas frases, o jQuery permite selecionar elementos, modificar seu conteúdo e estilo, e responder a eventos de uma forma simples e consistente em diferentes navegadores.
These are the slides from a talk "DNS exfiltration using sqlmap" held at PHDays 2012 conference (Russia / Moscow 30th–31st May 2012) by Miroslav Stampar.
SQL Server 2005 introduced enhancements to security including:
1. Authentication can specify SSL or mutual authentication with client certificates. Authorization establishes login credentials and permissions within a database.
2. A new security model separates users from schemas, allowing dropping a user without breaking applications. Users have a default schema and objects are contained within schemas.
3. Cryptography support provides encryption, decryption, signing and verification functions including symmetric and asymmetric keys. Permissions in SQL 2005 allow finer-grained control at the row level and module execution context.
Path traversal attacks aim to access files outside a webroot folder by exploiting how web servers handle special directory traversal characters like "..". An attacker can use these characters in a request to climb the directory structure and potentially read sensitive files. They may also try encoding the special characters to bypass security filters. To prevent this, servers should carefully filter user input, ensure only authorized directories are accessible, and keep sensitive files outside public folders.
This document provides a design overview of the Web Accessible Alumni Database software. It includes deployment diagrams, architectural designs, data structure details, use case realizations, and interface designs. The system allows alumni to complete surveys, add and update their entries, and search for other alumni to email. It consists of a web server and client using HTML and JSP. The designated faculty member can make changes to surveys, collected data fields, and email capabilities.
OrientDB is a multi-model NoSQL document database that provides both graph and document structures and queries. It supports ACID transactions, schema-full and schema-less modes, HTTP/binary protocols, and allows both SQL-like and native graph queries. OrientDB provides APIs for Java, JRuby and other languages to interface with the database.
O documento descreve as principais funcionalidades do jQuery, uma biblioteca JavaScript que simplifica a interação com elementos HTML e eventos. Em poucas frases, o jQuery permite selecionar elementos, modificar seu conteúdo e estilo, e responder a eventos de uma forma simples e consistente em diferentes navegadores.
Draft: building secure applications with keycloak (oidc/jwt)Abhishek Koserwal
Building an enterprise level single sign-on application with the help of keycloak (Open Source Identity and Access Management). And understanding the way to secure your application; frontend & backend API’s. Managing user federation with minimum configuration.
Python and Oracle : allies for best of data managementLaurent Leturgez
In this presentation, I described Python and how Python can Interact with Oracle database, and Oracle Cloud Infrastructure in various project : from data visualisation to data science.
Oracle Recovery Manager 12c Best Practices document outlines improvements to RMAN backup and recovery capabilities in Oracle Database 12c. The presentation agenda includes discussing new RMAN features, more efficient database cloning, using RMAN with Data Guard for complete protection, cross-platform migration with XTTS, low cost offsite backups to Oracle Public Cloud, and eliminating data loss with Recovery Appliance. The document provides an overview of best practices and new capabilities for backup and recovery with RMAN 12c.
This document provides an introduction to NoSQL and MongoDB. It discusses that NoSQL is a non-relational database management system that avoids joins and is easy to scale. It then summarizes the different flavors of NoSQL including key-value stores, graphs, BigTable, and document stores. The remainder of the document focuses on MongoDB, describing its structure, how to perform inserts and searches, features like map-reduce and replication. It concludes by encouraging the reader to try MongoDB themselves.
It all starts with the ' (SQL injection from attacker's point of view)Miroslav Stampar
These are the slides from a talk "It all starts with the ' (SQL injection from attacker's point of view)" held at FSec 2011 conference (Croatia / Varazdin 22nd September 2011) by Miroslav Stampar
Advanced SQL injection to operating system full control (whitepaper)Bernardo Damele A. G.
Over ten years have passed since a famous hacker coined the term "SQL injection" and it is still considered one of the major web application threats, affecting over 70% of web application on the Net. A lot has been said on this specific vulnerability, but not all of the aspects and implications have been uncovered, yet.
It's time to explore new ways to get complete control over the database management system's underlying operating system through a SQL injection vulnerability in those over-looked and theoretically not exploitable scenarios: From the command execution on MySQL and PostgreSQL to a stored procedure's buffer overflow exploitation on Microsoft SQL Server. These and much more will be unveiled and demonstrated with my own tool's new version that I will release at the Conference (http://www.blackhat.com/html/bh-europe-09/bh-eu-09-speakers.html#Damele).
RoR Workshop - Web applications hacking - Ruby on Rails exampleRailwaymen
Web Applications Hacking – Ruby on Rails example. Attack web applications by using SQL attacks, CSRF, XSS. You will learn how to extract information by generating API json / xml and how to use cookies to code injection.
• What is SQL injection ?
• Why is it harmful?
• Types of SQL injection attacks.
• How to identify SQL injection vulnerability.
• Exploiting SQL injection.
• How to protect Web Application from SQL injection.
The document discusses tips and tricks for using the MongoDB shell. It describes what the shell is, advantages like debugging queries and administration, and disadvantages like numbers and dates. It provides examples of shell commands and functions for tasks like loading scripts, running commands, profiling, and administration. It also discusses configuration options and ways to improve the shell experience like keyboard shortcuts and the .mongorc.js file.
Odoo Experience 2018 - How to Break Odoo Security (or how to prevent it)ElínAnna Jónasdóttir
Odoo's security model uses multi-level access controls to restrict data access through groups, access control lists (ACLs), and rules at both the model and field level. Common vulnerabilities include injection, improper access controls, information leaks, and cross-site scripting. To break Odoo's security, one would try to exploit vulnerabilities like SQL injection, accessing data without proper permissions, or leaking sensitive information through unsafe domain combinations.
Zeronights 2016 | A blow under the belt. How to avoid WAF/IPS/DLP | Удар ниже...Дмитрий Бумов
There are regular and smart firewalls. The regular ones are quite clear, it was a good report on the latest Black Hat. However, we need a completely different approach to come round advanced protection.
Есть фаерволы на регулярных выражениях, а есть умные. Если с первыми все понятно — был отличный доклад на последнем Black Hat, то чтобы обойти современную защиту, нужно иметь совершенно другой подход!
Dynatrace - Red Hat workshop : Monolith to MicroservicesSteve Caron
This document provides steps for a hands-on workshop to migrate a monolithic application to microservices using OpenShift and Dynatrace. The workshop will:
1. Set up the monolithic TicketMonster application and deploy it to OpenShift.
2. Extract the user interface from the monolith as the first microservice.
3. Leverage Dynatrace to analyze the monolith and identify a suitable microservice, defining a custom service detection rule for orders.
4. Consider identifying the domain model of future microservices by understanding their data management requirements.
Scaling frontend applications with micro-frontends Presentation.pdfKatamaRajuBandigari1
This document discusses micro-frontends and their technical implementation. It begins with an overview of scaling applications from monoliths to microservices and then micro-frontends. A micro-frontend is defined as the technical representation of a business subdomain, allowing independent implementations by single teams. Various technical implementations are reviewed, including iframes, components, and server-side composition. The document concludes with examples of DAZN's implementation and micro-frontend frameworks like Single-SPA and Frint.js.
Draft: building secure applications with keycloak (oidc/jwt)Abhishek Koserwal
Building an enterprise level single sign-on application with the help of keycloak (Open Source Identity and Access Management). And understanding the way to secure your application; frontend & backend API’s. Managing user federation with minimum configuration.
Python and Oracle : allies for best of data managementLaurent Leturgez
In this presentation, I described Python and how Python can Interact with Oracle database, and Oracle Cloud Infrastructure in various project : from data visualisation to data science.
Oracle Recovery Manager 12c Best Practices document outlines improvements to RMAN backup and recovery capabilities in Oracle Database 12c. The presentation agenda includes discussing new RMAN features, more efficient database cloning, using RMAN with Data Guard for complete protection, cross-platform migration with XTTS, low cost offsite backups to Oracle Public Cloud, and eliminating data loss with Recovery Appliance. The document provides an overview of best practices and new capabilities for backup and recovery with RMAN 12c.
This document provides an introduction to NoSQL and MongoDB. It discusses that NoSQL is a non-relational database management system that avoids joins and is easy to scale. It then summarizes the different flavors of NoSQL including key-value stores, graphs, BigTable, and document stores. The remainder of the document focuses on MongoDB, describing its structure, how to perform inserts and searches, features like map-reduce and replication. It concludes by encouraging the reader to try MongoDB themselves.
It all starts with the ' (SQL injection from attacker's point of view)Miroslav Stampar
These are the slides from a talk "It all starts with the ' (SQL injection from attacker's point of view)" held at FSec 2011 conference (Croatia / Varazdin 22nd September 2011) by Miroslav Stampar
Advanced SQL injection to operating system full control (whitepaper)Bernardo Damele A. G.
Over ten years have passed since a famous hacker coined the term "SQL injection" and it is still considered one of the major web application threats, affecting over 70% of web application on the Net. A lot has been said on this specific vulnerability, but not all of the aspects and implications have been uncovered, yet.
It's time to explore new ways to get complete control over the database management system's underlying operating system through a SQL injection vulnerability in those over-looked and theoretically not exploitable scenarios: From the command execution on MySQL and PostgreSQL to a stored procedure's buffer overflow exploitation on Microsoft SQL Server. These and much more will be unveiled and demonstrated with my own tool's new version that I will release at the Conference (http://www.blackhat.com/html/bh-europe-09/bh-eu-09-speakers.html#Damele).
RoR Workshop - Web applications hacking - Ruby on Rails exampleRailwaymen
Web Applications Hacking – Ruby on Rails example. Attack web applications by using SQL attacks, CSRF, XSS. You will learn how to extract information by generating API json / xml and how to use cookies to code injection.
• What is SQL injection ?
• Why is it harmful?
• Types of SQL injection attacks.
• How to identify SQL injection vulnerability.
• Exploiting SQL injection.
• How to protect Web Application from SQL injection.
The document discusses tips and tricks for using the MongoDB shell. It describes what the shell is, advantages like debugging queries and administration, and disadvantages like numbers and dates. It provides examples of shell commands and functions for tasks like loading scripts, running commands, profiling, and administration. It also discusses configuration options and ways to improve the shell experience like keyboard shortcuts and the .mongorc.js file.
Odoo Experience 2018 - How to Break Odoo Security (or how to prevent it)ElínAnna Jónasdóttir
Odoo's security model uses multi-level access controls to restrict data access through groups, access control lists (ACLs), and rules at both the model and field level. Common vulnerabilities include injection, improper access controls, information leaks, and cross-site scripting. To break Odoo's security, one would try to exploit vulnerabilities like SQL injection, accessing data without proper permissions, or leaking sensitive information through unsafe domain combinations.
Zeronights 2016 | A blow under the belt. How to avoid WAF/IPS/DLP | Удар ниже...Дмитрий Бумов
There are regular and smart firewalls. The regular ones are quite clear, it was a good report on the latest Black Hat. However, we need a completely different approach to come round advanced protection.
Есть фаерволы на регулярных выражениях, а есть умные. Если с первыми все понятно — был отличный доклад на последнем Black Hat, то чтобы обойти современную защиту, нужно иметь совершенно другой подход!
Dynatrace - Red Hat workshop : Monolith to MicroservicesSteve Caron
This document provides steps for a hands-on workshop to migrate a monolithic application to microservices using OpenShift and Dynatrace. The workshop will:
1. Set up the monolithic TicketMonster application and deploy it to OpenShift.
2. Extract the user interface from the monolith as the first microservice.
3. Leverage Dynatrace to analyze the monolith and identify a suitable microservice, defining a custom service detection rule for orders.
4. Consider identifying the domain model of future microservices by understanding their data management requirements.
Scaling frontend applications with micro-frontends Presentation.pdfKatamaRajuBandigari1
This document discusses micro-frontends and their technical implementation. It begins with an overview of scaling applications from monoliths to microservices and then micro-frontends. A micro-frontend is defined as the technical representation of a business subdomain, allowing independent implementations by single teams. Various technical implementations are reviewed, including iframes, components, and server-side composition. The document concludes with examples of DAZN's implementation and micro-frontend frameworks like Single-SPA and Frint.js.
The biggest challenge in performance tuning is identifying the root cause of the bottleneck. Once you find it, the fix often becomes trivial. However, this detective work takes patience, skills, and effort, so we often attempt to guess the cause, by trying out tentative fixes. The result: messy code, waste of time and money, and frustration. During this talk you will learn how to correctly zoom in on the bottleneck using three levels of profiling: distributed tracing with Zipkin, metrics with Micrometer, and profiling with the Java Flight Recorder already built into your JVM. We’ll focus on the latter and learn how to read a flame graph to trace some common issues of backend systems like connection/thread pool starvation, time-consuming aspects, hot methods, and lock contention, even if these occur in library code you did not write.
A micro frontend architecture is an approach to developing web applications as a composition of small frontend apps. Instead of writing a large monolith frontend application, the application can be broken down into domain-specific micro frontends, which are self-contained and can be developed and deployed independently. Each micro frontend can be owned by verticalised domain specific teams. Micro frontends do have advantages and disadvantages and they are not suitable in many cases. When micro frontends is a potential solution, make sure to use a domain driven top-down approach, with no big design upfronts. Keep it simple!
Frontend Developer Love Amsterdam - 30 January 2018
This document summarizes an IBM Bluemix meetup that took place on May 4, 2016 in Triangle, North Carolina. The meetup included presentations on Swift, OpenWhisk, Blockchain/Hyperledger, and a Q&A session. Attendees could learn about new technologies on IBM Bluemix like the Swift sandbox, OpenWhisk serverless platform, and IBM's involvement in the Hyperledger blockchain project. The next Bluemix meetup was scheduled for May 18, 2016.
Scaling Prometheus Metrics in Kubernetes with Telegraf | Chris Goller | Influ...InfluxData
Scaling Prometheus in Kubernetes seems easy with service-discovery, but quickly devolves into manual DevOps snowflake setup. Additionally, a single developer is able to overwhelm a federated Prometheus setup and impact the system as a whole without being able to self-service debug. In this talk, Chris will focus on a variety of architectures using Telegraf to scale scraping in Kubernetes and empower developers.
He’ll describe his experiences around scaling /metrics in the microservices of InfluxData’s Cloud 2.0 Kubernetes system…as he was the single developer that added just one more label…
The Rise of Microservices - Containers and OrchestrationMongoDB
The document discusses microservices and containers. It defines microservices as small, independent services with well-defined interfaces that allow for decentralized control and independent deployments. Containers are presented as a way to package and run microservices using technologies like Docker. Orchestration with systems like Kubernetes and Mesos is described as a way to automate deployment, linking, and maintenance of multiple containers across infrastructure. MongoDB is discussed as a good fit for microservices due to its flexibility, redundancy, scalability, and simplicity.
JS Fest 2018. Никита Галкин. Микросервисная архитектура с переиспользуемыми к...JSFestUA
Нарушение DRY принципа особенно часто возникает в микросервисах. Чтобы избежать этой проблемы, вы можете использовать повторно используемые компоненты, например, приватные пакеты npm. Лучшие практики, которые помогут вам достичь этого включают в себя паттерн ECB для организации кода, манифест 12-ти факторного приложения, использование генерации кода. В нашем проекте мы используем технический стек на основе Node.js, Docker, RabbitMQ, но идеи из этого доклада могут быть использованы для любого технического стека микросервисов
Tungsten Fabric provides a network fabric connecting all environments and clouds. It aims to be the most ubiquitous, easy-to-use, scalable, secure, and cloud-grade SDN stack. It has over 300 contributors and 100 active developers. Recent improvements include better support for microservices, containers, ingress/egress policies, and load balancing. It can provide consistent security and networking across VMs, containers, and bare metal.
Migration Effort in the Cloud - The Case of Cloud PlatformsStefan Kolb
Get the book "On the Portability of Applications in Platform as a Service" at https://www.amazon.de/dp/3863096312
Presentation from IEEE CLOUD 2015. Full paper at http://bit.ly/paasmigration
Dipping Your Toes Into Cloud Native Application DevelopmentMatthew Farina
Presented at CloudDevelop 2016
Building cloud native applications in containers is a new hot topic. Netflix and Google are two prime examples that have been doing it successfully for some time. Some of the new exciting projects like Docker and Kubernetes are focused on cloud native applications in containers. There are supposed to be numerous benefits including the ability to scale applications out easily while doing development on small systems like laptops, the ability for the system to handle some operational problems, and the capability to safely deploy updates to production many times per day. But, what does this look like in practice and how do you start the move to cloud native and containerized applications? In this session we'll look at what makes up a cloud native application, how they work, and how you can start small. We'll look at applications from an architecture and process point of view along with how you can deploy them to AWS, Azure, or Google Cloud. You'll walk away ready to start development on a cloud native app.
MicroProfile, Docker, Kubernetes, Istio and Open Shift lab @dev nexusEmily Jiang
This document provides an overview of Eclipse MicroProfile, Open Liberty, and hands-on cloud-native Java microservices. It discusses key MicroProfile APIs for REST, configuration, fault tolerance, health checks, metrics, and more. It also covers deploying microservices on Docker, Kubernetes, and using a service mesh like Istio. The document concludes with a link to a GitHub repository containing a tutorial lab for getting started with a MicroProfile application on Open Liberty.
Throughout the years, the Concentric Architectures (Onion, Hexagonal, Clean-..) have grown into the undisputed leader among backend systems architectures. With the rise of Domain-Driven Design, keeping your Domain ring 'agnostic' to the outside world has become the norm today. But history proved that any 'norm' in software architectures will cause overengineering if applied without criticism.
After a brief recap of these architectures, their pitfalls, and weaknesses, we'll see two alternatives that segregate code not in 'layers' or 'rings' but in vertical slices: Feature Slicing and Modular Monolith.
[Feature Slicing](vertical Slice Architecture) (aka *UseCase) has its own pitfalls and weaknesses, that we'll briefly review. But this will just warm us up for the next style.
Modular Monolith (aka Modulith) is an architecture style that helped many companies break their legacy codebases, and smoothly move to microservices. Most of the techniques discussed here can also come handy when one single microservice grew big and needs to be broken down.
Even more, greenfield projects today opt for this architecture instead of microservices, to avoid paying the high cost of distributability. Imagine cohesive but decoupled modules living in the same code base & deployment, but on which different teams work in harmony, delivering more value much faster than an equivalent microservice ecosystem.🦄
On the agenda:
- patterns to break data structures
- how to protect Domains inside modules
- communication patterns between modules
- breaking cyclic dependencies
Reactive Microservices with Spring 5: WebFlux Trayan Iliev
On November 27 Trayan Iliev from IPT presented “Reactive microservices with Spring 5: WebFlux” @Dev.bg in Betahaus Sofia. IPT – Intellectual Products & Technologies has been organizing Java & JavaScript trainings since 2003.
Spring 5 introduces a new model for end-to-end functional and reactive web service programming with Spring 5 WebFlow, Spring Data & Spring Boot. The main topics include:
– Introduction to reactive programming, Reactive Streams specification, and project Reactor (as WebFlux infrastructure)
– REST services with WebFlux – comparison between annotation-based and functional reactive programming approaches for building.
– Router, handler and filter functions
– Using reactive repositories and reactive database access with Spring Data. Building end-to-end non-blocking reactive web services using Netty-based web runtime
– Reactive WebClients and integration testing. Reactive WebSocket support
– Realtime event streaming to WebClients using JSON Streams, and to JS client using SSE.
Intro to GitOps with Weave GitOps, Flagger and LinkerdWeaveworks
This document provides an overview of GitOps, service meshes, Linkerd, Flux, Weave GitOps and progressive delivery. It introduces the speakers and outlines the agenda which includes explanations of GitOps, service meshes, Linkerd and Weave GitOps. It then demonstrates how Weave GitOps and Linkerd can be used together for progressive delivery and provides a Q&A section at the end.
Microservices Application Tracing Standards and Simulators - Adrians at OSCONAdrian Cockcroft
This document discusses distributed tracing standards and microservices simulations. It introduces OpenZipkin and OpenTracing as open source distributed tracing projects. It also discusses Pivot Tracing and the OpenTracing initiative to standardize instrumentation. The document proposes using a microservices simulator called Spigo to generate test data and visualize traces. It provides an example of defining a LAMP stack architecture in JSON to simulate with Spigo.
This document provides an introduction to MicroProfile, Open Liberty, and how to build cloud native microservices. It discusses key MicroProfile specifications like JAX-RS, CDI, REST Client, OpenAPI, Config, Fault Tolerance, Health, Metrics, and OpenTracing. It also covers using Open Liberty, Docker, Kubernetes, Istio and OpenShift for microservices deployment. The document includes an agenda, overview of the MicroProfile community and specifications, a timeline of MicroProfile releases, and pointers to the tutorial code repository.
Semelhante a Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024 (20)
Tracing the root cause of a performance issue requires a lot of patience, experience, and focus. It’s so hard that we sometimes attempt to guess by trying out tentative fixes, but that usually results in frustration, messy code, and a considerable waste of time and money. This talk explains how to correctly zoom in on a performance bottleneck using three levels of profiling: distributed tracing, metrics, and method profiling. After we learn to read the JVM profiler output as a flame graph, we explore a series of bottlenecks typical for backend systems, like connection/thread pool starvation, invisible aspects, blocking code, hot CPU methods, lock contention, and Virtual Thread pinning, and we learn to trace them even if they occur in library code you are not familiar with. Attend this talk and prepare for the performance issues that will eventually hit any successful system.
About authorWith two decades of experience, Victor is a Java Champion working as a trainer for top companies in Europe. Five thousands developers in 120 companies attended his workshops, so he gets to debate every week the challenges that various projects struggle with. In return, Victor summarizes key points from these workshops in conference talks and online meetups for the European Software Crafters, the world’s largest developer community around architecture, refactoring, and testing. Discover how Victor can help you on victorrentea.ro : company training catalog, consultancy and YouTube playlists.
The network is reliable, has zero latency, with infinite, free bandwidth... And then you wake up. The plan was to go to microservices to build those reliable, super-scalable systems you saw in the ad. But your systems only communicate over synchronous protocols and the team never had a serious discussion about timeouts, retries, circuit breakers, and bulkhead patterns. If that’s your crude reality, please attend this session!
One of the many challenges of a distributed architecture is preserving the consistency of data across different systems. During this one-hour presentation, we are going to explore a number of strategies for maintaining consistency, going from the most basic options up to an automated recovery mechanism using compensations and reservations - what’s commonly referred to as a “saga” pattern. Our journey will be based on a hypothetical food delivery application on which we will analyze various decisions and their tradeoffs. The discussion will stay at an abstract, architectural level for the most part, with only a few code examples.
In the agenda:
- Idempotency and Retries
- 2 Phase Commit
- Eventual Consistency
- Compensations
- Reservations
- The Saga Pattern
Clean Code @Voxxed Days Cluj 2023 - opening KeynoteVictor Rentea
Clean Code principles have become a cornerstone of professional developer teams worldwide. But frameworks and languages have evolved, and so have the challenges we’re facing today while crafting modern applications. Single-page apps, extremely DRY code, microservices, excessive functional programming, and reactive flows have all taken their toll on our code quality. Hop aboard this roundtrip of the most damaging Code Smells as of 2023 and fill your toolbox with a load of practical tricks you can immediately apply to your day-to-day work. All in an entertaining show spiced with live-coding moments.
Testing strategies for modern software architectures are evolving. As we transition from monolithic structures to team-sized microservices with crisp APIs aligned to bounded contexts, we encounter more stable testing surfaces. This shift leads many high-performing teams to favor integration tests over fine-grained, brittle unit tests. These integration tests, which are closer to the functional requirements, prove more trustworthy and are more resilient to internal refactoring, though they may come with a higher cost. In a vivid and engaging style, this talk addresses the primary challenges of integration testing in the microservices era: cognitive overload, test isolation, and test execution speed. Join the testing revolution and discover how to enhance your team's testing efficiency and effectiveness.
Ready for a deep dive into the world's most challenging programming paradigm? Reactive programming can simplify asynchronous and event-driven applications, but without a strong understanding, it can lead to frustration, recurring patchwork, missed deadlines, and costly bugs.
In this intensive three-hour session, we'll transition a traditional Spring application to WebFlux, revealing patterns and aanti-patterns when working with repositories, REST APIs, queues, and legacy libraries. You'll gain a clear understanding of often overlooked but critical aspects like subscribe signal, errors, cancellation, and signal loss. As a bonus, we'll debate the future of Reactive vs Virtual Threads, production-ready in Java 21.
This session is crucial for developers already working with reactive programming or those intending to make the leap.
Testing is fundamental in software development. Quality gates demand high coverage levels, pull requests need sufficient tests, leading to teams spending considerable time writing and maintaining them. But are we using our tests to their full potential?
'If code is hard to test, the design can be improved'. Starting from this mantra, this deep-dive session unveils hints to simplify code, break-down complexity, and effectively use functional programming. We'll delve into topics like fixture creep, partial mocks, onion architecture, and pure functions, providing numerous best practices and practical tips for your testing.
Be warned: This session may significantly disrupt your work routine and will likely change how you see testing. Attend at your own risk.
Slides for my presentation about OAuth, going in depth in the details of the Authorization Code Grant and PKCE, also describing several security threats to OAuth
The tests are trying to tell you something@VoxxedBucharest.pptxVictor Rentea
If tests are hard to write, the production design is crappy - goes an old saying. Indeed, writing unit tests gives you one of the most comprehensive, yet brutal, feedback about the design of your production code, but if it comes too late, many developers can’t stand it anymore and they will either stop testing or test more superficially. At the other extreme, others struggle to write contrived, fragile tests full of mocks that end up frustrating more than helping them. This talk reviews the main hints that unit tests provide you, from the most obvious improvements to some of the most subtle design principles.
Software Craftsmanship @Code Camp Festival 2022.pdfVictor Rentea
Decades ago, IT started as a single engineering practice, but over the years it grew increasingly fragmented. The overspecialization we face today, in the context of a management-first agile transformation leads to a lack of responsibility, blaming games, repeated patching, painful communication overhead, and fulminating costs. The software craftsmanship movement is rising in this post-agile world with professionals that take control of their careers and continuously learn in the pursuit of mastery. But changing mindset requires determined team efforts and communities, especially when working remotely. What techniques and tricks can you use to grow such a culture of learning in your team? Find out from the founder and lead of one of the largest software craftsmanship communities in the world.
This talk is about technical culture and attitude.
Tests are hard to write if the production design is crappy - goes an old saying. Indeed, writing unit tests gives you one of the most comprehensive, yet brutal, feedback about the design of your production code, but if it comes too late, many developers can’t take it and they will either stop testing or test superficially. At the other end, others struggle to write contrieved, fragile tests full of mocks that end up frustrating more than helping them. This talk reviews the main hints that unit tests provide you, from the most obvious improvements to some of the most subtle design principles.
Victor Rentea introduces himself as a Java Champion, trainer, and speaker who focuses on topics like Hibernate, Spring, Java 8/FP, architecture, clean code, unit testing, reactive programming, and Java performance. He advocates building a deep, rich domain model with value objects and entities that encapsulate logic and enforce invariants. The document provides guidance on applying principles like separating concerns with layers, dependency inversion, and avoiding anemic domain models in order to build flexible, testable systems that are decoupled from frameworks and external dependencies.
Decades ago, IT started as a single engineering practice, but as time passed by it got increasingly fragmented. Conflicts broke out between testers vs developers vs sysadmins vs DBAs vs many other roles. Recently, developers themselves split into many subspecialties like backend/frontend/iOS/Android/microservices/functions/etc. The overspecialization we face today causes huge communication overhead, a low bus factor, lack of responsibility, blaming, repeated isolated patching and fulminating costs. The software craftsmanship movement is rising in this post-agile world with professionals eager to take control of their careers and continuously learn in the pursuit of mastery. This talk will show you practical ways in which to seed a continuous learning culture in your team or company, and foster the enthusiasm of your developers.
Clean architecture - Protecting the DomainVictor Rentea
The goal of architecture is to simplify the most complex parts of your logic. Any other goal should be secondary to this. The problem is that you can’t always anticipate where the complexity of your application will accumulate, especially when confronted with ever-changing requirements. The only way to keep your code simple is to gradually evolve the architecture without adding useless complexity up front, but always looking out for opportunities to break-down and refactor towards the most simple design that solves the problem. Drawing concepts from the Domain-Driven Development mindset, this talk summarizes the most important lessons learned designing and consulting many real-world projects. Along the way, you’ll hear about Value Objects and Entities, DTOs, Dependency Inversion Principle, Facades, the Onion Architecture and many pragmatic tips and tricks immediately applicable to your day-to-day work.
Refactoring blockers and code smells @jNation 2021Victor Rentea
The only way to survive in a codebase is by refactoring continuously. We know that since the Extreme Programming days. But what stops us from doing so today? In this talk, Victor summarizes what he learned discussing Clean Code and Refactoring with hundreds of teams throughout the world. You'll find ideas to tackle a broad spectrum of factors: technical, cultural, psychological, emotional, social, and even political. Using these you might unlock the freedom to refactor for you and your colleagues.
After this roundtrip, the talk briefly overviews several of the most dangerous code smells in the projects today: God Class, Duplicated Code vs Divergent Code, Temporal Coupling, Middle Man, Speculative Generality, Mutable Long-Lived State, Comments, and more. For each of them we’ll discuss a typical workaround, plus several subtleties and variations.
Hibernate and Spring - Unleash the MagicVictor Rentea
This document provides an overview of several Java technologies:
- JPA Auditing for tracking entity creation/modification dates and users
- Domain Events in DDD for triggering processing across aggregates
- javax.validation for validating entities before database writes
- Spring Data Repos for implementing repositories with query methods and custom logic
It also briefly discusses JPA auditing implementation, domain event publishing, custom validators, and the @NonNullApi annotation for preventing null returns from repositories.
Integration testing with spring @JAX MainzVictor Rentea
Our sleep is better with longer-scoped tests. Our life is brighter if we don’t rely heavily on fine-grained tests that break whenever we refactor even the smallest detail. I’m talking about tilting the balance towards more integration than unit testing. And for that, let’s look at the testing features offered by the most used Java Framework today. We’ll see how to write fake test implementations, how to mock an unwanted Spring bean, what a Transactional Test is, and if and how to test your web endpoints. Along the way, we’ll also see Flaky tests, and discuss best practices about integration testing – all in an entertaining live coding session.
Your takeaways from this talk will be a lot of good practices and techniques directly applicable to your day-to-day project.
The Proxy Fairy and the Magic of Spring @JAX Mainz 2021Victor Rentea
You can only claim you know Spring if you fully understand the Proxy design pattern and how the framework uses it to do its magic. Join this live coding session to explore 6 ways of intercepting method calls that you can use to cast your own spells and dramatically simplify your codebase.
Grab a strong coffee and prepare yourself for a whirlwind of **live-coding**, interwoven with **deep theoretical concepts and implementation details** that you need to master if you are using the Spring Framework. We’ll start from a Decorator pattern implementation, proving 2 ways to wire it with Spring, then move to bare-hands interface proxies, concrete classes proxies, @Aspect applied to custom annotations, plus some standard off-the-shelf Spring aspects.
Join this talk and learn real-world best practices to use with Aspects, design hints, under-the-hood implementation details, debugging tips, and performance impact of aspects. All in an interactive, entertaining, and extremely dynamic session.
Integration testing with spring @snow oneVictor Rentea
This document provides an overview of integration testing strategies and techniques. It discusses the differences between unit tests and integration tests, including that integration tests involve multiple layers and dependencies like databases, files, and web services, making them slower and more fragile. It also covers best practices for integration tests such as using an in-memory database, WireMock for stubbing external services, transaction management, and strategies for cleaning up after tests.
Pure functions and immutable objects @dev nexus 2021Victor Rentea
aaaaThis presentation focuses on two of the most advanced design tools in your toolbox, whatever the language or framework you might be using. After understanding the basics, we'll see how these concepts can be used in real-world scenarios to simplify those several most complex use-cases in your application. At the end of a mix of slides and live-coding, you'll finally understand the power of these ideas and become prepared to apply them in your day-to-day work.
Along the way, we'll introduce concepts like Side Effects, Idempotency, Referential Transparency, Pure Functions and Deep/Shallow Immutability. Also, we'll talk about the powerful Functional Code / Imperative Shell architecture that you can use for your complex workflows.
Prepare for an entertaining, highly interactive session that will answer all your questions.
Written in Java and spoken in English.
Northern Engraving | Modern Metal Trim, Nameplates and Appliance PanelsNorthern Engraving
What began over 115 years ago as a supplier of precision gauges to the automotive industry has evolved into being an industry leader in the manufacture of product branding, automotive cockpit trim and decorative appliance trim. Value-added services include in-house Design, Engineering, Program Management, Test Lab and Tool Shops.
The Department of Veteran Affairs (VA) invited Taylor Paschal, Knowledge & Information Management Consultant at Enterprise Knowledge, to speak at a Knowledge Management Lunch and Learn hosted on June 12, 2024. All Office of Administration staff were invited to attend and received professional development credit for participating in the voluntary event.
The objectives of the Lunch and Learn presentation were to:
- Review what KM ‘is’ and ‘isn’t’
- Understand the value of KM and the benefits of engaging
- Define and reflect on your “what’s in it for me?”
- Share actionable ways you can participate in Knowledge - - Capture & Transfer
This talk will cover ScyllaDB Architecture from the cluster-level view and zoom in on data distribution and internal node architecture. In the process, we will learn the secret sauce used to get ScyllaDB's high availability and superior performance. We will also touch on the upcoming changes to ScyllaDB architecture, moving to strongly consistent metadata and tablets.
What is an RPA CoE? Session 1 – CoE VisionDianaGray10
In the first session, we will review the organization's vision and how this has an impact on the COE Structure.
Topics covered:
• The role of a steering committee
• How do the organization’s priorities determine CoE Structure?
Speaker:
Chris Bolin, Senior Intelligent Automation Architect Anika Systems
Dandelion Hashtable: beyond billion requests per second on a commodity serverAntonios Katsarakis
This slide deck presents DLHT, a concurrent in-memory hashtable. Despite efforts to optimize hashtables, that go as far as sacrificing core functionality, state-of-the-art designs still incur multiple memory accesses per request and block request processing in three cases. First, most hashtables block while waiting for data to be retrieved from memory. Second, open-addressing designs, which represent the current state-of-the-art, either cannot free index slots on deletes or must block all requests to do so. Third, index resizes block every request until all objects are copied to the new index. Defying folklore wisdom, DLHT forgoes open-addressing and adopts a fully-featured and memory-aware closed-addressing design based on bounded cache-line-chaining. This design offers lock-free index operations and deletes that free slots instantly, (2) completes most requests with a single memory access, (3) utilizes software prefetching to hide memory latencies, and (4) employs a novel non-blocking and parallel resizing. In a commodity server and a memory-resident workload, DLHT surpasses 1.6B requests per second and provides 3.5x (12x) the throughput of the state-of-the-art closed-addressing (open-addressing) resizable hashtable on Gets (Deletes).
Essentials of Automations: Exploring Attributes & Automation ParametersSafe Software
Building automations in FME Flow can save time, money, and help businesses scale by eliminating data silos and providing data to stakeholders in real-time. One essential component to orchestrating complex automations is the use of attributes & automation parameters (both formerly known as “keys”). In fact, it’s unlikely you’ll ever build an Automation without using these components, but what exactly are they?
Attributes & automation parameters enable the automation author to pass data values from one automation component to the next. During this webinar, our FME Flow Specialists will cover leveraging the three types of these output attributes & parameters in FME Flow: Event, Custom, and Automation. As a bonus, they’ll also be making use of the Split-Merge Block functionality.
You’ll leave this webinar with a better understanding of how to maximize the potential of automations by making use of attributes & automation parameters, with the ultimate goal of setting your enterprise integration workflows up on autopilot.
High performance Serverless Java on AWS- GoTo Amsterdam 2024Vadym Kazulkin
Java is for many years one of the most popular programming languages, but it used to have hard times in the Serverless community. Java is known for its high cold start times and high memory footprint, comparing to other programming languages like Node.js and Python. In this talk I'll look at the general best practices and techniques we can use to decrease memory consumption, cold start times for Java Serverless development on AWS including GraalVM (Native Image) and AWS own offering SnapStart based on Firecracker microVM snapshot and restore and CRaC (Coordinated Restore at Checkpoint) runtime hooks. I'll also provide a lot of benchmarking on Lambda functions trying out various deployment package sizes, Lambda memory settings, Java compilation options and HTTP (a)synchronous clients and measure their impact on cold and warm start times.
How information systems are built or acquired puts information, which is what they should be about, in a secondary place. Our language adapted accordingly, and we no longer talk about information systems but applications. Applications evolved in a way to break data into diverse fragments, tightly coupled with applications and expensive to integrate. The result is technical debt, which is re-paid by taking even bigger "loans", resulting in an ever-increasing technical debt. Software engineering and procurement practices work in sync with market forces to maintain this trend. This talk demonstrates how natural this situation is. The question is: can something be done to reverse the trend?
"$10 thousand per minute of downtime: architecture, queues, streaming and fin...Fwdays
Direct losses from downtime in 1 minute = $5-$10 thousand dollars. Reputation is priceless.
As part of the talk, we will consider the architectural strategies necessary for the development of highly loaded fintech solutions. We will focus on using queues and streaming to efficiently work and manage large amounts of data in real-time and to minimize latency.
We will focus special attention on the architectural patterns used in the design of the fintech system, microservices and event-driven architecture, which ensure scalability, fault tolerance, and consistency of the entire system.
Skybuffer SAM4U tool for SAP license adoptionTatiana Kojar
Manage and optimize your license adoption and consumption with SAM4U, an SAP free customer software asset management tool.
SAM4U, an SAP complimentary software asset management tool for customers, delivers a detailed and well-structured overview of license inventory and usage with a user-friendly interface. We offer a hosted, cost-effective, and performance-optimized SAM4U setup in the Skybuffer Cloud environment. You retain ownership of the system and data, while we manage the ABAP 7.58 infrastructure, ensuring fixed Total Cost of Ownership (TCO) and exceptional services through the SAP Fiori interface.
Must Know Postgres Extension for DBA and Developer during MigrationMydbops
Mydbops Opensource Database Meetup 16
Topic: Must-Know PostgreSQL Extensions for Developers and DBAs During Migration
Speaker: Deepak Mahto, Founder of DataCloudGaze Consulting
Date & Time: 8th June | 10 AM - 1 PM IST
Venue: Bangalore International Centre, Bangalore
Abstract: Discover how PostgreSQL extensions can be your secret weapon! This talk explores how key extensions enhance database capabilities and streamline the migration process for users moving from other relational databases like Oracle.
Key Takeaways:
* Learn about crucial extensions like oracle_fdw, pgtt, and pg_audit that ease migration complexities.
* Gain valuable strategies for implementing these extensions in PostgreSQL to achieve license freedom.
* Discover how these key extensions can empower both developers and DBAs during the migration process.
* Don't miss this chance to gain practical knowledge from an industry expert and stay updated on the latest open-source database trends.
Mydbops Managed Services specializes in taking the pain out of database management while optimizing performance. Since 2015, we have been providing top-notch support and assistance for the top three open-source databases: MySQL, MongoDB, and PostgreSQL.
Our team offers a wide range of services, including assistance, support, consulting, 24/7 operations, and expertise in all relevant technologies. We help organizations improve their database's performance, scalability, efficiency, and availability.
Contact us: info@mydbops.com
Visit: https://www.mydbops.com/
Follow us on LinkedIn: https://in.linkedin.com/company/mydbops
For more details and updates, please follow up the below links.
Meetup Page : https://www.meetup.com/mydbops-databa...
Twitter: https://twitter.com/mydbopsofficial
Blogs: https://www.mydbops.com/blog/
Facebook(Meta): https://www.facebook.com/mydbops/
Fueling AI with Great Data with Airbyte WebinarZilliz
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/temporal-event-neural-networks-a-more-efficient-alternative-to-the-transformer-a-presentation-from-brainchip/
Chris Jones, Director of Product Management at BrainChip , presents the “Temporal Event Neural Networks: A More Efficient Alternative to the Transformer” tutorial at the May 2024 Embedded Vision Summit.
The expansion of AI services necessitates enhanced computational capabilities on edge devices. Temporal Event Neural Networks (TENNs), developed by BrainChip, represent a novel and highly efficient state-space network. TENNs demonstrate exceptional proficiency in handling multi-dimensional streaming data, facilitating advancements in object detection, action recognition, speech enhancement and language model/sequence generation. Through the utilization of polynomial-based continuous convolutions, TENNs streamline models, expedite training processes and significantly diminish memory requirements, achieving notable reductions of up to 50x in parameters and 5,000x in energy consumption compared to prevailing methodologies like transformers.
Integration with BrainChip’s Akida neuromorphic hardware IP further enhances TENNs’ capabilities, enabling the realization of highly capable, portable and passively cooled edge devices. This presentation delves into the technical innovations underlying TENNs, presents real-world benchmarks, and elucidates how this cutting-edge approach is positioned to revolutionize edge AI across diverse applications.
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsDianaGray10
Join us to learn how UiPath Apps can directly and easily interact with prebuilt connectors via Integration Service--including Salesforce, ServiceNow, Open GenAI, and more.
The best part is you can achieve this without building a custom workflow! Say goodbye to the hassle of using separate automations to call APIs. By seamlessly integrating within App Studio, you can now easily streamline your workflow, while gaining direct access to our Connector Catalog of popular applications.
We’ll discuss and demo the benefits of UiPath Apps and connectors including:
Creating a compelling user experience for any software, without the limitations of APIs.
Accelerating the app creation process, saving time and effort
Enjoying high-performance CRUD (create, read, update, delete) operations, for
seamless data management.
Speakers:
Russell Alfeche, Technology Leader, RPA at qBotic and UiPath MVP
Charlie Greenberg, host
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfChart Kalyan
A Mix Chart displays historical data of numbers in a graphical or tabular form. The Kalyan Rajdhani Mix Chart specifically shows the results of a sequence of numbers over different periods.
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving
Manufacturing custom quality metal nameplates and badges involves several standard operations. Processes include sheet prep, lithography, screening, coating, punch press and inspection. All decoration is completed in the flat sheet with adhesive and tooling operations following. The possibilities for creating unique durable nameplates are endless. How will you create your brand identity? We can help!
inQuba Webinar Mastering Customer Journey Management with Dr Graham HillLizaNolte
HERE IS YOUR WEBINAR CONTENT! 'Mastering Customer Journey Management with Dr. Graham Hill'. We hope you find the webinar recording both insightful and enjoyable.
In this webinar, we explored essential aspects of Customer Journey Management and personalization. Here’s a summary of the key insights and topics discussed:
Key Takeaways:
Understanding the Customer Journey: Dr. Hill emphasized the importance of mapping and understanding the complete customer journey to identify touchpoints and opportunities for improvement.
Personalization Strategies: We discussed how to leverage data and insights to create personalized experiences that resonate with customers.
Technology Integration: Insights were shared on how inQuba’s advanced technology can streamline customer interactions and drive operational efficiency.
2. 👋 I'm Victor Rentea 🇷🇴 Java Champion, PhD(CS)
18 years of coding
10 years of training & consul2ng at 130+ companies on:
❤ Refactoring, Architecture, Unit Tes4ng
🛠 Java: Spring, Hibernate, Performance, ReacIve
Lead of European So8ware Cra8ers (7K developers)
Join for free monthly online meeIngs from 1700 CET
Channel: YouTube.com/vrentea
Life += 👰 + 👧 + 🙇 + 🐈 @victorrentea
https://victorrentea.ro
🇷🇴
past events
6. 6 VictorRentea.ro
Big Ball of Mud
(BBoM Pattern)
= a sprawling, sloppy,
duct-tape,
spaghetti-code jungle,
showing signs of unregulated growth,
and repeated expedient repair.
In desperate need of refactoring, but lacking tests.
https://wiki.c2.com/?BigBallOfMud
7. 7 VictorRentea.ro
☢ nano-services
Velocity
⏩
FAST
🐌
SLOW
Microservices
Autonomy of microservices
outweighs their overhead
Development Velocity
☢ BBoM
Monolith My system will be complex,
so, let's start with microservices!
(Next-Ne)lix Syndrome)
Project Age
Early Late
produc3vity drops due to
high complexity & coupling
1-2 years or ≥ 7 dev
8. 8 VictorRentea.ro
You should NOT start a new project with microservices,
even if you're sure your application will be big enough
to make it worthwhile. - Martin Fowler
principal microservice evangelist
h5ps://mar3nfowler.com/bliki/MonolithFirst.html (2015)
Instead: start simple (KISS) and
address the system's natural bottlenecks as they occur
( bugs, delays, dev pain )
😔 😔 😔
Meanwhile: "If we don't start with microservices, THEY (the bosses) won't
give us the .me we need to break it into microservices later" = WASTE
10. 10 VictorRentea.ro
Pain-Driven Architecture
Protect core logic vs ugly API call with an Adapter
Split Complexity by Layers of Abstraction (ie. Facade)
Isolate Persistence if Shared/Legacy storage
Grow a Rich Model in Complex Domains
Refactor to Modulith when team grows
Use Events for cleaner 1:N Decoupling
Go to Microservices to meet NFRs
12. 12 VictorRentea.ro
1) Big-Bang Rewrite of a 12y-old, 3M LOC codebase
- Re-gather all requirements and start from scratch
- Any changes to the old system you (a) reject, (b) delay, or (b) cost x2 (old+new)
- 20-30% success rate & likely to turn into a Distributed Monolith
2) Strangler-Fig Pa4ern (outside-in) ✅
- Rewrite decoupled parts as microservices behind a proxy protecIng clients
3) Refactor to Modules > Extract (inside-out) ✅
- Progressively decouple logic and data in the monolithic codebase
From a BBoM to Microservices
13. 13 VictorRentea.ro
Refactor to Modules
Modulith
Can prove the best
in some domains
Velocity
⏩
FAST
🐌
SLOW
Microservices
Development Velocity
Monolith
Project Age
Early Late
Easy to extract
a microservice
14. 14 VictorRentea.ro
Can we have the best of both?
Deployment architecture of a Monolith
Logical decoupling of Microservices
+ Easy to extract a Microservice
19. 19 VictorRentea.ro
Goal of Modulith
independent teams managing decoupled modules
Example #1 (e-health)
each team {4-5 DEV+FE+PO+QA} owns ~4 modules
x 8 teams
+ 2 x FuncIonal Architects
+ 3 x Core Pladorm Team
total = 60 people
CI build ≤ 15 minutes (tuned)
1 prod deploy /week on 10 instances
Example #2 (pharmacy): 30 people
Example #3 (loan approval): 24 people
24. 24 VictorRentea.ro
= a stand-alone logical applicaEon, having its own:
§business features (user value)
§private implementaIon: domain model + logic
§public API:
- internal, for other modules: via method calls or events
- external, for other systems: via REST, Rabbit, KaOa...
§private tables in database
§micro-frontend: screens & shared components (monorepo)
What is a Module?
25. 25 VictorRentea.ro
Internal API
for other modules
External API
for other systems
MQ
RPC
implementa4on
not accessible
by other modules
Events
publish
<< plugin >>
B
listen
Methods
Interface
26. 26 VictorRentea.ro
§Publisher should NOT expect any effect ⚠
§Publisher is unaware of listeners (poten;ally mul;ple) J
§The order of listeners should not ma>er. If it does: chain a new event ⚠
§Events can carry state to avoid a call back to publisher 🤔
§All listeners run sequen1ally in the publisher's thread and transac;on (if any)
§Listeners can be @Async
§Events can be persisted if sent over KaJa/Rabbit..
- Spring-modulith @Applica3onModuleListener persist events in DB un3l processed
⚠ Events are harder to navigate than method calls è use only between modules
Events 101
Eventual Consistency
29. 29 VictorRentea.ro
§ArchUnit @Test www.archunit.org + ported to most languages
§Spring Modulith @Test spring.io/projects/spring-modulith
§Build Modules (Maven/Gradle)
Enforce Code Boundaries
@Test !// unit test running on CI
public void encapsulatedModules() {
var classes = new ClassFileImporter().importPackages("com.myapp");
var sliceRule = slices().matching("!..myapp.(*)!..*")
.should().notDependOnEachOther()
.ignoreDependency(resideInAnyPackage("!..shared!..", "!..api!.."));
sliceRule.check(classes); !// #1 fail on any deviation
List<String> violations = sliceRule.evaluate(classes)!!...;
assertThat(violations).hasSizeLessThan(33); !// #2 fitness function
}
@Test
void verifyModularity() { !// uses ArchUnit rules under the hood
ApplicationModules.of(ModulithApp.class).verify();
}
30. 30 VictorRentea.ro
⚠ Only a'er boundaries are clear AND the team is about to split
✅ Stronger separa2on
- Impossible to add excep:ons/@Disable to the ArchUnit @Tests 😏
- Impossible to have cycles è
- BeAer IDE sugges:ons (eg: imagine 2 classes named 'Product' in different modules)
✅ Selec2ve dependencies
- A module can decide to use jasperreports, use reactor, or refuse lombok
- ⚠ All modules share the SAME library VERSIONS in the final binary
✅ Par2al release
- Client customiza:ons: invoicing-nhs.jar
- Purchased features: payment-exports.jar
From Packages to Build Modules
(Maven/Gradle)
31. 31 VictorRentea.ro
Cyclic Dependencies
« module »
A
« module »
B
= Tight Coupling (they oEen change together)
⚠ Build fails if modules are separate build units (eg maven/gradle)
use
use
32. 32 VictorRentea.ro
?
?
A B
O
orchestrator
"facade"
Pull OrchestraIon Up
?
?
?
?
Allow the call cycle,
just fix the code cycle
shared
A-impl B-impl
A-api B-api
Extract API out
run5me calls
keep a coarse-grained API,
for a monolithic client/site
Strategical Dependencies between Modules
microservices: shared lib
microservices: events on queue
microservices: interdependent microservices + client.jar
microservices: api gateway/bff/saga microservices: shared lib/3rd service microservices: merge or break
❤
AB
Merge Modules
Tight Coupling
(eg dozens of links)
Dependency Inversion
B allows A to implement logic,
without depending on A
A B
ç event
call
Publish Events (in-mem)
⭐Decoupled
A B
S
Push Shared Down
A B
(code dep) implements è
call
Dependency Inversion
⭐Decoupled
AProviderImpl
runtime call
«interface»
AProvider
Module A must react to changes in B
"shared"
Module:
- StringUQls
- Logging/Audit
- Country list
Wrong boundaries.
Try others? 🤔
33. 33 VictorRentea.ro
The 'Shared' Module
§If large => BBoM ☢
- Possible starIng point coming from BBoM
§Extract business logic
§Extract complex concerns: common-security, common-kaOa..
§Contain internal API of all modules: api.catalog|.inventory 🤔
- ✅ Pros: simple fix to cyclic dependencies
- ⚠ Cons: risk of coupling internal APIs (write an ArchUnit rule)
§Contain staEc reference data: Country, Region, DiagnosEc...
- Be'er than dozens of nano-modules
34. 34 VictorRentea.ro
* the same applies for "Microservice"
Smaller! Nano!
Post-BBoM PTSD ?
How small should modules be?
or microservices
35. 35 VictorRentea.ro
The Fallacy of Nano-Services
The microservices honeymoon is over.
Uber is refactoring thousands of microservices into a more manageable solution;
Kelsey Hightower is predicting monoliths are the future;
Sam Newman is declaring that microservices should never be the default choice,
but rather a last resort.
Monolith can be cheaper (Amazon) and faster (StackOverflow.com)
https://vladikk.com/2020/04/09/untangling-microservices/
Smaller pieces
=> more coupling
36. 36 VictorRentea.ro
order product
fulfillment
place order
cancel order
return
catalog
search
filter
display
compare
stock
inventory
stock
warehouse
supply-chain
hEps://www.michaelnygard.com/blog/2018/01/services-by-lifecycle/
Scales
Be'er
Split by
Data Concept
(aka En*ty Service)
Bu$in€ss Capability / User Value
(aka Feature Service)
40. 40 VictorRentea.ro
Data Decoupling Levels
1. No IsolaGon (BBoM): everyone freely reads/writes any table
⚠ Data CorrupIon: a module could write valid data in a table, but later read bad data.
2. Write IsolaGon: one module writes into a table, but any other can read
🧠 Might require spliong a table (in separate schemas)
INVENTORY.ITEMS vs CATALOG.PRODUCTS, CATALOG.PRODUCT_ATTRIBUTES
⚠ Frozen Table Structure: an ALTER TABLE can break the readers
3. Exclusive Access🤩💖: modules have private schemas
😏 Trick: except read-only VIEWS exposed for others to JOIN : INVENTORY.V_STOCK(id, items)
4. Consistency per Module - tables of two modules:
(a) do NOT share any Foreign Key, and
(b) are NOT updated in the same Transac4on
Defer unIl microservice
extrac4on is imminent
Strong Consistency
Eventual Consistency
41. 41 VictorRentea.ro
(vs a tradiJonal Monolith)?
1. Complexity EncapsulaIon behind clear Module APIs
- Autonomy & Less cogniJve load per module
2. Smaller Domain Model gets specialized, thus more useful
- catalog.Product vs inventory.InventoryItem
3. Module owns its Persistence
- Easy to keep tables in sync with evolving Domain Model
What makes a Modulith maintainable
43. 45 VictorRentea.ro
§End-to-end tests are slow and fragile
- Prefer Module-scoped tests ✅ over fragile unit-tests ❌
§"Always ready to ship" using Feature Flags
- ⚠ Constantly remove unneeded flags
§Parallel Build 😎
§A Monorepo can build mulEple arEfacts:
- Modulith + Frontend + 2 Microservices 🤔
Unified Build
44. 46 VictorRentea.ro
§Shared TransacIons
- An excepIon in a module you call/noIfy can roll back your transacIon
§Resource starvaIon
- Modules share thread/DB connec4on pool è Monitoring ⚠
§Deadlocks
- In-process or out- (DB, Redis)
§Single instance of DI container
- Global seongs, rogue aspects, bean name collision
§Unified OpenAPI
- Single version? Type name collisions?
DifficulFes of "Running Together"
48. 50 VictorRentea.ro
Benefits of Microservices
ü Faster Time-to-Market => 😁 Business
if independently deployable by autonomous teams
ü Lower CogniGve Load => 😁 Developers
if small & aligned with business
ü Scalability for the hot🔥 parts that require it
ü Availability: fault-tolerance to parBal failures
ü Technology Freedom vs language/library version
ü Security / Privacy (GDPR) / Compliance
Modulith also
provides these
49. 51 VictorRentea.ro
Drawbacks of Microservices
§Complex to Develop & Deploy
§Network Latency & Reliability
§Asynchronous CommunicaGon (messages/events)
§Eventual Consistency
§Hard to Monitor, Trace & Debug
$M1 premium
50. 52 VictorRentea.ro
§Separate persistence
- No cross-schema SELECT. 🤔 Think...
- Drop all Foreign Keys to ó from other modules' schemas 🤔
- Stop sharing transac4ons with other modules 🤔
§Separate threads
- Turn method calls into REST localhost:8080 calls 🤔 (+propagate TraceId!)
- Events: @Async, @ApplicaIonModuleListener, or via Rabbit, Kawa 🤔
§Separate build & deploy 🎉
- Extract module X internal API as a standalone library (x-api.jar)
- Then separate Git repo 🤔
Steps to Extract a Module as a Microservice
POSTPONE
UNTIL
EXTRACTING A
MICROSERVICE
IS PLANNED IN
NEAR-FUTURE
if a step makes
business panic
STOP
undo, and rethink
extracQon
51. 54 VictorRentea.ro
§The safest & cheapest way to split a Monolith
- To experiment with boundaries & gradually enforce them
§A valid alternaEve to Microservices
- For complex domains with decent NFRs
Modular Monolith
is
53. I was Victor Rentea,
trainer & coach for experienced teams.
Git: h'ps://github.com/victorrentea/spring-modulith.git
Branch: devoxx-uk-24
Meet me online at: