index.html

<!DOCTYPE html>

<html lang="en-US" prefix="og: http://opg.me/ns#">
  <head>
    <meta charset="UTF-8" />

    <meta name="title" property="og:title" content="Apex" />

    <meta
      name="description"
      property="og:description"
      content="Apex is an API proxy for microservices that provides one place to log and control all service-to-service traffic"
    />

    <meta name="type" property="og:type" content="website" />

    <meta name="url" property="og:url" content="https://apex-api-proxy.github.io/" />

    <meta name="image" property="og:image" content="images/logos/apex-logo-linkedin-feature.png" />

    <meta name="viewport" content="width=device-width, initial-scale=1" />

    <meta name="author" content="Derick Gross, Kelvin Wong" />

    <title>Apex API Proxy</title>

    <link
      rel="apple-touch-icon"
      sizes="180x180"
      href="images/icons/favicons/apple-touch-icon.png"
    />
    <link
      rel="icon"
      type="image/png"
      sizes="32x32"
      href="images/icons/favicons/favicon-32x32.png"
    />
    <link
      rel="icon"
      type="image/png"
      sizes="16x16"
      href="images/icons/favicons/favicon-16x16.png"
    />
    <link rel="manifest" href="/images/icons/favicons/site.webmanifest" />
    <link rel="mask-icon" href="/images/icons/favicons/safari-pinned-tab.svg" color="#5bbad5" />
    <link rel="shortcut icon" href="/images/icons/favicons/favicon.ico" />
    <meta name="msapplication-TileColor" content="#da532c" />
    <meta name="msapplication-config" content="/images/icons/favicons/browserconfig.xml" />
    <meta name="theme-color" content="#ffffff" />

    <!-- <style>reset</style> -->

    <link rel="stylesheet" href="stylesheets/reset.css" />

    <link
      rel="stylesheet"
      href="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.13.1/styles/gruvbox-dark.min.css"
      charset="utf-8"
    />

    <!-- <style></style> -->

    <link rel="stylesheet" href="stylesheets/main.css" />

    <script src="https://cdnjs.cloudflare.com/ajax/libs/highlight.js/9.13.1/highlight.min.js"></script>

    <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js"></script>

    <!-- <script></script> -->

    <script src="javascripts/application.js"></script>

    <style></style>
  </head>

  <body>
    <div class="logo-links">
      <p id="apex-logo">MENU</p>
      <!-- <a href="https://github.com/apex-api-proxy" target="_blank">
        <img src="images/logos/apex-logo.png" alt="Apex logo" id="apex-logo" />
      </a> -->

      <a href="https://github.com/apex-api-proxy/apex" target="_blank">
        <img src="images/logos/github_black.png" alt="github logo" id="github-logo" />
      </a>
    </div>
    <a id="toTop-link" href="#" target="_blank">
      <img src="images/logos/back-to-top.png" alt="Back to top" id="toTop-logo" />
    </a>
    <nav id="site-navigation">
      <ul>
        <li>
          <a href="#home" id="home-link">HOME</a>
        </li>

        <li>
          <a href="#case-study" id="case-study-link">CASE STUDY</a>

          <nav id="case-study-mobile">
            <ul></ul>
          </nav>
        </li>

        <li>
          <a href="#our-team" id="our-team-link">OUR TEAM</a>
        </li>
      </ul>
    </nav>

    <header id="home">
      <h1>
        <img src="images/logos/apex-logo.png" alt="Apex logo" />

        <p>API proxy for logging and controlling traffic between microservices</p>
      </h1>
    </header>

    <section class="integration">
      <div class="box">
        <img
          id="banner-deploy"
          src="images/diagrams//gifs/apex_query_logs_2.gif"
          alt="best practices"
        />
      </div>

      <article class="box">
        <div class="text-box">
          <h1>Centralized logging and tracing for your microservices</h1>

          <p>
            No additional client libraries needed in your service code
          </p>

          <!-- <a class="button" href="#case-study">Learn More</a> -->
        </div>
      </article>
    </section>

    <section class="integration">
      <article class="box">
        <div class="text-box">
          <h1>Manage all fault-handling logic e.g. retries in one place</h1>

          <p>
            Define both global traffic rules and custom rules for individual services
          </p>

          <!-- <a class="button" href="#case-study">Learn More</a> -->
        </div>
      </article>

      <div class="box">
        <img
          id="banner-deploy"
          src="images/diagrams/5.4) orders-shipping custom configuration_2.png"
          class="softened"
          alt="Deploy Apex proxy with a few commands"
        />
      </div>
    </section>

    <section class="integration">
      <div class="box">
        <img
          id="banner-deploy"
          src="images/diagrams/gifs/apex_deploy_2.gif"
          class="softened"
          alt="Deploy Apex proxy with a few commands"
        />
      </div>

      <article class="box">
        <div class="text-box">
          <h1>Deploy to Docker containers with a few commands</h1>

          <p>
            No changes required in how your services are currently deployed
          </p>

          <!-- <a class="button" href="#case-study">Learn More</a> -->
        </div>
      </article>
    </section>

    <main>
      <section id="case-study">
        <h1>Case Study</h1>
        <!-- <p class="subheader">
          One place to log and control service-to-service traffic
        </p> -->

        <div id="side-nav">
          <a href="#home">
            <img src="images/logos/apex-logo.png" alt="Apex logo" />
          </a>
        </div>

        <nav>
          <ul></ul>
        </nav>

        <h2 id="introduction">1) Introduction</h2>

        <p>
          Apex is an API proxy for microservices. It provides one place to log and control
          service-to-service traffic.
        </p>

        <p>
          Apex is designed for small teams that have just begun migrating from a monolith to a
          microservices architecture. While microservices bring many benefits such as faster
          deployment cycles, they also bring a host of new challenges by relying on the network for
          service-to-service communication. As network communication is unreliable and has latency,
          faults become more likely to occur, leading teams to have to spend more time diagnosing
          network-related faults, and writing pre-emptive fault-handling logic within each service.
          [<a href="#footnote-1">1</a>]
        </p>

        <p>
          Some current solutions exist to help teams perform these tasks faster. Client libraries
          can be imported into each service’s code to automate networking concerns, an API gateway
          can be inserted in front of all services to handle incoming traffic, and for large
          systems, a service mesh is often deployed to abstract away networking concerns from
          services altogether. These are all valid solutions with their own set of trade-offs.
        </p>

        <p>
          For a small team running their first few microservices, however, none of the existing
          solutions provide the right set of trade-offs: optimized for service-to-service traffic,
          and ease of deployment and operation, over high availability and scalability. These are
          the trade-offs that underpinned Apex’s design.
        </p>

        <p>
          With Apex, a user can view the logs for all service-to-service traffic by querying just
          one table, while grouping all requests and responses that belong to the same workflow.
          They can also define and update traffic rules such as the number of times to retry a
          request in one configuration store.
        </p>

        <h2 id="microservices">2) Microservices</h2>

        <p>
          To understand how Apex makes it easier to work with microservices, it is important to
          first understand what microservices are. This, in turn, requires understanding that the
          microservices architecture is a choice, the other choice being, of course, a monolith.
        </p>

        <h3 id="monolithic-architecture">2.1) Monolithic architecture</h3>

        <p>
          In a monolithic architecture, there is typically just one application server (the
          ‘monolith’) that holds all the business logic. In some cases, this application server
          alone is already sufficient to serve an application to a user (e.g. a website with just
          static HTML). More likely though, the application will also generate some user data that
          must be persisted, and so the monolithic application server will also transfer data to and
          from a database server.
        </p>

        <div class="img-wrapper">
          <img src="images/diagrams/2.1) Monolith.png" alt="Monolith" />
        </div>

        <p>
          Consider the above example of a monolithic system that serves an e-commerce store to
          users. The business logic in the app server can be organized into classes or modules, or
          more generally, ‘subsystems’, that encapsulate related functionality e.g. manipulating
          customer data, checking and updating inventory, creating shipments. These subsystems can
          each expose an interface of methods, or more generally ‘behaviors’, that can be invoked by
          each other to facilitate communication between them.
        </p>

        <p>
          As method or function calls take place within the same running process in memory, they are
          reliable and very fast, with latency often measured in microseconds [<a href="#footnote-2"
            >2</a
          >].
        </p>

        <div class="img-wrapper">
          <img
            src="images/diagrams/2.1) In-process method calls.png"
            alt="In-process method calls are reliable and fast"
          />
        </div>

        <p>
          Another possible monolithic architecture is to further decouple the data store for each
          subsystem, by separating it into multiple database servers. For example, the
          <code>customers</code> subsystem and the <code>orders</code>
          subsystem can be connected to separate database servers, if that is deemed to be e.g. more
          flexible or scalable for a particular need.
        </p>

        <div class="img-wrapper">
          <img
            src="images/diagrams/2.1) Monolith with multiple databases.png"
            alt="Monolith with multiple databases"
          />
        </div>

        <p>
          A simple analogy for a monolithic application is a small business run by just one owner.
          The owner has to do everything - sales and marketing, procurement, operations, finance,
          IT. There may be one central log book that keeps track of all business data, or the owner
          could use several ‘persistent data stores’ in parallel e.g. CRM system for sales data,
          accounting software for financial data, ERP system for inventory data, pen and paper for
          tax filings.
        </p>

        <h3 id="microservices-architecture">2.2) Microservices architecture</h3>

        <p>
          The microservices architecture differs from the monolith in two major ways. First,
          subsystems are decoupled even further. Each subsystem is deployed independently to its own
          app server as a standalone ‘application’, or ‘service’, and the current best practice is
          for every service to have its own database [<a href="#footnote-3">3</a>].
        </p>

        <div class="img-wrapper">
          <img
            src="images/diagrams/2.2) Microservices with multiple databases.png"
            alt="Monolith architecture vs microservices architecture"
          />
        </div>

        <p>
          Secondly, subsystems now communicate over the network via HTTP requests, rather than
          through in-process method invocations. So for example, if our <code>orders</code> service
          needs to create a new shipment, it might do this by sending a <code>POST</code> request to
          the <code>/shipments</code> endpoint of the <code>shipping</code>
          service, and attaching any other relevant information in the request body.
        </p>

        <div class="img-wrapper">
          <img
            src="images/diagrams/2.2) Microservices communicating over the network.png"
            alt="Microservices communicate over the network"
          />
        </div>

        <p>
          Going with the same analogy of a small business, the microservices architecture is
          comparable to a small team of several members (or ‘services’) who each specialize in one
          function. For example, these could include a salesperson, a marketer, an operations
          manager, accountant/bookkeeper and an IT manager. Now, function-to-function communication
          no longer happens in the owner’s head (or ‘in-process’); instead, different team members
          must communicate with each other in person, on the phone or by email (or ‘over the
          network’) to get things done.
        </p>

        <p>
          As we shall see, the use of the network for communication between subsystems is the key
          enabler for many of the benefits of the microservices architecture, but also the main
          culprit behind many of its drawbacks.
        </p>

        <h3 id="microservices-benefits">2.3) Microservices benefits</h3>

        <p>
          A first benefit of microservices is a wider choice of technologies for service developers.
          [<a href="#footnote-4">4</a>] The network boundaries between services free them from
          having to use the same technology stack. As long as each service maintains a stable
          network interface, or API, for other services talking to it, it is free to choose the
          language or framework that is most optimal for implementing its business logic.
        </p>

        <div class="img-wrapper">
          <img
            src="images/diagrams/2.3) Microservices with different stacks.png"
            alt="Microservices can use different technologies"
          />
        </div>

        <p>
          Arguably the most defining benefit, though, is the option to deploy subsystems
          independently of each other. [<a href="#footnote-5">5</a>] With subsystems now deployed to
          independent services that each have a smaller scope, redeploying any one subsystem incurs
          less overhead and so it becomes practical to redeploy each service more frequently. This
          enables teams to ship new features faster and reap the corresponding business benefits
          sooner.
        </p>

        <p>
          More concretely, in our e-commerce example app, as soon as a feature in the
          <code>orders</code> service is ready, <code>orders</code> can be redeployed. As long as
          <code>orders</code>’s API remains the same before and after the deployment, other services
          need not even know that a redeployment took place. On the other hand, if
          <code>notifications</code>’s logic rarely changes, then that service can simply continue
          to operate untouched.
        </p>

        <div class="img-wrapper">
          <img
            src="images/diagrams/2.3) Redeploying one microservice.png"
            alt="Each microservice can be independently redeployed"
          />
        </div>

        <p>
          Independent redeployment also enables independent scaling. [<a href="#footnote-6">6</a>]
          If our <code>orders</code> service is the first to reach its capacity, then we can simply
          upgrade <code>orders</code> to a more powerful server or deploy more replicas of
          <code>orders</code>, without having to also replicate every other service. Yet again, as
          long as the replicated <code>orders</code> service retains the same API before and after
          scaling, the other services can continue to operate in the same way as though nothing
          happened. The result is fewer large-scale system-wide redeployments and higher utilisation
          of provisioned resources, leading to savings in engineering time and costs.
        </p>

        <div class="img-wrapper">
          <img
            src="images/diagrams/2.3) Scaling microservices.png"
            alt="Each microservice can be independently scaled"
          />
        </div>

        <h2 id="microservices-challenges">3) Microservices challenges</h2>

        <p>
          We have now seen how the network boundaries between microservices result in several major
          benefits over the monolithic architecture. The network, however, comes with baggage, and
          relying heavily on it to communicate between subsystems introduces an entire new dimension
          of challenges.
        </p>

        <h3 id="network-unreliability-and-latency">3.1) Network unreliability and latency</h3>

        <p>
          Recall that in a monolith, subsystems are simply classes or modules that communicate
          through method invocations within the same process in memory. In contrast, in a
          microservices architecture, equivalent calls are now sent between services using HTTP
          requests and responses over the network.
        </p>

        <div class="img-wrapper">
          <img
            src="images/diagrams/3.1) In-process method calls vs network hops.png"
            alt="Method calls are fast, but network hops are (relatively) slow"
          />
        </div>

        <p>
          As any sufficiently heavy user of the internet will have experienced, the network is
          unreliable and has latency. That is, networks can disconnect for any number of reasons,
          and network traffic can sometimes take a long time to reach its destination. Even though
          in production, services are likely deployed to state-of-the-art data centers run by large
          cloud providers, network faults still can and do occur.
        </p>

        <div class="img-wrapper">
          <img src="images/diagrams/3.1) Network faults.png" alt="Network faults" />
        </div>

        <p>
          Such faults introduce a whole new class of problems for developers - not only do they have
          to ensure their service code is bug-free, now they also have to diagnose unexpected
          network faults, and add logic to service code that preempts network faults by providing
          compensating behaviors (e.g. displaying a ‘network down’ page to users, or retrying the
          same request a few seconds later).
        </p>

        <h3 id="diagnosing-network-faults">3.2) Diagnosing network faults</h3>

        <p>
          Diagnosing a network fault can be especially cumbersome when a single workflow passes
          through multiple services. Consider a user placing an order on our e-commerce example app,
          and suppose the <code>orders</code> service needs to first update inventory in
          <code>inventory</code>, then create a shipment in <code>shipping</code>. This one workflow
          involves 3 services with at least 3 network hops between them. If the order placement
          eventually fails, what caused that to happen?
        </p>

        <div class="img-wrapper">
          <img
            src="images/diagrams/3.2) Network fault in multi-service workflow.png"
            alt="Network fault in multi-service workflow"
          />
        </div>

        <p>
          To find out, a developer would have to trace the user’s initial <code>POST</code> request
          through the entire system. Since each service generates its own logs, the developer would
          have to first access <code>orders</code>’s logs, track down the request that failed,
          follow the request to the next service (in our case, the <code>inventory</code> service),
          access <code>inventory</code>’s logs, and so on, until they pinpoint the exact request
          that failed. This can be a laborious and slow process.
        </p>

        <h3 id="managing-fault-handling-logic">3.3) Managing fault-handling logic</h3>

        <p>
          Other times, a network fault may be totally random, and a request should simply be retried
          again. But how long should the requesting service wait before retrying again? How many
          times should it retry before giving up? If too soon or too many, then all the retries
          could overwhelm the responding service. Such logic must be defined thoughtfully.
        </p>

        <div class="img-wrapper">
          <img src="images/diagrams/3.3) Retry logic.png" alt="Retrying failed requests" />
        </div>

        <p>
          The next question becomes: where should all this logic be defined? For some teams, the
          first answer to this question is in HTTP client libraries that are imported into each
          service’s code. [<a href="#footnote-7">7</a>] So if the <code>orders</code> service is
          written in Ruby, then it would <code>require</code> a gem that provides a configurable
          client for making HTTP requests to other services. Another service written in Node might
          <code>import</code> a similar package into its code.
        </p>

        <p>
          Often, these libraries can also handle logging, as well as other networking and
          infrastructure concerns, such as caching, rate-limiting, authentication etc.
        </p>

        <p>
          Teams with more resources may go further, by having each service’s owner write a client
          library for every other service that calls it. This is already common practice when
          working with popular external APIs; for example, Stripe provides dozens of official and
          third-party libraries in different languages that abstract away the logic for calling its
          APIs. [<a href="#footnote-8">8</a>] Similarly, in a large team, each service’s owner may
          be tasked with writing a new client library for every requesting service that uses a
          different language.
        </p>

        <div class="img-wrapper">
          <img
            src="images/diagrams/3.3) New client library for every language.png"
            alt="shipping's owner writes a new shipping_client for every language"
          />
        </div>

        <p>
          Needless to say, this solution becomes less and less manageable as the number of services
          grows. Every time a new service is built in a new language, every other service owner must
          write a new client library in that language. More critically, updating fault-handling
          logic now incurs a great deal of repetitive work. Suppose the CTO wishes to update the
          global defaults for the retry logic; developers would now have to update the code in
          multiple client libraries in every service, then carefully coordinate each service’s
          redeployment. The greater the number of services, the slower this process becomes. [<a
            href="#footnote-9"
            >9</a
          >]
        </p>

        <div class="img-wrapper">
          <img
            src="images/diagrams/3.3) Microservices with client libraries.png"
            alt="As more services are added, client libraries can get out of hand"
          />
        </div>

        <h2 id="existing-solutions">4) Existing solutions</h2>

        <p>
          With microservices becoming increasingly popular, a number of solutions have emerged to
          help teams overcome these challenges. Here we explain how two of these solutions - the API
          gateway and the service mesh - compare with each other.
        </p>

        <p>
          Both of these solutions in fact share the same building block - a proxy server.
        </p>

        <div class="img-wrapper">
          <img
            src="images/diagrams/4) Proxy server as building block.png"
            alt="The proxy server is a building block"
          />
        </div>

        <h3 id="proxy-server">4.0) Proxy server</h3>

        <p>
          A proxy is simply a server that sits on the path of network traffic between two
          communicating machines, and intercepts all their requests and responses. These machines
          could represent a client sending a request to another server, or for our purposes, two
          internal services communicating within the same architecture.
        </p>

        <div class="img-wrapper">
          <img
            src="images/diagrams/4.0) Proxy server.png"
            alt="Proxy server can intercept and forward HTTP requests and responses"
          />
        </div>

        <p>
          In the above diagram, <code>orders</code> does not send an HTTP request directly to
          <code>shipping</code>; instead, it addresses its request to a host belonging to
          <code>proxy</code> (i.e. <code>proxy.com</code>). In order for <code>proxy</code> to know
          that <code>orders</code> actually wants to send its request to <code>shipping</code>,
          <code>orders</code> must specify <code>shipping</code>’s host (i.e.
          <code>shipping.com</code>) in another part of the request e.g. in the
          <code>Host</code> header value.
        </p>

        <p>
          When <code>proxy</code> receives a response back from <code>shipping</code>, it simply
          forwards the same response back to <code>orders</code>.
        </p>

        <h3 id="api-gateway">4.1) API gateway</h3>

        <h4>4.1.1) API gateway features</h4>

        <p>
          At its core, an API gateway is simply a proxy server (more precisely, a ‘reverse proxy’
          [<a href="#footnote-10">10</a>]). When used with microservices, one of its primary
          functions is to provide a stable API to clients and route client requests to the
          appropriate service. [<a href="#footnote-11">11</a>]
        </p>

        <div class="img-wrapper">
          <img
            src="images/diagrams/4.1.1) API gateway.png"
            alt="An API gateway proxies all incoming requests into a system"
          />
        </div>

        <p>
          It is certainly possible to deploy microservices without an API gateway. In such an
          architecture, whenever the client sends a request, it must already know which service to
          send the request to, and also the host and port of that service. This tightly couples the
          client with internal services, such that any newly added services, or updates to existing
          service APIs, must be deployed at the same time as updates in the client code. Such an
          architecture can be difficult to manage, as clients cannot always be relied upon to update
          immediately (e.g. mobile apps cannot be easily forced to update); even if they can, doing
          so would still incur additional engineering that could be avoided.
        </p>

        <div class="img-wrapper">
          <img
            src="images/diagrams/4.1.1) Microservices without API gateway.png"
            alt="Without an API gateway, a client must know the host port and path of every service it needs to call"
          />
        </div>

        <p>
          With an API gateway, developers are largely free to update internal services while still
          providing a stable API to clients.
        </p>

        <div class="img-wrapper">
          <img
            src="images/diagrams/4.1.1) API gateway's stable API.png"
            alt="An API gateway provides a stable API for clients, even if services are upgraded, replicated, or removed internally"
          />
        </div>

        <p>
          In addition to routing requests, the API gateway also provides one place to handle many
          concerns that are shared between services, such as authentication, caching, rate-limiting,
          load-balancing and monitoring.
        </p>

        <div class="img-wrapper">
          <img
            src="images/diagrams/4.1.1) API gateway's features.png"
            alt="An API gateway also provides one place to manage other networking concerns"
          />
        </div>

        <p>
          In a way, an API gateway can be thought of as a receptionist at a large company. Any
          visitor does not necessarily have to know which employees are present in advance, or how
          different teams work together to complete specific tasks. Instead, they simply speak with
          the receptionist, who then decides, based on the visitor’s identity and stated purpose,
          which company employee to notify, and/or what access to grant to the visitor.
        </p>

        <h4>4.1.2) API gateway for service-to-service traffic?</h4>

        <p>
          Let us revisit the challenges that were described back in Section 3: 1) diagnosing faults
          in workflows that span multiple microservices, and 2) managing fault-handling logic that
          is similar across services.
        </p>

        <p>
          If the API gateway already provides one place to manage networking concerns, perhaps it is
          already a sufficient solution to these challenges? For example, instead of deploying it as
          a ‘front proxy’ that sits in front of all services, we could deploy it in a different
          pattern than it was intended for - as a proxy that sits between services internally. Would
          this not already provide the one place to log all service-to-service requests and
          responses, and define fault-handling logic like retries?
        </p>

        <div class="img-wrapper">
          <img
            src="images/diagrams/4.1.2) Deploying API gateway internally.png"
            alt="Could we just deploy an API gateway internally between services?"
          />
        </div>

        <p>
          In theory, this is certainly possible, but in practice, existing API gateway solutions are
          not ideal options for this.
        </p>

        <blockquote>
          <p>
            Optimized to handle [client-server] traffic at the edge of the data center, the API
            gateway ... is inefficient for the large volume of [service-to-service] traffic in
            distributed microservices environments: it has a large footprint (to maximize the
            solution’s appeal to customers with a wide range of use cases), can’t be containerized,
            and the constant communication with the database and a configuration server adds
            latency.
          </p>
        </blockquote>
        <p>
          <cite>
            - NGINX, maker of the popular open-source NGINX load balancer and web server [<a
              href="#footnote-12"
              >12</a
            >]
          </cite>
        </p>

        <p>
          In short, although the API gateway looks close to the solution we need, existing solutions
          on the market come built-in with many extra features that are designed for client-server
          traffic, making them a poor fit for managing service-to-service traffic.
        </p>

        <div class="img-wrapper">
          <img
            src="images/diagrams/4.1.2) API gateway's extra features for client-server traffic.png"
            alt="API gateway's features for client-server traffic add unnecessary complexity when using it for service-to-service traffic"
          />
        </div>

        <p>
          That is not to say a solution like an API gateway is completely out of the question. As we
          shall see in Section 5, the API gateway pattern was a major source of inspiration for
          Apex’s solution.
        </p>

        <h3 id="service-mesh">4.2) Service mesh</h3>

        <p>
          The service mesh is another existing solution to the challenges with microservices that
          were outlined in Section 3. As mentioned previously, it also builds upon the proxy server.
        </p>

        <h4>4.2.1) Sidecar proxies</h4>

        <p>
          The service mesh is a highly complex solution, and we once again approach it through the
          analogy of a company. Consider a large team of people (analogous to services) who all
          communicate directly with each other.
        </p>

        <div class="img-wrapper">
          <img
            src="images/diagrams/4.2.1) Everybody talks to everybody.png"
            alt="Communication in a large team (1): everybody talks to everybody"
          />
        </div>

        <p>
          As the team size grows, team members will likely find themselves spending more and more
          time handling these scenarios:
        </p>

        <ul>
          <li>
            <b>[Retry logic]</b> At any given time a team member may be off sick, so any other
            person who wishes to talk to them must retry again later.
          </li>
          <li>
            <b>[Rate-limiting]</b> A team member may be temporarily working reduced hours, and can
            only handle a limited number of incoming messages.
          </li>
          <li>
            <b>[Caching]</b> A team member may be asked for the same piece of information multiple
            times by other team members.
          </li>
          <li>
            <b>[Encryption]</b> Each team member is required to only use secure communication
            channels provided by the company.
          </li>
          <li>
            <b>[Authorization]</b> Some team members may be allowed to access confidential financial
            information, while others may not.
          </li>
          <li>
            <b>[Routing]</b> Sometimes a team member may need a particular piece of information, but
            does not know who has it, and so has to try several different people before obtaining
            it.
          </li>
          <li>
            <b>[Logging]</b> The company may wish to pull all messages from every team member’s
            inbox, to create a centralized record for auditing purposes.
          </li>
        </ul>

        <p>
          Managing these communication-related issues would take away time and focus from each team
          member’s core responsibilities.
        </p>

        <p>
          In this example, adding a service mesh is analogous to giving every team member a personal
          assistant (PA), who intercepts all incoming and outgoing messages and handles all the
          above tasks. This team structure would free team members from having to handle
          communication-related tasks, and allow them to focus more on their core responsibilities.
        </p>

        <div class="img-wrapper">
          <img
            src="images/diagrams/4.2.1) Team members with their own PA.png"
            alt="Communication in a large team (2): Every team member talks through their own personal assistant (PA)"
          />
        </div>

        <p>
          In an actual service mesh, the PA would instead be a proxy server, known as a ‘sidecar
          proxy’. Each service is deployed alongside its own sidecar proxy, which intercepts all
          requests and responses to and from its parent service, and handles all the networking and
          infrastructure concerns we listed above, such as retry logic, rate-limiting etc. As a
          result, each service’s code can focus on its main business logic, while outsourcing
          networking and infrastructure concerns to the service’s sidecar proxy. [<a
            href="#footnote-13"
            >13</a
          >]
        </p>

        <div class="img-wrapper">
          <img
            src="images/diagrams/4.2.1) Services and sidecar proxies.png"
            alt="In a service mesh, services talk through their own 'sidecar proxies'"
          />
        </div>

        <h4>4.2.2) Configuration server</h4>

        <p>
          In addition to the sidecar proxies, the service mesh has one other important component - a
          central configuration server.
        </p>

        <p>
          Back in our hypothetical company, a configuration server is akin to a centralized folder
          containing data on team members and company policies e.g. who is on leave, who is working
          reduced hours, which secure channels to use, who has access to what information. Each
          personal assistant (PA) would have their own copy of this information to help them handle
          communication quickly, but whenever anything is updated in the centralized folder e.g. by
          the COO or HR Director, the changes are immediately sent to each PA, so that PAs always
          have the most up-to-date information in their own copies.
        </p>

        <div class="img-wrapper">
          <img
            src="images/diagrams/4.2.2) Centralized folder with company policies and team info.png"
            alt="One centralized folder containing personnel info, with updates automatically copied to each PA's copy of the folder"
          />
        </div>

        <p>
          In the same way, the configuration server in a service mesh provides one place to update
          network traffic rules, such as logic for retries, caching, encryption, rate-limiting,
          routing. The configuration server is the source of truth for this information, but each
          sidecar proxy also has a cached copy of the information. Whenever the configuration server
          gets updated, it propagates the changes to each sidecar proxy, which then applies the
          changes to its own cached copy. [<a href="#footnote-14">14</a>]
        </p>

        <div class="img-wrapper">
          <img
            src="images/diagrams/4.2.2) Services and configuration server.png"
            alt="One configuration server containing all routes, retry logic, etc., with updates automatically pushed to each sidecar proxy's cached copy"
          />
        </div>

        <h4>4.2.3) Service mesh trade-offs</h4>

        <p>
          Again, let us revisit the challenges that were described back in Section 3: 1) diagnosing
          faults in workflows that span multiple microservices, and 2) managing fault-handling logic
          that is similar across services.
        </p>

        <p>
          The service mesh provides a robust solution to these challenges. The configuration server
          provides one place to define and update fault-handling logic; each sidecar proxy can be
          responsible for generating logs and sending them to one place to be stored, and also for
          executing fault-handling logic. Moreover, without any single point of failure or one
          single bottleneck, the architecture is resilient and highly scalable. [<a
            href="#footnote-15"
            >15</a
          >]
        </p>

        <div class="img-wrapper">
          <img
            src="images/diagrams/4.2.3) Service mesh as solution to microservices challenges.png"
            alt="Service mesh as solution to microservices challenges"
          />
        </div>

        <p>
          However, as with so many tools, rich functionality begets complexity. Implementing a full
          service mesh more than doubles the number of components in the architecture that must now
          be deployed and operated. In addition, both the sidecar proxy and its parent service are
          usually containerized to run alongside each other in the same virtual server. [<a
            href="#footnote-16"
            >16</a
          >] If any existing service is currently deployed without a container, then developers must
          now containerize it and redeploy it. More domain expertise must be acquired, and
          significant engineering effort expended.
        </p>

        <h3 id="summary">4.3) Summary</h3>

        <p>
          As we have seen, solutions certainly exist to handle the challenges we described with
          microservices. Each existing solution embodies a different set of trade-offs.
        </p>

        <ul>
          <li>
            <b>API gateways’</b> features are designed for client-server, not service-to-service,
            traffic.
          </li>
          <li>
            <b>Service meshes</b> check all the boxes, but require teams to acquire more expertise,
            operate double the number of components, and redeploy existing services in a different
            pattern.
          </li>
        </ul>

        <div class="img-wrapper">
          <img
            src="images/diagrams/4.3) API gateway and service mesh trade-offs.png"
            alt="API gateway and service mesh trade-offs"
          />
        </div>

        <h2 id="design-architecture">5) Design & architecture</h2>

        <h3 id="apex-trade-offs">5.1) Apex trade-offs</h3>

        <p>
          For some teams, neither an API gateway nor a service mesh provide the right set of
          trade-offs. Consider a small team that are just beginning to migrate their monolith to
          include a few microservices. For ease of deployment, most of the services have been
          deployed to Heroku, or another platform as a service (PaaS) solution.
        </p>

        <p>
          It is likely that this team will have already experienced the challenges we mentioned back
          in Section 3: 1) diagnosing faults in workflows that span multiple microservices, and 2)
          managing fault-handling logic that is similar across services.
        </p>

        <p>
          For this team, a solution with the following trade-offs are needed:
        </p>

        <ul>
          <li>Optimized for handling service-to-service traffic</li>
          <li>One place to aggregate logs and manage traffic rules</li>
          <li>Simple to deploy and operate</li>
          <li>Fewer built-in features are acceptable</li>
          <li>
            Does not require changes to deployment pattern for existing services (e.g. does not
            require existing services to be containerized), since this may be difficult or not
            possible at all in PaaS solutions
          </li>
          <li>Lower availability is acceptable</li>
          <li>Lower scalability is acceptable</li>
        </ul>

        <div class="img-wrapper">
          <img src="images/diagrams/5.1) Apex trade-offs.png" alt="Apex trade-offs" />
        </div>

        <p>
          These are precisely the trade-offs we chose when building Apex.
        </p>

        <h3 id="proxy-server-with-middleware-layers">5.2) Proxy server with middleware layers</h3>

        <p>
          Apex’s architecture includes 5 components:
        </p>

        <div class="img-wrapper">
          <img src="images/diagrams/5.2) Apex architecture.png" alt="Apex architecture" />
        </div>

        <ol>
          <li>Proxy server</li>
          <li>Logs database</li>
          <li>Configuration store</li>
          <li>Admin API</li>
          <li>Admin UI</li>
        </ol>

        <p>
          Apex’s core component, the <code>apex-proxy</code> server sits on the path of network
          traffic between every pair of communicating microservices, such as that between
          <code>orders</code> and <code>shipping</code> above. In the case of systems with more than
          two services, the following diagram shows how Apex would be deployed.
        </p>

        <div class="img-wrapper">
          <img
            src="images/diagrams/5.2) Mediating all service-to-service traffic.png"
            alt="Apex mediates internal traffic between every pair of services"
          />
        </div>

        <p>
          Recall that an API gateway is just a proxy server that handles all client-server traffic
          coming into a system, and routes client requests to the correct service. In a similar way,
          Apex can be thought of as a stripped-down, internally deployed API gateway, which routes
          not traffic between clients and servers, but traffic between services.
        </p>

        <p>
          Zooming further into <code>apex-proxy</code>, there are several middleware layers that
          each provide additional functionality beyond simple proxying, such as authentication,
          routing, retries and logging.
        </p>

        <div class="img-wrapper">
          <img
            src="images/diagrams/5.2) Apex architecture with middleware.png"
            alt="Apex architecture with middleware"
          />
        </div>

        <h3 id="logging-and-tracing-service-to-service-traffic">5.3) Logging and tracing service-to-service traffic</h3>

        <p>
          Since <code>apex-proxy</code> intercepts all network traffic between microservices, it is
          able to aggregate logs for every request and response, and send them to
          <code>apex-logs-db</code> to be persisted and queried in one place.
        </p>

        <div class="img-wrapper">
          <img
            src="images/diagrams/5.3) apex-logs-db.png"
            alt="All requests and responses get logged to one place"
          />
        </div>

        <p>
          Additionally, <code>apex-proxy</code> provides the ability to trace requests and responses
          that belong to the same request-response cycle. Any request that comes into
          <code>apex-proxy</code> is given an extra <code>correlation-id</code> HTTP header value
          (<code>f84nw2</code> in the example diagram below), if it doesn’t have one already, before
          being logged. This same <code>correlation-id</code> value is then also included as the
          request is forwarded to the responding service. When a response comes back from the
          responding service, Apex adds this same <code>correlation-id</code> value to the response,
          before forwarding this updated response back to the requesting service. As a result, all
          requests and responses belonging to the same request-response cycle have the same
          <code>correlation-id</code> value when they are logged, making it easy to query them
          together.
        </p>

        <div class="img-wrapper">
          <img
            src="images/diagrams/5.3) Adding correlation_id header.png"
            alt="Requests and responses in the same cycle get given the same correlation-id when logged"
          />
        </div>

        <p>
          This same feature also makes it possible to connect requests and responses belonging to
          workflows that span multiple services. As long as each service adds some logic to
          propagate any <code>correlation-id</code> header value that already exists in incoming
          requests, then all requests and responses belonging to the same workflow will have the
          same <code>correlation-id</code> value in <code>apex-logs-db</code>.
        </p>

        <div class="img-wrapper">
          <img
            src="images/diagrams/5.3) Tracing multi-service workflow.png"
            alt="In a multi-service workflow, all requests and responses get the same correlation-id when logged"
          />
        </div>

        <p>
          Now, figuring out where a request failed within a workflow is just a matter of querying
          <code>apex-logs-db</code> for that one <code>correlation-id</code> value. This solves our
          first problem of diagnosing faults in workflows that span multiple microservices.
        </p>

        <div class="img-wrapper">
          <img
            src="images/diagrams/5.3) Querying logs by correlation_id.png"
            alt="apex-admin-ui interface for querying apex-logs-db by correlation_id"
          />
        </div>

        <p>
          Below, we demonstrate this feature on an actual deployed instance of Apex.
        </p>

        <div class="img-wrapper">
          <img
            src="images/diagrams/gifs/apex_query_logs_2.gif"
            alt="Actual Apex admin UI for querying apex-logs-db by correlation_id"
          />
        </div>

        <h3 id="one-place-to-manage-fault-handling-logic">5.4) One place to manage fault-handling logic</h3>

        <p>
          Similar to the service mesh, Apex also has a single configuration server, the
          <code>apex-config-store</code>, where developers can define logic for retries, routing
          etc. In this way, Apex can be thought of as a stripped-down service mesh.
        </p>

        <div class="img-wrapper">
          <img src="images/diagrams/5.4) apex-config-store.png" alt="Apex configuration store" />
        </div>

        <p><code>apex-config-store</code> contains the following configuration data:</p>

        <ul>
          <li>
            <code>service-credentials</code> is used for authentication. It stores the list of
            service names along with their passwords. Every service that sends a request to Apex
            must authenticate itself with a token generated using its name and password.
          </li>
          <li>
            <code>service-hosts</code> is used for routing. It lists the IP address or domain name
            where each service can be found.
          </li>
          <li>
            <code>default-default</code> is used for defining global defaults for service-to-service
            traffic. In the above diagram, currently by default a request times out if a response is
            not received within 3,500 ms, and can be retried a maximum of 4 times. Each new retry
            attempt must wait, or ‘back off’, for 5,000 ms after the last failed request.
          </li>
          <li>
            <code>orders-shipping</code> and <code>shipping-inventory</code> are examples of
            service-specific rules that override the global defaults:
            <ul>
              <li>
                Whenever <code>orders</code> sends a request to <code>shipping</code>, requests time
                out after 5,000 ms, and can only be retried no more than 2 times, with a backoff of
                2500 ms.
              </li>
              <li>
                When <code>shipping</code> sends a request to <code>inventory</code>, however,
                requests time out after 2,000 ms, and there shall be no retries at all.
              </li>
            </ul>
          </li>
        </ul>

        <p>
          For every request sent to Apex, <code>apex-config-store</code> is queried for
          authentication, routing and retry logic - in that order. Only after all three are complete
          do requests get forwarded onto the responding service.
        </p>

        <div class="img-wrapper">
          <img
            src="images/diagrams/5.4) apex-proxy + apex-config-store.png"
            alt="apex-proxy queries apex-config-store for authentication, routing and retry logic on every request"
          />
        </div>

        <p>
          With this one place to define and update configuration data, Apex’s architecture provides
          a solution to our second problem of managing fault-handling logic (as well as other
          network concerns) that is often similar across services.
        </p>

        <p>
          Below is the actual Apex UI for defining retry logic for when the
          <code>orders</code> service calls the shipping service.
        </p>

        <div class="img-wrapper">
          <img
            src="images/diagrams/5.4) orders-shipping custom configuration_2.png"
            alt="Custom configuration logic for when the orders service calls the shipping service"
          />
        </div>

        <p>
          Applying the same company analogy that we used for the service mesh, Apex is comparable to
          having just one team assistant (<code>apex-proxy</code>) for the whole team, rather than
          one personal assistant per team member, mediate all communication between team members.
          Every time any team member needs to communicate with another team member, they send their
          messages through the team assistant. On every incoming message, the team assistant checks
          a centralized folder (<code>apex-config-store</code>) containing all the relevant
          information on team members and company policies, to verify the identity of the sender,
          determine who should receive the message, as well as how many times to retry should the
          first attempt fail.
        </p>

        <h3 id="trading-off-availability-and-scalability">5.5) Trading off availability and scalability</h3>

        <p>
          Though Apex provides a solution to the two microservices challenges that were described
          back in Section 3, it comes with trade-offs, namely lower availability, and lower
          scalability.
        </p>

        <p>
          One of the strengths of the full service mesh is that there is no one component that sits
          on the path of all service-to-service traffic. If a sidecar proxy crashes or gets
          overloaded, only its parent service becomes unavailable, while the remaining services can
          continue to operate normally. With Apex, however, the <code>apex-proxy</code> becomes a
          single point of failure and traffic bottleneck. Any outage in <code>apex-proxy</code> will
          halt all service-to-service traffic and render the entire system unavailable.
        </p>

        <p>
          Ultimately, there is an inherent trade-off between the number of proxies in the system
          (and hence availability and scalability), and how easy it is to deploy and operate the
          system. Apex and service meshes occupy opposite ends of this spectrum.
        </p>

        <div class="img-wrapper">
          <img
            src="images/diagrams/5.5) Apex and service meshes on spectrum.png"
            alt="Apex is easier to deploy and operate, while service meshes offer higher availability and scalability"
          />
        </div>

        <h3 id="transitioning-to-a-service-mesh">5.6) Transitioning to a service mesh</h3>

        <p>
          Despite the seemingly divergent set of trade-offs between Apex and the service mesh,
          Apex’s architecture is in fact acknowledged by several service mesh vendors as a possible
          transitional architecture on the journey toward a full service mesh. NGINX calls this
          architecture a ‘Router Mesh’ [<a href="#footnote-17">17</a>]; Citrix calls it a ‘Service
          Mesh Lite’ [<a href="#footnote-18">18</a>], and Kong calls it an ‘Internal API gateway’
          [<a href="#footnote-19">19</a>].
        </p>

        <p>
          Therefore, any team that adopts Apex’s architecture can rest assured that they are not
          taking a path that is mutually exclusive to eventually adopting a full service mesh. The
          truth is quite the opposite - this architecture is “relatively easy to implement,
          powerful, efficient, and fast”, and forms part of a “progression” toward a service mesh
          [<a href="#footnote-20">20</a>].
        </p>

        <h2 id="implementation-deployment">6) Implementation & deployment</h2>

        <p>
          When implementing Apex, we made technology choices based on the trade-offs we described in
          Section 5.1. In particular, we prioritized ease of deployment and operation over
          feature-richness, high availability and high scalability. The technologies we ended up
          choosing include Node.js and Express.js, TimescaleDB, Redis, React and Docker.
        </p>

        <div class="img-wrapper">
          <img
            src="images/diagrams/6) Apex architecture with technologies.png"
            alt="Apex architectural components use several technologies"
          />
        </div>

        <p>
          Below, we briefly elaborate upon each of these choices.
        </p>

        <h3 id="apex-proxy---node_js-and-express_js">6.1) <code>apex-proxy</code> - Node.js and Express.js</h3>

        <div class="img-wrapper">
          <img
            src="images/diagrams/6.1) apex-proxy in Node and Express.png"
            alt="Apex proxy uses Node.js and Express.js"
          />
        </div>

        <p>
          For the main proxy server, we had the choice between using any popular web development
          framework (e.g. Rails), and building atop an existing proxy (e.g. Envoy, NGINX). Since one
          of our design goals was to be ‘simply to deploy and operate’, we preferred a solution that
          did not come built-in with any extra features that are irrelevant to our target user. With
          this in mind, we decided on the “fast, unopinionated, minimalist” Express.js framework [<a
            href="#footnote-21"
            >21</a
          >] built in Node.js, a language known for its ability to “handle a huge number of
          simultaneous connections with high throughput” [<a href="#footnote-22">22</a>] and
          widespread usage among developers.
        </p>

        <h3 id="apex-logs-db---timescaledb">6.2) <code>apex-logs-db</code> - TimescaleDB</h3>

        <div class="img-wrapper">
          <img
            src="images/diagrams/6.2) apex-logs-db in TimescaleDB.png"
            alt="The logs database is an instance of TimescaleDB"
          />
        </div>

        <p>
          The request and response logs generated by <code>apex-proxy</code> are a type of
          time-series data. [<a href="#footnote-23">23</a>] To store them in one place, we chose
          TimescaleDB, a time-series database that can ingest data at a rate of more than 100,000
          rows per second, even as a database reaches billions of rows [<a href="#footnote-24">24</a
          >]. This high ingestion rate mitigates the risk that writing logs to storage will become a
          bottleneck in the system.
        </p>

        <h3 id="apex-config-store---redis">6.3) <code>apex-config-store</code> - Redis</h3>

        <div class="img-wrapper">
          <img
            src="images/diagrams/6.3) apex-config-store in Redis.png"
            alt="A Redis key-value store holds configuration data"
          />
        </div>

        <p>
          One of Apex’s core features is providing service owners with one place to modify service
          information (e.g. register their service, generate new credentials for authentication),
          and update fault-handling logic (e.g. retry logic) for their own service. To enable this,
          we had several options for where to store the configuration data: 1) in an environment
          file that is loaded into memory when <code>apex-proxy</code> spins up, 2) in a file that
          is read by <code>apex-proxy</code> for every request, or 3) in an external configuration
          data store.
        </p>

        <p>
          Option 1 of using an environment file was immediately ruled out, as it requires that the
          <code>apex-proxy</code> process be restarted every time the file is updated. Between the
          two remaining options, storing configuration in a file on disk leads to faster reads,
          since in general disk IO is faster than fetching data over the network. However, files can
          be easily corrupted, if say multiple processes write to the same file at the same time.
        </p>

        <p>
          In the end, we decided on Option 3, and implemented a Redis key-value store that gets
          queried for configuration data on every request. Redis stores all its data in memory, and
          so enables reads at over 72,000 requests per second [<a href="#footnote-25">25</a>]. This
          somewhat makes up for Option 3’s slower read speed compared to Option 2. In addition,
          Redis persists data to disk once every second, ensuring that configuration data will
          remain intact even if the Redis instance crashes and must restart.
        </p>

        <h3 id="apex-admin-api---node_js-and-express_js">6.4) <code>apex-admin-api</code> - Node.js and Express.js</h3>

        <div class="img-wrapper">
          <img
            src="images/diagrams/6.4) apex-admin-api in Node and Express.png"
            alt="The admin API is another Node.js and Express.js application"
          />
        </div>

        <p>
          For convenience, we built a REST API that enables users to programmatically query their
          logs in TimescaleDB and update config data in Redis (as opposed to having to SSH into
          those instances and issue commands in the terminal). This API also provides the option for
          admins to build additional UIs for different access roles e.g. a logs-only UI for users
          who are not authorized to update configuration data.
        </p>

        <h3 id="apex-admin-ui---react">6.5) <code>apex-admin-ui</code> - React</h3>

        <div class="img-wrapper">
          <img
            src="images/diagrams/6.5) apex-admin-ui in React.png"
            alt="The admin user interface was built with React"
          />
        </div>

        <p>
          Finally, <code>apex-admin-ui</code> communicates with the
          <code>apex-admin-api</code> backend and provides service owners with a convenient way to
          register new services, edit existing service information, add and edit custom
          configuration, and query logs by <code>correlation_id</code>.
        </p>

        <h3 id="deployment---docker-and-docker-compose">6.6) Deployment - Docker and Docker Compose</h3>

        <div class="img-wrapper">
          <img
            src="images/diagrams/6.6) Deploying in Docker containers.png"
            alt="Each component deploys in its own Docker container"
          />
        </div>

        <p>
          Installing and running five interconnected components will likely be a time-consuming
          process fraught with unpredictable environment-specific errors. Standing by our design
          goal of being ‘simple to deploy and operate’, Apex’s components are all containerized
          using Docker, and deployed in a coordinated fashion with Docker Compose. This ensures
          Apex’s components are all deployed in the same (containerized) environment for every user.
        </p>

        <p>
          As shown below, deploying Apex with Docker Compose locally requires just one
          <code>docker-compose up</code> command.
        </p>

        <div class="img-wrapper">
          <img
            src="images/diagrams/gifs/apex_deploy_2.gif"
            alt="Deploying Apex's components with Docker Compose"
          />
        </div>

        <p>
          Apex’s documentation also provides step-by-step instructions for deploying Apex to AWS’s
          Elastic Container Service (ECS).
        </p>

        <h2 id="implementation-challenges">7) Implementation challenges</h2>

        <h3 id="logging-large-request-and-response-bodies">7.1) Logging large request and response bodies</h3>

        <p>
          Sending large request and response bodies from <code>apex-proxy</code> to
          <code>apex-logs-db</code> can add significant latency to request-response cycles, spin up
          long-running processes in <code>apex-proxy</code> that decrease its throughput, and fill
          up <code>apex-logs-db</code> far faster than necessary.
        </p>

        <p>
          To solve these problems, we ultimately chose to avoid decompressing any log bodies that
          arrive in a compressed format, and send logs asynchronously from an in-memory queue.
        </p>

        <h4>7.1.1) Solution 1: keep bodies compressed</h4>

        <p>
          Quite simply, sending compressed bodies means fewer bytes transmitted and stored. For a
          typical web page that arrives at <code>apex-proxy</code> in a compressed format (e.g.
          CNN’s homepage), we found that sending the compressed body to
          <code>apex-logs-db</code> typically took less than 1 second, compared with 5-10 seconds
          for the decompressed version.
        </p>

        <p>
          While keeping bodies compressed was a sensible choice, it came with the trade-off of
          inconvenience for users of <code>apex-logs-db</code>, who must now take the extra step to
          decompress bodies to make them human-readable again.
        </p>

        <h4>7.1.2) Solution 2: queue logs and send them asynchronously</h4>

        <p>
          Queuing logs to be sent asynchronously has the effect of decoupling writes to
          <code>apex-logs-db</code> from request-response cycles through <code>apex-proxy</code>. If
          <code>apex-proxy</code> happens to receive a particularly large response body that must be
          logged, it can simply enqueue this log, and move on to forwarding the response back to the
          requesting service and then on to processing the next request. The request-response cycle
          can complete regardless of when, or whether, the log eventually gets sent to
          <code>apex-logs-db</code>.
        </p>

        <p>
          Adding a queue in this way also lays the foundation for a further optimization - sending
          logs to TimescaleDB in batches. TimescaleDB’s own docs explain that this could further
          increase its data ingestion rate. [<a href="#footnote-26">26</a>]
        </p>

        <p>
          However, this solution comes with two trade-offs. The first is that several large log
          queues within concurrent processes could consume a lot of memory, straining the host
          server. Given TimescaleDB’s high ingestion rate, we made the decision to accept this
          trade-off, in the belief that the logs will dequeue fast enough to avoid hitting such a
          limit.
        </p>

        <p>
          The second trade-off is that should <code>apex-proxy</code> crash, any logs that have not
          yet been dequeued would now be lost from memory. Since each individual log is relatively
          unimportant data, we also deemed this an acceptable trade-off.
        </p>

        <h3 id="persisting-logs-and-config-data-in-containers">7.2) Persisting logs and config data in containers</h3>

        <p>
          While containerizing TimescaleDB and Redis made deployment simpler for users, it also
          increased the risk of losing logs and configuration data. This is due to the ephemeral
          nature of Docker containers. [<a href="#footnote-27">27</a>]
        </p>

        <p>
          Fortunately, Docker containers support ‘volumes’, a mechanism to persist data to a
          container’s host filesystem, and beyond the container’s lifespan. [<a href="#footnote-28"
            >28</a
          >] When deploying containers locally with Docker Compose, enabling this feature requires
          just an extra line of code in the <code>docker-compose.yml</code> configuration file.
        </p>

        <p>
          Deploying Docker containers to AWS’s Elastic Container Service (ECS), though, requires
          more care. ECS offers two launch types [<a href="#footnote-29">29</a>]: the EC2 launch
          type provides more control, by allowing developers to choose the type and quantity of EC2
          instances to provision for their containers. Its downside is that it requires more steps
          to deploy. The Fargate launch type, in contrast, abstracts away the entire
          resource-provisioning process, reducing the deployment process to running just 6 or so
          commands. Crucially, only the EC2 launch type supports Docker volumes. [<a
            href="#footnote-30"
            >30</a
          >]
        </p>

        <p>
          We had initially wanted to support the Fargate launch type, in alignment with our design
          goal of being ‘simple to deploy’. However, it was clear to us that the ability to persist
          logs and configuration data beyond the lifecycle of individual containers will be
          important for any Apex user, and in the end we spent a significant amount of extra time
          configuring Apex to support the EC2 launch type.
        </p>

        <h2 id="future-work">8) Future work</h2>

        <h3 id="handle-bursty-traffic-with-a-queue">8.1) Handle bursty traffic with a queue</h3>

        <p>
          Apex, as is, represents a single point of failure for a system. To protect it from being
          overwhelmed by bursty traffic, a best practice is to deploy a FIFO (‘first in, first out’)
          queue in front of <code>apex-proxy</code>. Another option we are considering is to deploy
          a standard queue without FIFO guarantees, which offers higher throughput rates, but
          requires additional middleware in <code>apex-proxy</code> to ensure messages are consumed
          in the right order.
        </p>

        <h3 id="back-up-logs-and-config">8.2) Back up logs and config</h3>

        <p>
          While Docker volumes offer strong persistence guarantees for Apex’s logs and configuration
          data, the compute instances (e.g. AWS EC2) hosting the containers are ephemeral and not
          suitable for long-term storage. For users who need even stronger persistence guarantees,
          <code>apex-logs-db</code> and <code>apex-config-store</code> can be configured to
          periodically back up data to a cloud storage service (e.g. AWS S3 and S3 Glacier).
        </p>

        <h3 id="reduce-latency-by-caching-config-in-apex-proxy">8.3) Reduce latency by caching config in <code>apex-proxy</code></h3>

        <p>
          Currently, every incoming request to Apex triggers multiple reads from the Redis
          <code>apex-config-store</code>. As Apex is designed for small teams with a finite and
          small number of services, most of these reads from Redis will be for the same
          configuration data. Therefore, we can significantly reduce the read rate by caching a copy
          of all configuration data in memory within <code>apex-proxy</code>, and updating the cache
          whenever any user makes a change on Redis.
        </p>

        <section id="footnotes">
          <h2 id="references">9) References</h2>

          <ol>
            <li id="footnote-1">
              <a
                href="https://martinfowler.com/articles/microservice-trade-offs.html"
                target="_blank"
                >https://martinfowler.com/articles/microservice-trade-offs.html</a
              >
            </li>
            <li id="footnote-2">
              <a
                href="https://www.cl.cam.ac.uk/research/srg/netos/projects/ipc-bench/results.html"
                target="_blank"
                >https://www.cl.cam.ac.uk/research/srg/netos/projects/ipc-bench/results.html</a
              >
            </li>
            <li id="footnote-3">
              <a href="https://samnewman.io/books/monolith-to-microservices/" target="_blank"
                >https://samnewman.io/books/monolith-to-microservices/</a
              >
            </li>
            <li id="footnote-4">
              <a
                href="https://martinfowler.com/articles/microservice-trade-offs.html#diversity"
                target="_blank"
                >https://martinfowler.com/articles/microservice-trade-offs.html#diversity</a
              >
            </li>
            <li id="footnote-5">
              <a
                href="https://martinfowler.com/articles/microservice-trade-offs.html#deployment"
                target="_blank"
                >https://martinfowler.com/articles/microservice-trade-offs.html#deployment</a
              >
            </li>
            <li id="footnote-6">
              <a
                href="https://martinfowler.com/articles/microservices.html#AreMicroservicesTheFuture"
                target="_blank"
                >https://martinfowler.com/articles/microservices.html#AreMicroservicesTheFuture</a
              >
            </li>
            <li id="footnote-7">
              <a
                href="https://www.oreilly.com/library/view/the-enterprise-path/9781492041795/"
                target="_blank"
                >https://www.oreilly.com/library/view/the-enterprise-path/9781492041795/</a
              >
            </li>
            <li id="footnote-8">
              <a href="https://stripe.com/docs/libraries" target="_blank"
                >https://stripe.com/docs/libraries</a
              >
            </li>
            <li id="footnote-9">
              <a
                href="https://www.oreilly.com/library/view/the-enterprise-path/9781492041795/"
                target="_blank"
                >https://www.oreilly.com/library/view/the-enterprise-path/9781492041795/</a
              >
            </li>
            <li id="footnote-10">
              <a
                href="https://www.cloudflare.com/learning/cdn/glossary/reverse-proxy/"
                target="_blank"
                >https://www.cloudflare.com/learning/cdn/glossary/reverse-proxy/</a
              >
            </li>
            <li id="footnote-11">
              <a
                href="https://www.nginx.com/blog/building-microservices-using-an-api-gateway/"
                target="_blank"
                >https://www.nginx.com/blog/building-microservices-using-an-api-gateway/</a
              >
            </li>
            <li id="footnote-12">
              <a
                href="https://www.nginx.com/blog/do-you-really-need-different-kinds-of-api-gateways-hint-no/"
                target="_blank"
                >https://www.nginx.com/blog/do-you-really-need-different-kinds-of-api-gateways-hint-no/</a
              >
            </li>
            <li id="footnote-13">
              <a
                href="https://www.oreilly.com/library/view/the-enterprise-path/9781492041795/"
                target="_blank"
                >https://www.oreilly.com/library/view/the-enterprise-path/9781492041795/</a
              >
            </li>
            <li id="footnote-14">
              <a
                href="https://www.oreilly.com/library/view/the-enterprise-path/9781492041795/"
                target="_blank"
                >https://www.oreilly.com/library/view/the-enterprise-path/9781492041795/</a
              >
            </li>
            <li id="footnote-15">
              <a
                href="https://www.nginx.com/blog/microservices-reference-architecture-nginx-fabric-model/"
                target="_blank"
                >https://www.nginx.com/blog/microservices-reference-architecture-nginx-fabric-model/</a
              >
            </li>
            <li id="footnote-16">
              <a href="https://www.nginx.com/blog/do-i-need-a-service-mesh/" target="_blank"
                >https://www.nginx.com/blog/do-i-need-a-service-mesh/</a
              >
            </li>
            <li id="footnote-17">
              <a
                href="https://www.nginx.com/blog/microservices-reference-architecture-nginx-router-mesh-model/"
                target="_blank"
                >https://www.nginx.com/blog/microservices-reference-architecture-nginx-router-mesh-model/</a
              >
            </li>
            <li id="footnote-18">
              <a
                href="https://thenewstack.io/part-4-when-a-service-mesh-lite-proxy-is-right-for-your-organization/"
                target="_blank"
                >https://thenewstack.io/part-4-when-a-service-mesh-lite-proxy-is-right-for-your-organization/</a
              >
            </li>
            <li id="footnote-19">
              <a href="https://konghq.com/blog/kong-service-mesh/" target="_blank"
                >https://konghq.com/blog/kong-service-mesh/</a
              >
            </li>
            <li id="footnote-20">
              <a
                href="https://www.nginx.com/blog/microservices-reference-architecture-nginx-router-mesh-model/"
                target="_blank"
                >https://www.nginx.com/blog/microservices-reference-architecture-nginx-router-mesh-model/</a
              >
            </li>
            <li id="footnote-21">
              <a href="https://expressjs.com/" target="_blank">https://expressjs.com/</a>
            </li>
            <li id="footnote-22">
              <a
                href="https://www.toptal.com/nodejs/why-the-hell-would-i-use-node-js"
                target="_blank"
                >https://www.toptal.com/nodejs/why-the-hell-would-i-use-node-js</a
              >
            </li>
            <li id="footnote-23">
              <a
                href="https://blog.timescale.com/blog/what-the-heck-is-time-series-data-and-why-do-i-need-a-time-series-database-dcf3b1b18563/"
                target="_blank"
                >https://blog.timescale.com/blog/what-the-heck-is-time-series-data-and-why-do-i-need-a-time-series-database-dcf3b1b18563/</a
              >
            </li>
            <li id="footnote-24">
              <a
                href="https://docs.timescale.com/latest/introduction/timescaledb-vs-postgres"
                target="_blank"
                >https://docs.timescale.com/latest/introduction/timescaledb-vs-postgres</a
              >
            </li>
            <li id="footnote-25">
              <a href="https://redis.io/topics/benchmarks" target="_blank"
                >https://redis.io/topics/benchmarks</a
              >
            </li>
            <li id="footnote-26">
              <a
                href="https://docs.timescale.com/latest/using-timescaledb/ingesting-data"
                target="_blank"
                >https://docs.timescale.com/latest/using-timescaledb/ingesting-data</a
              >
            </li>
            <li id="footnote-27">
              <a href="https://docs.docker.com/storage/" target="_blank"
                >https://docs.docker.com/storage/</a
              >
            </li>
            <li id="footnote-28">
              <a href="https://docs.docker.com/storage/volumes/" target="_blank"
                >https://docs.docker.com/storage/volumes/</a
              >
            </li>
            <li id="footnote-29">
              <a
                href="https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html"
                target="_blank"
                >https://docs.aws.amazon.com/AmazonECS/latest/developerguide/launch_types.html</a
              >
            </li>
            <li id="footnote-30">
              <a
                href="https://docs.aws.amazon.com/AmazonECS/latest/developerguide/docker-volumes.html#docker-volume-considerations"
                target="_blank"
                >https://docs.aws.amazon.com/AmazonECS/latest/developerguide/docker-volumes.html#docker-volume-considerations</a
              >
            </li>
          </ol>

          Icons made by
          <a href="https://www.flaticon.com/authors/freepik" title="Freepik" target="_blank"
            >Freepik</a
          >,
          <a href="https://www.flaticon.com/authors/those-icons" title="Those Icons" target="_blank"
            >Those Icons</a
          >,
          <a
            href="https://www.flaticon.com/authors/kiranshastry"
            title="Kiranshastry"
            target="_blank"
            >Kiranshastry</a
          >,
          <a href="https://www.flaticon.com/authors/smashicons" title="Smashicons" target="_blank"
            >Smashicons</a
          >,
          <a
            href="https://www.flaticon.com/authors/pixel-perfect"
            title="Pixel perfect"
            target="_blank"
            >Pixel perfect</a
          >, and
          <a href="https://www.flaticon.com/authors/eucalyp" title="Eucalyp" target="_blank"
            >Eucalyp</a
          >
          from
          <a href="https://www.flaticon.com/" title="Flaticon" target="_blank"> www.flaticon.com</a
          >.
        </section>
      </section>
    </main>

    <section id="our-team">
      <h1>Our Team</h1>

      <p>
        We are looking for opportunities. If you liked what you saw and want to talk more, please
        reach out!
      </p>

      <ul>
        <li class="individual">
          <img
            src="https://avatars1.githubusercontent.com/u/10019150?s=460&u=916f068a14b51f7f173c26943a966a49642bbdc4&v=4"
            alt="Derick Gross"
          />

          <h3 id="derick-gross">Derick Gross</h3>

          <p>New York, NY</p>

          <ul class="social-icons">
            <li>
              <a href="mailto:derick.gross@gmail.com" target="">
                <img src="images/icons/email_icon.png" alt="email" />
              </a>
            </li>

            <li>
              <a href="https://github.com/derickgross" target="_blank">
                <img src="images/icons/website_icon.png" alt="website" />
              </a>
            </li>

            <li>
              <a href="https://www.linkedin.com/in/derickgross/" target="_blank">
                <img src="images/icons/linked_in_icon.png" alt="linkedin" />
              </a>
            </li>
          </ul>
        </li>

        <li class="individual">
          <img src="images/avatars/kelvin_wong.jpg" alt="Kelvin Wong" />

          <h3 id="kelvin-wong">Kelvin Wong</h3>

          <p>London, UK</p>

          <ul class="social-icons">
            <li>
              <a href="mailto:kjhwong@gmail.com" target="">
                <img src="images/icons/email_icon.png" alt="email" />
              </a>
            </li>

            <li>
              <a href="https://github.com/kelvinjhwong" target="_blank">
                <img src="images/icons/website_icon.png" alt="website" />
              </a>
            </li>

            <li>
              <a href="https://www.linkedin.com/in/kjhwong/" target="_blank">
                <img src="images/icons/linked_in_icon.png" alt="linkedin" />
              </a>
            </li>
          </ul>
        </li>
      </ul>
    </section>
  </body>
</html>