San Francisco is an uproar over electric scooters. Thanks to startups like Bird, LimeBike and Spin, the motorized two-wheelers invaded San Francisco’s streets, seemingly overnight, and quickly became the Tech Bus issue of 2018. While commuters and tourists enjoy the environmentally friendly transport, residents bemoan broken toes, near-miss collisions and abandoned scooters littering the sidewalk. Meantime, the city legislators are struggling to know how to deal with the new and high-profile roll-out, which apparently has no formal permits.
No doubt the story will unfold over the coming months, but it highlights lessons for application managers in three key areas:
Electric scooters are popular – they offer a fun, inexpensive and practical way for short trips around a city. But they are only useful if you can find one in your vicinity. Demand surges at key times of the day and week, while at other times the rows of scooters remain idle.
Sound familiar? In-demand applications that need to scale to peak loads face similar challenges. For example, retailers around Black Friday, and here’s a fun one — the sale of lottery tickets. There’s no point buying a ticket after the draw, and those Euromillion jackpots can suddenly get tempting. There are examples of in-demand apps within every organization. Traditionally this has meant buying racks of load balancers which handle the traffic and deliver the applications. Trouble is, the day after the prize lottery draw, demand plummets and those boxes gather dust. Same with our ranks of electric scooters parked ready for the commute home.
But imagine if those load balancers were software-based. After the peak, the VMs they are running on could spin down. Come Saturday afternoon when people need their lottery ticket, they simply redeploy and elastically scale to meet demand. Much more cost-effective — a bit like having magical scooters which simply appear when required and then vanish from the streets when not needed. (There’s a free idea for our e-scooter friends!)
Here’s the second parallel with the electric scooters, application managers can learn from - regulation. Can you ride an electric scooter on a sidewalk? Do you need to wear a helmet if you ride it on the street? Where do you park it – just anywhere? Who is responsible if it blocks a disabled entrance to a store – the user, the store-owner, the scooter company?
The scooters raise so many policy issues, people are uncertain about jurisdiction and responsibility. The same is true with the roll-out of new applications. Policies must be set and implemented which govern aspects such as access, permissions, data protection and compliance with regulations such as GDPR.
You can’t just throw applications onto the street and leave users and authorities to deal with the fallout. Application rollouts take careful planning and policy definition. These policies can get complex, since they need to craft a response for every scenario—usually using a command-line interface.
Thankfully here too, there’s hope with the emergence of intent-based application delivery. Here you simply tell the application services platform what you want to accomplish, and it figures out what dials to turn. For instance, when transactions per second reach a certain threshold, the platform might automate the deployment of new VMs, install new load balancers with certain policy settings and add them to the pool. This would be like stating the intent for the e-scooters to safely park in a designated area and recharge themselves when not in use, and having them steer themselves to the proper location (I’m on fire with these ideas today, e-scooter guys).
The electric scooters cost about $300-400 each, which is enough to make them an asset worth keeping—and a target for mischief. As a result, in a city rife with bicycle thievery, the electric scooters present a tempting opportunity for ‘repurposing’. Equally, there are examples of them being thrown into the San Francisco Bay and generally tampered with.
Similarly, applications represent a significant attack vector. From Denial of Service to ransomware attacks, thought must be given to protecting web-based applications prior to deployment. Applications are vulnerable to attacks such as cross-site scripting, SQL injection, buffer overflows and session hijacking. This is why Web Application Firewalls exist. Early versions used to slow traffic due to the overhead of inspection but a software-based approach mitigates the problem through elastic scaling.
Meanwhile, hardware-based load balancers with finite compute power have to toggle between application delivery and web application firewall services, leading many organizations to sacrifice security for speed. That’s quite a compromise, and the risk is far greater than giving a fish access to a scooter.
Electric scooters may yet find their place in the panoply of transport options in our cities. However the roll-out has not been smooth. The ensuing ruckus provides salutary reminders to application managers to properly provision, secure, scale and regulate their deployments. After that it should be an easy ride to adoption.