• Thunder Technologies

Go (Web) Serverless

Serverless computing customarily means that you do not provision a dedicated cloud virtual server to run your software but instead the cloud periodically provisions one temporarily to run your code.

However there is another important definition of serverless: no web server.

Your typical SaaS Marketplace infrastructure solution for backup, security, disaster recovery, etc. will no doubt be configured through an umpteenth user interface, typically communicating with a back-end web server to execute commands.

This web server can often be a huge security headache. Exposing it to the appropriate users through correct firewall configuration; upgrading stale operating systems and constantly patching vulnerabilities; authorizing and revoking users; securing connections and managing certificates. It’s almost is if you spend as much time securing your environment as actually using it.

If your infrastructure solution instead is implemented as an AWS Lambda serverless function — like our disaster recovery automation solution Thunder for EC2 Serverless — all of these problems essentially disappear.

No web server can be supported in a Lambda function, so there are no firewall issues, no users to manage, no connections to secure. AWS makes sure the function is always run on a supported OS and the latest code execution environments.

How then is our product configured? Through CloudFormation in the AWS Console. Our product is simple to configure, it just asks you to select a few parameters to configure duplicate EC2 instances in a remote region and to enable periodic snapshot replication. No custom UI is required. You presumably safely and securely use the console every day with the appropriate users configured and authorized. Amazon does the heavy lifting of keeping it secure, so web server security is no longer your problem or ours. And plainly the interface is already familiar; there is nothing new to learn.

CloudFront also presents the logs through a signed URL, which is available anywhere on any device. But this is static HTML code, no Javascript, no buttons, as limited an attack surface as possible.

In previous articles we have detailed the significant cost savings in making the switch from SaaS to serverless. But arguably an equally important benefit is that a serverless environment is also significantly more secure. Rather than jumping through hoops keeping a server process up-to-date, just go (web)serverless, do the configuration natively through CloudFormation in the secure AWS console, and focus on getting the most out of your infrastructure solution rather than having to spend so much time locking it down.

For more information see our hands-on demo or write to us at

17 views0 comments

Recent Posts

See All