The essence of keeping your systems up and running is to trust no one. Even if you think there is a one in a million chance of the API failing a particular way, given enough transactions you are going to see it happen. It is your job to expect that your integration points will disappoint you and create a system that can deal with that scenario. If you do your job right, customers won't complain about down time, they'll complain about something else.
If you think of your system architecture using the Hexagonal model, the Ports and Adapter are the points where you are most likely to encounter instability. My in-coming Ports should use Fail Fast, Handshaking and Timeouts to ensure I don't adversely affect callers into my system. The in-bound Adapter should probably use Circuit Breaker, Timeout and Handshake to cope when the system gets sick. My outbound Adapters should also use Circuit Breaker, Timeout and Handshake to verify that the services I need, such as database access, are available and able to handle my request. My point is that the Hexagonal model seems like a natural way of looking at things if you want to build a system that can survive in the wild.
No comments:
Post a Comment