Plan ahead for internal correlation and tracing needs


Inter-system and Intra-system tracing capabilities are a must in modern distributed architectures and in systems where dashboards and triage must be done without cracking open the production environment for on-box work. Teams need to understand and verify the lineage of inbound requests that end up in data stores and in outbound calls or notifications to other systems.

Lineage and Observability NFRs are the requirement that creates the need for inter and Intra team correlation capabilities. Everyone should have tracing and monitoring Non-Functional Requirements (NFRs) that describe their observability needs. Those NFRs should describe how a system must support tracking work through a system from the time it enters until the time it transitions to at rest or the time it communicates with other systems.  Teams without these NFRs often end up scrambling to provide production metrics and debugging tools during production events.

YouTube Video

Semi-persistent Tracing and Correlation

Software platforms and libraries have plenty of capabilities for recording logs and metrics.  There are many base libraries that can generate transaction or request identifiers that can be persisted into operational dashboards.  These identifiers can be traced from the ingestion endpoint through the system.  Teams rarely persist that information into their data stores as metadata.  There is no way to correlate data into the database against the originating request.  This lineage is usually lost.


Operational observability stores should not contain Personally Identifiable Information (PII).  The data needs to improve enough to support dashboards and triage without risking data breaches.

The discussion applies to synchronous systems and asynchronous or event-driven systems.  The internal structure in those two models is logically identical.

Capturing data lineage from the front door to the data store

End-to-end tracing and tracking is essentially a form of lineage. Our tracing and lineage scope starts where requests are received and ends with data persisted in a data store.  Teams often have practices around capturing the lastModifiedBy and lastModifiedAt. Lineage tracing should also be added in the form of one or more tracing identifiers.  They should be something like lastSpanId or lastTraceId.  This makes it possible to correlate log activity against the data that ended up in the database.  
We treat inbound data like an event stream when it is an actual event stream and when it is some synchronous API.  Both have input payloads and some type of implicit or explicit command We store those events and their metadata in some PII secure location. This lets us trace from some input payload through processing and then into the database.

Inter-Domain Notifications and Lineage

Outbound API calls and Event notifications should include tracing and lineage identifiers that let us track information as it flows between systems and beyond.  Outbound notifications should be captured and stored with the lineage/tracking identifiers/metadata. This lets us correlate the inbound requests the log traffic, the data in our database, and what we told others about the change.
We store information that helps us with replay, long-term triage, lineage tracing, and regulatory support. In this case, we store the inbound events, the data in our database, and any outbound events that were created as a result of processing the inbound request.  All of that data should have attached metadata that lets us correlate across the lifetime of a processing request.

Our Internal Bounded lineage/tracing Context

We can treat our system boundaries as our system context for creating and storing correlation and tracing identifiers to meet our operational needs and to provide the lineage of data and work moving through our system.  The lineage/tracing metadata is attached to everything we deliberately persist and everything we share with others. 

There can actually be two sets of correlation ids.  Those that are useful only inside the context and those that let us coordinate across context boundaries.  In this case, context means system and cross-context means where other systems invoke this one or where this system directly invokes others or sends notifications.

Tracing across contexts and inside our own context

Implementing balance and controls and tracking lineage across systems and inside a system is often more difficult in today's microservice distributed systems than it was in the monolithic past. 

Systems must implement tracking and correlation identifiers at the local level to make it possible to triage activities and bind events with persisted data in analytical use cases.  Retaining transaction/lineage metadata in the analytical store significantly simplifies query correlation.

Enterprises should mandate cross-system correlation via NFR. They should then coerce all programs to implement tracking and correlation identifiers for all intersystem traffic. Those identifiers should be exposed in all logs and observability platforms tools.  This is the only reasonable way of validating that a request was received and that work was processed across the various systems.



Created 2022 10

Comments

Post a Comment

Popular posts from this blog

Installing the RNDIS driver on Windows 11 to use USB Raspberry Pi as network attached

Image
I do a lot of my development and configuration via ssh into my Raspberry Pi Zero over the RNDIS connection. Some models of the Raspberry PIs can be configured with  gadget drivers  that let the Raspberry pi emulate different devices when plugged into computers via USB. My favorite gadget  is the network profile that makes a Raspberry Pi look like an RNDIS-attached network device.  All types of network services travel over an RNDIS device without knowing it is a USB hardware connection. A Raspberry Pi shows up as a Remote NDIS (RNDIS) device when you plug the Pi into a PC or Mac via a USB cable. The gadget  in the Windows Device Manager picture shows this RNDIS Gadget connectivity between a Windows machine and a Raspberry Pi. The Problem Windows 11 and Windows 10 no longer auto-installs the RNDIS driver that makes magic happen. Windows recognizes that the Raspberry Pi is some type of generic USB COM device. Manually running W indows Update  or  Upd...
Read more

Understanding your WSL2 RAM and swap - Changing the default 50%-25%

Image
The Windows Subsystem for Linux operates as a virtual machine that can dynamically grow the amount of RAM to a maximum set at startup time.  Microsoft sets a default maximum RAM available to 50% of the physical memory and a swap-space that is 1/4 of the maximum WSL RAM.  You can scale those numbers up or down to allocate more or less RAM to the Linux instance. The first drawing shows the default WSL memory and swap space sizing. The images below show a developer machine that is running a dev environment in WSL2 and Docker Desktop.  Docker Desktop has two of its own WSL modules that need to be accounted for.  You can see that the memory would actually be oversubscribed, 3 x 50% if every VM used its maximum memory.  The actual amount of memory used is significantly smaller allowing every piece to fit. Click to Enlarge The second drawing shows the memory allocation on my 64GB laptop. WSL Linux defaul...
Read more

Almost PaaS Document Parsing with Tika and AWS Elastic Beanstalk

Image
The Apache Tika project provides a  library capable of parsing and extracting data and meta data from over 1000 file types.  Tika is available as a single jar file that can be included inside applications or as a deployable jar file that runs Tika as a standalone service. This blog describes deploying the Tika jar as an auto-scale service in Amazon AWS Elastic Beanstalk.  I selected Elastic Beanstalk because it supports jar based deployments without any real Infrastructure configuration. Elastic Beanstalk auto-scale should take care of scaling up and down for for the number of requests you get. Tika parses documents and extracts their text completely in memory. Tika was deployed for this blog using EC2 t2.micro instances available in the AWS free tier. t2.micro VMs are 1GB which means that you are restricted in document complexity and size. You would size your instances appropriately for your largest documents.   Preconditions An AWS account. AWS ac...
Read more