Skip to main content

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Share your experience with the FAS IT-Playbook by taking this brief survey

FALCON Serverless Compute Model

The FALCON Serverless Compute Model is being developed as part of the FAS-IT Cloud Contribution Model. The content within, including all subsequent pages, is a work in progress, and has not yet been adopted for support by FAS Cloud Services. It is being derived from the experiences gained by the IQSS Division during the development of FALCON, the Cloud-native system that will be replacing the FSS-19 suite of applications and services, as part of GSA's Cloud Modernization Initiative.

Serverless computing provides real benefits that can serve our daily lives and work within GSA, and the Federal Government in general. The potential cost savings of pay-as-you-go computing, combined with the managed-service model has sparked a revolution that has fueled the Federal Government's move to the Cloud.

Some of the advantages of Serverless (and particularly with Function-as-a-Service) computing:

There are several other benefits provided by Serverless, Managed Services, and Function-as-a-Service, which are discussed in greater detail in the article titled Benefits of Serverless Computing.

This page acts as an introduction to the FALCON Serverless Compute Model. It provides a basis for understanding how and why the FALCON Serverless Compute Model is structured the way it is, and acts as a starting point for understanding how to get the most out of the FALCON Serverless Compute Model. It also provides a guide for how to approach reading through the many FALCON Serverless Compute Model approaches.

Serverless technologies reside on the Managed end of a spectrum of options and services made available by Cloud providers. The intent is to keep developers from getting mired down in the complexity of managing infrastructure for scalability, Operating System and server software patches and updates, allowing them to focus on the delivery of content relevant to their application's business functionality. This is achieved by decoupling capabilities from the management of the hardware and software used to implement the capability, and by providing developers with tools and interfaces that allow for flexibility and control.

However, with new technologies and platforms, come new challenges, as development against Serverless platforms is different than having direct access to the underlying hardware and software. Developers and architects need to learn new techniques and technologies, and adjust to a development that at first can seem very different from the practices developed over the last thirty years of computing. As a result, much of the Federal Government's shift to the Cloud has been in the form of lift-and-shift, which effectively replaces traditional data centers with Cloud providers providing more or less the same service; this leaves most of the benefits of a Cloud provider on the table, unused.

Adoption of Serverless technologies can only be accelerated as long as platforms remain flexible enough to suit the ever-changing and highly variable needs of the community consuming them, and as long as those benefits are easily accessible. The FALCON Serverless Compute Model seeks to balance enterprise-level standardization and economies of scale with flexibility and ease-of-adoption for developers and architects alike.

Understanding the FALCON Serverless Compute Model

The approaches that describe FALCON Serverless Compute Model concepts, resources, and practice can be a lot of reading, but they have been written from a desire for openness and clarity for what is a very complex subject. We believe that understanding the underlying thought processes and values that drives the development of the FALCON Serverless Compute Model will benefit future tenants in understanding how these solutions fit together, how they can be used to support their work, and how tenants can interact with the solutions to drive improvements and expansion that benefits us all.

How the FALCON Serverless Compute Model Supports the Development of Serverless Systems

We attempt to adhere to a set of tenets while developing FALCON Serverless Compute Model components and solutions. Stating these values up front should make it easier to understand how FALCON Serverless Compute Model solutions fit together.

Serverless First

Taking a Serverless first approach allows users of the FALCON Serverless Compute Model content to gain the benefits of Serverless technology at every level, not just for the products tenants develop. Whenever possible, solutions and components are built upon Serverless technologies, platforms, and managed services. What would be the point of developing a Serverless application if the pipeline was not also serverless?

Provider First

FALCON Serverless Compute Model solution components aim to use solutions and services provided by the Cloud Provider, whenever possible, over the use of third-party services and solutions. Cloud providers offer a number of services that range from self-managed (i.e. compute capabilities that operate similar to a Virtual Machine) to fully managed services (i.e. Function-as-a-Service offerings). While the services offered by various cloud providers is not universal, the one thing that is universal is that the customer is responsible for maintaining self-managed content. By leveraging managed solutions provided by the Cloud Provider, GSA can reduce maintenance costs and gain typically faster response times for patching -- and whenever possible, avoid having to deal with patching all together.

This isn't to say that no third-party product will be used in or be compatible with FALCON Serverless Compute Model solutions and components; rather, the total cost of ownership will be a factor when deciding whether or not to use services and products not provided by the Cloud Provider. Doing this ensures that the upkeep for our resources are delegated to the providers, and that as the provider updates, improves, and introduces new services, our solutions will remain operational with little to no additional effort needed on our part.

Components Over Platform

Flexibility and customization are key attributes that have been at the core of the FALCON Serverless Compute Model from the first moments of its conceptualization. To this end, FALCON Serverless Compute Model solution development typically starts with foundational components that are then used to build solutions. This allows solutions to be provided for tenant use; if those solutions do not meet a tenant's needs, the foundational elements are still available for tenants to integrate into their own solutions.

Our goal with a components first approach is to facilitate developers and DevOps Engineers to build and manage solutions and systems that fit their needs, rather than attempting to construct a rigid, one-size fits all solution.

Tenant Self-Service

Another key characteristic that has been part of the FALCON Serverless Compute Model since inception is that of tenant self-reliance. As much as possible, we seek to allow tenants to control their accounts and the support solutions that go into them. The tenant knows what their networking needs are and who needs to access their environments; relying on outside groups to manage these aspects of development life is to introduce blockers into the development workflow. Instead, the FALCON Serverless Compute Model aims to put tools into tenants' hands to allow them to manage as much of their tooling as possible, and provides solutions and components to facilitate these activities in a safe and secure manner.

Emphasis on Developer Experience

As stated earlier, rapid adoption of Cloud-based technologies and services can only be achieved if developer experience is considered from the outset. The FALCON Serverless Compute Model seeks to lower the learning curve and make the act of developing Cloud-native systems as easy or easier than developing systems in the data center. Our solutions are created by developers, for use by developers, with an emphasis on simplicity, accessibility, compatibility, and extensibility. It is our hope that, once developers start building Cloud-native systems against Serverless services, they won't want to do it any other way.

Facilitation of Functional Decomposition

Decomposing system capabilities into small services and functions can be difficult. The FALCON Serverless Compute Model provides numerous resources to help architects, designers, and developers break functionality apart in ways that make sense for the work at hand. Not every job requires a hammer; part of proper decomposition is having the right resources in the form of a diverse and flexible set of tools and services.

How to Read FALCON Serverless Compute Model Approaches

As previously noted (and seen below), there are a lot of FALCON Serverless Compute Model approaches in the FAS IT Playbook; reading through a large number of documents can be a daunting task. To guide readers through the material, we have developed the following suggested reading map:

The approaches are organized into five categories:

The approaches in the map are color-coded in accordance with this categorization, and shown linked to other approaches that would make for good follow-on reading.

Readers are encouraged to begin their Serverless journey with the play entitled Shifting Security Left, which outlines considerations prospective tenants should take before they begin the Cloud Enablement process. From this play, it is recommended that the reader follow down through the map through related approaches based upon the subjects that most interest them.

Below is a list of approaches that describe the resources in Serverless applications.

Shifting Security Left

Benefits from thinking about system security from the get-go, and how to get started

Separate Accounts for Serverless

Multiple use cases that support the separation of duty across multiple AWS accounts

Tenant DNS and Networking

Multiple use cases that support the separation of duty across multiple AWS accounts

Federated Access for Developers

Tenant-controlled solution for providing developers access to the AWS Console in a safe and controlled manner

IDE for Serverless

Tooling and techniques for getting work done in a Serverless environment

Jenkins CI/CD Pipeline

Flexible pipeline implementation to deploy Infrastructure-as-Code

Code Repository Organization

Discussion of a strategy that provides separation of duties while using a single repository to contain application and infrastructure code

Package/Dependency Management

Shared registry for obtaining third-party and Open-Source packages and libraries in a safe and secure way

DR/HA Solution

Architecting for Disaster Recovery and High Availability in a Serverless Environment

Secure Data Transfer for ATO

Secure data migration and synchronization techniques

App Data Encryption for ATO

Storing and managing data securely in your Serverless application

Secure Logging

Techniques for secure logging in a Serverless environment and logging support in the FALCON Serverless Compute Model

Data Sync/Migration from Mainframe to Cloud

Secure data migration and synchronization techniques

Secure Monitoring

Techniques for secure monitoring in a Serverless environment and monitoring support in the FALCON Serverless Compute Model

Policy/Role Based Access via IAM and Cognito

Strategies for Identity Management, Authentication and Authorization in a Serverless environment

Coding Best Practices

Application coding best practices in a Serverless environment

Performance Test Results

Baselines and statistics for relative response time performance of AWS services

Secure Reusable Infrastructure-as-Code Patterns

Using Infrastructure-as-Code within the FALCON Serverless Compute Model to define your application's networking infrastructure

Secure Reusable Application Architecture Patterns

Defining your application's infrastructure using FALCON Serverless Compute Model Foundation classes

Benefits of Serverless Computing with the FALCON Serverless Compute Model

The FALCON Serverless Compute Model is not a platform or a singular solution; instead, it is a collection of solutions and services, along with guidance and documentation, designed to work together to allow tenants to build, manage, and maintain the Serverless application systems they need to support their business.

Because it is not an opinionated, singular platform, the FALCON Serverless Compute Model does not lock the project team into a singular way of operating. Instead, it provides solutions and components, each focused on solving a specific problem using Serverless technologies. These solutions are designed to integrate and interoperate easily. While some solutions are more opinionated, all solutions are built upon the same foundational elements; these foundational elements are also available for use by project teams, allowing them more flexibility and control, while still providing support for enterprise standards and best practices.

The following are some of the many ways the Serverless Computing Service supports your project's development within Serverless environments.

Expedited Development

A core aspect of the FALCON Serverless Compute Model can be found in the use of foundational Infrastructure-as-Code components that support common architectural patterns and facilitate the implementation of security tagging, logging, and monitoring requirements. These components are implemented in TypeScript using AWS CDK; they are extendable and aggregatable, providing tenant engineers building blocks that can be used to rapidly construct flexible architectures that adhere to best practices and GSA Cloud and security standards.

Predefined Tools and Capabilities

The FALCON Serverless Compute Model provides an ever-growing stable of pre-built solutions to certain problems that are ready for configuration and deployment by tenants. The FALCON Serverless Compute Model also provides guidelines and suggestions for tools and best practices for developing Serverless applications within the GSA Cloud boundary.

Tenants are able to deploy and configure pre-existing solutions that are centrally maintained. Teams get the customization and control benefits from running the solutions within their own accounts, without the burden of maintaining complex solution code unrelated to their application's functionality.

The FAS Toolset for VDI (FAST VDI) provides a comprehensive toolset and consistent development platform appropriate for developing Cloud-native applications. Approaches provide recommendations for using tools with FALCON Serverless Compute Model pipeline and access solutions, account contents and FCS GitHub repositories.

Potentially Smoother ATO

While using FALCON Serverless Compute Model components and solutions and following FALCON Serverless Compute Model guidelines will not guarantee the granting of an Authority to Operate (ATO), all procedures, resources, components, and solutions have been developed in conjunction with Security Engineering, ensuring that solutions that use FALCON Serverless Compute Model components and solutions would be operating in a manner familiar to the Security Engineers supporting a system's Designated Approving Authority (DAA) within GSA.