Lean server applications are a type of cloud-based application designed to be simple in their architecture, but highly scalable and efficient. Rather than being hosted on a traditional server infrastructure with a set of long running processes on compute nodes, lean server applications are preferably only executed in response to specific events or triggers, such as a request or a change in data. This means that the application is only running when it is needed, which can save on computing resources and reduce costs. Implementations of the lean server concept are known as serverless, function-as-a-service (FaaS) applications. Also, edge computing, which basically means running applications as close to the source of the data as possible, can be useful when developing a lean application infrastructure to reduce latency and improve performance.
One of the main advantages of lean server applications is their scalability. Because they are only running in response to specific events or triggers, lean server applications can automatically scale up or down to meet the demands of the user. This means that they can handle large amounts of traffic and data without the need for expensive and complex server infrastructure. The goal is to have little layers in the server infrastructure besides a load balancer (which is often an external service) and horizontally scalable compute nodes close to the data.
Another advantage of lean server applications is their efficiency. Because they are only running when they are needed, lean server applications can save on computing resources and reduce costs compared to traditional server-based applications. This can make them particularly attractive for applications that only need to run occasionally or for applications that have variable or unpredictable workloads. In combination with an embedded in-process database and cheap mass storage this can be very cost efficient.
From a security perspective lean server apps generally aim to improve security compared to architectures with application servers running services as processes, because smaller tasks are run in isolated sandboxes with explicit permissions needed to access resources. This has high relevance regarding to dependencies on external libraries, which can not break out the sandbox and make use of vulnerabilities of the host system. However it has to be said that, like any piece of software, sandboxes can contain vulnerabilities that can be exploited by attackers.
A promising technology for “scaling to zero” and isolating modules is WebAssembly. WebAssembly (WASM) is a low-level, binary format that is designed to be efficient and fast to execute in modern web browsers and server runtimes like Wasmtime (https://wasmtime.dev/). It can be used as a compile target for a variety of programming languages like C++, Rust and .NET. In the context of lean server applications, as WebAssembly can load modules in single digit milliseconds or even microseconds, for the first time scaling to zero is achievable without a big performance penalty. Additionally, because WebAssembly is a binary format, logic modules can be easily transmitted and run on a wide range of devices, making it a good fit for applications that need to be highly portable and secure.
Overall, lean server applications offer several benefits, including scalability, efficiency and module portability. However, they currently also have some disadvantages, such as the sometimes lacking development experience and for technologies like WASM/WASI the general immaturity of the ecosystem.