01:16 PM

Netflix Wants You To Adopt Chaos Monkey

Netflix has made its own automated disaster testing service, Chaos Monkey, available as a free public download. Should you turn it loose on your own systems?

Netflix is a high-profile consumer service. When things go wrong, people tend to notice. So it might seem strange that the company tries to make things go wrong with its service on a regular basis.

That's indeed the goal of "Chaos Monkey," the automated software Netflix developed to test its infrastructure's mettle. In layman's terms, Chaos Money tries to break stuff. The theory behind this is to build a stronger platform and avoid the types of major, unexpected problems that tend to make IT's phones ring at 2 a.m. (Netflix configures the tool to run only during normal business hours; that way IT staff handle any related issues during the day instead of on nights and weekends.)

Now everyone can embrace the chaos: Netflix just made the source code publicly available as a free download. You'll first need to ask yourself if you've got the guts for it. Or, as Netflix put it in a blog post: "Do you think your applications can handle a troop of mischievous monkeys loose in your infrastructure?"

[ Security researcher Dan Kaminsky wants to address security by changing the fundamental way code is written. Read more at Tired Of Security Problems? Change Rules Of Writing Code. ]

If you're picturing the band of winged monkeys from "The Wizard of Oz" running amok, you're not far off--they've just been reengineered for the cloud. Chaos Monkey deliberately shut downs virtual machines (VMs) within Amazon's Auto-Scaling Groups (ASGs). (Though the software was written with Amazon Web Services in mind, Netflix said Chaos Monkey is flexible enough to work with other cloud platforms.)

By causing intentional failures on individual instances--Netflix generated more than 65,000 failures in the last year, according to the company--you can learn from those errors and their resolutions. Basic example: Is your application hardy enough to weather a failed VM, or could that single instance bring the curtains down on the whole show?

That type of no-holds-barred testing can help unearth and resolve unknown issues before they become major outages. Better yet, it can lead to stronger applications as they're being built, rather than trying to retrofit them after the fact. "By having that constant idea that something's going to break, [Netflix has] within their dev ops and engineering departments the mindset that they have to make sure that no single point can take down the entire site," said Jim MacLeod, product manager at the networking firm WildPackets, in an interview.

In Netflix's case, it makes sense to try to rise to Chaos Monkey's challenge--their bottom line depends upon their site running smoothly. "If you look at Netflix's business model, what really differentiates them isn't just streaming media--it's the fact there's something immediate and easy for users to get to, but that means they have to be fairly reliable," MacLeod said. "Reliability and uptime are things that are difficult to put in afterwards if you don't design it in, just like security."

1 of 2
Comment  | 
Print  | 
More Insights
Oldest First  |  Newest First  |  Threaded View
Embedded SW Dev
Embedded SW Dev,
User Rank: Apprentice
8/2/2012 | 5:44:30 PM
re: Netflix Wants You To Adopt Chaos Monkey
Apparently someone let the Chaos Monkey loose. Today's Infoweek daily's link to this story lead to a story about the errant stock trading on Wednesday. Was that a hint that Knight Capital was testing the Chaos Monkey, or did the Chaos Monkey infect the mailing?
Register for Dark Reading Newsletters
White Papers
Current Issue
Dark Reading Tech Digest September 7, 2015
Some security flaws go beyond simple app vulnerabilities. Have you checked for these?
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-09
Simple Streams (simplestreams) does not properly verify the GPG signatures of disk image files, which allows remote mirror servers to spoof disk images and have unspecified other impact via a 403 (aka Forbidden) response.

Published: 2015-10-09
The Telephony component in Apple OS X before 10.11, when the Continuity feature is enabled, allows local users to bypass intended telephone-call restrictions via unspecified vectors.

Published: 2015-10-09
IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly sanitize applet URLs, which allows remote attackers to inject applets into the .appletTrustSettings configuration file and bypass user approval to execute the applet via a crafted web page, possibly related to line breaks.

Published: 2015-10-09
IcedTea-Web before 1.5.3 and 1.6.x before 1.6.1 does not properly determine the origin of unsigned applets, which allows remote attackers to bypass the approval process or trick users into approving applet execution via a crafted web page.

Published: 2015-10-09
The Safari Extensions implementation in Apple Safari before 9 does not require user confirmation before replacing an installed extension, which has unspecified impact and attack vectors.

Dark Reading Radio
Archived Dark Reading Radio
What can the information security industry do to solve the IoT security problem? Learn more and join the conversation on the next episode of Dark Reading Radio.