Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Laravel and the Enterprise

Laravel and the Enterprise

You may have heard some folks say "Laravel is great for small apps, but when it comes to something *real*..."

It's my goal to show how inaccurate and misconceived these criticisms are; to show how many companies are using Laravel in enterprise contexts, and how successfully; and to provide some guidance for common process, code, and dev-ops/deploy concerns when writing enterprise-ready Laravel applications.

Matt Stauffer

June 12, 2018
Tweet

More Decks by Matt Stauffer

Other Decks in Technology

Transcript

  1. “[Enterprise software…] is computer software used to satisfy the needs

    of an organization rather than individual users.” WIKIPEDIA
  2. “[Enterprise software is…] a collection of computer programs with common

    business applications, tools for modeling how the entire organization works, and development tools for building applications unique to the organization” WIKIPEDIA
  3. “According to Martin Fowler, ‘[a]bout the display, manipulation, and storage

    of large amounts of often complex data and the support or automation of business processes with that data.’” WIKIPEDIA
  4. J.T. GRIMES I don't think you can find consensus on

    what "enterprise" means, which means your audience will spend an hour arguing "but that's not enterprise!" instead of learning. 
 
 Here there be elephpant-shaped dragons. @JT_GRIMES
  5. JOHN CORRY [You know it’s enterprise if] we spend more

    time in meetings than we do building things. @JPCORRY
  6. MATT JOHNSON “Enterprise” is just code for “I have no

    idea what I’m doing on a project this big, please take this money and give me a 1-800 number to call when $#!7 goes south”. @MATTJOHNSONSTL
  7. • What is enterprise? • What is enterprise-ready code, and

    is Laravel enterprise-ready? • Key considerations for enterprise code, process, and dev-ops/deploys • Success stories • An aside on YAGNI Agenda
  8. Factors in enterprise projects/teams Complication of operations / deployments Distance

    to other teams (legal, QA, product, etc.) Length of projects Pain if offline
  9. Complication of operations / deployments Factors in enterprise projects/teams Length

    of projects Distance to other teams (legal, QA, product, etc.) Pain if offline LOTS GREAT LOTS LONG
  10. WHAT IS ENTERPRISE-READY? CONCLUSION: 1 • Can connect to multiple

    providers of other services (database, cache, session, etc.), differentiated by config variables if needed • Trusted proxy and Scaling Laravel for node balancing, etc. • Easy pessimistic locking, transactions, etc. for complex database interactions • Maintenance mode etc. for suggested downtime solutions Dev-Ops and Deploy friendliness Enterprise Ready ✅
  11. WHAT IS ENTERPRISE-READY? CONCLUSION: 1 • Bcrypt hashing by default,

    & easy encrypting/decrypting • Powerful validation options • CSRF & XSS protection out of the box • PDO, easy parameterization, mass assignment protection • Open source, AKA 10s of thousands of eyes on every LOC Security Enterprise Ready ✅
  12. WHAT IS ENTERPRISE-READY? CONCLUSION: 1 • Contracts • Multi-driver (auth,

    etc.) • All services keyed to single keys (e.g. `logger`) and easy to swap out globally • It’s just PHP ™ Flexibility Enterprise Ready ✅
  13. WHAT IS ENTERPRISE-READY? CONCLUSION: 1 • Step-by-step upgrade instructions in

    the docs • < 1 day for all recent upgrades; < 4 hours for most projects; latest upgrades much simpler • Laravel Shift, and Laravel Shift Human Assistance (laravelshift.com) • Tighten and other agencies help with bigger upgrades Ease of Upgrades Enterprise Ready ✅
  14. WHAT IS ENTERPRISE-READY? CONCLUSION: 1 • LTS releases are 2

    years of bug fixes, 3 years of security fixes • Laravel sponsors/partners get priority access to Taylor (https://laravel.com/partners) • Tighten is beginning to offer a level of enterprise long term care—still in the process of figuring out what everyone wants and needs, but we’re here
 (https://tighten.co/laravel/support) Long-term Support Basically Enterprise Ready ✅
  15. WHAT IS ENTERPRISE-READY? CONCLUSION: 1 • Composer • PSR-1, PSR-2,

    PSR-3, PSR-4, PSR-7*, PSR-11, PSR-16 • PSR Bridges: ๏ PSR-6 (github/madewithlove/illuminate-psr-cache-bridge) ๏ PSR-15 (github/jshannon63/laravel-psr15-middleware) • Plus composer, and it’s just PHP ™ Interop(erability) Enterprise Ready ✅
  16. WHAT IS ENTERPRISE-READY? CONCLUSION: 1 • What does lockin mean?

    “Can’t change to another vendor in the future.” • Can change all dependencies, port all controllers, write as much as you want in service class POPOs • ! Avoid lockin Enterprise Ready ✅
  17. WHAT IS ENTERPRISE-READY? CONCLUSION: 1 • 1707 contributors • Jeffrey

    taking over • Tighten & Other companies supporting • What happens to Laravel if Taylor Otwell disappears? - mattstauffer.com/blog/what- happens-to-laravel-if-taylor-otwell-disappears/ Contributors Enterprise Ready ✅
  18. WHAT IS ENTERPRISE-READY? CONCLUSION: 1 • Laravel documentation • Other

    learning resources ๏ Books & Blogs ๏ Podcasts ๏ Laracasts ๏ Training courses Documentation Enterprise Ready ✅
  19. WHAT IS ENTERPRISE-READY? CONCLUSION: 1 • Follows Symfony release schedule

    and roadmap for all Symfony dependencies • No more or less roadmap available than any other PHP framework. Build the ideas as you come up with them Roadmaps Enterprise Ready ✅
  20. CODE CONSIDERATIONS FOR THE ENTERPRISE 2 [T]he biggest problems of

    “enterprise” level development is one of working in very large teams. Without good organization codebases can be difficult to navigate and conflicts can make mayhem - predictable places to find code and small files are my top 2 tips…
 - Gary Hockin (on Twitter) [D]iscoverability and consistency are paramount when you’re dealing with frequent onboarding. My enterprise exp. involves many non-Laravel devs too, so I always prefer conventions that help the tools help you (e.g. type-hints & docblocks promote discovery in IDE)…
 - Sara Bine (on Twitter) Conventions, predictability, & discoverability
  21. CODE CONSIDERATIONS FOR THE ENTERPRISE 2 • Use IDE-friendly verbosity

    like type-hints and doc blocks • Lean on Laravel’s established conventions whenever possible; less decisions to make and easier to onboard Laravel devs new to your codebase • Develop and communicate conventions of what goes where • Set and enforce coding standards (e.g. Nitpick-CI or StyleCI) Conventions, predictability, & discoverability (CONTINUED)
  22. CODE CONSIDERATIONS FOR THE ENTERPRISE 2 • Write tests •

    Lots of tests • Write the broadest tests you can for your context • Test your code and test that it works with the code it’s supposed to interact with, especially if you don’t maintain the code it’s supposed to interact with • Enterprise best testing practices == best testing practices Tests and test coverage (CONTINUED)
  23. CODE CONSIDERATIONS FOR THE ENTERPRISE 2 It’s tempting to worry

    about performance etc but there are well known solutions to that problem like caching - maintainability is key to long living projects and being able to find the code you want to change is the number one problem when we were called in as consultants…
 - Gary Hockin (on Twitter) Performance
  24. CODE CONSIDERATIONS FOR THE ENTERPRISE 2 • DebugBar/query optimization, n+1

    and eager loading, and the usuals (database indexing and chunking, etc.) • If possible, optimize later (premature optimization is almost always wrong) • Lead up: Performance issues aren’t bad, they’re opportunities to refactor with a lot of useful information • Queues, workers, cache, spin off microservices Performance (CONTINUED)
  25. CODE CONSIDERATIONS FOR THE ENTERPRISE 2 Build projections from older

    systems Database concerns Transactions and locking Multi- database connections Adjust for legacy table systems 1 2 3 4
  26. CODE CONSIDERATIONS FOR THE ENTERPRISE 2 Scale friendliness Separation of

    architecture concerns Flexible configuration management Cache-ability Componentization 1 2 3 4
  27. CODE CONSIDERATIONS FOR THE ENTERPRISE 2 • Laravel’s ACL (or

    those offered in third party packages) are your best friends • https://github.com/owen-it/laravel-auditing ๏ Eloquent events $ ๏ Custom log handlers, especially in 5.6+ $ Events, auditing, transparency, & access
  28. CODE CONSIDERATIONS FOR THE ENTERPRISE 2 • DDD • Event

    Sourcing • Microservices • API-first • Enterprise Buzzwords
  29. CODE CONSIDERATIONS FOR THE ENTERPRISE 2 • Audit security, up-to-date-ness,

    tests, responsitivity • Consider directly using PHP package instead of the Laravel bridge so you own the bootstrapping • Consider using Laravel components instead of third-party packages (unless third party is another major vendor) if possible for reliability • Limit API interfaces between external packages and your applications; consider building custom bridge/ client/interface Third party packages
  30. PROCESS CONSIDERATIONS FOR THE ENTERPRISE 3 Why? • More developers;

    more new developers; more developers from other stacks; more junior developers How? • Better documentation, IDE-friendliness • Bin scripts for setup; pre-packaged local dev environments • Good tests Easy onboarding
  31. PROCESS CONSIDERATIONS FOR THE ENTERPRISE 3 In large apps and

    orgs, it’s critical to keep the ball moving. Everything: requirements, to processes/ workflows, deployments, code standards & style guides, environments etc. One well known source.…
 - Anthony Terrell (on Twitter) Documentation
  32. PROCESS CONSIDERATIONS FOR THE ENTERPRISE 3 Mentioned before as a

    code issue but: which conventions? • Predictable within organization/code-base and enforced via commit hooks or in CI • Preferably predictable within broader community for easier onboarding and code reuse Conventions about patterns, folders, tools and packages, code organization, config, DI, naming, code style, API style, testing. Conventions and organization
  33. PROCESS CONSIDERATIONS FOR THE ENTERPRISE 3 • Mythical man month

    • More teams, more separate components • Architecture vs. Coding vs. Code Review Splitting responsibilities
  34. ENTERPRISE LARAVEL SUCCESS STORIES 5 • Powers gene.com through many

    millions of visits per month • Powers a significant number of backend tools; deployed by and within complex IT infrastructure • “It’s like PHP, but we actually enjoy working in it.” • “Laravel makes a nice abstraction layer on top of services we need to use, like Google Search Appliance” Genentech
  35. ENTERPRISE LARAVEL SUCCESS STORIES 5 • 42-year old company •

    Currently $432 million/year revenue; recently sold for $1.4billion • 380+ employees Bankrate, Inc.
  36. ENTERPRISE LARAVEL SUCCESS STORIES 5 • Direct connection—import and reporting—to

    the largest insurance providers in the U.S. • Complex business logic around scheduling, time zones, counsellors’ accreditation, missed sessions, and more • Event handling system on counseling session events • Complex auditing system One of the largest Telehealth companies in the world
  37. ENTERPRISE LARAVEL SUCCESS STORIES 5 100% Laravel, running on Red

    Hat / Apache / Maria / PHP: • All communications between corporate and field • 50k+ users daily • Complex legal compliance around tasks, communications, tracking actions through multiple connected systems • 1mil requests/day on average Unnamed 13-billion-dollar retail company
  38. ENTERPRISE LARAVEL SUCCESS STORIES 5 • At @FixicoNL we use

    Laravel 5 at the Enterprise level with #Kubernetes support. Our applications are running 24/7, no matter what. The developers are thrilled with the tech stack. . • 13 devs, 1390 shops serviced, custom dashboards for shops and mobile apps for users • Laravel and Lumen services with entirely decoupled frontend • Tried Doctrine and regretted it; moved to Eloquent with manual getters & setters FixicoNL
  39. ENTERPRISE LARAVEL SUCCESS STORIES 5 • Commerce platform for sandbox

    games—“Shopify for Minecraft” • Over 500k webstores; 169 countries • 16 million payments • 400-500k requests per hour with common 3-4x spikes • One Christmas 1.2m requests/hour Buycraft
  40. ENTERPRISE LARAVEL SUCCESS STORIES 5 • Largest Internet-based career network

    for matching security-cleared professionals with hiring companies. • Targets U.S. government contractors, federal agencies, national laboratories, and universities. • “We chose Laravel for its ease of use, features, and flexibility to integrate with our existing codebase.” • Migrated existing database tables into Eloquent ClearanceJobs.com
  41. ENTERPRISE LARAVEL SUCCESS STORIES 5 • Joe Lennon / •

    Startup supporting crucial business needs of enterprise clients • Multiple-provider SSO • AWS/EB, Load balancing, ElastiCache, SES/SNS/SQS/etc., Cloudfront, and more • Web- and native-based tools built in tandem • “[Our experiences have been] overwhelmingly positive.” Workvivo
  42. ENTERPRISE LARAVEL SUCCESS STORIES 5 • 40+ member dev team,

    interacting with dozens of external teams with different services and codebases • Single Laravel monolith • Read from and write to multiple databases of different database types • Maintain a custom ticketing system & work flow engine • “We have had nothing but a fantastic experience using Laravel.” Major unnamed telecom organization
  43. ENTERPRISE LARAVEL SUCCESS STORIES 5 • $20+ billion in transactions

    • Security audits of entire tech stack; e.g. Laravel, Git, Node, Vue, Nginx, etc. • Have to train non-developers on how to understand/fix entire dev tech stack • Hard to talk about publicly because of approvals, so people don’t know as much about enterprise users of Laravel • “As far as I’m concerned, people saying that Laravel isn’t enterprise ready simply have either no clue and/or have ulterior motives” Unnamed Top 10 U.S. bank
  44. ENTERPRISE LARAVEL SUCCESS STORIES 5 • SaaS for retail •

    POS • Processing for hospitality industry • Used by over 48,000 businesses around the world • Processes over $14 billion in transactions every year Major unnamed Point of Sale provider
  45. ENTERPRISE LARAVEL SUCCESS STORIES 5 • Criterion Collection • Dun

    & Bradstreet • Network54 (acquired recently by Tapatalk) • Toyota • CampingWorld.com • State of Georgia’s official tourism site • Invicta Watches Found from BuiltWith/Google:
  46. • What is the enterprise? • What is enterprise-ready code/framework?

    • Is Laravel enterprise-ready? • What are some code, process, and dev-ops considerations when writing enterprise-focused code? • Who else has used Laravel in the enterprise? • What does Matt want me to remember? Big questions
  47. • Write code for the “lots” of enterprise—lots of team

    members, lots of servers, lots of old tables with bad names, etc. What are some considerations for coding in enterprise contexts?
  48. • Many huge, multibillion-dollar, highly regulated, complex, big companies from

    around the world Who else has used Laravel in the enterprise?
  49. • “Cross that bridge when we’ll get to it” /

    “YAGNI” / “Code for Change” / “You can’t predict the future” / etc. • It’s just PHP ™ • Whatever issue you’ve run into, someone else has likely already hit it—and solved it—in Laravel What does Matt want you to remember?