Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Laravel and the Enterprise

Laravel and the Enterprise

You may have heard some folks say "Laravel is great for small apps, but when it comes to something *real*..."

It's my goal to show how inaccurate and misconceived these criticisms are; to show how many companies are using Laravel in enterprise contexts, and how successfully; and to provide some guidance for common process, code, and dev-ops/deploy concerns when writing enterprise-ready Laravel applications.

Matt Stauffer

June 12, 2018
Tweet

More Decks by Matt Stauffer

Other Decks in Technology

Transcript

  1. PRESENTED BY
    Matt Stauffer
    @stauffermatt
    AND THE
    LARAVEL

    View full-size slide

  2. “Sure, Laravel is great for
    fun little side projects…

    View full-size slide

  3. …but can you use it for
    Enterprise?”

    View full-size slide

  4. en•ter•prise
    [en-ter-PRAHYZ]

    noun
    !

    View full-size slide

  5. Started with Wikipedia…

    View full-size slide

  6. “[Enterprise software…] is computer
    software used to satisfy the needs of an
    organization rather than individual users.”
    WIKIPEDIA

    View full-size slide

  7. “[Enterprise software is…] a collection of
    computer programs with common business
    applications, tools for modeling how the entire
    organization works, and development tools for
    building applications unique to the organization”
    WIKIPEDIA

    View full-size slide

  8. “According to Martin Fowler, ‘[a]bout
    the display, manipulation, and storage of
    large amounts of often complex data
    and the support or automation of
    business processes with that data.’”
    WIKIPEDIA

    View full-size slide

  9. Then asked on Twitter…

    View full-size slide

  10. J.T. GRIMES
    I don't think you can find consensus on what
    "enterprise" means, which means your
    audience will spend an hour arguing "but
    that's not enterprise!" instead of learning. 


    Here there be elephpant-shaped dragons.
    @JT_GRIMES

    View full-size slide

  11. JOHN CORRY
    [You know it’s enterprise if] we spend
    more time in meetings than we do
    building things.
    @JPCORRY

    View full-size slide

  12. MATT JOHNSON
    “Enterprise” is just code for “I have no idea
    what I’m doing on a project this big, please
    take this money and give me a 1-800
    number to call when $#!7 goes south”.
    @MATTJOHNSONSTL

    View full-size slide

  13. • What is enterprise?
    • What is enterprise-ready code, and is Laravel
    enterprise-ready?
    • Key considerations for enterprise code, process, and
    dev-ops/deploys
    • Success stories
    • An aside on YAGNI
    Agenda

    View full-size slide

  14. What is enterprise,
    really?

    View full-size slide

  15. Factors in enterprise projects/teams
    Team size Customer
    base size
    Legal and
    compliance
    constraints
    Dev team size

    View full-size slide

  16. Factors in enterprise projects/teams
    Complication
    of operations /
    deployments
    Distance to
    other teams
    (legal, QA,
    product, etc.)
    Length of
    projects
    Pain if
    offline

    View full-size slide

  17. Factors in enterprise projects/teams
    Legal and
    compliance
    constraints
    Customer
    base size
    Dev team size
    Team size
    LARGE LARGE LOTS
    LARGE

    View full-size slide

  18. Complication
    of operations /
    deployments
    Factors in enterprise projects/teams
    Length of
    projects
    Distance to other
    teams (legal, QA,
    product, etc.)
    Pain if
    offline
    LOTS GREAT LOTS
    LONG

    View full-size slide

  19. Is Laravel
    enterprise-ready?

    View full-size slide

  20. YES.
    #FightTheFUD

    View full-size slide

  21. What is enterprise-ready?
    1

    View full-size slide

  22. WHAT IS ENTERPRISE-READY?
    CONCLUSION:
    1
    • Can connect to multiple providers of other services
    (database, cache, session, etc.), differentiated by config
    variables if needed
    • Trusted proxy and Scaling Laravel for node balancing, etc.
    • Easy pessimistic locking, transactions, etc. for complex
    database interactions
    • Maintenance mode etc. for suggested downtime solutions
    Dev-Ops and Deploy friendliness
    Enterprise Ready ✅

    View full-size slide

  23. WHAT IS ENTERPRISE-READY?
    CONCLUSION:
    1
    • Bcrypt hashing by default, & easy encrypting/decrypting
    • Powerful validation options
    • CSRF & XSS protection out of the box
    • PDO, easy parameterization, mass assignment protection
    • Open source, AKA 10s of thousands of eyes on every LOC
    Security
    Enterprise Ready ✅

    View full-size slide

  24. WHAT IS ENTERPRISE-READY?
    CONCLUSION:
    1
    • Contracts
    • Multi-driver (auth, etc.)
    • All services keyed to single keys (e.g. `logger`) and
    easy to swap out globally
    • It’s just PHP ™
    Flexibility
    Enterprise Ready ✅

    View full-size slide

  25. WHAT IS ENTERPRISE-READY?
    CONCLUSION:
    1
    • Step-by-step upgrade instructions in the docs
    • < 1 day for all recent upgrades; < 4 hours for most
    projects; latest upgrades much simpler
    • Laravel Shift, and Laravel Shift Human Assistance
    (laravelshift.com)
    • Tighten and other agencies help with bigger
    upgrades
    Ease of Upgrades
    Enterprise Ready ✅

    View full-size slide

  26. WHAT IS ENTERPRISE-READY?
    CONCLUSION:
    1
    • LTS releases are 2 years of bug fixes, 3 years of
    security fixes
    • Laravel sponsors/partners get priority access to
    Taylor (https://laravel.com/partners)
    • Tighten is beginning to offer a level of enterprise
    long term care—still in the process of figuring out
    what everyone wants and needs, but we’re here

    (https://tighten.co/laravel/support)
    Long-term Support
    Basically Enterprise Ready ✅

    View full-size slide

  27. What is
    Enterprise
    Ready?
    GeekyBoy.com
    (Adam Culp, of Zend)
    A little help from my friends:

    View full-size slide

  28. WHAT IS ENTERPRISE-READY?
    CONCLUSION:
    1
    • Composer
    • PSR-1, PSR-2, PSR-3, PSR-4, PSR-7*, PSR-11, PSR-16
    • PSR Bridges:
    ๏ PSR-6 (github/madewithlove/illuminate-psr-cache-bridge)
    ๏ PSR-15 (github/jshannon63/laravel-psr15-middleware)
    • Plus composer, and it’s just PHP ™
    Interop(erability)
    Enterprise Ready ✅

    View full-size slide

  29. WHAT IS ENTERPRISE-READY?
    CONCLUSION:
    1
    • What does lockin mean? “Can’t change to another
    vendor in the future.”
    • Can change all dependencies, port all controllers,
    write as much as you want in service class POPOs
    • !
    Avoid lockin
    Enterprise Ready ✅

    View full-size slide

  30. WHAT IS ENTERPRISE-READY?
    CONCLUSION:
    1
    • 1707 contributors
    • Jeffrey taking over
    • Tighten & Other companies supporting
    • What happens to Laravel if Taylor Otwell
    disappears? - mattstauffer.com/blog/what-
    happens-to-laravel-if-taylor-otwell-disappears/
    Contributors
    Enterprise Ready ✅

    View full-size slide

  31. WHAT IS ENTERPRISE-READY?
    CONCLUSION:
    1
    • Laravel documentation
    • Other learning resources
    ๏ Books & Blogs
    ๏ Podcasts
    ๏ Laracasts
    ๏ Training courses
    Documentation
    Enterprise Ready ✅

    View full-size slide

  32. WHAT IS ENTERPRISE-READY?
    CONCLUSION:
    1
    • Follows Symfony release schedule and roadmap for
    all Symfony dependencies
    • No more or less roadmap available than any other
    PHP framework. Build the ideas as you come up
    with them
    Roadmaps
    Enterprise Ready ✅

    View full-size slide

  33. Code considerations
    for the enterprise
    2

    View full-size slide

  34. CODE CONSIDERATIONS FOR THE ENTERPRISE
    2
    [T]he biggest problems of “enterprise” level development is one of
    working in very large teams. Without good organization codebases
    can be difficult to navigate and conflicts can make mayhem -
    predictable places to find code and small files are my top 2 tips…

    - Gary Hockin (on Twitter)
    [D]iscoverability and consistency are paramount when you’re
    dealing with frequent onboarding. My enterprise exp. involves
    many non-Laravel devs too, so I always prefer conventions that
    help the tools help you (e.g. type-hints & docblocks promote
    discovery in IDE)…

    - Sara Bine (on Twitter)
    Conventions, predictability, & discoverability

    View full-size slide

  35. CODE CONSIDERATIONS FOR THE ENTERPRISE
    2
    • Use IDE-friendly verbosity like type-hints and doc
    blocks
    • Lean on Laravel’s established conventions whenever
    possible; less decisions to make and easier to
    onboard Laravel devs new to your codebase
    • Develop and communicate conventions of what
    goes where
    • Set and enforce coding standards (e.g. Nitpick-CI or
    StyleCI)
    Conventions, predictability, & discoverability
    (CONTINUED)

    View full-size slide

  36. CODE CONSIDERATIONS FOR THE ENTERPRISE
    2
    • Write tests
    • Lots of tests
    • Write the broadest tests you can for your context
    • Test your code and test that it works with the code
    it’s supposed to interact with, especially if you don’t
    maintain the code it’s supposed to interact with
    • Enterprise best testing practices == best testing
    practices
    Tests and test coverage (CONTINUED)

    View full-size slide

  37. CODE CONSIDERATIONS FOR THE ENTERPRISE
    2
    Tests and test coverage
    TestDrivenLaravel.com

    View full-size slide

  38. CODE CONSIDERATIONS FOR THE ENTERPRISE
    2
    It’s tempting to worry about performance etc but there are well
    known solutions to that problem like caching - maintainability is
    key to long living projects and being able to find the code you
    want to change is the number one problem when we were
    called in as consultants…

    - Gary Hockin (on Twitter)
    Performance

    View full-size slide

  39. CODE CONSIDERATIONS FOR THE ENTERPRISE
    2
    • DebugBar/query optimization, n+1 and eager loading,
    and the usuals (database indexing and chunking, etc.)
    • If possible, optimize later (premature optimization is
    almost always wrong)
    • Lead up: Performance issues aren’t bad, they’re
    opportunities to refactor with a lot of useful
    information
    • Queues, workers, cache, spin off microservices
    Performance (CONTINUED)

    View full-size slide

  40. CODE CONSIDERATIONS FOR THE ENTERPRISE
    2
    Performance (CONTINUED)
    ScalingLaravel.com

    View full-size slide

  41. CODE CONSIDERATIONS FOR THE ENTERPRISE
    2
    Build
    projections
    from older
    systems
    Database concerns
    Transactions
    and locking
    Multi-
    database
    connections
    Adjust for
    legacy table
    systems
    1 2 3 4

    View full-size slide

  42. CODE CONSIDERATIONS FOR THE ENTERPRISE
    2
    Microservices
    and API-first

    View full-size slide

  43. CODE CONSIDERATIONS FOR THE ENTERPRISE
    2
    • It’s just PHP ™
    Login/SSO

    View full-size slide

  44. CODE CONSIDERATIONS FOR THE ENTERPRISE
    2
    Scale friendliness
    Separation of
    architecture
    concerns
    Flexible
    configuration
    management
    Cache-ability Componentization
    1 2 3 4

    View full-size slide

  45. CODE CONSIDERATIONS FOR THE ENTERPRISE
    2
    • Laravel’s ACL (or those offered in third party
    packages) are your best friends
    • https://github.com/owen-it/laravel-auditing
    ๏ Eloquent events $
    ๏ Custom log handlers, especially in 5.6+ $
    Events, auditing, transparency, & access

    View full-size slide

  46. CODE CONSIDERATIONS FOR THE ENTERPRISE
    2
    • DDD
    • Event Sourcing
    • Microservices
    • API-first
    • Enterprise
    Buzzwords

    View full-size slide

  47. CODE CONSIDERATIONS FOR THE ENTERPRISE
    2
    • Audit security, up-to-date-ness, tests, responsitivity
    • Consider directly using PHP package instead of the
    Laravel bridge so you own the bootstrapping
    • Consider using Laravel components instead of
    third-party packages (unless third party is another
    major vendor) if possible for reliability
    • Limit API interfaces between external packages and
    your applications; consider building custom bridge/
    client/interface
    Third party packages

    View full-size slide

  48. Process considerations
    for the enterprise
    3

    View full-size slide

  49. PROCESS CONSIDERATIONS FOR THE ENTERPRISE
    3
    Why?
    • More developers; more new developers; more
    developers from other stacks; more junior developers
    How?
    • Better documentation, IDE-friendliness
    • Bin scripts for setup; pre-packaged local dev
    environments
    • Good tests
    Easy onboarding

    View full-size slide

  50. PROCESS CONSIDERATIONS FOR THE ENTERPRISE
    3
    In large apps and orgs, it’s critical to keep the ball
    moving. Everything: requirements, to processes/
    workflows, deployments, code standards & style
    guides, environments etc. One well known source.…

    - Anthony Terrell (on Twitter)
    Documentation

    View full-size slide

  51. PROCESS CONSIDERATIONS FOR THE ENTERPRISE
    3
    Mentioned before as a code issue but: which
    conventions?
    • Predictable within organization/code-base and
    enforced via commit hooks or in CI
    • Preferably predictable within broader community
    for easier onboarding and code reuse
    Conventions about patterns, folders, tools and
    packages, code organization, config, DI, naming,
    code style, API style, testing.
    Conventions and organization

    View full-size slide

  52. PROCESS CONSIDERATIONS FOR THE ENTERPRISE
    3
    • Mythical man month
    • More teams, more separate components
    • Architecture vs. Coding vs. Code Review
    Splitting responsibilities

    View full-size slide

  53. PROCESS CONSIDERATIONS FOR THE ENTERPRISE
    3
    Sprint cycles
    and lower-case
    “a” agile

    View full-size slide

  54. PROCESS CONSIDERATIONS FOR THE ENTERPRISE
    3
    Tech debt
    management
    strategy

    View full-size slide

  55. PROCESS CONSIDERATIONS FOR THE ENTERPRISE
    3
    Source control
    & deploy
    strategy

    View full-size slide

  56. PROCESS CONSIDERATIONS FOR THE ENTERPRISE
    3
    Hiring and
    contractors

    View full-size slide

  57. PROCESS CONSIDERATIONS FOR THE ENTERPRISE
    3
    Laravel norms
    are key…unless
    they’re not

    View full-size slide

  58. Dev-ops/Deploy considerations
    for the enterprise
    4

    View full-size slide

  59. DEV-OPS CONSIDERATIONS FOR THE ENTERPRISE
    4
    It’s all out of
    your hands

    View full-size slide

  60. DEV-OPS CONSIDERATIONS FOR THE ENTERPRISE
    4
    Scaling, sharding,
    replicating, load
    balancing

    View full-size slide

  61. DEV-OPS CONSIDERATIONS FOR THE ENTERPRISE
    4
    Environments
    and Deploys

    View full-size slide

  62. DEV-OPS CONSIDERATIONS FOR THE ENTERPRISE
    4
    Only run it
    once!

    View full-size slide

  63. DEV-OPS CONSIDERATIONS FOR THE ENTERPRISE
    4
    Rate limiting

    View full-size slide

  64. DEV-OPS CONSIDERATIONS FOR THE ENTERPRISE
    4
    Measure
    and act

    View full-size slide

  65. Success stories
    5

    View full-size slide

  66. ENTERPRISE LARAVEL SUCCESS STORIES
    5
    • Powers gene.com through many millions of visits
    per month
    • Powers a significant number of backend tools;
    deployed by and within complex IT infrastructure
    • “It’s like PHP, but we actually enjoy working in it.”
    • “Laravel makes a nice abstraction layer on top of
    services we need to use, like Google Search
    Appliance”
    Genentech

    View full-size slide

  67. ENTERPRISE LARAVEL SUCCESS STORIES
    5
    • 42-year old company
    • Currently $432 million/year revenue; recently sold
    for $1.4billion
    • 380+ employees
    Bankrate, Inc.

    View full-size slide

  68. ENTERPRISE LARAVEL SUCCESS STORIES
    5
    • Direct connection—import and reporting—to the
    largest insurance providers in the U.S.
    • Complex business logic around scheduling, time
    zones, counsellors’ accreditation, missed sessions,
    and more
    • Event handling system on counseling session events
    • Complex auditing system
    One of the largest Telehealth companies in the world

    View full-size slide

  69. ENTERPRISE LARAVEL SUCCESS STORIES
    5
    100% Laravel, running on Red Hat / Apache / Maria / PHP:
    • All communications between corporate and field
    • 50k+ users daily
    • Complex legal compliance around tasks,
    communications, tracking actions through multiple
    connected systems
    • 1mil requests/day on average
    Unnamed 13-billion-dollar retail company

    View full-size slide

  70. ENTERPRISE LARAVEL SUCCESS STORIES
    5
    • At @FixicoNL we use Laravel 5 at the Enterprise level with
    #Kubernetes support. Our applications are running 24/7, no
    matter what. The developers are thrilled with the tech stack. .
    • 13 devs, 1390 shops serviced, custom dashboards for shops and
    mobile apps for users
    • Laravel and Lumen services with entirely decoupled frontend
    • Tried Doctrine and regretted it; moved to Eloquent with manual
    getters & setters
    FixicoNL

    View full-size slide

  71. ENTERPRISE LARAVEL SUCCESS STORIES
    5
    • Commerce platform for sandbox games—“Shopify
    for Minecraft”
    • Over 500k webstores; 169 countries
    • 16 million payments
    • 400-500k requests per hour with common 3-4x
    spikes
    • One Christmas 1.2m requests/hour
    Buycraft

    View full-size slide

  72. ENTERPRISE LARAVEL SUCCESS STORIES
    5
    • Largest Internet-based career network for matching
    security-cleared professionals with hiring
    companies.
    • Targets U.S. government contractors, federal
    agencies, national laboratories, and universities.
    • “We chose Laravel for its ease of use, features, and
    flexibility to integrate with our existing codebase.”
    • Migrated existing database tables into Eloquent
    ClearanceJobs.com

    View full-size slide

  73. ENTERPRISE LARAVEL SUCCESS STORIES
    5
    • Joe Lennon /
    • Startup supporting crucial business needs of enterprise
    clients
    • Multiple-provider SSO
    • AWS/EB, Load balancing, ElastiCache, SES/SNS/SQS/etc.,
    Cloudfront, and more
    • Web- and native-based tools built in tandem
    • “[Our experiences have been] overwhelmingly positive.”
    Workvivo

    View full-size slide

  74. ENTERPRISE LARAVEL SUCCESS STORIES
    5
    • 40+ member dev team, interacting with dozens of
    external teams with different services and codebases
    • Single Laravel monolith
    • Read from and write to multiple databases of different
    database types
    • Maintain a custom ticketing system & work flow engine
    • “We have had nothing but a fantastic experience using
    Laravel.”
    Major unnamed telecom organization

    View full-size slide

  75. ENTERPRISE LARAVEL SUCCESS STORIES
    5
    • $20+ billion in transactions
    • Security audits of entire tech stack; e.g. Laravel, Git, Node,
    Vue, Nginx, etc.
    • Have to train non-developers on how to understand/fix
    entire dev tech stack
    • Hard to talk about publicly because of approvals, so people
    don’t know as much about enterprise users of Laravel
    • “As far as I’m concerned, people saying that Laravel isn’t
    enterprise ready simply have either no clue and/or have
    ulterior motives”
    Unnamed Top 10 U.S. bank

    View full-size slide

  76. ENTERPRISE LARAVEL SUCCESS STORIES
    5
    • SaaS for retail
    • POS
    • Processing for hospitality industry
    • Used by over 48,000 businesses around the world
    • Processes over $14 billion in transactions every year
    Major unnamed Point of Sale provider

    View full-size slide

  77. ENTERPRISE LARAVEL SUCCESS STORIES
    5
    • Criterion Collection
    • Dun & Bradstreet
    • Network54 (acquired recently by Tapatalk)
    • Toyota
    • CampingWorld.com
    • State of Georgia’s official tourism site
    • Invicta Watches
    Found from BuiltWith/Google:

    View full-size slide

  78. Laravel is in the enterprise already.
    And they love it.

    View full-size slide

  79. You can’t predict the future

    View full-size slide

  80. You’ll never know less
    about a project than you
    do on the first day.

    View full-size slide

  81. JIT (Just-in-Time) optimizations

    View full-size slide

  82. “Let’s cross that bridge
    when we get to it.”

    View full-size slide

  83. https://www.youtube.com/watch?v=uQUxJObxTUs

    View full-size slide

  84. Conclusions
    and stuff?

    View full-size slide

  85. • What is the enterprise?
    • What is enterprise-ready code/framework?
    • Is Laravel enterprise-ready?
    • What are some code, process, and dev-ops
    considerations when writing enterprise-focused code?
    • Who else has used Laravel in the enterprise?
    • What does Matt want me to remember?
    Big questions

    View full-size slide

  86. • !
    • (bigger, larger, more)
    What is the enterprise?

    View full-size slide

  87. • It’s complicated.
    • (flexible, secure, stable, clear, etc.)
    What is enterprise-ready code/framework?

    View full-size slide

  88. • Yep! #FightTheFUD
    Is Laravel enterprise-ready?

    View full-size slide

  89. • Write code for the “lots” of
    enterprise—lots of team members,
    lots of servers, lots of old tables
    with bad names, etc.
    What are some considerations for
    coding in enterprise contexts?

    View full-size slide

  90. • Many huge, multibillion-dollar,
    highly regulated, complex, big
    companies from around the world
    Who else has used Laravel in the enterprise?

    View full-size slide

  91. • “Cross that bridge when we’ll get to it” / “YAGNI” /
    “Code for Change” / “You can’t predict the future” /
    etc.
    • It’s just PHP ™
    • Whatever issue you’ve run into, someone else has
    likely already hit it—and solved it—in Laravel
    What does Matt want you to remember?

    View full-size slide

  92. One more thing!

    View full-size slide

  93. My Offer
    https://enterpriselaravel.com/help-me

    View full-size slide

  94. Resources
    https://enterpriselaravel.com/

    View full-size slide

  95. This ain’t over…

    View full-size slide