Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Laravel and the Enterprise

Laravel and the Enterprise

You may have heard some folks say "Laravel is great for small apps, but when it comes to something *real*..."

It's my goal to show how inaccurate and misconceived these criticisms are; to show how many companies are using Laravel in enterprise contexts, and how successfully; and to provide some guidance for common process, code, and dev-ops/deploy concerns when writing enterprise-ready Laravel applications.

Matt Stauffer

June 12, 2018
Tweet

More Decks by Matt Stauffer

Other Decks in Technology

Transcript

  1. PRESENTED BY
    Matt Stauffer
    @stauffermatt
    AND THE
    LARAVEL

    View Slide

  2. “Sure, Laravel is great for
    fun little side projects…

    View Slide

  3. …but can you use it for
    Enterprise?”

    View Slide

  4. View Slide

  5. View Slide

  6. en•ter•prise
    [en-ter-PRAHYZ]

    noun
    !

    View Slide

  7. Started with Wikipedia…

    View Slide

  8. “[Enterprise software…] is computer
    software used to satisfy the needs of an
    organization rather than individual users.”
    WIKIPEDIA

    View Slide

  9. “[Enterprise software is…] a collection of
    computer programs with common business
    applications, tools for modeling how the entire
    organization works, and development tools for
    building applications unique to the organization”
    WIKIPEDIA

    View Slide

  10. “According to Martin Fowler, ‘[a]bout
    the display, manipulation, and storage of
    large amounts of often complex data
    and the support or automation of
    business processes with that data.’”
    WIKIPEDIA

    View Slide

  11. Then asked on Twitter…

    View Slide

  12. J.T. GRIMES
    I don't think you can find consensus on what
    "enterprise" means, which means your
    audience will spend an hour arguing "but
    that's not enterprise!" instead of learning. 


    Here there be elephpant-shaped dragons.
    @JT_GRIMES

    View Slide

  13. JOHN CORRY
    [You know it’s enterprise if] we spend
    more time in meetings than we do
    building things.
    @JPCORRY

    View Slide

  14. MATT JOHNSON
    “Enterprise” is just code for “I have no idea
    what I’m doing on a project this big, please
    take this money and give me a 1-800
    number to call when $#!7 goes south”.
    @MATTJOHNSONSTL

    View Slide

  15. • What is enterprise?
    • What is enterprise-ready code, and is Laravel
    enterprise-ready?
    • Key considerations for enterprise code, process, and
    dev-ops/deploys
    • Success stories
    • An aside on YAGNI
    Agenda

    View Slide

  16. What is enterprise,
    really?

    View Slide

  17. Factors in enterprise projects/teams
    Team size Customer
    base size
    Legal and
    compliance
    constraints
    Dev team size

    View Slide

  18. Factors in enterprise projects/teams
    Complication
    of operations /
    deployments
    Distance to
    other teams
    (legal, QA,
    product, etc.)
    Length of
    projects
    Pain if
    offline

    View Slide

  19. Factors in enterprise projects/teams
    Legal and
    compliance
    constraints
    Customer
    base size
    Dev team size
    Team size
    LARGE LARGE LOTS
    LARGE

    View Slide

  20. Complication
    of operations /
    deployments
    Factors in enterprise projects/teams
    Length of
    projects
    Distance to other
    teams (legal, QA,
    product, etc.)
    Pain if
    offline
    LOTS GREAT LOTS
    LONG

    View Slide

  21. Is Laravel
    enterprise-ready?

    View Slide

  22. YES.
    #FightTheFUD

    View Slide

  23. What is enterprise-ready?
    1

    View Slide

  24. WHAT IS ENTERPRISE-READY?
    CONCLUSION:
    1
    • Can connect to multiple providers of other services
    (database, cache, session, etc.), differentiated by config
    variables if needed
    • Trusted proxy and Scaling Laravel for node balancing, etc.
    • Easy pessimistic locking, transactions, etc. for complex
    database interactions
    • Maintenance mode etc. for suggested downtime solutions
    Dev-Ops and Deploy friendliness
    Enterprise Ready ✅

    View Slide

  25. WHAT IS ENTERPRISE-READY?
    CONCLUSION:
    1
    • Bcrypt hashing by default, & easy encrypting/decrypting
    • Powerful validation options
    • CSRF & XSS protection out of the box
    • PDO, easy parameterization, mass assignment protection
    • Open source, AKA 10s of thousands of eyes on every LOC
    Security
    Enterprise Ready ✅

    View Slide

  26. WHAT IS ENTERPRISE-READY?
    CONCLUSION:
    1
    • Contracts
    • Multi-driver (auth, etc.)
    • All services keyed to single keys (e.g. `logger`) and
    easy to swap out globally
    • It’s just PHP ™
    Flexibility
    Enterprise Ready ✅

    View Slide

  27. WHAT IS ENTERPRISE-READY?
    CONCLUSION:
    1
    • Step-by-step upgrade instructions in the docs
    • < 1 day for all recent upgrades; < 4 hours for most
    projects; latest upgrades much simpler
    • Laravel Shift, and Laravel Shift Human Assistance
    (laravelshift.com)
    • Tighten and other agencies help with bigger
    upgrades
    Ease of Upgrades
    Enterprise Ready ✅

    View Slide

  28. WHAT IS ENTERPRISE-READY?
    CONCLUSION:
    1
    • LTS releases are 2 years of bug fixes, 3 years of
    security fixes
    • Laravel sponsors/partners get priority access to
    Taylor (https://laravel.com/partners)
    • Tighten is beginning to offer a level of enterprise
    long term care—still in the process of figuring out
    what everyone wants and needs, but we’re here

    (https://tighten.co/laravel/support)
    Long-term Support
    Basically Enterprise Ready ✅

    View Slide

  29. What is
    Enterprise
    Ready?
    GeekyBoy.com
    (Adam Culp, of Zend)
    A little help from my friends:

    View Slide

  30. WHAT IS ENTERPRISE-READY?
    CONCLUSION:
    1
    • Composer
    • PSR-1, PSR-2, PSR-3, PSR-4, PSR-7*, PSR-11, PSR-16
    • PSR Bridges:
    ๏ PSR-6 (github/madewithlove/illuminate-psr-cache-bridge)
    ๏ PSR-15 (github/jshannon63/laravel-psr15-middleware)
    • Plus composer, and it’s just PHP ™
    Interop(erability)
    Enterprise Ready ✅

    View Slide

  31. WHAT IS ENTERPRISE-READY?
    CONCLUSION:
    1
    • What does lockin mean? “Can’t change to another
    vendor in the future.”
    • Can change all dependencies, port all controllers,
    write as much as you want in service class POPOs
    • !
    Avoid lockin
    Enterprise Ready ✅

    View Slide

  32. WHAT IS ENTERPRISE-READY?
    CONCLUSION:
    1
    • 1707 contributors
    • Jeffrey taking over
    • Tighten & Other companies supporting
    • What happens to Laravel if Taylor Otwell
    disappears? - mattstauffer.com/blog/what-
    happens-to-laravel-if-taylor-otwell-disappears/
    Contributors
    Enterprise Ready ✅

    View Slide

  33. WHAT IS ENTERPRISE-READY?
    CONCLUSION:
    1
    • Laravel documentation
    • Other learning resources
    ๏ Books & Blogs
    ๏ Podcasts
    ๏ Laracasts
    ๏ Training courses
    Documentation
    Enterprise Ready ✅

    View Slide

  34. WHAT IS ENTERPRISE-READY?
    CONCLUSION:
    1
    • Follows Symfony release schedule and roadmap for
    all Symfony dependencies
    • No more or less roadmap available than any other
    PHP framework. Build the ideas as you come up
    with them
    Roadmaps
    Enterprise Ready ✅

    View Slide

  35. Code considerations
    for the enterprise
    2

    View Slide

  36. CODE CONSIDERATIONS FOR THE ENTERPRISE
    2
    [T]he biggest problems of “enterprise” level development is one of
    working in very large teams. Without good organization codebases
    can be difficult to navigate and conflicts can make mayhem -
    predictable places to find code and small files are my top 2 tips…

    - Gary Hockin (on Twitter)
    [D]iscoverability and consistency are paramount when you’re
    dealing with frequent onboarding. My enterprise exp. involves
    many non-Laravel devs too, so I always prefer conventions that
    help the tools help you (e.g. type-hints & docblocks promote
    discovery in IDE)…

    - Sara Bine (on Twitter)
    Conventions, predictability, & discoverability

    View Slide

  37. CODE CONSIDERATIONS FOR THE ENTERPRISE
    2
    • Use IDE-friendly verbosity like type-hints and doc
    blocks
    • Lean on Laravel’s established conventions whenever
    possible; less decisions to make and easier to
    onboard Laravel devs new to your codebase
    • Develop and communicate conventions of what
    goes where
    • Set and enforce coding standards (e.g. Nitpick-CI or
    StyleCI)
    Conventions, predictability, & discoverability
    (CONTINUED)

    View Slide

  38. CODE CONSIDERATIONS FOR THE ENTERPRISE
    2
    • Write tests
    • Lots of tests
    • Write the broadest tests you can for your context
    • Test your code and test that it works with the code
    it’s supposed to interact with, especially if you don’t
    maintain the code it’s supposed to interact with
    • Enterprise best testing practices == best testing
    practices
    Tests and test coverage (CONTINUED)

    View Slide

  39. CODE CONSIDERATIONS FOR THE ENTERPRISE
    2
    Tests and test coverage
    TestDrivenLaravel.com

    View Slide

  40. CODE CONSIDERATIONS FOR THE ENTERPRISE
    2
    It’s tempting to worry about performance etc but there are well
    known solutions to that problem like caching - maintainability is
    key to long living projects and being able to find the code you
    want to change is the number one problem when we were
    called in as consultants…

    - Gary Hockin (on Twitter)
    Performance

    View Slide

  41. CODE CONSIDERATIONS FOR THE ENTERPRISE
    2
    • DebugBar/query optimization, n+1 and eager loading,
    and the usuals (database indexing and chunking, etc.)
    • If possible, optimize later (premature optimization is
    almost always wrong)
    • Lead up: Performance issues aren’t bad, they’re
    opportunities to refactor with a lot of useful
    information
    • Queues, workers, cache, spin off microservices
    Performance (CONTINUED)

    View Slide

  42. CODE CONSIDERATIONS FOR THE ENTERPRISE
    2
    Performance (CONTINUED)
    ScalingLaravel.com

    View Slide

  43. CODE CONSIDERATIONS FOR THE ENTERPRISE
    2
    Build
    projections
    from older
    systems
    Database concerns
    Transactions
    and locking
    Multi-
    database
    connections
    Adjust for
    legacy table
    systems
    1 2 3 4

    View Slide

  44. CODE CONSIDERATIONS FOR THE ENTERPRISE
    2
    Microservices
    and API-first

    View Slide

  45. CODE CONSIDERATIONS FOR THE ENTERPRISE
    2
    • It’s just PHP ™
    Login/SSO

    View Slide

  46. CODE CONSIDERATIONS FOR THE ENTERPRISE
    2
    Scale friendliness
    Separation of
    architecture
    concerns
    Flexible
    configuration
    management
    Cache-ability Componentization
    1 2 3 4

    View Slide

  47. CODE CONSIDERATIONS FOR THE ENTERPRISE
    2
    • Laravel’s ACL (or those offered in third party
    packages) are your best friends
    • https://github.com/owen-it/laravel-auditing
    ๏ Eloquent events $
    ๏ Custom log handlers, especially in 5.6+ $
    Events, auditing, transparency, & access

    View Slide

  48. CODE CONSIDERATIONS FOR THE ENTERPRISE
    2
    • DDD
    • Event Sourcing
    • Microservices
    • API-first
    • Enterprise
    Buzzwords

    View Slide

  49. CODE CONSIDERATIONS FOR THE ENTERPRISE
    2
    • Audit security, up-to-date-ness, tests, responsitivity
    • Consider directly using PHP package instead of the
    Laravel bridge so you own the bootstrapping
    • Consider using Laravel components instead of
    third-party packages (unless third party is another
    major vendor) if possible for reliability
    • Limit API interfaces between external packages and
    your applications; consider building custom bridge/
    client/interface
    Third party packages

    View Slide

  50. Process considerations
    for the enterprise
    3

    View Slide

  51. PROCESS CONSIDERATIONS FOR THE ENTERPRISE
    3
    Why?
    • More developers; more new developers; more
    developers from other stacks; more junior developers
    How?
    • Better documentation, IDE-friendliness
    • Bin scripts for setup; pre-packaged local dev
    environments
    • Good tests
    Easy onboarding

    View Slide

  52. PROCESS CONSIDERATIONS FOR THE ENTERPRISE
    3
    In large apps and orgs, it’s critical to keep the ball
    moving. Everything: requirements, to processes/
    workflows, deployments, code standards & style
    guides, environments etc. One well known source.…

    - Anthony Terrell (on Twitter)
    Documentation

    View Slide

  53. PROCESS CONSIDERATIONS FOR THE ENTERPRISE
    3
    Mentioned before as a code issue but: which
    conventions?
    • Predictable within organization/code-base and
    enforced via commit hooks or in CI
    • Preferably predictable within broader community
    for easier onboarding and code reuse
    Conventions about patterns, folders, tools and
    packages, code organization, config, DI, naming,
    code style, API style, testing.
    Conventions and organization

    View Slide

  54. PROCESS CONSIDERATIONS FOR THE ENTERPRISE
    3
    • Mythical man month
    • More teams, more separate components
    • Architecture vs. Coding vs. Code Review
    Splitting responsibilities

    View Slide

  55. PROCESS CONSIDERATIONS FOR THE ENTERPRISE
    3
    Sprint cycles
    and lower-case
    “a” agile

    View Slide

  56. PROCESS CONSIDERATIONS FOR THE ENTERPRISE
    3
    Tech debt
    management
    strategy

    View Slide

  57. PROCESS CONSIDERATIONS FOR THE ENTERPRISE
    3
    Source control
    & deploy
    strategy

    View Slide

  58. PROCESS CONSIDERATIONS FOR THE ENTERPRISE
    3
    Hiring and
    contractors

    View Slide

  59. PROCESS CONSIDERATIONS FOR THE ENTERPRISE
    3
    Laravel norms
    are key…unless
    they’re not

    View Slide

  60. Dev-ops/Deploy considerations
    for the enterprise
    4

    View Slide

  61. DEV-OPS CONSIDERATIONS FOR THE ENTERPRISE
    4
    It’s all out of
    your hands

    View Slide

  62. DEV-OPS CONSIDERATIONS FOR THE ENTERPRISE
    4
    Scaling, sharding,
    replicating, load
    balancing

    View Slide

  63. DEV-OPS CONSIDERATIONS FOR THE ENTERPRISE
    4
    Environments
    and Deploys

    View Slide

  64. DEV-OPS CONSIDERATIONS FOR THE ENTERPRISE
    4
    Only run it
    once!

    View Slide

  65. DEV-OPS CONSIDERATIONS FOR THE ENTERPRISE
    4
    Rate limiting

    View Slide

  66. DEV-OPS CONSIDERATIONS FOR THE ENTERPRISE
    4
    Measure
    and act

    View Slide

  67. Success stories
    5

    View Slide

  68. ENTERPRISE LARAVEL SUCCESS STORIES
    5
    • Powers gene.com through many millions of visits
    per month
    • Powers a significant number of backend tools;
    deployed by and within complex IT infrastructure
    • “It’s like PHP, but we actually enjoy working in it.”
    • “Laravel makes a nice abstraction layer on top of
    services we need to use, like Google Search
    Appliance”
    Genentech

    View Slide

  69. ENTERPRISE LARAVEL SUCCESS STORIES
    5
    • 42-year old company
    • Currently $432 million/year revenue; recently sold
    for $1.4billion
    • 380+ employees
    Bankrate, Inc.

    View Slide

  70. ENTERPRISE LARAVEL SUCCESS STORIES
    5
    • Direct connection—import and reporting—to the
    largest insurance providers in the U.S.
    • Complex business logic around scheduling, time
    zones, counsellors’ accreditation, missed sessions,
    and more
    • Event handling system on counseling session events
    • Complex auditing system
    One of the largest Telehealth companies in the world

    View Slide

  71. ENTERPRISE LARAVEL SUCCESS STORIES
    5
    100% Laravel, running on Red Hat / Apache / Maria / PHP:
    • All communications between corporate and field
    • 50k+ users daily
    • Complex legal compliance around tasks,
    communications, tracking actions through multiple
    connected systems
    • 1mil requests/day on average
    Unnamed 13-billion-dollar retail company

    View Slide

  72. ENTERPRISE LARAVEL SUCCESS STORIES
    5
    • At @FixicoNL we use Laravel 5 at the Enterprise level with
    #Kubernetes support. Our applications are running 24/7, no
    matter what. The developers are thrilled with the tech stack. .
    • 13 devs, 1390 shops serviced, custom dashboards for shops and
    mobile apps for users
    • Laravel and Lumen services with entirely decoupled frontend
    • Tried Doctrine and regretted it; moved to Eloquent with manual
    getters & setters
    FixicoNL

    View Slide

  73. ENTERPRISE LARAVEL SUCCESS STORIES
    5
    • Commerce platform for sandbox games—“Shopify
    for Minecraft”
    • Over 500k webstores; 169 countries
    • 16 million payments
    • 400-500k requests per hour with common 3-4x
    spikes
    • One Christmas 1.2m requests/hour
    Buycraft

    View Slide

  74. ENTERPRISE LARAVEL SUCCESS STORIES
    5
    • Largest Internet-based career network for matching
    security-cleared professionals with hiring
    companies.
    • Targets U.S. government contractors, federal
    agencies, national laboratories, and universities.
    • “We chose Laravel for its ease of use, features, and
    flexibility to integrate with our existing codebase.”
    • Migrated existing database tables into Eloquent
    ClearanceJobs.com

    View Slide

  75. ENTERPRISE LARAVEL SUCCESS STORIES
    5
    • Joe Lennon /
    • Startup supporting crucial business needs of enterprise
    clients
    • Multiple-provider SSO
    • AWS/EB, Load balancing, ElastiCache, SES/SNS/SQS/etc.,
    Cloudfront, and more
    • Web- and native-based tools built in tandem
    • “[Our experiences have been] overwhelmingly positive.”
    Workvivo

    View Slide

  76. ENTERPRISE LARAVEL SUCCESS STORIES
    5
    • 40+ member dev team, interacting with dozens of
    external teams with different services and codebases
    • Single Laravel monolith
    • Read from and write to multiple databases of different
    database types
    • Maintain a custom ticketing system & work flow engine
    • “We have had nothing but a fantastic experience using
    Laravel.”
    Major unnamed telecom organization

    View Slide

  77. ENTERPRISE LARAVEL SUCCESS STORIES
    5
    • $20+ billion in transactions
    • Security audits of entire tech stack; e.g. Laravel, Git, Node,
    Vue, Nginx, etc.
    • Have to train non-developers on how to understand/fix
    entire dev tech stack
    • Hard to talk about publicly because of approvals, so people
    don’t know as much about enterprise users of Laravel
    • “As far as I’m concerned, people saying that Laravel isn’t
    enterprise ready simply have either no clue and/or have
    ulterior motives”
    Unnamed Top 10 U.S. bank

    View Slide

  78. ENTERPRISE LARAVEL SUCCESS STORIES
    5
    • SaaS for retail
    • POS
    • Processing for hospitality industry
    • Used by over 48,000 businesses around the world
    • Processes over $14 billion in transactions every year
    Major unnamed Point of Sale provider

    View Slide

  79. ENTERPRISE LARAVEL SUCCESS STORIES
    5
    • Criterion Collection
    • Dun & Bradstreet
    • Network54 (acquired recently by Tapatalk)
    • Toyota
    • CampingWorld.com
    • State of Georgia’s official tourism site
    • Invicta Watches
    Found from BuiltWith/Google:

    View Slide

  80. Laravel is in the enterprise already.
    And they love it.

    View Slide

  81. You can’t predict the future

    View Slide

  82. You’ll never know less
    about a project than you
    do on the first day.

    View Slide

  83. JIT (Just-in-Time) optimizations

    View Slide

  84. “Let’s cross that bridge
    when we get to it.”

    View Slide

  85. YAGNI

    View Slide

  86. https://www.youtube.com/watch?v=uQUxJObxTUs

    View Slide

  87. View Slide

  88. View Slide

  89. View Slide

  90. View Slide

  91. View Slide

  92. Conclusions
    and stuff?

    View Slide

  93. • What is the enterprise?
    • What is enterprise-ready code/framework?
    • Is Laravel enterprise-ready?
    • What are some code, process, and dev-ops
    considerations when writing enterprise-focused code?
    • Who else has used Laravel in the enterprise?
    • What does Matt want me to remember?
    Big questions

    View Slide

  94. • !
    • (bigger, larger, more)
    What is the enterprise?

    View Slide

  95. • It’s complicated.
    • (flexible, secure, stable, clear, etc.)
    What is enterprise-ready code/framework?

    View Slide

  96. • Yep! #FightTheFUD
    Is Laravel enterprise-ready?

    View Slide

  97. • Write code for the “lots” of
    enterprise—lots of team members,
    lots of servers, lots of old tables
    with bad names, etc.
    What are some considerations for
    coding in enterprise contexts?

    View Slide

  98. • Many huge, multibillion-dollar,
    highly regulated, complex, big
    companies from around the world
    Who else has used Laravel in the enterprise?

    View Slide

  99. • “Cross that bridge when we’ll get to it” / “YAGNI” /
    “Code for Change” / “You can’t predict the future” /
    etc.
    • It’s just PHP ™
    • Whatever issue you’ve run into, someone else has
    likely already hit it—and solved it—in Laravel
    What does Matt want you to remember?

    View Slide

  100. One more thing!

    View Slide

  101. My Offer
    https://enterpriselaravel.com/help-me

    View Slide

  102. Resources
    https://enterpriselaravel.com/

    View Slide

  103. This ain’t over…

    View Slide