Laravel and the Enterprise

PRESENTED BY
Matt Stauffer
@stauffermatt
AND THE
LARAVEL

View Slide

“Sure, Laravel is great for
fun little side projects…

View Slide

…but can you use it for
Enterprise?”

View Slide

View Slide

en•ter•prise
[en-ter-PRAHYZ] 
noun
!

View Slide

Started with Wikipedia…

View Slide

“[Enterprise software…] is computer
software used to satisfy the needs of an
organization rather than individual users.”
WIKIPEDIA

View Slide

“[Enterprise software is…] a collection of
computer programs with common business
applications, tools for modeling how the entire
organization works, and development tools for
building applications unique to the organization”
WIKIPEDIA

View Slide

“According to Martin Fowler, ‘[a]bout
the display, manipulation, and storage of
large amounts of often complex data
and the support or automation of
business processes with that data.’”
WIKIPEDIA

View Slide

Then asked on Twitter…

View Slide

J.T. GRIMES
I don't think you can find consensus on what
"enterprise" means, which means your
audience will spend an hour arguing "but
that's not enterprise!" instead of learning.  
 
Here there be elephpant-shaped dragons.
@JT_GRIMES

View Slide

JOHN CORRY
[You know it’s enterprise if] we spend
more time in meetings than we do
building things.
@JPCORRY

View Slide

MATT JOHNSON
“Enterprise” is just code for “I have no idea
what I’m doing on a project this big, please
take this money and give me a 1-800
number to call when $#!7 goes south”.
@MATTJOHNSONSTL

View Slide

• What is enterprise?
• What is enterprise-ready code, and is Laravel
enterprise-ready?
• Key considerations for enterprise code, process, and
dev-ops/deploys
• Success stories
• An aside on YAGNI
Agenda

View Slide

What is enterprise,
really?

View Slide

Factors in enterprise projects/teams
Team size Customer
base size
Legal and
compliance
constraints
Dev team size

View Slide

Complication
of operations /
deployments
Distance to
other teams
(legal, QA,
product, etc.)
Length of
projects
Pain if
oﬄine

View Slide

Legal and
compliance
constraints
Customer
base size
Dev team size
Team size
LARGE LARGE LOTS
LARGE

View Slide

Complication
of operations /
deployments
Length of
projects
Distance to other
teams (legal, QA,
product, etc.)
Pain if
oﬄine
LOTS GREAT LOTS
LONG

View Slide

Is Laravel
enterprise-ready?

View Slide

YES.
#FightTheFUD

View Slide

What is enterprise-ready?
1

View Slide

WHAT IS ENTERPRISE-READY?
CONCLUSION:
1
• Can connect to multiple providers of other services
(database, cache, session, etc.), diﬀerentiated by conﬁg
variables if needed
• Trusted proxy and Scaling Laravel for node balancing, etc.
• Easy pessimistic locking, transactions, etc. for complex
database interactions
• Maintenance mode etc. for suggested downtime solutions
Dev-Ops and Deploy friendliness
Enterprise Ready ✅

View Slide

CONCLUSION:
1
• Bcrypt hashing by default, & easy encrypting/decrypting
• Powerful validation options
• CSRF & XSS protection out of the box
• PDO, easy parameterization, mass assignment protection
• Open source, AKA 10s of thousands of eyes on every LOC
Security

View Slide

CONCLUSION:
1
• Contracts
• Multi-driver (auth, etc.)
• All services keyed to single keys (e.g. `logger`) and
easy to swap out globally
• It’s just PHP ™
Flexibility

View Slide

CONCLUSION:
1
• Step-by-step upgrade instructions in the docs
• < 1 day for all recent upgrades; < 4 hours for most
projects; latest upgrades much simpler
• Laravel Shift, and Laravel Shift Human Assistance
(laravelshift.com)
• Tighten and other agencies help with bigger
upgrades
Ease of Upgrades

View Slide

CONCLUSION:
1
• LTS releases are 2 years of bug fixes, 3 years of
security fixes
• Laravel sponsors/partners get priority access to
Taylor (https://laravel.com/partners)
• Tighten is beginning to offer a level of enterprise
long term care—still in the process of figuring out
what everyone wants and needs, but we’re here 
(https://tighten.co/laravel/support)
Long-term Support
Basically Enterprise Ready ✅

View Slide

What is
Enterprise
Ready?
GeekyBoy.com
(Adam Culp, of Zend)
A little help from my friends:

View Slide

CONCLUSION:
1
• Composer
• PSR-1, PSR-2, PSR-3, PSR-4, PSR-7*, PSR-11, PSR-16
• PSR Bridges:
๏ PSR-6 (github/madewithlove/illuminate-psr-cache-bridge)
๏ PSR-15 (github/jshannon63/laravel-psr15-middleware)
• Plus composer, and it’s just PHP ™
Interop(erability)

View Slide

CONCLUSION:
1
• What does lockin mean? “Can’t change to another
vendor in the future.”
• Can change all dependencies, port all controllers,
write as much as you want in service class POPOs
• !
Avoid lockin

View Slide

CONCLUSION:
1
• 1707 contributors
• Jeﬀrey taking over
• Tighten & Other companies supporting
• What happens to Laravel if Taylor Otwell
disappears? - mattstauﬀer.com/blog/what-
happens-to-laravel-if-taylor-otwell-disappears/
Contributors

View Slide

CONCLUSION:
1
• Laravel documentation
• Other learning resources
๏ Books & Blogs
๏ Podcasts
๏ Laracasts
๏ Training courses
Documentation

View Slide

CONCLUSION:
1
• Follows Symfony release schedule and roadmap for
all Symfony dependencies
• No more or less roadmap available than any other
PHP framework. Build the ideas as you come up
with them
Roadmaps

View Slide

Code considerations
for the enterprise
2

View Slide

CODE CONSIDERATIONS FOR THE ENTERPRISE
2
[T]he biggest problems of “enterprise” level development is one of
working in very large teams. Without good organization codebases
can be difficult to navigate and conflicts can make mayhem -
predictable places to find code and small files are my top 2 tips… 
- Gary Hockin (on Twitter)
[D]iscoverability and consistency are paramount when you’re
dealing with frequent onboarding. My enterprise exp. involves
many non-Laravel devs too, so I always prefer conventions that
help the tools help you (e.g. type-hints & docblocks promote
discovery in IDE)… 
- Sara Bine (on Twitter)
Conventions, predictability, & discoverability

View Slide

2
• Use IDE-friendly verbosity like type-hints and doc
blocks
• Lean on Laravel’s established conventions whenever
possible; less decisions to make and easier to
onboard Laravel devs new to your codebase
• Develop and communicate conventions of what
goes where
• Set and enforce coding standards (e.g. Nitpick-CI or
StyleCI)
Conventions, predictability, & discoverability
(CONTINUED)

View Slide

2
• Write tests
• Lots of tests
• Write the broadest tests you can for your context
• Test your code and test that it works with the code
it’s supposed to interact with, especially if you don’t
maintain the code it’s supposed to interact with
• Enterprise best testing practices == best testing
practices
Tests and test coverage (CONTINUED)

View Slide

2
Tests and test coverage
TestDrivenLaravel.com

View Slide

2
It’s tempting to worry about performance etc but there are well
known solutions to that problem like caching - maintainability is
key to long living projects and being able to ﬁnd the code you
want to change is the number one problem when we were
called in as consultants… 
- Gary Hockin (on Twitter)
Performance

View Slide

2
• DebugBar/query optimization, n+1 and eager loading,
and the usuals (database indexing and chunking, etc.)
• If possible, optimize later (premature optimization is
almost always wrong)
• Lead up: Performance issues aren’t bad, they’re
opportunities to refactor with a lot of useful
information
• Queues, workers, cache, spin oﬀ microservices
Performance (CONTINUED)

View Slide

2
Performance (CONTINUED)
ScalingLaravel.com

View Slide

2
Build
projections
from older
systems
Database concerns
Transactions
and locking
Multi-
database
connections
Adjust for
legacy table
systems
1 2 3 4

View Slide

2
Microservices
and API-first

View Slide

2
Login/SSO

View Slide

2
Scale friendliness
Separation of
architecture
concerns
Flexible
conﬁguration
management
Cache-ability Componentization
1 2 3 4

View Slide

2
• Laravel’s ACL (or those oﬀered in third party
packages) are your best friends
• https://github.com/owen-it/laravel-auditing
๏ Eloquent events $
๏ Custom log handlers, especially in 5.6+ $
Events, auditing, transparency, & access

View Slide

2
• DDD
• Event Sourcing
• Microservices
• API-ﬁrst
• Enterprise
Buzzwords

View Slide

2
• Audit security, up-to-date-ness, tests, responsitivity
• Consider directly using PHP package instead of the
Laravel bridge so you own the bootstrapping
• Consider using Laravel components instead of
third-party packages (unless third party is another
major vendor) if possible for reliability
• Limit API interfaces between external packages and
your applications; consider building custom bridge/
client/interface
Third party packages

View Slide

Process considerations
for the enterprise
3

View Slide

PROCESS CONSIDERATIONS FOR THE ENTERPRISE
3
Why?
• More developers; more new developers; more
developers from other stacks; more junior developers
How?
• Better documentation, IDE-friendliness
• Bin scripts for setup; pre-packaged local dev
environments
• Good tests
Easy onboarding

View Slide

3
In large apps and orgs, it’s critical to keep the ball
moving. Everything: requirements, to processes/
workﬂows, deployments, code standards & style
guides, environments etc. One well known source.… 
- Anthony Terrell (on Twitter)
Documentation

View Slide

3
Mentioned before as a code issue but: which
conventions?
• Predictable within organization/code-base and
enforced via commit hooks or in CI
• Preferably predictable within broader community
for easier onboarding and code reuse
Conventions about patterns, folders, tools and
packages, code organization, conﬁg, DI, naming,
code style, API style, testing.
Conventions and organization

View Slide

3
• Mythical man month
• More teams, more separate components
• Architecture vs. Coding vs. Code Review
Splitting responsibilities

View Slide

3
Sprint cycles
and lower-case
“a” agile
⚙

View Slide

3
Tech debt
management
strategy

View Slide

3
Source control
& deploy
strategy

View Slide

3
Hiring and
contractors

View Slide

3
Laravel norms
are key…unless
they’re not
☝

View Slide

Dev-ops/Deploy considerations
for the enterprise
4

View Slide

DEV-OPS CONSIDERATIONS FOR THE ENTERPRISE
4
It’s all out of
your hands

View Slide

4
Scaling, sharding,
replicating, load
balancing
⚖

View Slide

4
Environments
and Deploys

View Slide

4
Only run it
once!

View Slide

4
Rate limiting
✅

View Slide

4
Measure
and act

View Slide

Success stories
5

View Slide

ENTERPRISE LARAVEL SUCCESS STORIES
5
• Powers gene.com through many millions of visits
per month
• Powers a signiﬁcant number of backend tools;
deployed by and within complex IT infrastructure
• “It’s like PHP, but we actually enjoy working in it.”
• “Laravel makes a nice abstraction layer on top of
services we need to use, like Google Search
Appliance”
Genentech

View Slide

5
• 42-year old company
• Currently $432 million/year revenue; recently sold
for $1.4billion
• 380+ employees
Bankrate, Inc.

View Slide

5
• Direct connection—import and reporting—to the
largest insurance providers in the U.S.
• Complex business logic around scheduling, time
zones, counsellors’ accreditation, missed sessions,
and more
• Event handling system on counseling session events
• Complex auditing system
One of the largest Telehealth companies in the world

View Slide

5
100% Laravel, running on Red Hat / Apache / Maria / PHP:
• All communications between corporate and ﬁeld
• 50k+ users daily
• Complex legal compliance around tasks,
communications, tracking actions through multiple
connected systems
• 1mil requests/day on average
Unnamed 13-billion-dollar retail company

View Slide

5
• At @FixicoNL we use Laravel 5 at the Enterprise level with
#Kubernetes support. Our applications are running 24/7, no
matter what. The developers are thrilled with the tech stack. .
• 13 devs, 1390 shops serviced, custom dashboards for shops and
mobile apps for users
• Laravel and Lumen services with entirely decoupled frontend
• Tried Doctrine and regretted it; moved to Eloquent with manual
getters & setters
FixicoNL

View Slide

5
• Commerce platform for sandbox games—“Shopify
for Minecraft”
• Over 500k webstores; 169 countries
• 16 million payments
• 400-500k requests per hour with common 3-4x
spikes
• One Christmas 1.2m requests/hour
Buycraft

View Slide

5
• Largest Internet-based career network for matching
security-cleared professionals with hiring
companies.
• Targets U.S. government contractors, federal
agencies, national laboratories, and universities.
• “We chose Laravel for its ease of use, features, and
ﬂexibility to integrate with our existing codebase.”
• Migrated existing database tables into Eloquent
ClearanceJobs.com

View Slide

5
• Joe Lennon /
• Startup supporting crucial business needs of enterprise
clients
• Multiple-provider SSO
• AWS/EB, Load balancing, ElastiCache, SES/SNS/SQS/etc.,
Cloudfront, and more
• Web- and native-based tools built in tandem
• “[Our experiences have been] overwhelmingly positive.”
Workvivo

View Slide

5
• 40+ member dev team, interacting with dozens of
external teams with different services and codebases
• Single Laravel monolith
• Read from and write to multiple databases of different
database types
• Maintain a custom ticketing system & work flow engine
• “We have had nothing but a fantastic experience using
Laravel.”
Major unnamed telecom organization

View Slide

5
• $20+ billion in transactions
• Security audits of entire tech stack; e.g. Laravel, Git, Node,
Vue, Nginx, etc.
• Have to train non-developers on how to understand/ﬁx
entire dev tech stack
• Hard to talk about publicly because of approvals, so people
don’t know as much about enterprise users of Laravel
• “As far as I’m concerned, people saying that Laravel isn’t
enterprise ready simply have either no clue and/or have
ulterior motives”
Unnamed Top 10 U.S. bank

View Slide

5
• SaaS for retail
• POS
• Processing for hospitality industry
• Used by over 48,000 businesses around the world
• Processes over $14 billion in transactions every year
Major unnamed Point of Sale provider

View Slide

5
• Criterion Collection
• Dun & Bradstreet
• Network54 (acquired recently by Tapatalk)
• Toyota
• CampingWorld.com
• State of Georgia’s oﬃcial tourism site
• Invicta Watches
Found from BuiltWith/Google:

View Slide

Laravel is in the enterprise already.
And they love it.
❤

View Slide

You can’t predict the future

View Slide

You’ll never know less
about a project than you
do on the first day.

View Slide

JIT (Just-in-Time) optimizations

View Slide

“Let’s cross that bridge
when we get to it.”

View Slide

YAGNI

View Slide

https://www.youtube.com/watch?v=uQUxJObxTUs

View Slide

View Slide

Conclusions
and stuff?

View Slide

• What is the enterprise?
• What is enterprise-ready code/framework?
• Is Laravel enterprise-ready?
• What are some code, process, and dev-ops
considerations when writing enterprise-focused code?
• Who else has used Laravel in the enterprise?
• What does Matt want me to remember?
Big questions

View Slide

• !
• (bigger, larger, more)
What is the enterprise?

View Slide

• It’s complicated.
• (ﬂexible, secure, stable, clear, etc.)
What is enterprise-ready code/framework?

View Slide

• Yep! #FightTheFUD
Is Laravel enterprise-ready?

View Slide

• Write code for the “lots” of
enterprise—lots of team members,
lots of servers, lots of old tables
with bad names, etc.
What are some considerations for
coding in enterprise contexts?

View Slide

• Many huge, multibillion-dollar,
highly regulated, complex, big
companies from around the world
Who else has used Laravel in the enterprise?

View Slide

• “Cross that bridge when we’ll get to it” / “YAGNI” /
“Code for Change” / “You can’t predict the future” /
etc.
• Whatever issue you’ve run into, someone else has
likely already hit it—and solved it—in Laravel
What does Matt want you to remember?

View Slide

One more thing!

View Slide

My Offer
https://enterpriselaravel.com/help-me

View Slide

Resources
https://enterpriselaravel.com/

View Slide

This ain’t over…

View Slide

Laravel and the Enterprise

Laravel and the Enterprise

Matt Stauffer

More Decks by Matt Stauffer

Other Decks in Technology

Featured

Transcript