The document discusses architectural best practices for web applications, particularly in small, fast-growing companies, emphasizing the need for balance in system design. It recommends using cloud infrastructure with a focus on security, outlining specific components for an architecture, along with insights on maintaining clear ownership within teams. Additionally, it provides security tips and a list of recommended reading for further exploration of the topic.

1. 99designs
MinimumViable Architecture forWeb Apps

2. Hi, I'm @johnbarton, Director of Engineering at 99designs

3. WhyYou Should Listen
To Me™
How I think About
Architecture. Based on
Actual Architecture
How Do I Architect?
Specifically in Smaller,
Fast Growing Companies
Apologies for undercookedness, I am still jetlagged
A Lightly Structured Series of Rants
Your Web Application
Should Look Like This
Security #protips Recommended Reading
(Do Kids Still Read
Today?)

4. There are reasons
WhyYou Should ListenTo Me™

5. Because I am an "industry speaker", clearly.

7. MyCareer: ASP.NET + MSSQL
Envato: Ruby on Rails + MySQL
Goodfilms: Ruby on Rails + PostgreSQL
99designs: PHP, Ruby on Rails, Go + MySQL
+ lots of random consulting

8. Based on Actual Architecture
How I think About Architecture.

12. "organisations which design systems ... are constrained to
produce designs which are copies of the communication
structures of these organisations"
- M. Conway

13. Specifically in Smaller, Fast Growing Companies
How Do I Architect?

14. Typically the systems I see are either woefully
over or under architected.
The balance is hard to get right, and harder
to keep right.

15. YAGNI and Responding to Change

16. “If you want to build a ship, don’t drum up the men to
gather wood, divide the work, and give orders. Instead,
teach them to yearn for the vast and endless sea.”
- Antoine de Saint-Exupéry

17. No Exceptions.
YourWeb Application Should Look LikeThis

18. Put these things into "the cloud" and put your code in there
1 x Load Balancer
2 x Web Server
1 x Database Master + 1 x Read Replica
1 x Async Queue Processor
Firewall the lot at the outside, and iptables each box too
Share nothing except database (and maybe session store)

19. The Single Responsibility Principle
+
Zero, one, and many.

20. Inflection Point:
~15 Developers or ~100M Weekly Page Impressions

21. Upgrade to SOA at the same time you split teams
Have clear lines of ownership from teams to systems
Do not create a service without a dedicated team or n > 1
clients

22. Security #protips

24. Don't build a bitcoin
exchange or wallet
"Outsource" the security
design: use a secure by
default framework
AUDIT TRAIL
AUDIT TRAIL
AUDIT TRAIL
You are more likely to get audited than get hacked unless you are dumb
Security Protips
Apply the Mickens
"Mossad/Not Mossad"
Threat Model
Keep your mouth shut
around 4chan and other
angry intelligent people
For The Love of God
Don't Leave a Laptop on
a Train or in the Pub

25. Here are some books I like. Also, some things that are not books.
Recommended Reading

26. "hominem unius libri timeo"

35. http://highscalability.com/
http://www.kitchensoap.com/
http://yowconference.com.au/
http://martinfowler.com/bliki/

36. I have no idea why our company slide-theme has one with clouds on it
Thanks for listening!
http://99designs.com