book

Fundamentals of Software Architecture, 2nd Edition

by Mark Richards, Neal Ford

March 2025

Intermediate to advanced

546 pages

14h 40m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Includes

Includes Quizzes

Preface to the Second EditionPreface to the First EditionConventions Used in This BookSupplemental MaterialO’Reilly Online LearningHow to Contact UsAcknowledgmentsAcknowledgments from Mark RichardsAcknowledgments from Neal Ford
Defining Software ArchitectureLaws of Software ArchitectureExpectations of an ArchitectMake Architecture DecisionsContinually Analyze the ArchitectureKeep Current with Latest TrendsEnsure Compliance with DecisionsUnderstand Diverse TechnologiesKnow the Business DomainPossess Interpersonal SkillsUnderstand and Navigate PoliticsRoadmap
Architecture Versus DesignStrategic Versus Tactical DecisionsLevel of EffortThe Significance of Trade-OffsTechnical BreadthThe 20-Minute RuleDeveloping a Personal RadarAnalyzing Trade-OffsUnderstanding Business DriversBalancing Architecture and Hands-On CodingThere’s More to Architectural Thinking
Modularity Versus GranularityDefining ModularityMeasuring ModularityCohesionCouplingCore MetricsDistance from the Main SequenceConnascenceFrom Modules to Components
Architectural Characteristics and System DesignArchitectural Characteristics (Partially) ListedOperational Architectural CharacteristicsStructural Architectural CharacteristicsCloud CharacteristicsCross-Cutting Architectural CharacteristicsTrade-Offs and Least Worst Architecture
Extracting Architectural Characteristics from Domain ConcernsComposite Architectural CharacteristicsExtracting Architectural CharacteristicsWorking with KatasKata: Silicon SandwichesExplicit CharacteristicsImplicit CharacteristicsLimiting and Prioritizing Architectural Characteristics
Measuring Architecture CharacteristicsOperational MeasuresStructural MeasuresProcess MeasuresGovernance and Fitness FunctionsGoverning Architecture CharacteristicsFitness Functions
Architectural Quanta and GranularitySynchronous CommunicationThe Impact of ScopingScoping and Architectural StyleKata: Going GreenScoping and the Cloud
Defining Logical ComponentsLogical Versus Physical ArchitectureCreating a Logical ArchitectureIdentifying Core ComponentsAssigning User Stories to ComponentsAnalyzing Roles and ResponsibilitiesAnalyzing Architectural CharacteristicsRestructuring ComponentsComponent CouplingStatic CouplingTemporal CouplingThe Law of DemeterCase Study: Going, Going, Gone—Discovering Components

Styles Versus PatternsFundamental PatternsBig Ball of MudUnitary ArchitectureClient/ServerArchitecture PartitioningKata: Silicon Sandwiches—PartitioningMonolithic Versus Distributed ArchitecturesFallacy #1: The Network Is ReliableFallacy #2: Latency Is ZeroFallacy #3: Bandwidth Is InfiniteFallacy #4: The Network Is SecureFallacy #5: The Topology Never ChangesFallacy #6: There Is Only One AdministratorFallacy #7: Transport Cost Is ZeroFallacy #8: The Network Is HomogeneousThe Other FallaciesTeam Topologies and ArchitectureOn to Specific Styles
TopologyStyle SpecificsLayers of IsolationAdding LayersData TopologiesCloud ConsiderationsCommon RisksGovernanceTeam Topology ConsiderationsStyle CharacteristicsWhen to UseWhen Not to UseExamples and Use Cases
TopologyStyle SpecificsMonolithic StructureModular StructureModule CommunicationData TopologiesCloud ConsiderationsCommon RisksGovernanceTeam Topology ConsiderationsStyle CharacteristicsWhen to UseWhen Not to UseExamples and Use Cases
TopologyStyle SpecificsFiltersPipesData TopologiesCloud ConsiderationsCommon RisksGovernanceTeam Topology ConsiderationsStyle CharacteristicsWhen to UseWhen Not to UseExamples and Use Cases
TopologyStyle SpecificsCore SystemPlug-In ComponentsThe Spectrum of “Microkern-ality”RegistryContractsData TopologiesCloud ConsiderationsCommon RisksVolatile CorePlug-In DependenciesGovernanceTeam Topology ConsiderationsArchitecture Characteristics RatingsExamples and Use Cases
TopologyStyle SpecificsService Design and GranularityUser Interface OptionsAPI Gateway OptionsData TopologiesCloud ConsiderationsCommon RisksGovernanceTeam Topology ConsiderationsStyle CharacteristicsExamples and Use Cases
TopologyStyle SpecificsEvents Versus MessagesDerived EventsTriggering Extensible EventsAsynchronous CapabilitiesBroadcast CapabilitiesEvent PayloadThe Swarm of Gnats AntipatternError HandlingPreventing Data LossRequest-Reply ProcessingMediated Event-Driven ArchitectureData TopologiesMonolithic Database TopologyDomain Database TopologyDedicated Data TopologyCloud ConsiderationsCommon RisksGovernanceTeam Topology ConsiderationsStyle CharacteristicsChoosing Between Request-Based and Event-Based ModelsExamples and Use Cases
TopologyStyle SpecificsProcessing UnitVirtualized MiddlewareMessaging GridData GridProcessing GridDeployment ManagerData PumpsData WritersData ReadersData TopologiesCloud ConsiderationsCommon RisksFrequent Reads from the DatabaseData Synchronization and ConsistencyHigh Data VolumesData CollisionsGovernanceTeam Topology ConsiderationsStyle CharacteristicsExamples and Use CasesConcert Ticketing SystemOnline Auction System
TopologyStyle SpecificsTaxonomyReuse…and CouplingData TopologiesCloud ConsiderationsCommon RisksGovernanceTeam Topology ConsiderationsStyle CharacteristicsExamples and Use Cases
TopologyStyle SpecificsBounded ContextGranularityData IsolationAPI LayerOperational ReuseFrontendsCommunicationChoreography and OrchestrationTransactions and SagasData TopologiesCloud ConsiderationsCommon RisksGovernanceTeam Topology ConsiderationsStyle CharacteristicsExamples and Use Cases
Shifting “Fashion” in ArchitectureDecision CriteriaMonolith Case Study: Silicon SandwichesModular MonolithMicrokernelDistributed Case Study: Going, Going, Gone
ReuseSeparating Domain and Operational CouplingCommunicationOrchestration Versus ChoreographyCQRSInfrastructureBroker-Domain Pattern
Architectural Decision AntipatternsThe Covering Your Assets AntipatternGroundhog Day AntipatternEmail-Driven Architecture AntipatternArchitectural SignificanceArchitectural Decision RecordsBasic StructureExampleStoring ADRsADRs as DocumentationUsing ADRs for StandardsUsing ADRs with Existing SystemsLeveraging Generative AI and LLMs in Architectural Decisions
Risk MatrixRisk AssessmentsRisk StormingPhase 1: IdentificationPhase 2: ConsensusPhase 3: Risk MitigationUser-Story Risk AnalysisRisk-Storming Use CaseAvailabilityElasticitySecuritySummary
DiagrammingToolsDiagramming Standards: UML, C4, and ArchiMateDiagram GuidelinesSummary
CollaborationConstraints and BoundariesArchitect PersonalitiesThe Control-Freak ArchitectThe Armchair ArchitectThe Effective ArchitectHow Much Involvement?Team Warning SignsProcess LossPluralistic IgnoranceLeveraging ChecklistsDeveloper Code-Completion ChecklistUnit and Functional Testing ChecklistSoftware-Release ChecklistProviding GuidanceSummary
Negotiation and FacilitationNegotiating with Business StakeholdersNegotiating with Other ArchitectsNegotiating with DevelopersThe Software Architect as a LeaderThe 4 Cs of ArchitectureBe Pragmatic, Yet VisionaryLeading Teams by ExampleIntegrating with the Development TeamSummary
Architecture and ImplementationOperational ConcernsStructural IntegrityArchitectural ConstraintsArchitecture and InfrastructureArchitecture and Data TopologiesDatabase TopologyArchitectural CharacteristicsData StructureRead/Write PriorityArchitecture and Engineering PracticesArchitecture and Team TopologiesArchitecture and Systems IntegrationArchitecture and the EnterpriseArchitecture and the Business EnvironmentArchitecture and Generative AIIncorporating Generative AI into ArchitectureGenerative AI as an Architect AssistantSummary
First Law: Everything in Software Architecture Is a Trade-OffShared Library Versus Shared ServiceSynchronous Versus Asynchronous MessagingFirst Corollary: Missing Trade-OffsSecond Corollary: You Can’t Do It Just OnceSecond Law: Why Is More Important Than HowOut of Context AntipatternThe Spectrum Between ExtremesParting Words of Advice
Chapter 1: IntroductionChapter 2: Architectural ThinkingChapter 3: ModularityChapter 4: Architecture Characteristics DefinedChapter 5: Identifying Architectural CharacteristicsChapter 6: Measuring and Governing Architecture CharacteristicsChapter 7: The Scope of Architectural CharacteristicsChapter 8: Component-Based ThinkingChapter 9: FoundationsChapter 10: Layered Architecture StyleChapter 11: Modular Monolith Architecture StyleChapter 12: Pipeline Architecture StyleChapter 13: Microkernel Architecture StyleChapter 14: Service-Based Architecture StyleChapter 15: Event-Driven Architecture StyleChapter 16: Space-Based Architecture StyleChapter 17: Orchestration-Driven Service-Oriented ArchitectureChapter 18: Microservices ArchitectureChapter 19: Choosing the Appropriate Architecture StyleChapter 20: Architectural PatternsChapter 21: Architectural DecisionsChapter 22: Analyzing Architecture RiskChapter 23: Diagramming ArchitectureChapter 24: Making Teams EffectiveChapter 25: Negotiation and Leadership SkillsChapter 26: Architectural IntersectionsChapter 27: The Laws of Software Architecture, Revisited

Content preview from Fundamentals of Software Architecture, 2nd Edition

Chapter 22. Analyzing Architecture Risk

Every architecture comes with risks: some operational (such as availability, scalability, and data integrity), some structural (such as static coupling between logical components). Analyzing architecture risk is one of architects’ most important activities, allowing them to address deficiencies and structural decay within the architecture and take corrective action. In this chapter, we show you some key techniques and practices for quantifying, assessing, and identifying risk, and introduce an activity called risk storming.

Risk Matrix

The first thing to determine in assessing architecture risk is its level: whether risk to a particular part of the architecture is low, medium, or high. The challenge here is that assessing risk can be subjective. One architect might hold the opinion that some aspect of the architecture is high risk, while another architect’s opinion might be that the same aspect is medium risk. We italicize opinion here to emphasize the subjectivity of assessing risk. Fortunately, architects have a useful risk-assessment matrix that helps us make risk more measurable.

The architecture risk-assessment matrix (Figure 22-1) uses two dimensions to qualify risk: the overall impact of the risk involved and the likelihood of that risk occurring. The architect rates each dimension as low (1), medium (2), or high (3), then multiplies the numbers within each intersection of the matrix. This provides a numerical representation of risk, ...