Architecture Styles & Patterns Explore common architecture styles and patterns, their trade-offs, and when to use them. Visual diagrams help you understand structure and relationships.
Layered Architecture Four-layer architecture showing presentation, business, persistence, and database layers with top-down dependencies and clear separation of concerns. Layered Architecture 👤 Users / External Clients 🖥️ Presentation Layer Web Controllers REST APIs Input Validation Views/DTOs ⚙️ Business Layer Domain Services Business Rules Use Cases Workflows 💾 Persistence Layer Repositories Data Access ORM/Mappers Caching 🗄️ Database Layer PostgreSQL MongoDB Redis Cache File System Message Queue HTTP Logic Data Storage Dependencies flow downward Higher layers depend on lower layers Benefits: Clear separation • Easy testing • Well-understood • Good for CRUD apps Microservice Architecture Independent services communicating via APIs and events, each owning its data and deployment. API Gateway Routing, Auth, Rate Limiting User Service • Registration • Authentication • Profile Mgmt Order Service • Order Processing • State Management • Business Logic Payment Service • Payment Processing • Fraud Detection • Refunds Notification Service • Email • SMS • Push Event Bus / Message Queue User DB PostgreSQL Order DB MongoDB Payment DB PostgreSQL Notification Cache Redis Key Benefits: • Independent deployment & scaling • Technology diversity per service Communication: • Synchronous: HTTP/gRPC • Asynchronous: Events/Messages Cell‑Based Architecture Cells as self‑contained units with gateways and clear interfaces communicating via APIs/events. Cell‑Based Architecture Cell A – Gateway Services & Integrations Data / Messaging Policies / Observability Cell B – Gateway Business Logic Events / Streams Security Policies Cell C – Gateway Channel / APIs Data / Cache Observability Cells expose APIs/events via gateways; compose safely with policy and observability. Event-Driven Architecture Event-driven systems showing messaging patterns (pub/sub) and streaming patterns (event logs) with producers, brokers, and consumers. Event-Driven Architecture 📨 Message-Based Events 🌊 Stream-Based Events Producer A Order Service Producer B User Service Producer C Payment Service Message Broker Topics & Queues At-least-once Consumer 1 Email Service Consumer 2 Analytics Consumer 3 Audit Service ✓ Decoupled producers/consumers ✓ Load balancing & competing consumers ✓ Guaranteed delivery with retries & DLQ Producer A Click Events Producer B IoT Sensors Producer C CDC Events Event Stream Partitioned Log Retention & Replay Consumer A Real-time ML Consumer B Data Lake Consumer C Dashboard ✓ High throughput & low latency ✓ Event replay & time-travel queries ✓ Partitioning & parallel processing Key Benefits: Loose coupling • Scalability • Resilience • Real-time processing Hexagonal Architecture Domain core surrounded by ports and adapters, showing dependency inversion and external system integration. 🏛️ Hexagonal Architecture 🎯 Domain Core • Business Logic • Domain Entities • Use Cases 📥 Driving Side (User initiates) 📤 Driven Side (Infrastructure) 🌐 API Port Web Interface ⚡ Command Port Business Operations 🔍 Query Port Read Operations 💾 Repository Port Data Persistence 📨 Event Port Messaging & Events 🌍 External API Port Third-party Services REST Controller • HTTP/JSON • OpenAPI CLI Adapter • Command Line • Batch Jobs GraphQL Adapter • Query Interface • Schema DB Adapter • PostgreSQL • ORM/SQL Message Adapter • Kafka • RabbitMQ HTTP Client • External APIs • REST/SOAP 🎯 Key Principle Dependencies point inward toward the domain Infrastructure depends on business logic, never vice versa Benefits: Testability • Independence • Flexibility • Clean Dependencies Domain Core Ports (Interfaces) Adapters (Implementations) External Systems Zero Trust Security Architecture Never trust, always verify security model with identity verification, network segmentation, and continuous monitoring. 🔒 Zero Trust Security ⚠️ External Threats • Malicious Actors • Advanced Persistent Threats • Zero-day Exploits 🎯 Core Principle "Never Trust, Always Verify" Assume Breach 👤 Identity & Access Management 🔐 MFA Multi-Factor Authentication 📱 Device Trust Device Health & Compliance ⚖️ Risk Engine Behavioral Analytics 📋 Policy Engine Access Control & Policies 🛡️ Network Micro-Segmentation 🌐 DMZ Zone External Access 🖥️ App Zone Application Tier 🗄️ Data Zone Sensitive Data 👨💼 Admin Zone Privileged Access 🛡️ Protected Resources & Assets 🌐 Web Apps • SPA/MPA • Dashboards • Portals 🔌 APIs • REST/GraphQL • Microservices • Webhooks 🗃️ Databases • SQL/NoSQL • Data Lakes • Warehouses 📁 File Systems • Object Storage • NAS/SAN • Document Mgmt ⚙️ Services • Cloud Services • Legacy Systems • Third-party 📱 Devices • Laptops/Mobile • IoT Devices • Servers 📊 Continuous Monitoring & Analytics • Real-time threat detection • Behavioral analytics • Compliance monitoring • Risk scoring • Incident response • Security orchestration 🎯 Key Principles ✅ Verify Explicitly 🔒 Least Privilege 💣 Assume Breach 📈 Continuous Monitor 🔄 Dynamic Policies 🎛️ Context Aware 🛡️ Defense in Depth 📍 Data-centric 🚫 Never Trust Benefits: Enhanced security posture • Reduced attack surface • Improved compliance • Better visibility API Security Gateway Architecture API gateway with security layers including WAF, authentication, rate limiting, and threat protection. 🛡️ API Security Gateway 🌐 Internet / Threats 💻 Web Clients Browsers, SPAs 📱 Mobile Apps iOS, Android 🤝 Partner Systems B2B Integration 🚨 Malicious Traffic Bots, Attacks ⚖️ Load Balancer • SSL Termination • DDoS Protection • Health Checks 🔐 API Security Gateway Security Layers: 🔥 Web Application Firewall OWASP Top 10 Protection 🔑 Authentication & Authorization OAuth2, JWT, API Keys 🚦 Rate Limiting & Throttling Quota Management, Circuit Breaker ✅ Request/Response Validation Schema Validation, Data Sanitization 🔄 Routing & Transformation Load Balancing, Protocol Translation 📊 Logging & Monitoring 🏢 Backend Services 👥 User Service Profile, Auth 📦 Order Service E-commerce 💳 Payment Service Billing, Charges 📞 Notification Email, SMS 🏛️ Legacy Systems Mainframe, SOAP 🗄️ Databases SQL, NoSQL ☁️ Cloud Services AWS, Azure 🏛️ Identity Provider OAuth2/OIDC 📊 SIEM Analytics Security Events BLOCKED 🛡️ Security Capabilities • OWASP Top 10 Protection • DDoS Mitigation • Bot Detection • Certificate Management • Real-time Threat Intelligence • Compliance Reporting • Zero-Trust Enforcement • API Discovery • Vulnerability Scanning • Behavioral Analytics • Forensic Logging Data Encryption Patterns Comprehensive data encryption covering at rest, in transit, and in use with key management and compliance frameworks. 🔐 Data Encryption Patterns 🗝️ Key Management System (KMS) 🏛️ Hardware Security Module (HSM) 🔄 Key Rotation Automated 📦 Envelope Encryption DEK + KEK Pattern 🛡️ Key Escrow Recovery 🔐 Access Control RBAC + Policies 🚀 Encryption in Transit 💻 Client Browser/App 🌐 Server API Gateway TLS 1.3 🔒 Protocols & Standards • HTTPS/TLS 1.3 • QUIC • Certificate Pinning • HSTS 💾 Encryption at Rest 🗄️ Database TDE AES-256 📁 File System BitLocker/LUKS Full Disk ☁️ Object Storage S3/Blob Server-side ⚙️ Application Field Level Column Encrypt 🔑 Key Hierarchy Master → Data Keys 🧠 Encryption in Use 🔢 Homomorphic Encryption Compute on Encrypted Data 🏰 Secure Enclaves (TEE) Intel SGX, ARM TrustZone • Zero-knowledge proofs • Confidential computing 📋 Regulatory Compliance Frameworks 🇪🇺 GDPR Data Protection 🏥 HIPAA Healthcare 💳 PCI-DSS Payment Cards 🔒 SOC 2 Security Controls 🏛️ FedRAMP Government 🌍 ISO 27001 Info Security 🌐 NIST Cybersecurity 🔐 Encryption Standards & Algorithms Symmetric: AES-256, ChaCha20-Poly1305 • Asymmetric: RSA-4096, ECDSA-P384, Ed25519 Hashing: SHA-256, SHA-3, BLAKE2 • Key Derivation: PBKDF2, Argon2, scrypt Digital Signatures: ECDSA, RSA-PSS • Key Exchange: ECDH, X25519 Benefits: Data confidentiality • Integrity protection • Compliance assurance • Trust establishment Monolithic Architecture Single deployable application with internal modular structure and shared infrastructure. 🏢 Monolithic Architecture 🔄 Load Balancer Traffic Distribution 📦 Single Deployable Application One codebase, one deployment unit 🧩 Business Modules 👥 User Module • Authentication • User Management • Profile Service 📋 Order Module • Order Processing • Inventory Mgmt • Shipping Logic 💳 Payment Module • Payment Processing • Billing & Invoicing • Transaction History 🔧 Shared Infrastructure 🛡️ Cross-cutting • Security • Logging & Metrics • Caching 💾 Data Access Layer • ORM/Entity Framework • Repository Pattern • Data Validation 🖥️ Presentation • Web Controllers • API Endpoints • UI Components 🗄️ Shared Database Single database for all modules • ACID transactions ⚖️ Horizontal Scaling Instance 2 Full App Copy Instance N Full App Copy ✅ Benefits • Simple deployment • Easy development • Strong consistency • ACID transactions • Efficient testing • Single codebase • Performance ⚠️ Trade-offs • All-or-nothing scale • Technology coupling • Single failure point • Large codebase • Team coordination Best for: Small-medium teams • Well-understood domains • Performance-critical apps 🎯 When to Use • Small to medium teams • Well-understood domain • Rapid prototyping • Simple deployment needs • Performance critical Additional Architecture Patterns Multi-tier runtime architecture (e.g., presentation, application, data) where clients request services from servers across tiers.
n-tier request/response network api
Core system exposes extension points; features are delivered as plugins loaded at runtime or build time.
extensibility plugins modules extensions
Domain-centric layering with the domain model at the center; infrastructure concerns form outer rings; enforces dependency rule inward.
onion layers dependency rule domain
A family of styles that place the domain model and use cases at the center, enforcing boundaries and dependency inversion.
domain boundaries ports dependency rule
Domain‑centric, dependency‑inversion style family emphasizing concentric layers (entities, use cases, interfaces) and the Dependency Rule.
use cases entities dependency rule
Separate write and read models to optimize for different workloads; often paired with events.
reads writes event sourcing materialized views
Event-driven functions and managed services with autoscaling and pay-per-use.
faas managed services scale to zero
Reusable, contract-driven services integrated via mediation (often ESBs) with centralized governance; a precursor to microservices.
contracts reusability governance ESB
Scale and resilience via partitioned, replicated in-memory data grids and collocated processing; minimizes database contention.
IMDG grid partitioning replication
Decentralized, domain-oriented data ownership; data as a product with federated governance and platform self-service.
domains data product governance mesh
Compose sequential processing via independent filters connected by pipes; foundation for ETL, streaming, and reactive pipelines.
ETL streaming pipeline filters
Decouple producers and consumers via a broker that routes, buffers, and delivers messages (queues/topics).
broker queue topic pub/sub
Multiple specialized components collaborate by reading/writing to a shared knowledge source (the blackboard) until a solution emerges.
ai knowledge source collaboration control
Understanding Architectural Patterns 🏗️ Structural Patterns Focus on how components are organized and layered. Examples: Layered, Hexagonal, Clean Architecture.
🚀 Distribution Patterns Address how to split systems across services and processes. Examples: Microservices, SOA, Event-Driven.
🔐 Security Patterns Provide proven approaches for securing systems and data. Examples: Zero-Trust, OAuth2, API Security.
📊 Data Patterns Handle information flow and storage strategies. Examples: CQRS, Event Sourcing, Data Mesh.
Choosing the Right Pattern Consider your context: Team size, domain complexity, and organizational constraintsUnderstand trade-offs: Every pattern comes with benefits and costsStart simple: Begin with proven patterns and evolve as neededCombine patterns: Most real systems use multiple patterns togetherExploration Tips Start with patterns: Choose the architecture that fits your problem first.Then choose blocks: Use pattern↔block relationships to pick enabling capabilities.Search and filter: Focus on the terms that match your constraints.Deep dive: Open pattern pages for diagrams, trade‑offs, and implementation advice.