The tech stack at ExpressVPN
What our tech stack looks like
Our vice president of engineering addresses one of the most common questions he hears from devs.
“What does your tech stack look like?”
If there’s one thing most engineering candidates ask about during job interviews, that’s it.
While a relatively straightforward question, it’s not exactly easy to answer. But our vice president of engineering, David, is probably the best-positioned person to explain the intricacies.
In his own words, David explains the various portions of our tech stack, along with how we utilize different platforms in our day-to-day operations.
The six "worlds"
I usually like to break our stack into six different worlds.
It’s not a perfect model, but it’s useful:
The apps and SaaS we use on a daily basis.
Cloud services that support the business.
Client applications we build.
The first world, IT Services, encompasses the apps that keep our business running. These are Google Docs, Github, Okta, and all the other SaaS products that tie together to make everybody productive. Integrating all of these pieces in a way that’s delightful for internal users is a big challenge, and we have a full-time engineering team that does a lot of slick engineering to make our various IT systems sing.
Read more: How our IT securely enables employee BYOD
The second world, infrastructure, is also quite large and complex. We have thousands of physical servers for our VPN, spread all over the world. We also run a lot of our backend services on the public cloud providers, mostly Amazon Web Services (AWS). For the cloud infrastructure, we leverage a lot of different AWS services, as well as standardized pieces like Kubernetes and Istio. We have several teams dedicated to continually improving our infrastructure, and providing the best tooling for our teams.
The fourth world, the cloud backend, is more diverse than you might expect.
These are the services that manage our user accounts, make payments, and do all the other things that keep the system going. We’ve been in business since 2009, so there’s a mixture of different technologies based on when certain pieces were first built. The oldest parts are Ruby, but there are some Lua and Go in newer components.
There's a brand new experimental service built completely in Rust, and we’re also considering using Rust to replace some of our old C++ code. We’re also starting to migrate our oldest Ruby components to Go. It’s a continuous effort trying to keep this stack refreshed and current.
The VPN itself
The fifth world, the VPN itself, consists largely of TrustedServer, Lightway, and various services that manage all of those servers. Those services are often written in Ruby, Python, or C. We also leverage a lot of off-the-shelf components like Debian Linux, Ansible, and Rundeck. Many parts of this stack are “close to the metal,” so there’s a lot of focus on performance, memory management, and network throughout.
We’re actively planning the future of our data platform, and we expect to add a lot of new technologies and components over the course of 2022. Right now, there’s an amazing opportunity for new data engineers to help shape the future of our data technologies.
Who gets to decide on these technology choices?
Rather than having enterprise architects who make these decisions, teams are empowered to come up with their own ideas about which tools or technologies best fit a particular problem. Of course, with great power comes great responsibility.
Teams are responsible for communicating their technology choices to the rest of the engineering organization and ensuring proper due diligence is done.
If you’re thinking, “That’s a lot!” Well, you’re right! We have dozens of dedicated engineers working to keep all these different pieces running together. We are actively hiring in all six of these “worlds,” so if anything here sounds interesting, we’d love to talk to you.