The tech stack at ExpressVPNWhat our tech stack looks like
“What does your tech stack look like?”
If there’s one thing most engineering candidates ask about during job interviews, that’s it.
It's a simple question, with a long answer. We explain the various portions of our tech stack, along with how we utilize different platforms in our day-to-day operations.
The six "worlds"
We like to break our stack into six different worlds.
It’s not a perfect model, but it’s useful:
IT services
The apps and SaaS we use on a daily basis.
Learn more
Infrastructure
Cloud services that support the business.
Learn more
Client applications
Client applications we build.
Learn more
Cloud backend
Services we use to manage admin tasks.
Learn more
The VPN itself
Services we use to support our VPN.
Learn more
Our data platform
Info we process to improve our VPN service.
Learn more
IT services
The first world, IT Services, encompasses the apps that keep our business running. These are Google Docs, Github, Okta, and all the other SaaS products that tie together to make everybody productive. Integrating all of these pieces in a way that’s delightful for internal users is a big challenge, and we have a full-time engineering team that does a lot of slick engineering to make our various IT systems sing.
Infrastructure
The second world, infrastructure, is also quite large and complex. We have thousands of physical servers for our VPN, spread all over the world. We also run a lot of our backend services on the public cloud providers, mostly Amazon Web Services (AWS). For the cloud infrastructure, we leverage a lot of different AWS services, as well as standardized pieces like Kubernetes and Istio. We have several teams dedicated to continually improving our infrastructure, and providing the best tooling for our teams.
Client applications
The third world, client applications, includes our different VPN apps that everyone’s most familiar with. We build client applications for Windows, Mac, iOS, Android, Linux, and the browser extension. These applications are built in their native languages, like Java/Kotlin, Swift, C#, and JavaScript. There’s also a bit of C++ in some shared libraries.
Cloud backend
The fourth world, the cloud backend, is more diverse than you might expect.
These are the services that manage our user accounts, make payments, and do all the other things that keep the system going. We’ve been in business since 2009, so there’s a mixture of different technologies based on when certain pieces were first built. The oldest parts are Ruby, but there are some Lua and Go in newer components.
There's a brand new experimental service built completely in Rust, and we’re also considering using Rust to replace some of our old C++ code. We’re also starting to migrate our oldest Ruby components to Go. It’s a continuous effort trying to keep this stack refreshed and current.
The VPN itself
The fifth world, the VPN itself, consists largely of TrustedServer, Lightway, and various services that manage all of those servers. Those services are often written in Ruby, Python, or C. We also leverage a lot of off-the-shelf components like Debian Linux, Ansible, and Rundeck. Many parts of this stack are “close to the metal,” so there’s a lot of focus on performance, memory management, and network throughout.
Data platform
The sixth and final world is our data platform. This is a very new piece, currently leveraging a healthy amount of Python and Amazon Redshift. We have an extremely strict privacy policy, so a key challenge for our data team is figuring out how we can get the information to improve our service without compromising the privacy or security of our customers in any way.
We’re actively planning the future of our data platform, and we expect to add a lot of new technologies and components over the course of 2024. Right now, there’s an amazing opportunity for new data engineers to help shape the future of our data technologies.
Who gets to decide on these technology choices?
Rather than having enterprise architects who make these decisions, teams are empowered to come up with their own ideas about which tools or technologies best fit a particular problem. Of course, with great power comes great responsibility.
Teams are responsible for communicating their technology choices to the rest of the engineering organization and ensuring proper due diligence is done.
If you’re thinking, “That’s a lot!” Well, you’re right! We have dozens of dedicated engineers working to keep all these different pieces running together. We are actively hiring in all six of these “worlds,” so if anything here sounds interesting, we’d love to talk to you.