The tech stack at ExpressVPN

What our tech stack looks like

Our vice president of engineering addresses one of the most common questions he hears from devs.

Fluffernutter purple circles
David V. photo
David, vice president of engineering

“What does your tech stack look like?”

If there’s one thing most engineering candidates ask about during job interviews, that’s it.

While a relatively straightforward question, it’s not exactly easy to answer. But our vice president of engineering, David, is probably the best-positioned person to explain the intricacies.

In his own words, David explains the various portions of our tech stack, along with how we utilize different platforms in our day-to-day operations.

The six "worlds"

I usually like to break our stack into six different worlds.
It’s not a perfect model, but it’s useful:

IT services [tech stack article]

IT services

The apps and SaaS we use on a daily basis. 
Learn more



Infrastructure logo (tech stack)

Infrastructure

Cloud services that support the business.
Learn more

Client application (tech stack)

Client applications

Client applications we build. 
Learn more



Cloud backend (tech stack)

Cloud backend

Services we use to manage admin tasks.
Learn more



Das VPN selbst (Tech-Stack)

The VPN itself

Services we use to support our VPN.
Learn more

Our data platform

Our data platform

Info we process to improve our VPN service. 
Learn more

IT Services [Tech stack - body]

IT services

The first world, IT Services, encompasses the apps that keep our business running. These are Google Docs, Github, Okta, and all the other SaaS products that tie together to make everybody productive. Integrating all of these pieces in a way that’s delightful for internal users is a big challenge, and we have a full-time engineering team that does a lot of slick engineering to make our various IT systems sing.

Read more: How our IT securely enables employee BYOD

Infrastructure - Body [What Our Tech Stack Looks Like]

Infrastructure

The second world, infrastructure, is also quite large and complex. We have thousands of physical servers for our VPN, spread all over the world. We also run a lot of our backend services on the public cloud providers, mostly Amazon Web Services (AWS). For the cloud infrastructure, we leverage a lot of different AWS services, as well as standardized pieces like Kubernetes and Istio. We have several teams dedicated to continually improving our infrastructure, and providing the best tooling for our teams.

Client Apps - Body [Tech Stack]

Client applications

The third world, client applications, includes our different VPN apps that everyone’s most familiar with. We build client applications for Windows, Mac, iOS, Android, Linux, and the browser extension. These applications are built in their native languages, like Java/Kotlin, Swift, C#, and JavaScript. There’s also a bit of C++ in some shared libraries.



Cloud Backend - body [What Our Tech Stack Looks Like]

Cloud backend

The fourth world, the cloud backend, is more diverse than you might expect.

These are the services that manage our user accounts, make payments, and do all the other things that keep the system going. We’ve been in business since 2009, so there’s a mixture of different technologies based on when certain pieces were first built. The oldest parts are Ruby, but there are some Lua and Go in newer components.

There's a brand new experimental service built completely in Rust, and we’re also considering using Rust to replace some of our old C++ code. We’re also starting to migrate our oldest Ruby components to Go. It’s a continuous effort trying to keep this stack refreshed and current.

The VPN Itself- Body [What Our Tech Stack Looks Like]

The VPN itself

The fifth world, the VPN itself, consists largely of TrustedServer, Lightway, and various services that manage all of those servers. Those services are often written in Ruby, Python, or C. We also leverage a lot of off-the-shelf components like Debian Linux, Ansible, and Rundeck. Many parts of this stack are  “close to the metal,” so there’s a lot of focus on performance, memory management, and network throughout.



Data Platform - body [What Our Tech Stack Looks Like]

Data platform

The sixth and final world is our data platform. This is a very new piece, currently leveraging a healthy amount of Python and Amazon Redshift. We have an extremely strict privacy policy, so a key challenge for our data team is figuring out how we can get the information to improve our service without compromising the privacy or security of our customers in any way.

We’re actively planning the future of our data platform, and we expect to add a lot of new technologies and components over the course of 2022. Right now, there’s an amazing opportunity for new data engineers to help shape the future of our data technologies.



Who gets to decide on these technology choices?

Rather than having enterprise architects who make these decisions, teams are empowered to come up with their own ideas about which tools or technologies best fit a particular problem. Of course, with great power comes great responsibility.

Teams are responsible for communicating their technology choices to the rest of the engineering organization and ensuring proper due diligence is done.

Read more: How our engineers improved VPN connection times

Jobs Opening [Tech Stack]

If you’re thinking, “That’s a lot!” Well, you’re right! We have dozens of dedicated engineers working to keep all these different pieces running together. We are actively hiring in all six of these “worlds,” so if anything here sounds interesting, we’d love to talk to you.