--- id: wiki-2026-0508-enterprise-software-engineering title: Enterprise Software Engineering category: 10_Wiki/Topics status: verified canonical_id: self aliases: [enterprise SE, SDLC, large-scale software, enterprise architecture] duplicate_of: none source_trust_level: A confidence_score: 0.95 verification_status: applied tags: [software-engineering, enterprise, sdlc, process, architecture, scale] raw_sources: [] last_reinforced: 2026-05-10 github_commit: pending tech_stack: language: Universal applicable_to: [Enterprise, Large-scale, Regulated] --- # Enterprise Software Engineering ## 매 한 줄 > **"매 scale + 매 compliance + 매 long-lifecycle 의 software"**. 매 startup velocity 의 X — 매 audit + 매 SLA + 매 multi-team. 매 modern: 매 platform engineering + DevSecOps + observability + AI-augmented (Copilot, Cursor, Anthropic). ## 매 핵심 ### 매 challenge - **Scale**: 매 100s of teams. - **Compliance**: SOX, HIPAA, GDPR, PCI. - **Legacy**: 매 monolith + 매 mainframe. - **Multi-stakeholder**: 매 product + ops + security + legal. - **Long lifecycle**: 매 10년+. ### 매 modern paradigm - **Platform engineering**: 매 IDP (Internal Dev Platform). - **DevSecOps**: 매 security shift-left. - **GitOps**: 매 declarative infra. - **SRE**: 매 reliability budget. - **DORA metrics**: 매 4 key. - **Team Topologies**: 매 stream-aligned + platform. ### 매 architecture - **Monolith → Microservice**: 매 strangler. - **Modular monolith**: 매 alternative. - **Event-driven**: 매 Kafka, EDA. - **API-first**: 매 OpenAPI, gRPC. - **Data mesh**: 매 domain-owned data. ### 매 process - **Agile / Scrum**: 매 small batch. - **SAFe**: 매 enterprise scale (controversial). - **Trunk-based**: 매 modern CI/CD. - **DORA**: 매 deploy frequency, lead time, MTTR, change fail rate. ### 매 응용 1. **Banking**: 매 core system. 2. **Telco**: 매 BSS / OSS. 3. **Healthcare**: 매 EHR. 4. **Government**: 매 procurement. 5. **Insurance**: 매 claim. ## 💻 패턴 ### DORA metrics dashboard ```python def compute_dora(deployments, incidents, period_days=30): return { 'deploy_frequency': len(deployments) / period_days, 'lead_time_p50_hours': median(d.commit_to_deploy_hours for d in deployments), 'mttr_minutes': median(i.detect_to_resolve_min for i in incidents), 'change_fail_rate': sum(d.caused_incident for d in deployments) / len(deployments), } ``` ### Strangler fig (legacy migration) ```typescript // 매 facade routes new 의 new, old 의 old async function getUser(id: string) { if (await featureFlag('new-user-service', { userId: id })) { return newUserService.fetch(id); } return legacyUserDao.findById(id); } ``` ### Platform IDP (Backstage) ```yaml # catalog-info.yaml apiVersion: backstage.io/v1alpha1 kind: Component metadata: name: payments-service annotations: backstage.io/source-location: url:https://github.com/acme/payments spec: type: service lifecycle: production owner: team-payments system: checkout ``` ### GitOps (ArgoCD) ```yaml apiVersion: argoproj.io/v1alpha1 kind: Application metadata: name: payments-prod spec: source: repoURL: https://github.com/acme/k8s-manifests path: prod/payments destination: server: https://kubernetes.default.svc namespace: payments syncPolicy: automated: { prune: true, selfHeal: true } ``` ### SLO / Error Budget ```yaml # 매 99.9% SLO → 43.2 min/month error budget slo: service: payments objective: 99.9% measurement_window: 30d burn_rate_alerts: - severity: page lookback: 1h threshold: 14.4 # 매 fast burn (consume 1d in 1h) - severity: ticket lookback: 6h threshold: 6 ``` ### Audit log ```typescript function audit(action: string, actor: string, target: string, metadata: object) { auditStream.publish({ timestamp: new Date().toISOString(), action, actor, target, metadata, correlationId: getRequestId(), }); } // 매 immutable + retention 7y ``` ### Compliance check (PII access) ```python def access_pii(user_id, requester): if not has_role(requester, 'pii_reader'): raise PermissionError() audit('pii_read', requester, user_id, {}) if requires_purpose(user_id): return prompt_for_purpose(requester) return fetch_user(user_id) ``` ### Multi-tenancy (Postgres RLS) ```sql ALTER TABLE orders ENABLE ROW LEVEL SECURITY; CREATE POLICY tenant_isolation ON orders USING (tenant_id = current_setting('app.tenant_id')::uuid); ``` ### Trunk-based deploy ```yaml on: { push: { branches: [main] } } jobs: deploy: steps: - run: npm test - run: npm run build - run: deploy.sh staging - run: smoke-test.sh staging - run: deploy.sh canary 5 - run: monitor.sh canary 5m - run: deploy.sh prod ``` ### Disaster recovery test ```python def chaos_dr_test(): # 매 quarterly DR drill primary_db.simulate_failure() assert app_reads_from(replica_db) promote(replica_db) assert app_writes_to(replica_db) rollback() ``` ### Architecture decision record ```markdown # ADR-0042: Adopt Kafka over RabbitMQ for event bus ## Context 50 services, growing 5/quarter, current RabbitMQ at 80% capacity. ## Decision Kafka MSK with mTLS, schema registry, 7-day retention. ## Consequences + Replay capability + Throughput headroom - Operational complexity - Cost +30% Year 1 ``` ### Team Topologies (boundary) ```yaml teams: - name: payments type: stream-aligned owns: [payments-service, billing-svc] - name: platform type: platform provides: [k8s, observability, secrets] serves: [payments, checkout, ...] - name: security type: enabling enables: [...] ``` ### AI-augmented dev (Copilot policies) ```yaml ai_policy: copilot: enabled data_residency: eu-west-1 excluded_paths: - secrets/ - compliance/ audit_log: true ``` ## 매 결정 기준 | 상황 | Approach | |---|---| | Greenfield | Cloud-native + IDP | | Legacy modernize | Strangler fig | | Compliance-heavy | DevSecOps + audit | | Multi-team | Platform engineering | | Reliability | SLO + error budget | | Slow deploys | Trunk-based + CI/CD | **기본값**: 매 platform IDP + 매 GitOps + 매 SLO + 매 DORA tracking + 매 trunk-based + 매 ADR. ## 🔗 Graph - 변형: [[Platform-Engineering]] · [[CI/CD Pipeline & IDE Security Integration|DevSecOps]] · [[SRE]] - 응용: [[Microservices]] · [[Modular Monolith]] · [[GitOps]] - Adjacent: [[Team Topologies]] · [[DORA]] · [[Backstage]] · [[ArgoCD]] · [[Development Communication Standards]] ## 🤖 LLM 활용 **언제**: 매 large org. 매 regulated industry. 매 long-lived system. **언제 X**: 매 startup MVP. 매 throwaway. ## ❌ 안티패턴 - **Process for process sake**: 매 velocity ↓. - **Skip compliance**: 매 fines. - **Big-bang migration**: 매 risk. - **Single team owns all**: 매 bottleneck. - **No DORA measurement**: 매 improvement 의 invisible. ## 🧪 검증 / 중복 - Verified (Accelerate, Team Topologies, Google SRE, Platform Engineering). - 신뢰도 A. ## 🕓 Changelog | 날짜 | 변경 | |---|---| | 2026-04-20 | Auto-reinforced | | 2026-05-08 | Phase 1 | | 2026-05-10 | Manual cleanup — DORA + 매 strangler / Backstage / GitOps / SLO / RLS code |