Microservice architecture has gained hype both in industry and academia. Companies are migrating their legacy monolithic systems to microservices architecture due to its promised benefits (e.g., agility and scalability). However, practitioners have faced many challenges in microservices architecture's design, development, and operation. This study investigates the challenging factors that could negatively affect the adoption of microservices architecture, as revealed by practitioners in empirical studies. We performed a socio-technical grounded theory literature review (ST-GTLR) and identified 24 key challenges from 31 empirical studies. The identified challenges were labeled as codes and mapped into seven concepts. Finally, the concepts were merged into three core categories design, development, and infrastructure. Our results serve as a body of knowledge for practitioners and researchers to understand the challenging aspects of microservices architecture in design areas.
Software organizations are continuously seeking
solutions to improve product quality. To this end,
many companies are migrating their monolithic
systems to a microservices architecture to achieve
better scalability, maintainability, and deliverability.
In traditional monolithic architecture, all layers of
application, e.g., user interface, business, and database,
are developed as a single logical executable unit [
In recent years, MSA concepts have largely been
adopted across a vast array of industrial solutions.
Technology giants like Amazon, Netflix, Spotify, Uber,
and Twitter have successfully migrated the
conventional monolithic system architectures to
microservices architecture MSA to achieve structural,
functional, and data decoupling [
However, adopting microservices architecture is
not a one-go process as various challenges are likely to
appear [
However, all these studies report different
challenges from each other. Some studies discuss the
architecture, whereas others discuss the security
perspective. Therefore, no systematic study analyzes
all the empirical studies that classify the microservices
system's most common challenges in each design area
(design, development, and operations). This study
aims to identify the challenges for each design area
from the empirical studies and develop a taxonomy of
challenges that practitioners faced while designing,
developing, and operating MSA. To achieve the study
objectives, we conducted a socio-technical grounded
theory literature review (ST-GTLR) to understand the
industrial practitioner's perspective on the challenges
and map the identified challenges into the design areas
(e.g., design, development, and operation) of
microservices architecture. ST-GTLR is based on the
grounded theory literature review guidelines
developed by Wolfswinkel et al. [
[RQ]: What are the challenges in the design area of microservices architecture, reported by practitioners in state-of-the-art empirical studies?
Socio-technical grounded theory literature review
(ST-GLTR) is an iterative and responsive approach that
applies a five-phase framework (i.e., define, search,
select, analyze, and present) of the original grounded
theory literature review (GTLR) with concrete data
analysis framework of socio-technical grounded
theory [
We conducted ST-GTLR to explore challenges that
practitioners face when working with microservices
architecture and to develop a taxonomy of challenges
with respect to design areas of microservices
architecture. The main motivation of this review study
is to develop a taxonomy of challenges, understand
various facets of the practice areas, and guide future
research in microservices architecture. Thus, all the
steps to perform the ST- GTLR are presented in Figure
2, with a detailed illustration of the analysis phase. As
per our knowledge, we are the first to use the ST- GTLR
approach to explore the challenges of microservices
architecture design areas. However, the detailed first
version of the ST-GTLR was implemented in the
domain of software engineering [
Define: In the initial phase of ST-GTLR, we set the study's scope by defining the research question and criteria, as shown in Table 1. This guided the creation of the search string, developed through a thorough analysis of keywords by the first two authors.
Furthermore, the search string was created using
'AND' and 'OR' Boolean operators to combine key
terms and synonyms. After a team meeting to test eight
candidate strings, the final version was selected and
run on five major databases—ACM, Science Direct,
IEEE Xplore, Wiley OL, and Springer Link—yielding
2,830 studies. These databases were chosen by
unanimous author agreement and are commonly used
in software engineering reviews [
Table 1 Inclusion and Exclusion criteria Inclusion Exclusion The selected study must be Studies include full text published in Journal, microservices terms Conference, as a thesis, and but do not focus on report or paper on arXiv. empirical challenges. The study must be published Papers published in in English. workshop, short paper The study must present (less than 4 pages). empirical findings regarding Grey literature, books, practitioners' perspectives on and incomplete work. microservices. Review and duplicate A study that presents articles. empirical results on challenges in the implementation of microservices architecture.
Search: In the second stage, the actual search was
performed using the review protocols defined in the
first stage's guidelines by Wolfswinkel et al. [
Select: In the third stage, literature was filtered based on criteria in Table 1, narrowing it down to 2067 articles from various sources like journals, conferences, and arXiv. Further refinement led to 23 primary studies. The first author then used a backward snowballing approach, adding 8 more studies. The final list included 31 studies (23+8), as shown in Figure 1. If new articles emerged from snowballing, the process would restart; an article was finalized only if no new ones were found.
Analyze: STGT is an effective approach to deeply
understanding the state-of-the-art literature and
exploring the specific research problem reported in
the state-of-the-art literature [
We employed Socio-Technical Grounded Theory (STGT) in our ST-GTLR study, using traditional methods like open coding and constant comparison in the early stages, and advanced techniques like targeted Data Collection and Analysis (DCA) later. The data consisted of practitioners' statements on microservices architecture, analyzed using STGT methods like open coding and theoretical structuring. Details of the analysis are depicted on the right-hand side of Figure 2.
The basic stage – Open Coding: The open coding technique was performed to develop the codes from the finding section of primary empirical studies. For instance, the primary study stated, "Without a design of microservices systems, a system could become a nightmare for developers. Several risks can affect the microservices system, including poor work and time management," is coded as "Lak of design" Similarly, we developed several codes by considering the statement of practitioners in the finding section of the primary study. All study authors carefully verified the codes in multiple meetings to check whether they met the objective of our research question. categories. The seven concepts are microservices architecture, microservices security, testing, monitoring, development, microservices development, storage, and deployment. The concepts were mainly mapped into three categories: microservices design, development, and operation.
We derived three key categories from the rigorous analysis: (1) microservices design (2) microservices development (3) microservices operation. The codes were mapped into the seven concepts, and concepts were mapped into key categories. The mapping of concepts into categories is depicted in Figure 4, whereas their respective challenges are depicted in Figure 5.
Microservices design is the first category that
emerged from the analysis. This category emerged
from the underlying microservice architecture and
microservices security concepts. The design of the
microservices system should be comprised of loosely
coupled microservices that can be developed, tested,
and deployed independently [
Microservices architecture: Architecture is a crucial component of microservices system development. However, defining microservices architecture carries several challenges. The challenges are coded and numbered as C1, C2, C3.
C1 (Microservices granularity): Granularity
defines the size of microservices, such as how big and
short a microservices should be. However, identifying
the right granularity of microservices is challenging
from most practitioners' perspectives, whether they
are experienced or newcomers reported in [
C2 (Lack of microservices ownership): Services
ownership states that a person should be accountable
for the service in the entire lifecycle of its success or
failure. Microservices ownership helps identify and fix
bugs, implement new features, and train new
recruiters [
C3 (Language Diversity): The polyglot nature of
the microservices architecture is more advertised as a
developer can choose different programming
languages for different microservices [
C4 (Lack of microservices design): Having a
detailed design of the microservices system may assist
(i) teams in estimating the amount of work required
(ii) implementing security standards and solutions
(iii) helping to understand the system for trainee
developers [
C5 (Lack of knowledge on decomposing
strategies): Decomposing monolithic systems is
challenging due to the lack of a one-size-fits-all
strategy. While methods like Domain-Driven Design
(DDD) exist, companies often break down systems
based on team structure, resource consumption,
dependencies, and delivery cycles [
C6 (API Versioning): This is the way of managing
the expected changes with full assurance that these
changes will not disrupt the client. Even minor changes
to your API can cause client applications to fail [
Microservices security is the second concept that
emerged from the analysis of the microservices design
category. Securing the microservices system is more
intricate than securing monolithic architecture, as
communication in the microservices system is done
through the network that creates the surface attack.
Besides this, malicious requests can be sent by a
compromised microservice to other services in the
system [
Authentication is the way of verifying the identity of an
individual, whereas authorization verifies whether an
individual is authorized to access data or services [
when different microservices are given access to those
functions that are not required by a particular service.
These privileges could cause confidentiality and
integrity issues [
Microservices architecture is highly distributed in
nature, thus requiring a communication interface to
interact with other microservices to perform business
functionalities. The communication among
microservices can be compromised by attackers [
Most companies build and implement their own
cryptographic algorithm to secure their microservices
system. However, a system's confidentiality, Integrity,
and authenticity can be compromised if the company's
development team starts to build its own
cryptographic algorithms [
C11 (Lack of data encryption): In most cases, the
data in microservices storage are kept without any
encryption or authenticated data protection method
that the intruder eventually compromises. The data
stored without encrypted could breach the
confidentiality and Integrity of the system [
Microservices development is the second category that emerged from the rigorous analysis. This category is underlying by three main microservices development, microservices testing, and microservices storage concept. The review shows that practitioners face several challenges in each concept of this category.
Development: Microservices architecture includes
small, loosely coupled services that can be
independently developed, tested, and deployed into
production. However, developing microservices raises
several challenges, such as shared libraries/ managing
common codes, variants, and cyclic dependencies [
C12 (Managing common codes/ shared
libraries): Splitting all monolithic systems into small
services that can be developed and deployed
independently is not possible in most cases. Some
systems require sharing the functionalities among
other microservices, such as logging and
authentication, database access, common utilities, etc.
However, the common code cannot be shared among
microservices as it will breach the common principle
of microservices architecture [
C13 (Difficulties in managing variants): Most
applications offer free or premium versions to their
customers based on their necessities. However,
managing the variants for different customers is still
challenging for many companies. Most companies use
the feature flag to handle it, but it requires extensive
management of features [
C14 (Cyclic dependencies): This challenge arises
when one microservices directly or indirectly rely on
the other microservices to function properly, known as
mutually recursive. Cyclic dependency will eventually
increase the complexity of microservices [
Microservices Testing is a crucial part of any system to deliver a quality product to end customers. However, monolithic testing is easier as one codebase is to test, whereas each microservice is tested in the distributed microservices architecture. There are several challenges that practitioners face when testing microservices-based systems.
Most systems are composed of many microservices in
a microservices architecture. According to the survey
by Kong [53], most companies have more than 184
microservices in their system. However, creating and
implementing manual test cases is tedious for
companies “There are several reasons why manual
testing could become a problem due to the number of
microservices and communication between them” (page
no. 39) [
C16 (Integration testing of microservices): In
integration testing, the tester usually examines the
proper working of different modules in a sub-system
when a high-level feature is introduced. However,
integration testing becomes a challenge because of
multiple connecting points where the tester has
limited knowledge of other microservices [
Storage: In monolithic architecture, an application is composed of a single codebase that requires a single database, whereas microservices architecture comprises several services, and each service can have an independent database. If any change is made in the data model of a monolithic application, the entire database will be affected, whereas, in microservices, only the dedicated database will be affected. Furthermore, different services can have different storage requirements; one requires a relational database, while another requires MongoDB [54]. This distributed nature of microservices also poses storage challenges.
C17 (Distributed transactions): Microservices
are distributed, and the transactions made by any
client can also be distributed. They may span multiple
computers over the network. However, distributed
transactions lose the ACID (atomicity, consistency,
isolation, durability) feature [
C18 (Lack of consistency between
heterogenous databases): A shared relational
database is used to handle the data consistency in the
monolithic architecture as companies use a single
database for the entire application [
C19 (Query complexity): Microservice architectures extensively use online queries. There is, however, no de facto approach because developers typically rely on various ad hoc mechanisms for online queries [55]. According to the practitioner, “We are integrating data from different sources in a global transportation network. The changes in data are flowing into our system consistently.” (Page no. 11) [55].
The third category is the operation that emerged from two underlying microservices monitoring and microservices deployment concepts. This category is related to the microservices operation team that governs and deploys the microservices in IT infrastructure. The operation team automates the repeatable task and maintain the consistency of the entire microservice system.
Microservices monitoring: Microservices systems have a distributed nature comprised of many independent services that run inside the container. However, it becomes a nightmare to track the availability and performance of numerous microservices and use the suitable monitoring infrastructure. We identified three challenges under this concept.
monitoring framework): Managing logs and
monitoring in systems with numerous microservices is
complex and often lacks infrastructure. A robust
framework is essential from the project's start, a step
often overlooked by practitioners [
Distributed tracing is a process of following a
transaction request and recording all relevant data
throughout the path of a microservices architecture.
Failure is unavoidable, and when it occurs in the
microservices system, most of the practitioners start
from the failing services and gradually trace the source
of occurrence of failure [
Microservice deployment is the second concept that has emerged in the infrastructure category. The deployment in a microservices architecture is different from that of a monolithic architecture. The operational team must deploy multiple microservices in microservices architecture, whereas only a Single deployment is required in a monolithic architecture. Considering the microservice deployment, we identified three main challenges in this concept.
C22 (Lack of an automatic process): Companies
usually develop microservices and manually add them
to the deployment pipeline. However, it took a lot of
time as compared to automating the microservices
stub, and creating the build and deployment pipeline
for newly created microservices may reduce the
operational cost and time [
Containers are used for packaging up code and
dependencies to deploy microservices ideally.
However, many companies package multiple
microservices in one container and deploy it.
Packaging multiple microservices in one container can
cause issues such as launching new instances for such
services [
C24 (Tool selection): With the hype of
microservice architecture, numerous tools are built
and publicly available in the market. There are several
tools publicly available in the market for microservices
development and deployment [57], [58]. However, the
selection of the appropriate tool among many is a
timeconsuming task for many practitioners, particularly
when there is a lack of knowledge on how these tools
and technologies work [
This section describes the conclusive summary of our research study, comparative analysis, implications, and limitations.
Conclusive summary: Microservices architecture offers benefits like easier development and deployment but isn't a one-size-fits-all solution. Our research question focused on challenges in microservices design as reported by practitioners. Using a Socio-Technical Grounded Theory Literature Review (ST-GTLR), we selected 31 relevant studies and identified 24 challenges. These were categorized into seven concepts and three categories. The study revealed that most of the challenges are in the microservices design and development category. Similarly, securing microservices architecture, particularly authentication and authorization of services, is extremely challenging due to the distributed nature of microservices. The study calls for industry-specific solutions to these challenges for successful microservices adoption.
Comparative analysis: Recently, several studies
investigated different aspects of microservices
architecture from state-of-the-art practices. Pahl and
Jamshidi [59] conducted a systematic mapping study
on MSA where they taxonomically classified the
emerging applications particularly related to cloud
and container technologies. Similarly, Taibi et al. [60]
conducted a systematic mapping study on
microservices-based solutions' common patterns and
principles. Furthermore, Di Francesco et al. [
Study Implications: The results of this study contribute to academic research by explicitly exploring the available primary studies related to the microservices architecture design areas. Similarly, the study findings make a concrete research contribution by providing a significant overview of microservices architecture design area challenges. The implications for researchers and practitioners were distilled from seven concepts (microservices implementation, architecture, security, testing, storage, monitoring, deployment) identified in this study.
Practitioners face major challenges in the architecture and implementation phases of microservices, especially in decomposing monolithic systems. Researchers should focus on empirical studies to identify industry strategies for decomposition and create universal solutions. These should help define service boundaries for low coupling and offer guidelines on which applications would benefit from transitioning to microservices.
The security of microservices systems can be compromised due to the distributed nature of the system as it gains a large attack surface. Therefore, researchers and practitioners should develop unique solutions to trace the vulnerabilities.
Concerning microservices deployment, it is still challenging for novice developers to manage and configure CI/CD tools or services. Researchers should evaluate the tools employed in the industry, and practitioners should simplify the configuration of these tools to help better support, novice developers.
Managing and monitoring microservices is considered the second most challenging phase in the industry. Logging and monitoring traces have been critical for the developer of the microservices system. Therefore, the researcher should develop guidelines for early setup logging and monitoring. Furthermore, practitioners should develop simple tools for monitoring the traces.
The distributed nature of the microservices architecture poses significant challenges to data management. The data consistency, query complexity, and distributed transactions are some significant challenges. However, research and practitioners should define the guidelines on how data consistency can be ensured in a microservices architecture, where multiple microservices may access and modify the same data.
From a practical perspective, practitioners can use the study's findings to develop strategies for improving microservices architecture design areas. The taxonomy of reported challenges provides an overview of critical areas that need to be considered by industry experts before initiating the design activities of microservices architecture.
Several threats could influence the validity of our study. The potential threats of this study are analyzed based on internal, external, and conclusion validity.
Internal validity: We used ST-GTLR to focus on key aspects of the topic, acknowledging the risk of missing some studies due to our search strategy and keyword selection. To mitigate this, we used an iterative approach for keyword definition and study selection, validated by experienced authors. Studies were chosen based on the criteria in Table 1 and discussed for quality assurance. Personal bias in data extraction was minimized through regular discussions with senior authors. We included non-reviewed studies from arXiv for comprehensive insights. Coding was done by the first author and validated iteratively by expert co-authors to ensure accuracy.
External validity: refers to the extent to which the results of a study can be generalized to other populations, settings, or times. To mitigate this validity, we followed rigorous protocols of ST-GTLR.
Conclusion validity: The degree to which the study's conclusions are credible or reasonable is referred to as conclusion validity. The authors conducted brainstorming sessions to discuss the findings of the study to construct a correct conclusion.
The concept of microservices architecture is booming and has become more common due to its significant benefits, such as agility and scalability. However, design areas of microservices architecture (design, development, and operations) pose various challenges. Seeking the significance of design, development, and operations, we formulated the research question: what are the challenges in the design area of microservices architecture reported by practitioners in state-of-the-art empirical studies? To address the mentioned research question, we conducted a socio-technical grounded theory literature review (ST-GTLR) by applying the framework of grounded theory literature review (GTLR) and rigorous steps of socio-technical grounded theory (STGT) for analyzing the data of 31 primary studies. We applied open coding and targeted coding in the finding section of each empirical study. The codes were developed by analyzing the raw data of the finding sections. Further, codes were mapped into core concepts, and finally, core concepts were mapped into categories. Through rigorous analysis, we found 24 challenges mapped into seven concepts, i.e., architecture, security, development, testing, storage, monitoring, and deployment. All the concepts were mapped into three categories, i.e., microservices design, development, and operation. The challenges and their mapping would provide a holistic view to practitioners and researchers. Systems,” arXiv preprint arXiv:2112.14927, 2021. [51] P. Billawa, A. B. Tukaram, N. E. D. Ferreyra, J.-P.
Steghöfer, R. Scandariato, and G. Simhandl, “Security of Microservice Applications: A Practitioners’ Perspective on Challenges and Best Practices,” arXiv preprint arXiv:2202.01612, 2022. [52] S. S. de Toledo, A. Martini, and D. I. Sjøberg, “Improving agility by managing shared libraries in microservices,” in International Conference on Agile Software Development, 2020, pp. 195–202. [53] K. Kong, “APIs & Microservices Connectivity Report.” [Online]. Available: https://konghq.com/resources/reports/2022api-microservices-connectivity-report [54] N. Viennot, M. Lécuyer, J. Bell, R. Geambasu, and J. Nieh, “Synapse: a microservices architecture for heterogeneous-database web applications,” in Proceedings of the Tenth European Conference on Computer Systems, 2015, pp. 1– 16. [55] R. Laigner, Y. Zhou, M. A. V. Salles, Y. Liu, and M.
Kalinowski, “Data management in microservices: State of the practice, challenges, and research directions,” arXiv preprint arXiv:2103.00170, 2021. [56] X. Zhou, H. Huang, H. Zhang, X. Huang, D. Shao, and C. Zhong, “A cross- company ethnographic study on software teams for DevOps and microservices: organization, benefits, and issues,” in Proceedings of the 44th International Conference on Software Engineering: Software Engineering in Practice, 2022, pp. 1–10. [57] B. BHANDA, “Comprehensive List of DevOps Tools 2023.” [Online]. Available: https://www.qentelli.com/thoughtleadership/insights/devops-tools [58] Forge, “Best Microservices Tools.” [Online].
Available: https://sourceforge.net/software/microservice s/ [59] C. Pahl and P. Jamshidi, “Microservices: A Systematic Mapping Study.,” CLOSER (1), pp. 137–146, 2016. [60] D. Taibi, V. Lenarduzzi, and C. Pahl, “Architectural patterns for microservices: a systematic mapping study,” in CLOSER 2018: Proceedings of the 8th International Conference on Cloud Computing and Services Science; Funchal, Madeira, Portugal, 19-21 March 2018, 2018. [61] M. G. de Almeida and E. D. Canedo, “Authentication and Authorization in Microservices Architecture: A Systematic Literature Review,” Applied Sciences, vol. 12, no. 6, p. 3023, 2022