Architecture vs. Design vs. Implementation

"The architect's role is to balance the needs of the business, the constraints of the technology, and the art of the possible." — Grady Booch

This article clarifies the boundaries and handoffs between architecture, design, and implementation so teams make decisions at the right level and avoid rework.

• Scope: definitions, responsibilities, decision types, and how to tell which level a decision belongs to. Includes examples, trade‑offs, and a quick decision flow.
• Out of scope: deep analysis of change economics (see Architectural Decision Impact & Cost of Change), and stakeholder roles/process (see Stakeholders & Concerns).

At a glance

Architecture

1. Aligns to business goals & quality attributes
2. Sets boundaries, runtime topology, data & integration
3. Long‑lived; costly to change

Design

1. Shapes modules/components & contracts
2. Patterns, data models, error/caching strategies
3. Medium horizon; medium cost to change

Implementation

1. Turns design into code, tests, configs
2. Local choices: language, libs, structure, logging
3. Short‑lived; relatively cheap to change

Core definitions

Level	Primary goal	Typical scope	Decision examples	Time horizon	Cost of change	Common artifacts
Architecture	Align the system to business goals and quality attributes	System boundaries, runtime topology, data & integration	Monolith vs microservices; sync vs async; data ownership; security posture; deployment topology	Long‑lived	High	Architecture principles, views/diagrams, ADRs
Design	Shape modules/components to realize the architecture	Module/API boundaries, data models, patterns	Aggregates and repositories; interfaces; error handling strategy; caching strategy	Medium	Medium	UML/C4 component views, API contracts, sequence diagrams
Implementation	Make the design executable, correct, and maintainable	Code, tests, frameworks, configuration	Language, framework, libraries; function/class structure; logging; retries; feature flags	Short	Low	Source code, tests, configs

Decision placement cues

Architecture

If reversing the decision requires changing multiple services or data stores, or it changes quality attributes (availability, latency, security, evolvability), it’s architectural.

Design

Changes public interfaces/contracts or cross‑cutting policies (error format, pagination, cache strategy) → design.

Implementation

Local code choices with contained blast radius are implementation.

Quick decision flow

Use this mental model to place a decision at the right level.

A decision flow for categorizing decisions and identifying next steps.

Real‑world scenario: checkout service

Business goal: “Enable online checkout with low latency and high availability.”

Checkout service plan

Architecture

Choose modular monolith now with seams for later extraction; async outbox for payment events; database per module boundary; 99.9% availability target; blue/green deployment. Security posture: mTLS internal, OAuth2 for external APIs, PII encryption at rest.

Design

Domain model with Order aggregate; Payment as domain service; anti‑corruption layer for payment provider; idempotent command handling; standard error envelope for APIs. Sequence: API → Application service → Domain → Outbox → Worker → PSP.

Implementation

Language/framework, retry with jitter on PSP calls, circuit breaker, structured logging with correlation IDs, feature flag to toggle a new PSP.

Example artifacts (abbreviated)

adr-0005-payment-integration.md (excerpt)

Status: Accepted
Context: External PSP has variable latency and failure modes.
Decision: Use async outbox + worker; PSP calls via circuit breaker; idempotency keys.
Consequences: Eventual consistency for payment status; simpler failure isolation.

order-sequence.plain (simplified sequence)

Client -> API: POST /orders
API -> AppSvc: CreateOrder(cmd)
AppSvc -> Domain: Order.create()
Domain -> Outbox: enqueue(PaymentRequested)
Worker -> PSP: authorize()
PSP -> Worker: result
Worker -> Domain: apply(PaymentAuthorized|Failed)

payment_client.py (implementation detail)

import requests, time, random

def call_psp(payload, retries=3):
    for attempt in range(1, retries + 1):
        try:
            resp = requests.post('https://psp.example/authorize', json=payload, timeout=2)
            resp.raise_for_status()
            return resp.json()
        except Exception as e:
            if attempt == retries:
                raise
            time.sleep(min(0.25 * (2 ** attempt) + random.uniform(0, 0.1), 2.0))

The ADR and sequence are architectural/design artifacts; the Python snippet is implementation—replaceable without revisiting the architecture.

Patterns, anti‑patterns, and tips

Do’s and don’ts

Do

Encourage thin architecture docs (principles, constraints, a few key views). Prefer decisions that keep options open (e.g., modular monolith with clear seams). Capture significant choices as ADRs; link to code and docs. Keep public contracts explicit; use contract tests. Treat quality attributes as first‑class.

Avoid

Architecture by library; design leakage across boundaries; over‑abstraction with layers that don’t add clarity.

When to use vs. when not to use formal architecture

Use

1. Decisions shape quality attributes or require coordinated change
2. Cross trust boundaries or regulated data
3. Many consumers depend on your contracts

Don’t overdo

1. Exploratory spikes or short‑lived tools where speed dominates
2. Local refactors with contained impact—use lightweight notes in reviews

Design review checklist

• Decision level is clear (architecture, design, or implementation)
• Architectural decisions align with business goals and quality attributes
• Design choices realize architecture without violating its constraints
• Implementation details are confined and don’t leak into the design
• Contracts and interfaces are explicit and tested
• Significant architectural and design decisions are documented (e.g., in ADRs)
• The cost and impact of reversing the decision have been considered

Operational, Security, and Testing Considerations

The level of a decision directly impacts how it is operated, secured, and tested.

Considerations by Level

Operational Considerations

Architecture: Defines the deployment topology, rollout strategies (blue/green, canary), and SLOs for system-wide qualities like availability and disaster recovery. For example, choosing microservices implies managing a fleet of services, each with its own operational lifecycle.

Design: Determines component-level health checks, caching strategies (and their TTLs), and error budgets for specific APIs or modules.

Implementation: Involves setting up specific alerts, configuring resource limits (CPU/memory), and managing dependencies.

Security, Privacy, and Compliance

Architecture: Sets the security posture. This includes defining trust boundaries, data classification policies (e.g., PII), and the authentication/authorization model (e.g., OAuth2, mTLS). Compliance requirements like GDPR or HIPAA heavily influence architectural choices.

Design: Specifies API-level authorization, secret management patterns, and how data is encrypted in transit and at rest within a component's boundary.

Implementation: Focuses on secure coding practices, vulnerability scanning for libraries (SAST/DAST), and correct use of cryptographic APIs.

Observability

Architecture: Establishes the strategy for distributed tracing and log correlation across services. It defines what constitutes a "transaction" from an end-to-end perspective.

Design: Defines the structured logging format, key metrics (e.g., RED—Rate, Errors, Duration) for a service, and dashboard requirements.

Implementation: Adds the specific trace spans, log statements, and metric counters to the code.

Testing

Architecture: Is validated with contract tests between services, integration tests for critical user journeys, and chaos engineering to test resilience.

Design: Is tested via component-level integration tests that verify interactions and adherence to contracts.

Implementation: Is verified with unit tests, which have the narrowest scope and focus on individual functions or classes.

Edge Cases

Decisions can blur the lines. A library choice (implementation) might introduce a paradigm that becomes a de facto architectural constraint. In startups, many "architectural" decisions are deferred and treated as design-level choices to accelerate delivery, accepting the technical debt. The key is to recognize when a decision's impact grows beyond its original scope.

Related topics

• Architectural Decision Impact & Cost of Change
• Stakeholders & Concerns
• See categories for deeper dives: Core Design & Programming Principles and Documentation & Modeling

References

1. ISO/IEC/IEEE 42010: Systems and software engineering — Architecture description ↗️

2. Bass, Clements, and Kazman. Software Architecture in Practice ↗️

3. Martin Fowler, Architecture topics ↗️