Architectural Anti-Patterns in Student-Developed Microservice Architectures: An Exploratory Study

Teaching microservice architectures is challenging due to distributed complexity and the gap between academia and industry. Understanding the quality issues students introduce in MSAs is essential to improve education. This study analyzes student-developed microservices using an established anti-pattern taxonomy and derives lessons learned with actionable teaching recommendations. We conducted a longitudinal, project-based course (2023-2025) involving 216 Master’s students (67 teams) who designed and deployed a realistic, containerized MSA for a gamified testing platform. The final systems revealed 23 out of 58 known MSA anti-patterns, spanning five categories. Security issues were most frequent, highlighting weaknesses in authentication, authorization, and data protection. Team Organization and Service Interaction problems followed, reflecting limited DevOps experience and difficulties in inter-service coordination. Fewer issues appeared in Intra-service Design and Inter-service Decomposition, suggesting students generally defined service boundaries well. Overall, students prioritized feature delivery over robustness and operational discipline. To address this, we recommend enforcing minimal standards (API contracts, gateways), providing labs on resilient communication, integrating security-by-design practices, and offering CI-CD templates. The paper contributes a realistic, full-scale educational experience and a replicable model for teaching industry-aligned microservice architecture.

💡 Research Summary

This paper investigates the quality of microservice architectures (MSAs) built by university students and derives concrete teaching recommendations to bridge the gap between academic instruction and industry practice. Over three consecutive editions of a graduate‑level Software Architecture Design course (2023‑2025), 216 master’s students formed 67 teams and collaboratively designed, implemented, and deployed a realistic, container‑based, web‑enabled MSA for a gamified software‑testing platform. The project spanned the full software lifecycle: requirements elicitation, domain‑driven service decomposition, API design, CI/CD pipeline construction, container orchestration with Docker/Kubernetes, and operational monitoring.

At the end of each semester the authors performed a systematic architectural quality assessment using a well‑established taxonomy of 58 microservice anti‑patterns, grouped into five categories: Intra‑service Design, Inter‑service Decomposition, Service Interaction, Security, and Team Organization. Twenty‑three distinct anti‑patterns were identified, representing roughly 40 % of the catalog. The distribution was heavily skewed toward Security (most frequent), Team Organization, and Service Interaction, while Intra‑service Design and Inter‑service Decomposition showed relatively few violations.

Key findings

• Security – Students repeatedly omitted proper authentication and authorization mechanisms, hard‑coded secrets, and failed to encrypt inter‑service traffic. These omissions reflect a focus on delivering functional features at the expense of security‑by‑design.
• Team Organization – Limited DevOps experience manifested as ad‑hoc service registration, inconsistent versioning, and fragile deployment pipelines. Coordination gaps led to hidden dependencies and deployment bottlenecks.
• Service Interaction – Over‑reliance on synchronous HTTP calls, absence of circuit‑breaker patterns, and lack of asynchronous messaging (e.g., queues, event streams) increased latency and reduced resilience.
• Intra‑service Design – Few “God Service” or tightly‑coupled module issues were observed, indicating that students generally respected the single‑responsibility principle within individual services.
• Inter‑service Decomposition – Service boundaries were largely aligned with domain concepts; shared databases and overly fine‑grained services were rare, suggesting that students grasped basic domain‑driven design concepts.

Pedagogical implications
Based on these observations the authors propose a set of actionable interventions:

1. Enforce minimal architectural contracts – Require OpenAPI/Swagger specifications, a gateway or service‑discovery mechanism, and automated validation of API compatibility.
2. Integrate security‑by‑design labs – Hands‑on exercises covering least‑privilege access, secret management (e.g., HashiCorp Vault), and TLS‑encrypted service‑to‑service communication.
3. Teach resilient communication patterns – Provide labs on asynchronous messaging (Kafka, RabbitMQ) and fault‑tolerance constructs such as circuit breakers, retries, and bulkheads.
4. Supply ready‑to‑use CI/CD templates – Pre‑configured GitHub Actions or GitLab CI pipelines, Helm charts, and Terraform scripts to lower the barrier to automated builds, tests, and deployments.
5. Introduce continuous architectural review – Periodic code and architecture inspections, complemented by automated anti‑pattern detection tools (e.g., SonarQube, ArchUnit) to give immediate feedback.

Contributions
The paper makes four primary contributions: (i) a detailed, replicable model for integrating a full‑scale MSA project into a semester‑long curriculum; (ii) an empirical analysis of student‑produced microservice systems using a comprehensive anti‑pattern taxonomy; (iii) an exploration of the root causes linking architectural decisions to process and DevOps practices; and (iv) a set of evidence‑based teaching recommendations aimed at improving robustness, security, and operational discipline in student projects.

Limitations and future work
The study is confined to a single institution and a single course, which may limit generalizability. The project duration, while longer than typical short‑term labs, still does not capture long‑term maintenance and evolution challenges. Moreover, anti‑pattern identification relied partly on manual inspection, introducing subjectivity. Future research directions include multi‑institution collaborations, longitudinal studies covering post‑deployment maintenance, and the development of fully automated, machine‑learning‑enhanced anti‑pattern detection pipelines.

Overall, the work demonstrates that realistic, industry‑aligned microservice projects can reveal meaningful architectural shortcomings in student work and that targeted curriculum interventions can substantially improve the quality of future graduates’ software designs.