Upload
8kmiles-software-services
View
3.494
Download
1
Embed Size (px)
DESCRIPTION
A Windows Azure approach towards building SAAS Solutions. SAAS is fundamentally a business model where the application is owned, operated and managed by the vendor. The consumer pays for the usage and consumes the application.SAAS offers a “hands-off” model for consumers which frees the consumer from pain of server/application management and instead allows the consumer to focus on business.
Citation preview
A Windows Azure approach towards building SAAS Solutions
Building SaaS Products with Azure
Introduction • Software as a service (SaaS, pronounced sæs or sɑs), sometimes
referred to as "on-demand software", is a software delivery model in which software and associated data are centrally hosted on the cloud. SaaS is typically accessed by users using a thin client via a web browser.
• SAAS is fundamentally a business model where the application is owned, operated and managed by the vendor. The consumer pays for the usage and consumes the application.
• SAAS offers a “hands-off” model for consumers which frees the consumer from pain of server/application management and instead allows the consumer to focus on business.
2
SAAS AND THE ISV 3
SAAS and Windows Azure
Mainframes
Desktop Applications
Intranet Solutions
SAAS
SAAS and ISV
SAAS
Operational Structure
Business Model
Technology Architecture
4
ISV Realignments • Operational Structure
• Operational structure of the organization needs to be realigned to
support an internet based solution both in terms of rapid development and also in terms of support offerings
• Business Model
• SAAS enabling the solution offering requires may require a change in
terms of pricing models from traditional boxed offerings
• Application Architecture
• By bringing in multi tenancy, economies of scale can be achieved by
better utilization of infrastructure and the savings can be passed on to consumers
5
SAAS Advantages • SAAS offerings are increasingly being considered within
enterprises due to the following advantages
• Pricing – Most of the SAAS offerings are Multi Tenant enabling
vendors to reduce prices due to economies of scale
• Accelerated Feature Delivery – SAAS offerings are delivered from Internet allowing vendors to update and offer new features regularly
• Open Protocols – Increased competition and multi tenant nature of software forces vendors offer standard API’s for data access over open protocols
• Customization and Configuration – To reduce onboarding effort of customers, SAAS offerings typically offer self service customization and configuration options to end users
6
ARCHITECTURE CONSIDERATIONS 7
SAAS and ISV
SAAS
PAAS
IAAS
Multi Tenancy • Multi Tenancy is considered an essential part of SAAS systems. By
adding an abstraction layer over the product, it enables ISV to optimally utilize the hardware and achieve economies of scale
• Compared to on-premise installation, bringing multi tenancy introduces additional complexity in terms of customization and data privacy
• Customization is a tricky topic as analysts have made both pro and anti customization calls
• Customization branches the code making code management problems
• Without customization, customers may move not decide to buy the service as every business is unique
• Ideal SAAS product should have “Single Code base used by multiple customers”.
8
Theming • Theming is an essential strategy within the application
architecture to ensure that the customer feels that the solution aligns with the rest of the internal applications
• Theming may include one or more of the following elements • Customer Logo
• Application colors and themes
• Application Layout
• Dashboards
• To ensure that the product branding is intact, the product logo can be part of the footer with a link to the product portal
• It may not be necessary to offer a user level color theme as part of customization
9
Metering • Metering is the process of monitoring usage and tracking application
use
• Recommendation is to log all requests and all access requests
• Metering should also log business metrics
• Number of invoices generated
• Number of courses played
• Helps in multiple billing methodology for different flavors of customers
• Metering also helps in capacity planning and knowing system health
• Consolidated metering information related to tenant can be made available pro-actively to customer administrators
10
Billing • Pricing models for SAAS applications vary based on type of application,
usage, customer profile, etc…
• Unlike the boxed product, a SAAS product can have innovative pricing models
• User based
• Usage based
• Fixed monthly cost
• Fixed yearly cost
• Freemium
• Multi year contracts
• Billing models can be tested out early during trials to identify usage and can be finalized later
• Amortization of total cost can be over multiple customers – multiple billing cycles
11
Identity and Access Management • Security is paramount in a SAAS system
• Enterprises are used to having their own infrastructure to access products through intranet
• SAAS needs to offer a comprehensive system to manage users, roles and access permissions for different features of the application.
• In addition, as part of the infrastructure, it is imperative to enable intrusion prevention, DDOS prevention and Firewall management.
• Extending identity from customer infrastructure reduces identity management pains for the customer
12
Data and Application Integration • Integration is a core need to every enterprise to ensure that data
from one application is available for consumption by other
• Integration needs vary based on different types and usage of SAAS application
• Data integration and connectivity capabilities are important to reduce support calls and help customer teams to work without hindrance
• Multiple choices can be offered by SAAS ISV to enable integration
• CSV download of core data through graphical interface
• REST/ODATA based API for full access to database
• Read only access to database through firewall whitelisting of client IP
13
SLA Monitoring • With Product hosted on Internet and managed by the ISV, it is
essential to guarantee SLA for customers to have confidence in the solution
• SLA guarantee can be promised for the following aspects
• Availability
• Performance
• Security
• A service guarantee to customer also helps in to build the necessary monitoring layer into the application that governs all the aspects of the application
14
Automated Provisioning • Onboard customers automatically with the shortest time and
customer support effort
• Automated provisioning also helps with offering trial plans for prospects
• Self service customization makes it easier for customers to modify the service offering to fit their company needs
• Self managed tenant accounts liberates the support team from routine activities and reduces support calls
• Provisioning on multi tenant SAAS systems require no changes to infrastructure and only adds records to Tenant Information Database
15
Customization • Customization can be offered at multiple levels depending on the
need of the industry
• Table Structure
• Allow additional fields to have tenant specific information
• Fixed number of columns in each table for customization
• Fully extensible EAV tables for complex and unlimited extensibility
• Workflow
• Control process flow and customize flow authorization
• Drag and Drop managed workflow for self service
• Factory pattern based coded workflow by ISV support team for complex scenarios 16
Governance • SAAS application being owned, hosted and managed by ISV, the
onus of governance and compliance needs if any falls on the ISV
• Compliance rules may require verification of the following aspects • Infrastructure
• Physical Security, Firewall, etc…
• Data Security • Encryption in Transit and at rest
• Certifications • Industry specific validations
• Governance concerns are high in enterprises and compliance/certifications can allay the fears of IT decision authorities
17
Hybrid SAAS Architecture • Not all customers look at cost as a factor when it comes to buying
SAAS solutions
• Customers are worried about data security and privacy in multi tenant solutions. Due to governance rules within the customer legal department, customers may not prefer SAAS solutions
• To ensure that the product caters to all customers, developing a hybrid solution covers all types of customers • Multi tenant SAAS solution for SMB’s
• Independent hosting for other customers
• Boxed product of same codebase for intranet customers
• Architecture needs to have a Factory based implementation of critical components to support both on-premise and cloud based services
18
Disaster Recovery • Disaster recovery policy for SAAS applications are necessary since
the infrastructure management is handled by the ISV
• DR Strategies can vary based on time to recovery, point of recovery objectives
• Cloud based infrastructure enables quick recovery
• For Hot DR, it is essential to have an effective DNS services that quickly updates the DNS records
19
DR Type Cost Time to recover
Cold Low High
Warm Medium Medium
Hot High Low
Software + Service: An Enterprise Perspective Courtesy: Microsoft Architecture Strategy Team
20
DESIGN CONSIDERATIONS 21
SAAS and Windows Azure
SAAS - Application Access • Application access via Internet can be customized to allow the customer
to personalize the product
• URL is the singular way to identify a tenant in a multi tenant setup without exposing the list of tenants to others
• Subdomains • http://customer.product-brand.com
• Supports both the customer and product branding
• CNAME redirection to the Azure hosted service URL using DNS dashboard
• ISV managed DNS mappings
• Customer URL • http://productname.customer.com
• Product branding in URL is lost even though the application may have product logo displayed in the UI
• Customer managed DNS mappings
• For both methods, map the tenant URL to Windows Azure application URL using DNS CNAME records
22
Multi Tenancy – Data Privacy • Multi Tenancy adds the complexity of data privacy to the
architecture.
• Data Privacy has to be enforced at 2 levels – Data and File Storage
• For File storage, use multiple storage accounts on Windows Azure Blob Storage
• At Database level, there’re 3 different ways to do multi-tenancy
• Single Schema for all customers – Using TenantID column on all tables, low cost, high risk
• Multiple Schema – Allow different tenants to have different schemas and at application level have multiple SQL user based access – Low cost, high complexiety
• Multiple Database – Independent database for each customer, high cost, no risk
• SQL Azure Federations – Shard database using TenantID, low cost, optimized
23
High Availability • Application Availability can be improved by consuming inherent fault
tolerant code blocks/services
• Windows Azure compute is by default fault tolerant and starts up automatically in case of failures
• Application SLA targets can be achieved by enabling the application to run in high availability mode
• Windows Azure by default guarantees 99.5% uptime guarantee if an application is run on a minimum of 2 nodes
• SQL Azure guarantees an uptime of 99.5% for their services
• By building stateless web/app tier and by adding retry logic within data access calls, SLA guarantee for SAAS applications can be made to customer
24
Identity Management • For enterprises, integration with their internal IT security for
identity management is important
• Microsoft Active Directory
• LDAP
• Federated identity is the easiest way for integration with enterprise security for SAAS applications
• Microsoft Active Directory Federation Services
• Windows Azure Active Directory
• SAAS systems need to cater for both SMB and Enterprises. It is essential to build an integrated identity management solution within the product to cater to SMB needs.
• SQL Authentication 25
Session • For high availability, Stateless web/app tiers are necessary
• Web tier usually maintains session state in memory for active users
• To enable Stateless web server design, state information can be moved to any of the following Windows Azure Services
• SQL Azure
• Windows Azure Table Storage
• Windows AppFabric Caching
• Moving session state out of memory increases session access latency but the impact is usually minimal 26
Caching • Application performance and throughput can be improve manifold by
incorporating a caching strategy within the product
• Caching can be employed in multiple layers with minimal or no cost • Data • HTML Server Pages • Proxy Server • Browser
• For Data and Server Caching needs, employ cloud based caching services for high availability and scalability • Windows Azure Appfabric Cache • Memcache
• For proxy/browser caching, set the appropriate HTTP headers to ensure
that data is cached in transit
• Employ strategies to invalidate stale data in both scenarios
27
Scalability • Windows Azure is an elastic environment which allows machines to be
added/removed to the cluster at ease
• By adding auto scaling block to the web/app tier, an application can dynamically add/remove servers to the tier without lowering performance and with minimal cost considerations
• Scaling rules can be applied on web/app tier as • Add new instance to the group if average CPU utilization is over 75% for
last 60 seconds • Add new instance to the group if the number of pending items in Queue
is over 250 for last 180 seconds • Remove an instance from the web/app tier if the average memory
utilization is less than 20% for last 120 seconds
• Scaling works without issues in the following scenarios • Stateless services • Lock based object lookup / processing
28
Performance • Split the application into multiple types
• Static Data • Dynamic Data
• Use Windows Azure Blob Storage for delivering static data • Javascript • Images • CSS
• By splitting the load between multiple domains, the browser optimally downloads the content increasing throughput of web servers
• Effective caching strategy reduces the amount of download making web applications load quickly
• Configuring multiple buckets and having multiple URL’s configured improves overall content delivery to User browser
• CDN enabling the blob storage can reduce the network latency and deliver files from a closer data center location
• Compress web content using GZIP/Deflate methods to reduce the content size
29
Encryption • Encryption is a core part of security compliance for certificates
like PCI
• Encryption has to be done for data in both forms
• In Transit
• In Rest
• Connectivity between Browser and Web Server can be encrypted using SSL/TLS services
• Web roles can be secured using Server certificates
• Blob storage allows both http/https access using MS certificate
• Enable Secure connection for database calls
30
Logging • Plugging Logging module into applications are easier due to
existence of multiple frameworks • Log4Net
• Microsoft Enterprise Library Logging block
• Securely transfer all logs to Windows Azure Table storage and Windows Azure blobs • IIS Logs
• Application Logs
• Performance Metrics
• Errors and Exception logs
• Crash dumps
• Data is paramount to analyze and monitor SLA. The data is also essential to scale out applications during heavy loads
31
SAAS – Multi Tenant Design
32