A Windows Azure approach towards building SAAS Solutions

Building SaaS Products with Azure

Introduction • Software as a service (SaaS, pronounced sæs or sɑs), sometimes

referred to as "on-demand software", is a software delivery model in which software and associated data are centrally hosted on the cloud. SaaS is typically accessed by users using a thin client via a web browser.

• SAAS is fundamentally a business model where the application is owned, operated and managed by the vendor. The consumer pays for the usage and consumes the application.

• SAAS offers a “hands-off” model for consumers which frees the consumer from pain of server/application management and instead allows the consumer to focus on business.

2

SAAS AND THE ISV 3

SAAS and Windows Azure

Mainframes

Desktop Applications

Intranet Solutions

SAAS

SAAS and ISV

SAAS

Operational Structure

Business Model

Technology Architecture

4

ISV Realignments • Operational Structure

• Operational structure of the organization needs to be realigned to

support an internet based solution both in terms of rapid development and also in terms of support offerings

• Business Model

• SAAS enabling the solution offering requires may require a change in

terms of pricing models from traditional boxed offerings

• Application Architecture

• By bringing in multi tenancy, economies of scale can be achieved by

better utilization of infrastructure and the savings can be passed on to consumers

5

SAAS Advantages • SAAS offerings are increasingly being considered within

enterprises due to the following advantages

• Pricing – Most of the SAAS offerings are Multi Tenant enabling

vendors to reduce prices due to economies of scale

• Accelerated Feature Delivery – SAAS offerings are delivered from Internet allowing vendors to update and offer new features regularly

• Open Protocols – Increased competition and multi tenant nature of software forces vendors offer standard API’s for data access over open protocols

• Customization and Configuration – To reduce onboarding effort of customers, SAAS offerings typically offer self service customization and configuration options to end users

6

ARCHITECTURE CONSIDERATIONS 7

SAAS and ISV

SAAS

PAAS

IAAS

Multi Tenancy • Multi Tenancy is considered an essential part of SAAS systems. By

adding an abstraction layer over the product, it enables ISV to optimally utilize the hardware and achieve economies of scale

• Compared to on-premise installation, bringing multi tenancy introduces additional complexity in terms of customization and data privacy

• Customization is a tricky topic as analysts have made both pro and anti customization calls

• Customization branches the code making code management problems

• Without customization, customers may move not decide to buy the service as every business is unique

• Ideal SAAS product should have “Single Code base used by multiple customers”.

8

Theming • Theming is an essential strategy within the application

architecture to ensure that the customer feels that the solution aligns with the rest of the internal applications

• Theming may include one or more of the following elements • Customer Logo

• Application colors and themes

• Application Layout

• Dashboards

• To ensure that the product branding is intact, the product logo can be part of the footer with a link to the product portal

• It may not be necessary to offer a user level color theme as part of customization

9

Metering • Metering is the process of monitoring usage and tracking application

use

• Recommendation is to log all requests and all access requests

• Metering should also log business metrics

• Number of invoices generated

• Number of courses played

• Helps in multiple billing methodology for different flavors of customers

• Metering also helps in capacity planning and knowing system health

• Consolidated metering information related to tenant can be made available pro-actively to customer administrators

10

Billing • Pricing models for SAAS applications vary based on type of application,

usage, customer profile, etc…

• Unlike the boxed product, a SAAS product can have innovative pricing models

• User based

• Usage based

• Fixed monthly cost

• Fixed yearly cost

• Freemium

• Multi year contracts

• Billing models can be tested out early during trials to identify usage and can be finalized later

• Amortization of total cost can be over multiple customers – multiple billing cycles

11

Identity and Access Management • Security is paramount in a SAAS system

• Enterprises are used to having their own infrastructure to access products through intranet

• SAAS needs to offer a comprehensive system to manage users, roles and access permissions for different features of the application.

• In addition, as part of the infrastructure, it is imperative to enable intrusion prevention, DDOS prevention and Firewall management.

• Extending identity from customer infrastructure reduces identity management pains for the customer

12

Data and Application Integration • Integration is a core need to every enterprise to ensure that data

from one application is available for consumption by other

• Integration needs vary based on different types and usage of SAAS application

• Data integration and connectivity capabilities are important to reduce support calls and help customer teams to work without hindrance

• Multiple choices can be offered by SAAS ISV to enable integration

• CSV download of core data through graphical interface

• REST/ODATA based API for full access to database

• Read only access to database through firewall whitelisting of client IP

13

SLA Monitoring • With Product hosted on Internet and managed by the ISV, it is

essential to guarantee SLA for customers to have confidence in the solution

• SLA guarantee can be promised for the following aspects

• Availability

• Performance

• Security

• A service guarantee to customer also helps in to build the necessary monitoring layer into the application that governs all the aspects of the application

14

Automated Provisioning • Onboard customers automatically with the shortest time and

customer support effort

• Automated provisioning also helps with offering trial plans for prospects

• Self service customization makes it easier for customers to modify the service offering to fit their company needs

• Self managed tenant accounts liberates the support team from routine activities and reduces support calls

• Provisioning on multi tenant SAAS systems require no changes to infrastructure and only adds records to Tenant Information Database

15

Customization • Customization can be offered at multiple levels depending on the

need of the industry

• Table Structure

• Allow additional fields to have tenant specific information

• Fixed number of columns in each table for customization

• Fully extensible EAV tables for complex and unlimited extensibility

• Workflow

• Control process flow and customize flow authorization

• Drag and Drop managed workflow for self service

• Factory pattern based coded workflow by ISV support team for complex scenarios 16

Governance • SAAS application being owned, hosted and managed by ISV, the

onus of governance and compliance needs if any falls on the ISV

• Compliance rules may require verification of the following aspects • Infrastructure

• Physical Security, Firewall, etc…

• Data Security • Encryption in Transit and at rest

• Certifications • Industry specific validations

• Governance concerns are high in enterprises and compliance/certifications can allay the fears of IT decision authorities

17

Hybrid SAAS Architecture • Not all customers look at cost as a factor when it comes to buying

SAAS solutions

• Customers are worried about data security and privacy in multi tenant solutions. Due to governance rules within the customer legal department, customers may not prefer SAAS solutions

• To ensure that the product caters to all customers, developing a hybrid solution covers all types of customers • Multi tenant SAAS solution for SMB’s

• Independent hosting for other customers

• Boxed product of same codebase for intranet customers

• Architecture needs to have a Factory based implementation of critical components to support both on-premise and cloud based services

18

Disaster Recovery • Disaster recovery policy for SAAS applications are necessary since

the infrastructure management is handled by the ISV

• DR Strategies can vary based on time to recovery, point of recovery objectives

• Cloud based infrastructure enables quick recovery

• For Hot DR, it is essential to have an effective DNS services that quickly updates the DNS records

19

DR Type Cost Time to recover

Cold Low High

Warm Medium Medium

Hot High Low

Software + Service: An Enterprise Perspective Courtesy: Microsoft Architecture Strategy Team

20

DESIGN CONSIDERATIONS 21

SAAS and Windows Azure

SAAS - Application Access • Application access via Internet can be customized to allow the customer

to personalize the product

• URL is the singular way to identify a tenant in a multi tenant setup without exposing the list of tenants to others

• Subdomains • http://customer.product-brand.com

• Supports both the customer and product branding

• CNAME redirection to the Azure hosted service URL using DNS dashboard

• ISV managed DNS mappings

• Customer URL • http://productname.customer.com

• Product branding in URL is lost even though the application may have product logo displayed in the UI

• Customer managed DNS mappings

• For both methods, map the tenant URL to Windows Azure application URL using DNS CNAME records

22

Multi Tenancy – Data Privacy • Multi Tenancy adds the complexity of data privacy to the

architecture.

• Data Privacy has to be enforced at 2 levels – Data and File Storage

• For File storage, use multiple storage accounts on Windows Azure Blob Storage

• At Database level, there’re 3 different ways to do multi-tenancy

• Single Schema for all customers – Using TenantID column on all tables, low cost, high risk

• Multiple Schema – Allow different tenants to have different schemas and at application level have multiple SQL user based access – Low cost, high complexiety

• Multiple Database – Independent database for each customer, high cost, no risk

• SQL Azure Federations – Shard database using TenantID, low cost, optimized

23

High Availability • Application Availability can be improved by consuming inherent fault

tolerant code blocks/services

• Windows Azure compute is by default fault tolerant and starts up automatically in case of failures

• Application SLA targets can be achieved by enabling the application to run in high availability mode

• Windows Azure by default guarantees 99.5% uptime guarantee if an application is run on a minimum of 2 nodes

• SQL Azure guarantees an uptime of 99.5% for their services

• By building stateless web/app tier and by adding retry logic within data access calls, SLA guarantee for SAAS applications can be made to customer

24

Identity Management • For enterprises, integration with their internal IT security for

identity management is important

• Microsoft Active Directory

• LDAP

• Federated identity is the easiest way for integration with enterprise security for SAAS applications

• Microsoft Active Directory Federation Services

• Windows Azure Active Directory

• SAAS systems need to cater for both SMB and Enterprises. It is essential to build an integrated identity management solution within the product to cater to SMB needs.

• SQL Authentication 25

Session • For high availability, Stateless web/app tiers are necessary

• Web tier usually maintains session state in memory for active users

• To enable Stateless web server design, state information can be moved to any of the following Windows Azure Services

• SQL Azure

• Windows Azure Table Storage

• Windows AppFabric Caching

• Moving session state out of memory increases session access latency but the impact is usually minimal 26

Caching • Application performance and throughput can be improve manifold by

incorporating a caching strategy within the product

• Caching can be employed in multiple layers with minimal or no cost • Data • HTML Server Pages • Proxy Server • Browser

• For Data and Server Caching needs, employ cloud based caching services for high availability and scalability • Windows Azure Appfabric Cache • Memcache

• For proxy/browser caching, set the appropriate HTTP headers to ensure

that data is cached in transit

• Employ strategies to invalidate stale data in both scenarios

27

Scalability • Windows Azure is an elastic environment which allows machines to be

added/removed to the cluster at ease

• By adding auto scaling block to the web/app tier, an application can dynamically add/remove servers to the tier without lowering performance and with minimal cost considerations

• Scaling rules can be applied on web/app tier as • Add new instance to the group if average CPU utilization is over 75% for

last 60 seconds • Add new instance to the group if the number of pending items in Queue

is over 250 for last 180 seconds • Remove an instance from the web/app tier if the average memory

utilization is less than 20% for last 120 seconds

• Scaling works without issues in the following scenarios • Stateless services • Lock based object lookup / processing

28

Performance • Split the application into multiple types

• Static Data • Dynamic Data

• Use Windows Azure Blob Storage for delivering static data • Javascript • Images • CSS

• By splitting the load between multiple domains, the browser optimally downloads the content increasing throughput of web servers

• Effective caching strategy reduces the amount of download making web applications load quickly

• Configuring multiple buckets and having multiple URL’s configured improves overall content delivery to User browser

• CDN enabling the blob storage can reduce the network latency and deliver files from a closer data center location

• Compress web content using GZIP/Deflate methods to reduce the content size

29

Encryption • Encryption is a core part of security compliance for certificates

like PCI

• Encryption has to be done for data in both forms

• In Transit

• In Rest

• Connectivity between Browser and Web Server can be encrypted using SSL/TLS services

• Web roles can be secured using Server certificates

• Blob storage allows both http/https access using MS certificate

• Enable Secure connection for database calls

30

Logging • Plugging Logging module into applications are easier due to

existence of multiple frameworks • Log4Net

• Microsoft Enterprise Library Logging block

• Securely transfer all logs to Windows Azure Table storage and Windows Azure blobs • IIS Logs

• Application Logs

• Performance Metrics

• Errors and Exception logs

• Crash dumps

• Data is paramount to analyze and monitor SLA. The data is also essential to scale out applications during heavy loads

31

SAAS – Multi Tenant Design

32

AZURE@8KMILES.COM OR CLOUD@8KMILES.COM

33

Contact Us @