Building SaaS Products with Azure

A Windows Azure approach towards building SAAS Solutions

Introduction
Software as a service (SaaS, pronounced ss or ss), sometimes referred to as "on-demand software", is a software delivery model in which software and associated data are centrally hosted on the cloud. SaaS is typically accessed by users using a thin client via a web browser. SAAS is fundamentally a business model where the application is owned, operated and managed by the vendor. The consumer pays for the usage and consumes the application. SAAS offers a hands-off model for consumers which frees the consumer from pain of server/application management and instead allows the consumer to focus on business.

SAAS
Desktop Applications
Mainfra mes

Intranet Solutions

SAAS and Windows Azure

SAAS AND THE ISV

SAAS and ISV

Operational Structure

SAAS
Technology Architecture Business Model

ISV Realignments
Operational Structure
Operational structure of the organization needs to be realigned to support an internet based solution both in terms of rapid development and also in terms of support offerings

Business Model
SAAS enabling the solution offering requires may require a change in terms of pricing models from traditional boxed offerings

Application Architecture
By bringing in multi tenancy, economies of scale can be achieved by better utilization of infrastructure and the savings can be passed on to consumers
5

SAAS Advantages
SAAS offerings are increasingly being considered within enterprises due to the following advantages
Pricing Most of the SAAS offerings are Multi Tenant enabling vendors to reduce prices due to economies of scale
Accelerated Feature Delivery SAAS offerings are delivered from Internet allowing vendors to update and offer new features regularly Open Protocols Increased competition and multi tenant nature of software forces vendors offer standard APIs for data access over open protocols

Customization and Configuration To reduce onboarding effort of customers, SAAS offerings typically offer self service customization and configuration options to end users

SAAS PAAS IAAS

SAAS and ISV

ARCHITECTURE CONSIDERATIONS

Multi Tenancy
Multi Tenancy is considered an essential part of SAAS systems. By adding an abstraction layer over the product, it enables ISV to optimally utilize the hardware and achieve economies of scale Compared to on-premise installation, bringing multi tenancy introduces additional complexity in terms of customization and data privacy Customization is a tricky topic as analysts have made both pro and anti customization calls
Customization branches the code making code management problems Without customization, customers may move not decide to buy the service as every business is unique

Ideal SAAS product should have Single Code base used by multiple customers.

Theming
Theming is an essential strategy within the application architecture to ensure that the customer feels that the solution aligns with the rest of the internal applications Theming may include one or more of the following elements
Customer Logo Application colors and themes Application Layout Dashboards

To ensure that the product branding is intact, the product logo can be part of the footer with a link to the product portal It may not be necessary to offer a user level color theme as part of customization
9

Metering
Metering is the process of monitoring usage and tracking application use

Recommendation is to log all requests and all access requests

Metering should also log business metrics
Number of invoices generated Number of courses played

Helps in multiple billing methodology for different flavors of customers Metering also helps in capacity planning and knowing system health Consolidated metering information related to tenant can be made available pro-actively to customer administrators
10

Billing
Pricing models for SAAS applications vary based on type of application, usage, customer profile, etc

Unlike the boxed product, a SAAS product can have innovative pricing models
User based Usage based Fixed monthly cost Fixed yearly cost Freemium Multi year contracts

Billing models can be tested out early during trials to identify usage and can be finalized later Amortization of total cost can be over multiple customers multiple billing cycles
11

Identity and Access Management

Security is paramount in a SAAS system Enterprises are used to having their own infrastructure to access products through intranet SAAS needs to offer a comprehensive system to manage users, roles and access permissions for different features of the application. In addition, as part of the infrastructure, it is imperative to enable intrusion prevention, DDOS prevention and Firewall management. Extending identity from customer infrastructure reduces identity management pains for the customer
12

Data and Application Integration

Integration is a core need to every enterprise to ensure that data from one application is available for consumption by other Integration needs vary based on different types and usage of SAAS application Data integration and connectivity capabilities are important to reduce support calls and help customer teams to work without hindrance Multiple choices can be offered by SAAS ISV to enable integration
CSV download of core data through graphical interface REST/ODATA based API for full access to database Read only access to database through firewall whitelisting of client IP
13

SLA Monitoring
With Product hosted on Internet and managed by the ISV, it is essential to guarantee SLA for customers to have confidence in the solution SLA guarantee can be promised for the following aspects
Availability Performance Security

A service guarantee to customer also helps in to build the necessary monitoring layer into the application that governs all the aspects of the application
14

Automated Provisioning
Onboard customers automatically with the shortest time and customer support effort

Automated provisioning also helps with offering trial plans for prospects
Self service customization makes it easier for customers to modify the service offering to fit their company needs Self managed tenant accounts liberates the support team from routine activities and reduces support calls

Provisioning on multi tenant SAAS systems require no changes to infrastructure and only adds records to Tenant Information Database

15

Customization
Customization can be offered at multiple levels depending on the need of the industry Table Structure
Allow additional fields to have tenant specific information Fixed number of columns in each table for customization Fully extensible EAV tables for complex and unlimited extensibility

Workflow
Control process flow and customize flow authorization Drag and Drop managed workflow for self service Factory pattern based coded workflow by ISV support team for complex scenarios

16

Governance
SAAS application being owned, hosted and managed by ISV, the onus of governance and compliance needs if any falls on the ISV

Compliance rules may require verification of the following aspects

Infrastructure
Physical Security, Firewall, etc

Data Security
Encryption in Transit and at rest

Certifications
Industry specific validations

Governance concerns are high in enterprises and compliance/certifications can allay the fears of IT decision authorities

17

Hybrid SAAS Architecture

Not all customers look at cost as a factor when it comes to buying SAAS solutions

Customers are worried about data security and privacy in multi tenant solutions. Due to governance rules within the customer legal department, customers may not prefer SAAS solutions
To ensure that the product caters to all customers, developing a hybrid solution covers all types of customers
Multi tenant SAAS solution for SMBs Independent hosting for other customers Boxed product of same codebase for intranet customers

Architecture needs to have a Factory based implementation of critical components to support both on-premise and cloud based services

18

Disaster Recovery
Disaster recovery policy for SAAS applications are necessary since the infrastructure management is handled by the ISV DR Strategies can vary based on time to recovery, point of recovery objectives Cloud based infrastructure enables quick recovery For Hot DR, it is essential to have an effective DNS services that quickly updates the DNS records
DR Type Cold Warm Hot Cost Low Medium High Time to recover High Medium Low 19

Software + Service: An Enterprise Perspective

Courtesy: Microsoft Architecture Strategy Team

20

SAAS and Windows Azure

DESIGN CONSIDERATIONS

21

SAAS - Application Access

Application access via Internet can be customized to allow the customer to personalize the product

URL is the singular way to identify a tenant in a multi tenant setup without exposing the list of tenants to others
Subdomains
http://customer.product-brand.com Supports both the customer and product branding CNAME redirection to the Azure hosted service URL using DNS dashboard ISV managed DNS mappings

Customer URL
http://productname.customer.com Product branding in URL is lost even though the application may have product logo displayed in the UI Customer managed DNS mappings

For both methods, map the tenant URL to Windows Azure application URL using DNS CNAME records

22

Multi Tenancy Data Privacy

Multi Tenancy adds the complexity of data privacy to the architecture. Data Privacy has to be enforced at 2 levels Data and File Storage For File storage, use multiple storage accounts on Windows Azure Blob Storage At Database level, therere 3 different ways to do multi-tenancy
Single Schema for all customers Using TenantID column on all tables, low cost, high risk Multiple Schema Allow different tenants to have different schemas and at application level have multiple SQL user based access Low cost, high complexiety Multiple Database Independent database for each customer, high cost, no risk SQL Azure Federations Shard database using TenantID, low cost, optimized

23

High Availability
Application Availability can be improved by consuming inherent fault tolerant code blocks/services

Windows Azure compute is by default fault tolerant and starts up automatically in case of failures
Application SLA targets can be achieved by enabling the application to run in high availability mode Windows Azure by default guarantees 99.5% uptime guarantee if an application is run on a minimum of 2 nodes SQL Azure guarantees an uptime of 99.5% for their services By building stateless web/app tier and by adding retry logic within data access calls, SLA guarantee for SAAS applications can be made to customer
24

Identity Management
For enterprises, integration with their internal IT security for identity management is important
Microsoft Active Directory LDAP

Federated identity is the easiest way for integration with enterprise security for SAAS applications
Microsoft Active Directory Federation Services Windows Azure Active Directory

SAAS systems need to cater for both SMB and Enterprises. It is essential to build an integrated identity management solution within the product to cater to SMB needs.
SQL Authentication

25

Session
For high availability, Stateless web/app tiers are necessary Web tier usually maintains session state in memory for active users To enable Stateless web server design, state information can be moved to any of the following Windows Azure Services
SQL Azure Windows Azure Table Storage Windows AppFabric Caching

Moving session state out of memory increases session access latency but the impact is usually minimal

26

Caching
Application performance and throughput can be improve manifold by incorporating a caching strategy within the product Caching can be employed in multiple layers with minimal or no cost
Data HTML Server Pages Proxy Server Browser

For Data and Server Caching needs, employ cloud based caching services for high availability and scalability
Windows Azure Appfabric Cache Memcache

For proxy/browser caching, set the appropriate HTTP headers to ensure that data is cached in transit
27

Employ strategies to invalidate stale data in both scenarios

Scalability
Windows Azure is an elastic environment which allows machines to be added/removed to the cluster at ease By adding auto scaling block to the web/app tier, an application can dynamically add/remove servers to the tier without lowering performance and with minimal cost considerations Scaling rules can be applied on web/app tier as
Add new instance to the group if average CPU utilization is over 75% for last 60 seconds Add new instance to the group if the number of pending items in Queue is over 250 for last 180 seconds Remove an instance from the web/app tier if the average memory utilization is less than 20% for last 120 seconds

Scaling works without issues in the following scenarios

Stateless services Lock based object lookup / processing
28

Performance
Split the application into multiple types
Static Data Dynamic Data

Use Windows Azure Blob Storage for delivering static data

Javascript Images CSS

By splitting the load between multiple domains, the browser optimally downloads the content increasing throughput of web servers Effective caching strategy reduces the amount of download making web applications load quickly Configuring multiple buckets and having multiple URLs configured improves overall content delivery to User browser CDN enabling the blob storage can reduce the network latency and deliver files from a closer data center location Compress web content using GZIP/Deflate methods to reduce the content size

29

Encryption
Encryption is a core part of security compliance for certificates like PCI Encryption has to be done for data in both forms
In Transit In Rest

Connectivity between Browser and Web Server can be encrypted using SSL/TLS services
Web roles can be secured using Server certificates Blob storage allows both http/https access using MS certificate

Enable Secure connection for database calls

30

Logging
Plugging Logging module into applications are easier due to existence of multiple frameworks
Log4Net Microsoft Enterprise Library Logging block

Securely transfer all logs to Windows Azure Table storage and Windows Azure blobs
IIS Logs Application Logs Performance Metrics Errors and Exception logs Crash dumps
31

Data is paramount to analyze and monitor SLA. The data is also essential to scale out applications during heavy loads

SAAS Multi Tenant Design

32

Contact Us @

AZURE@8KMILES.COM OR CLOUD@8KMILES.COM

33