A Windows Azure approach towards building SAAS Solutions.
SAAS is fundamentally a business model where the application is owned, operated and managed by the vendor. The consumer pays for the usage and consumes the application.
SAAS offers a “hands-off” model for consumers which frees the consumer from pain of server/application management and instead allows the consumer to focus on business.
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Building SaaS products with Windows Azure
1. Building
SaaS
Products
with Azure
A Windows Azure approach towards building SAAS Solutions
2. Introduction
• Software as a service (SaaS, pronounced sæs or sɑs), sometimes
referred to as "on-demand software", is a software delivery
model in which software and associated data are
centrally hosted on the cloud. SaaS is typically accessed
by users using a thin client via a web browser.
• SAAS is fundamentally a business model where the application is
owned, operated and managed by the vendor. The consumer
pays for the usage and consumes the application.
• SAAS offers a “hands-off” model for consumers which frees the
consumer from pain of server/application management and
instead allows the consumer to focus on business.
2
3. SAAS
Intranet
Solutions
Desktop
Applications
Mainfra
mes
SAAS and Windows Azure
SAAS AND THE ISV 3
4. SAAS and ISV
Operational
Structure
SAAS
Technology Business
Architecture Model
4
5. ISV Realignments
• Operational Structure
• Operational structure of the organization needs to be realigned to
support an internet based solution both in terms of rapid
development and also in terms of support offerings
• Business Model
• SAAS enabling the solution offering requires may require a change in
terms of pricing models from traditional boxed offerings
• Application Architecture
• By bringing in multi tenancy, economies of scale can be achieved by 5
better utilization of infrastructure and the savings can be passed on
to consumers
6. SAAS Advantages
• SAAS offerings are increasingly being considered within
enterprises due to the following advantages
• Pricing – Most of the SAAS offerings are Multi Tenant enabling
vendors to reduce prices due to economies of scale
• Accelerated Feature Delivery – SAAS offerings are delivered from
Internet allowing vendors to update and offer new features regularly
• Open Protocols – Increased competition and multi tenant nature of
software forces vendors offer standard API’s for data access over
open protocols
• Customization and Configuration – To reduce onboarding effort of
customers, SAAS offerings typically offer self service customization 6
and configuration options to end users
7. SAAS
PAAS
IAAS
SAAS and ISV
ARCHITECTURE CONSIDERATIONS 7
8. Multi Tenancy
• Multi Tenancy is considered an essential part of SAAS systems. By
adding an abstraction layer over the product, it enables ISV to optimally
utilize the hardware and achieve economies of scale
• Compared to on-premise installation, bringing multi tenancy introduces
additional complexity in terms of customization and data privacy
• Customization is a tricky topic as analysts have made both pro and anti
customization calls
• Customization branches the code making code management problems
• Without customization, customers may move not decide to buy the
service as every business is unique
• Ideal SAAS product should have “Single Code base used by multiple 8
customers”.
9. Theming
• Theming is an essential strategy within the application
architecture to ensure that the customer feels that the solution
aligns with the rest of the internal applications
• Theming may include one or more of the following elements
• Customer Logo
• Application colors and themes
• Application Layout
• Dashboards
• To ensure that the product branding is intact, the product logo
can be part of the footer with a link to the product portal
• It may not be necessary to offer a user level color theme as part 9
of customization
10. Metering
• Metering is the process of monitoring usage and tracking application
use
• Recommendation is to log all requests and all access requests
• Metering should also log business metrics
• Number of invoices generated
• Number of courses played
• Helps in multiple billing methodology for different flavors of customers
• Metering also helps in capacity planning and knowing system health
10
• Consolidated metering information related to tenant can be made
available pro-actively to customer administrators
11. Billing
• Pricing models for SAAS applications vary based on type of application,
usage, customer profile, etc…
• Unlike the boxed product, a SAAS product can have innovative pricing
models
• User based
• Usage based
• Fixed monthly cost
• Fixed yearly cost
• Freemium
• Multi year contracts
• Billing models can be tested out early during trials to identify usage and
can be finalized later
11
• Amortization of total cost can be over multiple customers – multiple
billing cycles
12. Identity and Access Management
• Security is paramount in a SAAS system
• Enterprises are used to having their own infrastructure to access
products through intranet
• SAAS needs to offer a comprehensive system to manage users,
roles and access permissions for different features of the
application.
• In addition, as part of the infrastructure, it is imperative to enable
intrusion prevention, DDOS prevention and Firewall management.
12
• Extending identity from customer infrastructure reduces identity
management pains for the customer
13. Data and Application Integration
• Integration is a core need to every enterprise to ensure that data
from one application is available for consumption by other
• Integration needs vary based on different types and usage of
SAAS application
• Data integration and connectivity capabilities are important to
reduce support calls and help customer teams to work without
hindrance
• Multiple choices can be offered by SAAS ISV to enable integration
• CSV download of core data through graphical interface
• REST/ODATA based API for full access to database 13
• Read only access to database through firewall whitelisting of client IP
14. SLA Monitoring
• With Product hosted on Internet and managed by the ISV, it is
essential to guarantee SLA for customers to have confidence in
the solution
• SLA guarantee can be promised for the following aspects
• Availability
• Performance
• Security
• A service guarantee to customer also helps in to build the
necessary monitoring layer into the application that governs all
the aspects of the application
14
15. Automated Provisioning
• Onboard customers automatically with the shortest time and
customer support effort
• Automated provisioning also helps with offering trial plans for
prospects
• Self service customization makes it easier for customers to modify
the service offering to fit their company needs
• Self managed tenant accounts liberates the support team from
routine activities and reduces support calls
• Provisioning on multi tenant SAAS systems require no changes to
infrastructure and only adds records to Tenant Information 15
Database
16. Customization
• Customization can be offered at multiple levels depending on the
need of the industry
• Table Structure
• Allow additional fields to have tenant specific information
• Fixed number of columns in each table for customization
• Fully extensible EAV tables for complex and unlimited extensibility
• Workflow
• Control process flow and customize flow authorization
• Drag and Drop managed workflow for self service
• Factory pattern based coded workflow by ISV support team for
complex scenarios 16
17. Governance
• SAAS application being owned, hosted and managed by ISV, the
onus of governance and compliance needs if any falls on the ISV
• Compliance rules may require verification of the following aspects
• Infrastructure
• Physical Security, Firewall, etc…
• Data Security
• Encryption in Transit and at rest
• Certifications
• Industry specific validations
• Governance concerns are high in enterprises and
compliance/certifications can allay the fears of IT decision 17
authorities
18. Hybrid SAAS Architecture
• Not all customers look at cost as a factor when it comes to buying
SAAS solutions
• Customers are worried about data security and privacy in multi
tenant solutions. Due to governance rules within the customer
legal department, customers may not prefer SAAS solutions
• To ensure that the product caters to all customers, developing a
hybrid solution covers all types of customers
• Multi tenant SAAS solution for SMB’s
• Independent hosting for other customers
• Boxed product of same codebase for intranet customers
• Architecture needs to have a Factory based implementation of 18
critical components to support both on-premise and cloud based
services
19. Disaster Recovery
• Disaster recovery policy for SAAS applications are necessary since
the infrastructure management is handled by the ISV
• DR Strategies can vary based on time to recovery, point of
recovery objectives
• Cloud based infrastructure enables quick recovery
• For Hot DR, it is essential to have an effective DNS services that
quickly updates the DNS records
DR Type Cost Time to recover
Cold Low High
19
Warm Medium Medium
Hot High Low
20. Software + Service: An Enterprise Perspective 20
Courtesy: Microsoft Architecture Strategy Team
22. SAAS - Application Access
• Application access via Internet can be customized to allow the customer
to personalize the product
• URL is the singular way to identify a tenant in a multi tenant setup
without exposing the list of tenants to others
• Subdomains
• http://customer.product-brand.com
• Supports both the customer and product branding
• CNAME redirection to the Azure hosted service URL using DNS dashboard
• ISV managed DNS mappings
• Customer URL
• http://productname.customer.com
• Product branding in URL is lost even though the application may have product
logo displayed in the UI
• Customer managed DNS mappings
22
• For both methods, map the tenant URL to Windows Azure application
URL using DNS CNAME records
23. Multi Tenancy – Data Privacy
• Multi Tenancy adds the complexity of data privacy to the
architecture.
• Data Privacy has to be enforced at 2 levels – Data and File Storage
• For File storage, use multiple storage accounts on Windows Azure
Blob Storage
• At Database level, there’re 3 different ways to do multi-tenancy
• Single Schema for all customers – Using TenantID column on all
tables, low cost, high risk
• Multiple Schema – Allow different tenants to have different schemas
and at application level have multiple SQL user based access – Low
cost, high complexiety
• Multiple Database – Independent database for each customer, high
cost, no risk
23
• SQL Azure Federations – Shard database using TenantID, low cost,
optimized
24. High Availability
• Application Availability can be improved by consuming inherent fault
tolerant code blocks/services
• Windows Azure compute is by default fault tolerant and starts up
automatically in case of failures
• Application SLA targets can be achieved by enabling the application to
run in high availability mode
• Windows Azure by default guarantees 99.5% uptime guarantee if an
application is run on a minimum of 2 nodes
• SQL Azure guarantees an uptime of 99.5% for their services
• By building stateless web/app tier and by adding retry logic within data 24
access calls, SLA guarantee for SAAS applications can be made to
customer
25. Identity Management
• For enterprises, integration with their internal IT security for
identity management is important
• Microsoft Active Directory
• LDAP
• Federated identity is the easiest way for integration with
enterprise security for SAAS applications
• Microsoft Active Directory Federation Services
• Windows Azure Active Directory
• SAAS systems need to cater for both SMB and Enterprises. It is
essential to build an integrated identity management solution
within the product to cater to SMB needs. 25
• SQL Authentication
26. Session
• For high availability, Stateless web/app tiers are necessary
• Web tier usually maintains session state in memory for active
users
• To enable Stateless web server design, state information can be
moved to any of the following Windows Azure Services
• SQL Azure
• Windows Azure Table Storage
• Windows AppFabric Caching
• Moving session state out of memory increases session access
latency but the impact is usually minimal 26
27. Caching
• Application performance and throughput can be improve manifold by
incorporating a caching strategy within the product
• Caching can be employed in multiple layers with minimal or no cost
• Data
• HTML Server Pages
• Proxy Server
• Browser
• For Data and Server Caching needs, employ cloud based caching
services for high availability and scalability
• Windows Azure Appfabric Cache
• Memcache
• For proxy/browser caching, set the appropriate HTTP headers to ensure
that data is cached in transit
27
• Employ strategies to invalidate stale data in both scenarios
28. Scalability
• Windows Azure is an elastic environment which allows machines to be
added/removed to the cluster at ease
• By adding auto scaling block to the web/app tier, an application can
dynamically add/remove servers to the tier without lowering
performance and with minimal cost considerations
• Scaling rules can be applied on web/app tier as
• Add new instance to the group if average CPU utilization is over 75% for
last 60 seconds
• Add new instance to the group if the number of pending items in Queue
is over 250 for last 180 seconds
• Remove an instance from the web/app tier if the average memory
utilization is less than 20% for last 120 seconds
• Scaling works without issues in the following scenarios
• Stateless services 28
• Lock based object lookup / processing
29. Performance
• Split the application into multiple types
• Static Data
• Dynamic Data
• Use Windows Azure Blob Storage for delivering static data
• Javascript
• Images
• CSS
• By splitting the load between multiple domains, the browser optimally downloads
the content increasing throughput of web servers
• Effective caching strategy reduces the amount of download making web applications
load quickly
• Configuring multiple buckets and having multiple URL’s configured improves overall
content delivery to User browser
• CDN enabling the blob storage can reduce the network latency and deliver files from
a closer data center location 29
• Compress web content using GZIP/Deflate methods to reduce the content size
30. Encryption
• Encryption is a core part of security compliance for certificates
like PCI
• Encryption has to be done for data in both forms
• In Transit
• In Rest
• Connectivity between Browser and Web Server can be encrypted
using SSL/TLS services
• Web roles can be secured using Server certificates
• Blob storage allows both http/https access using MS certificate
• Enable Secure connection for database calls 30
31. Logging
• Plugging Logging module into applications are easier due to
existence of multiple frameworks
• Log4Net
• Microsoft Enterprise Library Logging block
• Securely transfer all logs to Windows Azure Table storage and
Windows Azure blobs
• IIS Logs
• Application Logs
• Performance Metrics
• Errors and Exception logs
• Crash dumps
• Data is paramount to analyze and monitor SLA. The data is also 31
essential to scale out applications during heavy loads