SaaS for Techies
By Antony Reynolds-Oracle on Nov 10, 2008
Software as a Service for Technologists
With the Oracle cloud computing announcements at OpenWorld I thought it would be worth putting down a few thoughts about Software as a Service (SaaS), which is related to but not the same as Cloud Computing. Software as a service is all about providing a useful function to the customer without the customer being concerned about it is delivered. In that sense it is SOA taken taken to the next level.
For a good introduction to SaaS take a look at the Wikipedia page. There is also an excellent article on MSDN by Frederick Chong and Gianpaolo Carraro that outlines a SaaS maturity model and indicates how SaaS can be used to bring the benefits of enterprise software to smaller businesses by making it available in a pricing model and at a price point that they can afford. To track what is happening in the SaaS world there is an interesting blog on ebiz site.
Larry Ellison has an interesting position on SaaS that I think might be summarised as “nice model, lets wait and see how to make money at it”. There is an interesting commentary on some of Larrys comments on ZDnet.
Software as a service needs a pricing model based on usage. This may be transaction charging or per user pricing. The important thing is that the pricing model has to be easily translated into the service the customer is receiving. Consider an airline booking application, there are several models that may be used here.
- Number of Passengers Booked – essentially a booking fee, ties in very well to customer business model who will receive ticket value for each booking made which is then directly related to passengers booked. However service provider may be worried about very high look to book ratios during fare wars and promotions forcing the provider to have additional capacity with no additional revenue, hence they may prefer the next model.
- Charges per View – each hit on the site is charged at a set amount. This has the problem that some operations are more valuable and potentially more expensive to perform than others. For example a booking operation may cost 100 times as much resources as a view operation. Hence it may be that different operations are charged at different rates.
- Number of Passengers Booked Plus a Charge per View – essentially a combination of booking fee and an additional charge based on the number of views generated by potential purchasers of flights. The additional charge may be zero up to a certain look/book ration and then there may be a sliding scale of charges beyond this ratio.
As can be seen from the example above, the pricing model, although tied to the service being provided may very rapidly become complex.
Some people find it difficult to distinguish between hosting and software as a service. A key feature of hosting is that clients rent hardware and floorspace to run applications to which the client has purchased the license directly. This requires clients to be responsible for sizing and software architecture. In contrast SaaS has clients draw down some computing service, such as CRM, and pay for it based on their usage of the resource.
In the hosting model the client must specify the capacity and takes the risk of the getting it wrong. In the SaaS model the client is only interested in the service provided, not the capacity planning requirement. Typically any capacity planning required should be related to the nature of the application, number of registered users for example rather than number of CPUs.
A key feature of software as a service should be minimal footprint in the client organisation. Generally services should be provided through the browser or across HTTP based web services for application access. Some services may require tighter integration with software at the client site, and it may be that an appliance approach can be taken to simplify integration with other customer systems.
Because clients are no longer responsible for sizing the hardware needed to provided a service there may be a removal of risk from the client to the service provider. As the service provider is presumably providing the same service to multiple customers they will be in a better position to calculate and provision appropriate resources to host the application.
Basic software as a service provides dedicated hardware for each customer. This has the advantage of being simple to implement but is expensive in terms of hardware resources. It also makes scaling the service difficult as the granularity of scaling is at the single customer level. Use of software virtualisation technologies can make this easier to manage but run into the problems identified in the next paragraph.
To overcome the problems of one machine per customer it is possible to have multiple software installations per machine, each installation being dedicated to a single customer. This approach assumes that the software is capable of supporting multiple independent installations on the same machine, not all software can do this due to use of shared operating system configuration locations. in addition to the inability of some software to provide this level of co-habitation, there are still inefficiencies in having multiple instances of the same software competing for the same processor, memory, disk and network resources. Scaling the system is still problematic and complicated as if additional machines are required then the complexity of configuration increases.
The highest level of software as a service enables multiple customers to be hosted in the same software instance, known as multi-tenanting. This allows a more efficient use of resources. Scaling is also simpler in this environment, assuming the software can be scaled across multiple machines. This level of co-habitation however requires customers to be convinced that their information is safe. In the section below on supporting technologies I will look at some of the features that can make multi-tenanted easier to achieve
The ability of modern operating systems to support hardware resource virtualization, such as Solaris makes the model of a dedicated hardware per customer more palatable. Also playing a role in this space are software virtualisation technologies such as VMWare or Oracle Virtual Machines.
At the database level then technologies each client company is provided with a different account that has access to shared application schemas. By using technology such as Oracles Virtual Private Database we can allow developers to build software that will run in a single instance without the need for extensive filtering of individual queries, each customer will be automatically restricted to the data visible to their own user account. In addition to different database accounts the data can be partitioned by customer, making backup and recovery possible on a per customer basis, potentially allowing different backup strategies for different customers.
Ideally all customers would be using a single shared applications server cluster, taking advantage of load balancing and fail over within that cluster. Security profiles within the applications server can be used to separate end users into groups by client, each client having a different set of resources available. For example when queue are being used it would be necessary to have separate queues for each client to ensure that they did not interact.
At the SOA level tools such an ESB and process orchestration must provide support for identity propagation through the system. At every level in the architecture it is important to be able to logically isolate one customers data from another customers. Key to this is being able to propagate the client ID on all messages to ensure that they are correctly handled, for example routing may be different depending on the level of service a customer has contracted for.
Web 2.0 & AJAX
Web 2.0 technologies, particularly AJAX allow a much richer user experience through the browser, allowing more sophisticated interactions with software as a service than earlier static HTML implementations.
Exposing services that may be consumed by other applications is made much easier with the widespread adoption of webs service standards. At the basic level this includes XML, SOAP and WSDL. But the development of security standards such as SAML and messaging and transaction standards will allow for richer application to application interactions.
Adoption and exposure of these standards in SaaS services will allow hybrid models of SaaS providing some functionality but being tightly integrated with the rest of an enterprises IT infrastructure.
SaaS is not a case of taking existing software and tweaking it a bit to make it run in a SaaS environment. To take full advantage of SaaS there needs to be some fairly fundamental thinking in the design about how it will be impacted by a multi-tenancy environment. The actual coding practices may not be much different but there is a need for different testing régimes to handle the additional complication of multiple clients, each with multiple customers.