EMEA

Jürgen Pfeifer

Architect, MCA

Microsoft EMEA HQ

http://blogs.msdn.com/juergenp

Building SaaS Solutions

EMEA

Consuming SaaS

EMEA

enterprise

Purchase

The Enterprise

EMEA

From Evaluation...

EMEA

To „Try before you buy“...

EMEA

enterprise

Purchase Deploy

long eval process

try before you buy

The Enterprise

EMEA

From Customization...

EMEA

To Configuration...

EMEA

enterprise

Purchase Deploy Manage

long eval process

try before you buy

customisation

configuration

The Enterprise

EMEA

From reliance on internal IT...

EMEA

To SLAs...

EMEA

enterprise

Purchase Deploy Manage

long eval process

try before you buy

customisation

configuration

reliance on internal IT

SLAs

The Enterprise

EMEA

SaaS ISV considerations

EMEA

independent software vendors (ISVs)

enterprise

Purchase Deploy Manage

long eval process

try before you buy

customisation

configuration

reliance on internal IT

SLAs

enable

try before you buy

SaaS Vendors

EMEA

independent software vendors (ISVs)

enterprise

Purchase Deploy Manage

long eval process

try before you buy

customisation

configuration

reliance on internal IT

SLAs

enable

try before you buy

enable

no-code config

SaaS Vendors

EMEA

independent software vendors (ISVs)

enterprise

Purchase Deploy Manage

long eval process

try before you buy

customisation

configuration

reliance on internal IT

SLAs

enable

try before you buy

enable

no-code config

enable

SLA infrastructure

SaaS Vendors

EMEA

enable

economies of scale

independent software vendors (ISVs)

enable

try before you buy

enable

no-code config

enable

SLA infrastructure

enterprise

Purchase Deploy Manage

long eval process

try before you buy

customisation

configuration

reliance on internal IT

SLAs

SaaS Vendors

EMEA

Monetisation

EMEA

Monetization Scheme matters

For the Enterprise

No upfront perpetual license cost

Finance people like predictable recurring cost

For the ISV

Subscription model provides better predicability

of revenue streams

EMEA

independent software vendors (ISVs)

enable

economies of scale

enable

try before you buy

enable

no-code config

enable

SLA infrastructure

enterprise

Purchase Deploy Manage

long eval process

try before you buy

customisation

configuration

reliance on internal IT

SLAs

enable

monetisation schemes

SaaS Vendors

EMEA

EMEA

EMEA

referrals & breadth marketing

self provisioning

self-customisation

delegated administration

automatic billing

Minimize human intervention

EMEA

independent software vendors (ISVs)

enable

economies of scale

enable

try before you buy

enable

no-code config

enable

SLA infrastructure

enterprise

Purchase Deploy Manage

long eval process

try before you buy

customisation

configuration

reliance on internal IT

SLAs

enable

monetisation schemes

enable

minimal intervention

SaaS Vendors

EMEA

User Experience counts

EMEA

Architectural Impact

Very Visible Business

Opportunities

Often Overlooked

Architectural

Challenges

Business Opportunities Architectural Challenges

•Serving the “long tail”

•“try before you buy”

•Subscription model

•Business SLAs

•Multi-tenancy / Scale

•Self service / Automatic provisioning

•Metering / Billing

•SLA Monitoring/Enforcement

(Examples)

EMEA

share isolate

vs

The right balance is determined by:

• Business model (can I monetise?)

• Architectural model (can I do it?)

• Operational model (can I guarantee SLAs?)

• Regulatory constraints (can we share data?)

SLA per tenant

Data Separation

Economy of Scale

Simpler Management

EMEA

BrowserSmart

Client

Presentation

Process Services

Business Services

Meta Data

Services

Security

Services Directory

Service

DatabasesFile

System

Meta

Data

High Level Application Architecture

EMEA

Application Runtime (same code image)

Tenant Profile

and

Configuration Data

Meta Data Service

Farm of deployed application runtime components

Entity Model

Workflow and Rules

User Interface

Application Configuration

and Designer ToolsVirtual application instance

Configurability

Scaleability

Multi-tenant efficiency

Metadata Driven Instances

EMEA

Meta-Data : UI/Branding

EMEA

Meta-Data: Configure Workflows

EMEA

we want to track customer colourpreferences

our customers have peculiar address formats

we need to track customer history by product

we want to keep track of customer visits online

Meta Data: Data Model Extension

EMEA

Meta-Data: Access Control

EMEA

UI/Branding

Workflow and Rules

Data model extensions

Access Control

… other domain specific considerations…

Meta-Data Considerations

EMEA

GUIDANCE

EMEA

Sample Application

Microsoft is developing a sample

application

Addressing all the major architectural

challenges of a SaaS application for the „Long

Tail“

Will be available for download on MSDN

Planned for December 2006

EMEA

Configurable UI

Well understood topic on Microsoft Platform

For Web Apps:

ASP.NET 2.0, AJAX: CSS, Masterpages, Themes

etc.

For Windows Apps:

Use „Windows Presentation Foundation“ (WPF)

EMEA

Configurable Workflow

Workflow Foundation

Uses Markup

Can be stored, manipulated, executed on a per

tenant basis

EMEA

Workflow Customization: Design Time

Hosted Designer

Loads “current” workflow definition (from .xoml

file)

Manipulates workflow object model

Serialize modified object model

Calls Web Service to update .xoml

Customization type

Behavioral (decisions/rules)

Structural (activities)

EMEA

public WorkflowInstance CreateWorkflow

(XmlReader workflowDefinitionReader);

Workflow Customization: Runtime

XAML Activation

EMEA

Configurable Data

Challenges:

Defining custom fields and storing custom data

for each tenant.

Business logic that can handle custom fields

Presentation logic that can handle custom fields

Tenant A

Product ID

Description

Category ID

Catalog Item

Tenant B

Product ID

Description

Classification Code

Catalog Item

EMEA

Approach Security Patterns Extensibility Patterns Scalability Patterns

Separate Databases Trusted Database Connections

Custom Columns Single Tenant Scaleout

Secure Database Tables

Tenant Data Encryption

Shared Database, Separate Schemas

Trusted Database Connections

Custom Columns Tenant-Based Horizontal Partitioning

Secure Database Tables

Tenant Data Encryption

Shared Database, Shared Schema

Trusted Database Connections

Preallocated Fields Tenant-Based Horizontal Partitioning

Tenant View Filter Name-Value Pairs

Tenant Data Encryption

Database Patterns

EMEA

Custom Fields Data and Definition

Meta-data/data dictionary required

3 general approaches:

Separate database for each tenant

Shared database, a canned set of extended

fields

Shared database, any number of extended fields

Tradeoff between each approach

EMEA

Dedicated Tenant Database

Approach: Separate database for each tenant

Database maintains data dictionary

Advantages: Easy to implement

Meta data identifies database instance for each tenant

Tradeoff: Number of tenants per database

server is low

Infrastructure cost of providing service rise quickly

When to use: When tenant has data isolation

requirements

Able to monetize the data extension/isolation feature

Tenant

1Tenant

3

Tenant

2

EMEA

Shared Database, fixed set of

extensions

Approach: All tenants data in one database.

Pre-defined set of custom fields

Advantages: Easy to implement

Maximize number of tenants per database server

Tradeoff: Tendency to results in sparse

table

When to use: When data co-mingling is OK

Easy to anticipate pre-defined custom fields

Tenant ID

F1 F2 C1 C2 C3

345 Ted 53 Null paid Null

777 Kay 34 23 Null Null

784 Mary 45 Null Null Null

345 Ned 21 Null owe Null

438 Pat 26 Null Null yes

EMEA

Same database, variable custom

extensions Approach

All tenants in one database Variable number of custom

fields Name-value pair in separate

tables

Advantage “Unlimited” number/option

for custom fields

Tradeoff Increase

index/search/query/update complexity

When to use OK to co-mingle tenant data Custom fields are high value

features Difficult to predict custom

fields

Tenant ID F1 F2 Record ID

764 Ted $56 893

673 John $32 Null

783 Sal $99 564

Record ID Name Value

893 Status Gold

893 Expire 7-29-2008

564 Affiliation Acme

EMEA

Data: a practical advice

Always design for the most general case, the

single shared database

If a customer wants isolation, just deploy him

on a single instance

This approach gives you the greatest

flexibility.

EMEA

Scaling Application

Stateless

Improve service memory footprint

Improve ability to load balance

Asynchronous I/O

Do useful work while waiting for I/O to complete

Resource Pooling

Threads, network and database connections

Maximize concurrency

Minimize exclusive locking

EMEA

Scaling Data

Data Partition (horizontal)

Divide subscriber data into smaller partitions to

meet performance goals

Schemes: hashing, temporal, etc.

Dynamic Repartitioning

Automatically repartition when database size

reaches maximum size

EMEA

Implication on Identity Architecture

Use identity federation to achieve SSO

How to manage trust – PKI

Standard-based products (WS-Federation, SAML

etc)

Use claims-centric architecture to

communicate access policies

Signed attributes and assertions to rely on roles

and access rules information:

E.g. authorized to purchase if amount < 50

EMEA

Access Control

Some Platform Technologies to consider

ADFS

Windows Role Based Access Control (RBAC)

Authorization Manager (AzMan)

EMEA

Access Control

Role

Users

Groups

Permission

Permission

…

Business Rules

Authorization policies can be defined at different scopes (enterprise, dept etc.)

Permissions, roles, groups and business rules can be customizable per tenant

SCOPE

EMEA

SLAs

SLA Monitoring

Availability

Performance

SLA Enforcing

Rules, notification and alerts

Automated Resource Allocation

Automated provisioning

Early evidence shows SaaS customer are

expecting more when hosted than in-house

EMEA

Composition & Integration

Provide clean and well defined Service

Interfaces

Follow SOA best practices

For Enterprise: support SOAP style and WS-* if

necessary. Windows Communication Foundation

(WCF) is your friend

For Consumer SaaS: support REST style (again,

WCF is your friend)

EMEA

“Classic” Hosting

CPU-Storage-Bandwidth

Shared Services: e.g. Billing, Metering, SLA Monitoring…

a.k.a. SO Infra, Service Delivery Platform, OSS/BSS

As provider: do you build or buy the hosting?

“Classic”

Hoster

SaaS

Hoster

SaaS

Provider

Shared Services

EMEA

Service Delivery Platform: Operational

Security

Log

SaaS

Application

Identity

Management

Usage

Tracking

CRM

Call Center

Support

System

Management

Log

SaaS

Application

SaaS

Application

SaaS

Application

Performance

Availability

Security

SLA Monitoring

Provisioning

Provisioning

Management

Agent

Access

ControlMetering

Order

Management

Service Delivery Platform Runtime

Billing

Management

Alerts

© 2006 Microsoft Corporation. All rights reserved.

This presentation is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY.