point of sales accounting customer relationship
TRANSCRIPT
...
Point of Sales
Accounting
Customer Relationship
Document Management
E-Government
Human Resource
Content Management
Software-as-a-sevice (SaaS) is REAL
Microsoft Innovation Centerfor EMEA ISV Development
SaaS incubation program
[email protected] Baladi
• Advisor for architects, CTO’s etc• Owner/CTO for SaaS ISV startup
Effect on supplier (ISV)
Business model
Operational structure
Solutions architecture
Why bother?
Business model
Operational structure
Solutions architecture
The 3-headed monster
Business model
Operational structure
Solutionsarchitectur
e
Single instance multi tenant
EMEA
Architectural Impact
Very Visible Business Opportunities
Often OverlookedArchitectural Challenges
Business Opportunities Architectural Challenges
•Serving the “long tail”•“try before you buy”•Subscription model•Business SLAs
•Multi-tenancy / Scale•Self service / Automatic provisioning•Metering / Billing•SLA Monitoring/Enforcement
(Examples)
The SaaS Architecture ShiftSingle Instance – Multi-tenant
Multi-tenant efficient
Configurable
Scalable
EMEA
share isolate
vs
The right balance is determined by:• Business model (can I monetize?)• Architectural model (can I do it?)• Operational model (can I guarantee SLAs?)• Regulatory constraints (can we share data?)
SLA per tenantData Separation
Economy of ScaleSimpler Management
EMEA
BrowserSmart Client
Presentation
Process Services
Business Services
Meta Data Services
Security Services Directory
Service
DatabasesFile System
Meta Data
High Level Application Architecture
EMEA
Customization trade-off
Market may want◦UI/Branding◦Workflow◦Data Model◦Business rules◦Domain-specific◦Multi-tier (ISV, reseller, customer)
Operations prefer zero customization◦Only configuration
EMEA
Application Runtime (same code image)
Tenant Profile and
Configuration Data
Meta Data Service
Farm of deployed application runtime components
Entity Model
Workflow and Rules
User Interface
Application Configuration and
Designer ToolsVirtual application
instance
Configurability
Scalability
Multi-tenant efficiency
Metadata Driven Instances
EMEA
Templatizing Configuration
Templatized Designers
Trusted Partners
Premium Customers
Standard Customers Runtime
Metadata
Runtime Metadata
Runtime Metadata
Policies
Security, Fairness
and Halting Policies
Runtime Policy
Enforcement Engine
Design Time Runtime
Application Instance
Metadata
Designer Policy
Enforcement Engine
EMEA
Meta-Data : UI/Branding
EMEA
Configurable UI
Well understood topic on Microsoft Platform
For Web Apps: ASP.NET 2.0, AJAX: CSS, Masterpages,
Themes etc.For Windows Apps:
Use „Windows Presentation Foundation“ (WPF)
EMEA
Meta-Data: Configure Workflows
EMEA
Configurable Workflow
Workflow Foundation Uses Markup Can be stored, manipulated, executed on
a per tenant basis
EMEA
Workflow Customization: Design TimeHosted Designer
Loads “current” workflow definition (from .xoml file)Manipulates workflow object modelSerialize modified object modelCalls Web Service to update .xoml
Customization typeBehavioral (decisions/rules) Structural (activities)
EMEA
public WorkflowInstance CreateWorkflow(XmlReader workflowDefinitionReader);
Workflow Customization: Runtime
XAML Activation
EMEA
we want to track customer colour preferences
our customers have peculiar address formats
we need to track customer history by product
we want to keep track of customer visits online
Meta Data: Data Model Extension
EMEA
Configurable Data
Challenges: Defining custom fields and storing
custom data for each tenant. Business logic that can handle custom
fields Presentation logic that can handle
custom fields
Tenant A
Product ID
Description
Category ID
Catalog Item
Tenant B
Product ID
Description
Classification Code
Catalog Item
EMEA
Approach Security Patterns Extensibility Patterns Scalability PatternsSeparate Databases Trusted Database
ConnectionsCustom Columns Single Tenant Scaleout
Secure Database Tables
Tenant Data Encryption
Shared Database, Separate Schemas
Trusted Database Connections
Custom Columns Tenant-Based Horizontal Partitioning
Secure Database Tables
Tenant Data Encryption
Shared Database, Shared Schema
Trusted Database Connections
Preallocated Fields Tenant-Based Horizontal Partitioning
Tenant View Filter Name-Value Pairs
Tenant Data Encryption
Database Patterns
EMEA
Custom Fields Data and Definition
Meta-data/data dictionary required3 general approaches:
Separate database for each tenant Shared database, a canned set of
extended fields Shared database, any number of
extended fieldsTradeoff between each approach
EMEA
Dedicated Tenant Database Approach:
Separate database for each tenant
Database maintains data dictionary
Advantages: Easy to implement Meta data identifies database
instance for each tenant Tradeoff:
Number of tenants per database server is low
Infrastructure cost of providing service rise quickly
When to use: When tenant has data isolation
requirements Able to monetize the data
extension/isolation feature
Tenant 1
Tenant 3
Tenant 2
EMEA
Shared Database, fixed set of extensions
Approach: All tenants data in one
database. Pre-defined set of custom
fields Advantages:
Easy to implement Maximize number of
tenants per database server Tradeoff:
Tendency to results in sparse table
When to use: When data co-mingling is
OK Easy to anticipate pre-
defined custom fields
Tenant ID
F1 F2 C1 C2 C3
345 Ted 53 Null
paid
Null
777 Kay 34 23 Null
Null
784 Mary
45 Null
Null
Null
345 Ned
21 Null
owe
Null
438 Pat 26 Null
Null
yes
EMEA
Same database, variable custom extensions Approach
All tenants in one database
Variable number of custom fields
Name-value pair in separate tables
Advantage “Unlimited”
number/option for custom fields
Tradeoff Increase
index/search/query/update complexity
When to use OK to co-mingle tenant
data Custom fields are high
value features Difficult to predict
custom fields
Tenant ID
F1 F2 Record ID
764 Ted $56 893
673 John $32 Null
783 Sal $99 564
Record ID Name Value
893 Status Gold
893 Expire 7-29-2008
564 Affiliation Acme
EMEA
Data: a practical advice
Consider design for the most general case, the single shared database
If a customer wants isolation, just deploy him on a single instance
Pro: This approach gives you the greatest flexibility.
Con: More complex queries, may affect performance
EMEA
Meta-Data: Access Control
EMEA
Implication on Identity Architecture
Use identity federation to achieve SSO How to manage trust – PKI Standard-based products (WS-Federation,
SAML etc)Use claims-centric architecture to
communicate access policies Signed attributes and assertions to rely on
roles and access rules information:E.g. authorized to purchase if amount < 50
EMEA
Access Control
Some Platform Technologies to consider ADFS Windows Role Based Access Control
(RBAC)Authorization Manager (AzMan)
EMEA
UI/BrandingWorkflow and RulesData model extensionsAccess Control… other domain specific
considerations…
Meta-Data Considerations
EMEA
GUIDANCE
EMEA
Sample Application
Microsoft has developed a sample application („Litware HR“) Addressing all the major architectural
challenges of a SaaS application for the „Long Tail“
Is available for download on MSDN http://msdn.microsoft.com/architecture/saas/sampleA
pp
Contoso Customizations:UI: “Contoso Orange” L&F Data: New “Job Level” FieldWorkflow: Recruitement based on Job LevelRoles and Access: HR Manager, CEO
Litware HR: A Sample SaaS App
HR App (Recruitment)Single Instance Multi Tenant
Authenticated accessConfiguration & Post jobs
Private site
Web Interface
Fabrikam Customizations:UI: Fabrikam L&F
Data: New “Audition Required” FieldWorkflow: based on “audition required”
Roles and Access: Audition Judge, Owner
Unauthenticated accessSearch & Apply for jobs
Web APIs
Public site
Web Interface
InternetInternet
Music SchoolRetail Shoe Chain
Operational Platform
“Internal” SaaS Hosting PlatformProvisioning (try before buy)
Billing (not implemented)
EMEA
Scaling Application
Stateless Improve service memory footprint Improve ability to load balance
Asynchronous I/O Do useful work while waiting for I/O to complete
Resource Pooling Threads, network and database connections
Maximize concurrency Minimize exclusive locking
EMEA
Scaling Data
Data Partition (horizontal) Divide subscriber data into smaller
partitions to meet performance goals Schemes: hashing, temporal, etc.
Dynamic Repartitioning Automatically repartition when database
size reaches maximum size
80.000*2 vs. 1*160.000
Business model
Operational structure
Solutions architecture
From this...
...to this
The ecosystem
Delivery Architecture
Consumption Architecture
Application Architecture
SaaS Hosting Platform
Security Log
SaaS Application
Identity Management
Usage Tracking
CRM
Call Center Support System
Management Log
SaaS Application
SaaS Application
SaaS Application
Performance
Availability
Security
SLA Monitoring
Provisioning
Provisioning
Management Agent
Access Control
MeteringOrder
Management
SaaS Hosting Platform Runtime
Billing
Management Alerts
N-tiered multi-tenancy
”Nortwind” SaaS hosting platform and services
HighAvailplatform run-time
instance
EntryLevelplatform run-time
instance
Shared platform services
Application tenants”Fabrikam”
Consumer and application tenant
”Contoso”Consumer and
application tenant
Platform tenants
”Litware”ISV and platform tenant
”AdventureWorks”ISV and platform tenant
Storefront(s) at ISV, hoster and/or aggregator
”Litware” store-front”Nortwind” store-front
EMEA
#1 Prepare
EMEA
#2 Publish
EMEA
#3 Subscribe
EMEA
Additional Information Software as Services consulting
www.baladisoftware.net [email protected]
Software as Services Architectural Guidancehttp://msdn.microsoft.com/architecture/saas
Blogs about Architecture:http://blogs.msdn.com/fred_chonghttp://blogs.msdn.com/gianpaolo
SaaS sample application (for the long tail) http://msdn.microsoft.com/architecture/saas/sample
App Service Provider License Agreement
http://www.microsoft.com/serviceproviders/licensing