CaaS – Now what is that?

There is too much cloud these days. And still plenty more to come. What started as something called as Application Service Provider (ASP) way back during late 90s, has been transformed to different names with minor changes or additions to it. In the modern era, it is known to all of us as SaaS or S+S (as Microsoft would call it) or in more generic terms – Cloud computing. This doesn’t end here. The cloud strategy matures more and more as day progresses, and we see more variations and more versions of the cloud computing such as PaaS (Platform as a Service) and IaaS (Infrastructure as a Service),

In between all these, what does CaaS mean?

Well, to be honest this isn’t any jargon or buzzword or any standard term used in the Cloud computing arena. This is something coined by me to revive something which used to be once prevalent during the ASP days and the Dotcom boom days and it has tend to remain constant rather than seeing an exponential growth as compared to other cloud terminologies. I call it “Components as a Service”.

Now, before you jump up on me and thrash me for trying to teach you something you already know in a different form, I would like to declare here that this is NOT anything new that I intend to express. This is just an attempt to provide some idea to people thinking to make a new living out of cloud (may be thinking of building a product to be made available to customers as SaaS), that there are even thousands of opportunities to build what I term as CaaS i.e. Components as a Service. Not all software built for the could has to be SaaS. One could build generic parts or components that can be used by others who would build SaaS.

As I mentioned earlier, this isn’t anything new. Way back, in its original form, CaaS providers built many on-the-web “facilities” or “components” to be consumed by web sites. But during that era, the web applications were confined to only e-commerce or a portal in some form or the other. With the cloud becoming more and more a norm to deliver entire software solution on the web, the market for consumption of these components which would be used to build such SaaS applications grows exponentially. The target market for CaaS once that used to be only to Web sites and portals, now is the entire cloud in various forms like the SaaS, PaaS.

Component As A Service

A component as a service as the name suggests is nothing but a ready-made piece of a (web) “functionality” available for other web applications to consume thereby saving their time to build these themselves. One may argue that there is nothing new to this. A custom web control (like Graph or Chart control, a video display control) etc. can be called as a CaaS as they may be used by other SaaS products as is, without them having to develop it on their own. Or in another argument, one may say that any “service” provided in the form of “Web Service” that performs a particular (outsourced) business operation for you may also be called as CaaS. Well the point is not to prove that these are NOT CaaS or otherwise. The point is to throw some light to a broader spectrum of components that can potentially emerge into the cloud arena with a difference.

To my mind, a CaaS is something which provides an end-to-end “independent” business functionality that can be used by other SaaS products within their software so that they would not have a need to build these functionality on their own. It ideally comprises of all the 3 layers of any 3-tier system (UI, Application Logic and Database) but only for that functionality. If you recollect, this is what was once called “Application Service Provider”. So time and again, I would like to stress a point, this is nothing new.

So what can really be developed as CaaS? Well to give an idea, lets look at some existing CaaS that are already available in the market (but people may not know if it could be a potential component that they may use it for their own SaaS product.

Scenario 1

Assume we need to develop an HR System and make it available as a SaaS. An HR system would typically have things like Employee Management, Payroll, Appraisals, Recruitment and so on. So just to make the problem a bit simple to understand the context, we need to develop 4 modules to build the HR system that we intend to make it available as a SaaS. It would be nice if one of these 4 modules is available as a generic “Web based plugin” so that we need to develop only 3 of the 4 modules. Surely the web based ready-to-use plug in should be so configurable that it may not feel different for our customers who would be using our system. It needs to integrate so seamlessly that for a customer who is using our system, would not make out that he is using a different system for 1 of the 4 modules than the other 3.

One such “web based end-to-end recruitment" system available in the market is “Taleo”. (www.taleo.com)

Although they have been providing their Talent Management software as CaaS to most of the top multi-nationals’ web site for Career management, they have a huge potential for being used by SaaS companies (building HR solutions) as a ready to use end-to-end recruitment module. The entire suite offered by Taleo has almost the entire HR operations and they themselves can offer the entire suite as a SaaS to customers, but that’s besides the point. They surely have the potential to offer parts of their software (as a service) to be offered as CaaS for other SaaS companies to consume and thereby giving a them a completely different market to enter.

Scenario 2

Most e-commerce sites these days provide an online chat assistance to shoppers or people who look confused navigating through their sites. This is nothing new to us. But most of these assistance are developed by the e-commerce sites themselves and they provide a very limited functionality. With applications now more widely available as SaaS, providing a Customer Interaction Management would be ideal as the cost of 1st line and the 2nd line support goes down to a great extent. Thus the assistance can be provided by using such web based chat tool. This again, may not be needed to be developed by each and every SaaS vendor (as most of the e-commerce website would have done). They can be hired as a CaaS.

One such “web-based customer interaction management” is provided by a company called “Live Person” (www.liveperson.com). There are far many companies providing similar service as CaaS but Live Person are the oldest and the most popular in this domain.

Scenario 3

The above 2 scenarios are good to explain what a CaaS could be. But they do not provide a new business idea to the readers as the 2 examples I provided are well established market leaders in their own market as CaaS providers. The key point to be noted here is the “concept”. With cloud getting more and more popularity there is a huge potential for building large varieties of CaaS. One such thing that comes to my mind is a Workflow Management component available as CaaS. To my knowledge, there is only 1 company (I may be wrong) providing a Workflow Management as a Service or a CaaS. They call it as WaaS (Workflow as a Service). They are PNMSoft (http://www.pnmsoft.com/workflow-software-as-a-service.aspx). The whole idea of “outsourcing” the workflow operations of our SaaS product to a Workflow CaaS provider for a nominal cost per seat is worth giving a thought.

In short after looking at all the 3 above scenarios, the concept is the same. A idea to develop such CaaS is up to the readers’ imagination. So I hope I have helped you all who are thinking of a SaaS idea to venture into, some food for thought about CaaS too, as a potential.

Key Considerations when negotiating a SaaS agreement

A key step in any company’s software purchase is the negotiation of the software license agreement. But negotiating contracts can be a difficult task. It can be difficult to make sense of the legalese, server reliability guarantees and scaling options. Negotiating a Software as a Service (SaaS) agreement presents other unique challenges. Unlike traditional license agreements, SaaS contracts need to spell out the terms of data storage, backup, and retrieval. Dealing with all of these issues can rapidly become confusing.

To help buyers, ERP Software Advice has put together a list of 9 key considerations to take in to account when negotiating a SaaS agreement. The list contains really helpful information on standard clauses such as the contract term and renewals. Key considerations also include a few clauses unique to SaaS like service level agreements and data retrieval.

To get an idea of the advice offered by ERP Software Advice on these topics, here is an excerpt from the article:

1. Pricing and Discounts

By pricing software as a utility service, SaaS vendors have simplified software licensing considerably. Most SaaS pricing is based on a subscription – monthly or annual payments for using the system during that period. The subscription pricing is typically based on one simple metric (e.g. users, records, projects) that roughly ties subscription fees to the value of the system. Finally, SaaS vendors tend to publish their pricing openly.

Even with this simplicity and transparency, there is still a need to be vigilant as a buyer. For one, don’t assume that straightforward published pricing means there isn’t room for some negotiation. Many SaaS vendors will discount up to 20% to win your business. The bigger the deal, the bigger the discount. Moreover, if the vendor’s pricing metric doesn’t fit with your business model, you might be able to negotiate custom pricing. Of course, you’ll have to make a cogent argument that the standard metric fails to balance price paid and value received.

2. Additional Costs

Another key component to pricing is ferreting out any extra costs early in the process. Published pricing may appear to be a good value, but extra fees can add up quickly. Common additional costs include extra users, customizations, integrations, third-party services, training and set-up fees. Work with your sales rep early in the process to understand what additional charges might apply to your account.

By far the best way to keep the additional costs down is to avoid customizations to functionality and integration with other systems. The inherent complexity in custom development and data integration makes these services expensive. We recommend that you start with the base system, make use of its core functionality and then assess how important the custom features or integrations are to your success. Start small, think big, grow quickly.

3. Term

If you are negotiating with a vendor over pricing discounts, subscription metrics and additional fees, expect to give something in return. Oftentimes, this means committing to an extended contract term. Vendors like longer terms because it provides more predictability in their revenue forecasting. Terms can be as short as 30 days or as long as five years. If the vendor wants a long-term subscription, we recommend that you start with the shortest – probably one or two years.

If you do agree to a longer term of three to five years, make sure you have an out clause. Typically this would provide a window of opportunity to break the contract during a specific time window. For example, it might allow you to walk after one month of using the system but before 90 days. Another example might be the ability to break the contract if certain levels of service are not provided consistently.

4. Service Level Agreements (SLAs)

Regardless of what you pay for the system, reliability is paramount. The SLA is the vendor’s commitment to keeping the system up and running. It is typically expressed as a percentage of “up time.” You will almost always see the SLA represented as 99.9% or thereabouts. However, there is wide variation in how that number is calculated. Many vendors will simply start with 100% and subtract time during which their internal systems reported an error. Most of these SLAs leave far too much wiggle room for vendors.

If this new SaaS system is mission critical, push the SLA issue to see who is really ready to stand behind their service. The SLA topic is far too detailed to delve into all the considerations here, so we’ll refer you to this great blog post on SLAs. However, we’ll suggest you focus most on the penalty for breaking the SLA when negotiating. Usually these penalties are paltry discounts paid out against future purchases. Just pushing for bigger penalties will provide great insight into the reliability of the system.

For anyone who is thinking about subscribing to a web-based software system, I recommend this as a must read. The full article can be accessed by visiting the ERP Software Advice blog post at: 9 Key Points to Negotiate in a SaaS Agreement.

Ten Scenarios to go cloud

 

With everyone speaking about cloud and talking about developing applications, sometimes it is confusing to identify if our application really needs to be on the cloud.

If you are an ISV, the answer may be relatively simpler (of course after reading my previous blog  :-) )

If you are looking to develop an application to solve a Business problem or if you are looking to automate any of your business process, the first thing that comes to our mind as of today is, should be develop this on the cloud or are we fine keeping the software on premise.

The purpose of this blog is to provide ten most common scenarios where it may be wise to use the Cloud computing to develop the applications. Please note that these are NOT THE ONLY scenarios for exploiting the cloud platforms. The benefits of cost & maintainability do not form the part of this discussion.

1) SaaS offering

As mentioned in my previous blog, if you are an ISV, then you may want to offer your product as a SaaS rather than selling it as an on premise application. There are various business & technical benefits in doing so, but this is a complete chapter in itself. Developing a SaaS based application from ground up, or building it using a PaaS is again a different discussion. But surely a SaaS is a cloud offering in itself or / and may be build using a PaaS which is also a cloud offering.

2) Scalable Web Application

If you have a very large web application for your enterprise or planning to develop one  or if you have an e-commerce site and it needs to be highly scalable (as scalable as a SaaS application), this can be an ideal candidate for going cloud using a PaaS. PaaS provides flexibility of provisioning for spikes in user load. It provides a cost effective way of using more servers and load balance during load and can get back to minimum configuration when the load goes down. Moreover because PaaS or for that matter even IaaS is offered on pay per use basis, it saves a lot of maintenance as well as operational cost.

3) Dynamic requirement of resources

If you have a requirement for large number of resources and the need for the same is highly dynamic, then the best option would be to accomplish the same using a IaaS. E.g. Assume there is a need is to build a data replication tool and lets assume you may want to test the tool to ensure that data is replicated smoothly across 100 servers. A huge amount of investment has to be made to buy a 100 servers and if you are not able to justify the spend or having a 100% utilisation of each one of them, then its a huge hit on the expense. You may opt to have 10 physical servers and create 10 each virtual machines on them, but again as long as there is a very large business benefit, doing so would not be ideal. Using a IaaS like the Amazon EC2, it is extremely easy and cost effective to hire as many server instances as possible. The same can be released if not required and thereby saving money on resources not utilised. Another similar likely scenario – To perform a physical load-test of an application with 10,000+ users on the portal and would like to gradually increase the load to know the breaking points of the system.

As you may recollect, there are many obvious advantages of using IaaS – no upfront investment, Pay per use, Ready to go server instances, on demand scalable model and many more.

4) High processor intensive application

Assume a requirement of an application that requires High end computing power to likes of 8 CORE processors with 32 GB RAM to run the CPU intensive calculations and it is estimated to have 20+ such servers to accommodate the desired throughput.

The same can be easily accommodated using IaaS as well as PaaS and all the benefits of going the cloud route like the no upfront investment and pay on demand model help us achieve the ultimate goal rather than going for a large upfront capital investment. Cloud is very useful in scenarios where time to market is one of the key requirement. Recently Microsoft showcased Pixar’s application called “Renderman” uses cloud to get the best benefit. Similar application requirements which need extremely high processing power can go cloud way either through IaaS or PaaS.

5) Provide a centralised high volume (yet highly secure) Data access

Application Storage Needs for applications to the likes of On-Demand Training Platform of a company are increasing significantly day by day.  The storage requirements are already in Several Terabytes (TB) (1 TB = 1024 GB) and growing at the rate of 100 GB/month. There is a need to have scalable storage solution at the same time stay close to the cost. A PaaS would be ideal in this case as it will save on a very high upfront investment on servers and maintainability, provide a very high scalability and also a guaranteed reliability,

6) Hybrid Applications

If there is a need to provide an application which has a on-premise version of the software as well as a web version of the same and both need to share the same data source, then hosting the database for such hybrid applications on the cloud is an ideal option. Both types of front-ends can be in sync and there is a huge save on the money spent on the infrastructure to accommodate connectivity from anywhere.

7) Central Data Repository

Similar to the previous type of application, if there is an application (on-premise or web) deployed and used by thousands of users from across the globe (may be from many different branches of a very large multi-national company), then having the database at a central repository makes sense. Although the same functionality can be achieved by hosting the database server on a secured local intranet and making it available for all the branches to connect, this requires a complex infrastructure setup and a huge investment which may or may not be the best option. Instead, having the database deployed on the cloud using either IaaS or PaaS may be a viable option.

8) Temporary requirement of Datacentre space

Most datacentres do not have a business model by which they provide server space on a need basis or on a temporary basis. Ideally they would want us to provide a minimum 6 month or in many cases a 1 year commitment to use their space so that they have a return on their investment. If your situation demands that you may want to use a datacentre only on a need basis and that too for a period of 1-2 months at a stretch or it is unpredictable, going the IaaS is the best option. IaaS providers like Amazon provides a flexible and cost effective mechanism to configure, host and release the server resources on a need basis.

9) Experimental Applications

If you have an idea to build a SaaS application (or would like to test the waters of building a SaaS version of your existing on-premise software, you may not want to put a high upfront investment if you are not sure of it’s success or failure. Using PaaS to develop your SaaS application idea or prototype provides a very high level of flexibility and safety to ensure you have a strong Business case to go back to your management to build a full blown SaaS application.

10) Freeware

If you are into building Freeware, you may want to keep your cost as low as possible, since the most likely scenario for building your brand would be only after there are too many (happy) users of your product. Keeping the cost low till the time would be key to success for your business. Building your application and / or hosting the same at a PaaS provider or an IaaS provider gives you a minimum till you sense the light of success.

 

The idea of this blog is to give people some food for thought about whether to build an application the conventional way or to build it for / on the cloud and there are too many reasons to go for it or even to go against it for each of the above types of application. But in most scenarios mentioned above, going the cloud way is surely a potential option.

Go cloud – An ISV perspective…Part 2 – PaaS

 

This blog is in continuation to my previous blog entry “Go cloud – An ISV perspective…Part 1 – SaaS” which discussed, if ISV needs to go cloud and offer their products as SaaS, the quicker ways to do so.

Just to keep this article independent, I have copied and pasted below the section which sets the context, to make it easier to read. If you have read my previous blog entry, you may directly jump in to the next section “PAAS”.

Typically as the name suggests, an ISV (Independent Software Vendor) could be one of the following:

A) Traditional Software Product companies: Companies who build and sell software products

B) Web based Software companies offering their products as “Services” typically known as SaaS companies

C) Software intensive companies offering services to a market using a software. The main business of such companies is not to sell Software or even SaaS but to “use” them as their tool to sell their services. A typical example of such a company would be one providing “subscription based” clinical information, or a subscription based access to a vast patent database and so on. In such cases, they do not sell software or service instead they sell “information” using a software.

D) A start-up company who intends to become one of the above three.

For the purpose of the article and for ease of reference, let us refer the above as – A-type ISV, B-Type ISV , C-Type ISV or D-Type ISV respectively.

This article is an attempt to provide a clarity to these ISVs as to which of the cloud services they need / should / may need to consider to embark on for the success of their business.

As briefly explained in one of my previous articles, there are three different aspects to cloud computing i.e.– SaaS (Software as a Service), IaaS (Infrastructure As a Service) & PaaS (Platform as a Service). If you are a B-Type ISV,  then I am sure you do not need any more explanation of what SaaS is. Also if you are C-Type ISV then too, you may not be too interested in SaaS as selling software isn’t the main business you are in to. But may be you wish to know more on these other aspects such as PaaS & IaaS.

So this is an attempt from me to put few points across to provide a clarity to all the ISVs out there.

 

PaaS

Using PaaS to build an offering or a SaaS product may be the fastest and the most cost effective way of doing so if you are a Type-D ISV (A start up company). As a start up you may have a fantastic product idea in mind which you think of offering it to prospective customers as a SaaS rather than an on-premise software, but you may not want to take a huge risk of doing the whole thing yourself.

By choosing a PaaS, effectively one gets a rapid application development platform to build the software along with an ease of deploying the software on the datacentres of the the PaaS providers. Because the ISVs do not have to own anything, there is no upfront investment. It is a Pay-as-you-use model and the charges of the PaaS providers can be accounted as an OpEx. This model is very useful if you are not sure how many customers you may procure during your initial years. Also, because most of the PaaS providers provide the flexibility of allowing you to increase the servers on demand, it is extremely simple to manage the spikes of customer growth.

It is very important for any ISV to ensure that their products offer a high quality of service and hence managing the non-functional Requirements is the key. And since the system is hosted on a PaaS, most of these non-functional requirements are already taken care by the PaaS providers. The ISV just need to align their Service Level Agreements they provide to their customers to the Service Level Agreement offered by the PaaS providers.

All good so far, but is PaaS a long term solution from the ISV’s perspective? May be and May be not.

If you already are a Type B ISV, i.e. you offer your product as SaaS, and if you are successful at it, there is no specific need to move your application to a PaaS. In some cases it may make sense but in most cases it would not. The only advantage of moving an existing SaaS application would be to reduce the infrastructure maintenance effort. Moreover if you already have a huge customer base, moving your system to PaaS would mean more charges / OpEx you may end up paying to the PaaS provider for each of your thousand users. Hence the cost benefit analysis needs to be done between moving the offering to a PaaS provider vs. Continuing to host (or using a Data centre) privately.

For Type A ISVs, it could be a good option to try their business model by creating a SaaS version of their product on a PaaS and sense the market reaction. As mentioned in my previous article, one option for the Type A ISV would be to reuse as much existing on-premise code as possible and build a SaaS version of it using methods mentioned in the article.

The more safer option would be to try a separate version of their product to be offered as SaaS, using a PaaS. This would mean they could treat this part of the Business as a start up and all the advantages that a Type-D ISV enjoys using a PaaS, can be exploited. And most of the PaaS providers provide a huge amount of flexibility to reuse existing code and make minor changes to make it available to be hosted for PaaS.

Type-C ISVs don’t need to worry about the PaaS immediately if they are happy with their current business model. The only reason they may or may not switch to use a PaaS would be cost as their customers are not users of their “software”. Their customers are users of the “information” provided by the software. As long as they are able to comply to the Quality of Service and their SLA agreements with their customer, the need to move to a PaaS would only be a Cost benefit in a long term and also their TCO for the business.

For an ISV (as our current focus is only ISV) whether to go PaaS or otherwise, is not an easy choice to make, for the sole reason that going PaaS means paying for each user using the system hosted on PaaS. SaaS is all about acquiring more users using the system which means more payment to PaaS providers. Hence it is extremely important to do a cost benefit analysis to evaluate if the CapEx investment + the OpEx maintenance cost for Self- hosted (privately hosted at a Datacentre), equates a lower TCO as compared to a TCO in case of having a permanent OpEx as charges to the PaaS providers.

Go cloud – An ISV perspective…Part 1 – SaaS

Typically as the name suggests, an ISV (Independent Software Vendor) could be one of the following:

A) Traditional Software Product companies: Companies who build and sell software products

B) Web based Software companies offering their products as “Services” typically known as SaaS companies

C) Software intensive companies offering services to a market using a software. The main business of such companies is not to sell Software or even SaaS but to “use” them as their tool to sell their services. A typical example of such a company would be one providing “subscription based” clinical information, or a subscription based access to a vast patent database and so on. In such cases, they do not sell software or service instead they sell “information” using a software.

D) A start-up company who intends to become one of the above three.

For the purpose of the article and for ease of reference, let us refer the above as – A-type ISV, B-Type ISV , C-Type ISV or D-Type ISV respectively.

This article is an attempt to provide a clarity to these ISVs as to which of the cloud services they need / should / may need to consider to embark on for the success of their business.

As briefly explained in my previous article, there are three different aspects to cloud computing i.e.– SaaS (Software as a Service), IaaS (Infrastructure As a Service) & PaaS (Platform as a Service). If you are a B-Type ISV,  then I am sure you do not need any more explanation of what SaaS is. Also if you are C-Type ISV then too, you may not be too interested in SaaS as selling software isn’t the main business you are in to. But may be you wish to know more on these other aspects such as PaaS & IaaS.

So this is an attempt from me to put few points across to provide a clarity to all the ISVs out there.

SaaS

If you are A-Type ISV, embarking the SaaS route may be an option for various reasons. It is all about entering a new spectrum of market with a complete new spectrum of operational differences as compared to the on-premise sale model. This new deployment and licensing model fundamentally changes the business model of an ISV, impacting many parts of the organisation – marketing, the sales force, presales engineering, deployment, support, finance, and product engineering and maintenance.  It is no longer just sell a license, ship a copy of the product and provide support for an annual support contract. For your customers, your product (or service) is now an OpEx cost and no longer a CapEx cost.

These are the few  fundamental questions an ISV should ask themselves

- Are there a large proportion of potential customers who do not buy your product due a higher up-front CapEx (in short is your on premise product expensive)?

- With your current product are you able to cater to all sizes of customers – i.e. Small, Medium, Large?

- Are you into selling a software solution which customers may only want to buy after they try it out?

- Would you like to add to your customer list, a mass volume of small customers over and above your existing amount of medium & large customers?

All the above questions are attractive reasons for an ISV to move to a SaaS based delivery model. But as mentioned earlier this impacts fundamentally all parts of the organisation right from presales to support, marketing to maintenance, product development to deployment.  If you are a successful A-type ISV, and if your potential target market is reachable with your current offering, then there is no need for you to take the SaaS route. No one would suggest to get away with the current on-premise model and embrace the SaaS way of delivery (if you are already successful). But providing SaaS based delivery as one more option makes a huge sense to cater to many smaller potential customers.

In my next article I shall provide a detailed analysis of what it takes for an ISV to move to SaaS along with comparisons, pros and cons of this delivery model. As soon as this article is ready I shall change this text to point to that article for ease of reading.

Technically there are three ways of moving to / or extending your product to SaaS:

a) Using PaaS to build a new SaaS version of your product

b) “Extend” your product to enable it to be offered as SaaS

c) Completely re-architect a new SaaS version of your product

Option c) may be the best long term option but it is the most riskiest.

Option a) is the easiest option but in a long run may not be cost effective. (Details in my next blog).

Option b) could be a potential option to choose if the existing architecture is modular, flexile enough to accommodate a SaaS version of it too.

The below chart gives you a high level glimpse of your existing product architecture and whether it allows you to move to a SaaS based delivery too. It also states, what it takes for an existing product to move to be offered as a SaaS – depending upon the type of the product

Microsoft has categorised every SaaS based application in to 4 different maturity models. Please refer to this article from Microsoft for the definitions of these 4 maturity models for reference.

Please note that the above chart should be only used as a reference for a faster way to get into SaaS from a traditional on-premise software and may not necessarily the best way to achieve the same.

An ISV should ideally start thinking over to offer their product offering as SaaS with choosing one of the 3 options above with Option C being the most complex and the most expensive one and Option A would be the more modern method and Option B would be a starting point to extend the existing investment on the on premise software.

Non-Functional Requirements for SaaS

All software products are built with a set of Functional as well as Non-functional requirements. The key role of the Business Analysts and the Business owners is to define / articulate the need for each and every requirement whether functional or non-functional. Functional requirements are surely the must haves and it is a prime responsibility of the Business owners and the analysts to define it or at least justify the need for it.

It is very important, one must also define Non-functional requirements and give equal importance to it along with functional requirements.It may not be appropriate but surely certain lenience in defining Non functional requirements can be incorporated in case of a on-premise software.

If you are an Independent Software vendor who would like to provide your Software as a Service, or if you would like to extend your current offering to a different market on the cloud by providing a SaaS version of the product, then the game changes completely.

In most cases, a SAAS solution is a SINGLE CODE BASE, with a SINGLE LOGICAL DATABASE serving 100s of customers and potentially 1000s of users with completely different usage patterns, different individual tweaking requirements, different requirements for interfacing with their in-house systems and so on.

Hence it is one of the top priorities to not only define the functional requirements, but also define and design the system to cater to a very clearly and strongly defined non-functional requirements. A non functional requirement as the name suggests does not provide any “business functionality”, but instead they glue the functionalities together better. Although there are too many things that can be defined as a “non-functional requirement”, I would like to highlight the most important ones that any SaaS Architects or Analysts should keep in mind, define them and most important “architect & design” the software to ensure it addresses these requirements.

Please note that there isn’t any specific priority order for each one of them and the importance of one over the other is completely dependent upon the business need and the type of the software to be delivered as a SaaS.

Also please note that not all of them may be a key requirement for every software and hence it is up to the Analysts and the Architect to define the same. The below list may also be used as a check list for the designers of the system to ensure they have it covered in their definition.

--

Security

No software can escape from the need for security whether SaaS or on-premise. But when it comes to SaaS the requirement turns out to be more stringent. As an ISV, the responsibility of the security (whether data security, network security or intrusion prevention) all of it lies with us. Any subscriber to a SaaS would expect assurance that his information and data is secure enough more since they are not under their own radar but we are the custodian for the same. In a multi-tenanted environment, no one would want their data to be visible to other companies using the same system. This is upmost important and should be one of the key points to be considered while defining the data structure for the software.

The network security and intrusion prevention is not the point of concern for the provider of a traditional on-premise software since the responsibility of deployment and network security then is the responsibility of the client rather than the software provider. When it comes to SaaS, these things are equally important for it to be considered.

I had attempted to provide a simple security checklist in one of my previous blogs which may be used by all parties involved in SaaS whether it be an ISV providing the software or it be a company subscribing to it or a user using the system.

Scalability

Scalability of the software takes a completely different turn when it is a software delivered as SaaS. Any software (whether SaaS or on-premise) would have to consider scalability when it comes to handling “volumes”. And since SaaS is eventually all about multi-clients with multi-users using a single code base, volumes are inherent characteristics of the software. There are no second thoughts to not to consider a Scale-out architecture along with a Scale-Up architecture for any SaaS system. The better the software more number of clients and more number of users are bound to signup for your service.

The software at the architecture level has to natively support a Scale-out architecture whereby you should be able to expand your system to virtually any level up to the theoretical maximum. We never know if our software / service is successful, we could be the next billion dollar salesforce.com :-)

Availability / Reliability

As the case applies to security, the same applies to availability or reliability of the software. It is one of most important factors / characteristics that must be inherently be part of the skull of any SaaS product – Reliability.

A very clearly defined SLAs (Service Level Agreement) has become a norm these days for any SaaS offering and not adhering to it may even have legal implications. With more and more improvements in the technology and also increase in competition, customers expect a 99.99% uptime of the service and no longer just 99.9%. So that mathematically equates to 1 hour of downtime per year. Everyone is aware of the fact that no software can be 100% bug free but at the same time, the software needs to be architected and designed to ensure that the downtime scenarios are well handled and there would be no / minimum data or business loss to the clients. And most importantly ensure your SLAs are aligned to the SLAs of your hosting provider / partner. Always use a hosting provider. Never DIY.

Performance

One of the prime reason Google Search engine and Google’s web browser Chrome is a hit is because of its speed to respond. Although no one would expect your software to be as quick as Google (although if you could get there then nothing like it :-) ) but in terms of response times to any business operations, they have to be quick enough to an extent the users do not get a chance to think about the speed. Defining a clear SLAs for response times is also key for any SaaS offering. Although defining a higher response times in your SLAs to avoid legal implications and to play safe may be a good idea to an extent, but not at the cost of users realising the system is slow and start disliking it.

Perform frequent checks for ensuring the performance is at the top of the agenda. Cache the most frequently accessed metadata, service your database by optimising your queries and ensure all the queries in your database uses the most appropriate indexes. Minimize the network operations, use compression where appropriate. Load balance your web servers and if other factors permit, localise your server location.

And most importantly do not over engineer your software. The above points like caching, database indexing etc., may not always be the solution for performance and hence should be done as a calculated exercise,

Configurability

One of the critical success factor of any SaaS application is configurability. It is even more important to ensure configurability to a great extent is taken on board for a SaaS product since its native characteristics of having a single code base. Configurability in SaaS aims to provide customers with a multitude of options and variations to provide a unique experience. Not just that but having the system configurable allows you to sell different services based on various different licensing modes / editions, e.g. Software – Lite, Software – Professional, Software – Ultimate and so on. Ability to switch on and off a particular feature or an option to change the way a user uses the functionality or even ability to change background colour of a screen, may not be the most important thing to have within a software, but surely it is one of the key differentiators / selling factor for your offering. As mentioned above, providing different editions to different target provides an option to expand market share more easily.

Also since every customer would want to use the system in a different way to suit more to their internal culture, more the configurable your offering the better.

Flexibility / Extensibility

Software offering never ever ends at Version 1. It is relatively easier to incorporate or add functionality / remove / modify functionality from an on-premise software since the consequence of doing so would not affect your other customers. They have separate copies of your system and providing more “bespoke” tweaking is possible in such cases. A SaaS offering is a single piece of software catering to all your customers. Hence the architecture should take in to account an ability / room to extend the software with more features and functionalities to provide more value to your offerings in the future.

The most important point one must avoid for a SaaS offering is to provide bespoke implementations for different customers (with switches). Ensure the software is extensible enough to avoid such scenarios.

Usability

Usability Engineering is a vast area in itself and over the years companies have started taking User experience more seriously rather than just providing “a” User interface they think is appropriate. It becomes even difficult to implement a good user interface and interaction for a SaaS offering since the spectrum of users increases more than ten-fold. A single software instance needs to provide a unique experience and functionalities to different customers and in turn various different users of each customer. It is advised for every SaaS offering to undergo a Usability engineering exercise before getting the Graphics team to define the user interface for the software.

Interoperability

And last but not the least, no software can work stand alone. There is always a need for integration of our systems with other systems providing specialised services. E.g A Purchase Management system may need to provide a facility to interoperate with a financial accounting system. If you are providing a Financial accounting system as a SaaS offering, the need for interoperability would be even higher than the other kinds of business software for obvious reasons.

The key solution to address this non functional requirement is to implement a Service Oriented Architecture. It is important to expose most of your key interoperable business functions in the form of well documented Web services to allow other systems to interact and interoperate with your system. Since we are talking about a SaaS offering, and as mentioned earlier, the requirement of individual customers may differ and hence the SOA layer to the software needs to be well thought of and well documented to avoid any need for bespoke implementations. Also it may be required to consider a facility natively part of the system’s architecture to provide a facility to import and export of raw data to allow other related systems to make the best bonding with your offering. Needless to say, interoperability should not be provided at the cost of security and hence due care needs to be taken to ensure both marry well within the system.

--

There may be many more points which may be considered important as non-functional requirements, but the above ones are the most important and common ones which almost all the software delivered as SaaS needs to consider and take in to account in their design and implementation.

The success of a software (especially delivered as SaaS) depends not only on its functional requirements but also to a very great extent the….NON-FUNCTIONAL REQUIREMENTS.

Cloud–What it means to common man / end users?

Every single person who can talk little about IT is talking about cloud. Every other technical article on the web we read is about Cloud, directly or indirectly.

But, for an end user, is the cloud a new terminology to digest? Is it something they need to learn? Is it something they need to consider to make the right choice they make in their IT purchase or IT consumption?

The answer to all these fortunately is a NO. Although cloud as a “terminology” a recent development, but the implementation has been there for ever.

Do you ever remember Yahoo briefcase? Or have you not been using Web based free email services such as Hotmail, Yahoo, AOL, MSN, Gmail and likes of it? Have you not used RapidShare, to share large files with your friends or peers?

What are these……..?

These are nothing but “Services” available on the cloud for your consumption. Some are free, some are chargeable. But the purpose is the same. They provide you with a “facility” to do things without any / few changes / configurations on your local computer.

Think of a scenario of the distant past, when emails were for privileged ones (before Hotmail, Yahoo and net@address revolutionised the concept of “Email for all”). In this scenario, we would have bought / subscribed to an Internet Service provider, installed an email client such as Outlook, Outlook Express, Netscape (yes they too existed then) etc. Then we would configure this client to connect to the ISP’s email server and then start using the service.

Then came Hotmail, Yahoo, net@address, with a concept of – Nothing to be installed on the local machine. Everything happens on the internet. All you need is a web browser. (Free or not free is a different angle to this), So what we have here in this case, is an email service available for us to consume in the cloud. Plain and simple.

Thus before this concept started, everything was local. All software we consume to perform various of our day-to-day activities such as writing documents, creating spread sheets keeping a track of our accounts, checking and replying emails, running a particular Business application such as an Inventory Management system etc., were all local. Then came Web based email, which eliminated the need to installing an email client on our computer. Then came something like Yahoo Briefcase, that more or less reduced the need for us carrying floppy disk to carry files that needs to be accessed by us from two different computers.

Thus two of our activities were replaced by services on the internet and we didn’t need software to be installed on our computer to perform these activities.

So what has happened now that wasn’t there before?

For the past few years, what has changed is the fact that more (or almost all) applications that we use on a day to day basis for productivity or activities, are now available on the internet which means, each service we use on the web, we do not need to install that specific software on our local computer. For writing documents, word processing, maintaining a Spread sheet, software like Word, Excel are no longer the only available option. One could think of using Google docs or Office Live (complete office suite available on the web that can be consumed by just using a web browser).

World has progressed a lot on speed and availability of the internet. Hence even to listen to music, we do not need to install software such as Winamp, Media Player or Quicktime. We could listen to music available on the internet which can be streamed to a browser and provide the same experience.

For almost all the applications we use on a day-to-day basis we now have a choice of whether to install the relevant software locally on our computer or just use a browser to connect to an online version to achieve the same functionality.

The main reason for devices like netbooks, tablets and slate computers like iPad sell today is because we are in an era where most of the common tasks are achieved over the web and hence these devices can afford to be light and handy.

How far do we think this will go?

Well this is a difficult question to answer. As an hypothetical example, if we assume we consume 20 applications for performing our day to day activities, before the Hotmail, yahoo era, all 20 were essentially software that were to be installed locally on our computer. With Hotmail / Yahoo etc. we needed 1 less (emails were available on the web). Over the years the number has gone up to a great extent that we have almost 15-16 of them available on the web.

Are we saying we do not require any kind of software installed on our local computers?

The answer to this would depend upon two things – a) Is there a cloud equivalent of the software we use, and b) the level of our usage. We have to accept a fact here that the web cannot provide (at least as of today) all the richness in terms of user experience as well as functionality that the desktop equivalent provides. It is said that 20% of the functionalities provided by an application are used by 80% users and the remaining 80% of the functionality of that application by 20% users. Unless over the years if the cloud becomes even stronger or as strong as the desktop, the decision of selecting an application to be installed locally or do we use the application available over the internet depends up on the criteria of which category in the 20%-80% ratio, we fall under.

E,g, If you are a very heavy Spreadsheet user, then you would surely need to use Excel on your local computer since the web version (whether be it Google Docs or Microsoft Office Live) does not provide the complete richness that the desktop version provides. That said, may be in the near future, the web version would end up being as powerful as the desktop version, then the choice would be based on other factors such as cost etc..

On the contrary if you use a spreadsheet for the most common activities, the web version is a serious option one could think of since it not only provides a huge cost benefit, but also extra security of backups etc..

Thus in a nut shell, as an end user, we have far more options to choose from, for your productivity applications we use. It is no longer choice of software for your desktop but also option to go the web way.

Google is in the process of building an OS for the cloud called Chrome OS, which means we would not need anything installed on our computer other than a web browser. If it succeeds, everything will be in the cloud!! Possible?? – Time will tell!!!

Security concerns with a SAAS system

SAAS – Software as a Service can be defined as "Software deployed as a hosted service and accessed over the Internet rather than a product deployed at the customer’s premises for each customer."

Today, SAAS applications are expected to take advantage of the benefits of centralization through a single-instance, multi-tenant architecture, and to provide a feature-rich experience competitive with comparable on-premise applications.

Software as a Service (SAAS) is transforming the way traditional ISVs do business as providers of applications to the market. This new deployment and licensing model will fundamentally change the business model of the ISV, impacting many parts of the organisation – marketing, the sales force, presales engineering, deployment, support, finance, and product engineering and maintenance.

But all sounds good for the ISVs run this Business model. The main point here is to get a customer convinced to go for a subscription based software rather than on-premise software.

Customers surely see lots of business advantages by using a SAAS based product over an on-premise product. The reasoning no longer is a business decision. It is more a technical decision. The key technical factor that influences the customer to take a decision whether to go on-demand subscription-based or to buy an on-premise software is – Security.

Since the data is multi-tenanted in a SAAS environment, the fundamental question that comes to the customers mind is – How secure is my data (since it is not in front of me)? What is the guarantee that other customers of the same service do not have access to my data?

The customer should ideally be asking the SAAS providers the following questions to be convinced. It is not necessary that all the question is expected to have a positive answer for the customer to take a decision. It also depends upon what type of business application is being offered as SAAS. But “knowing” the answers is a “must” before taking a decision of going the on-demand route or on-premise route.

Here’s a list of questions I think should be asked by any customer to a SAAS vendor before subscribing to their service. The same set of questions can also be used as a check list by a SAAS vendor.

Data Access Related Questions

• Is the Database Multi-tenanted?
• How many people in the entire chain have the Database SA password?
• Is the data for one customer securely away from another customer?
• Do the Data-Centre engineers have access to the database through SA?
• Can anyone in the entire chain in a position to access / copy / change / destroy critical data of any customer?
• In a system where 3rd Party integration is involved, is the Data communication secured and restricted to only the required exchange of information?
• What information is stored in the Audit log?
• What arrangements are made for Database backup?
• What types of data are encrypted and what is the encryption mechanism used to ensure it is safe?

Infrastructure Related Questions

• What SLA do you the SAAS provider have with their Data Centre?
• What is the hardware redundancy arrangements made by the vendor?
• Does the data centre have WAN backup? i.e. The data centre is replicated in 2 different continents as a backup?
• If yes, Ask all the Data Access Related Questions again with reference to this second Data centre
• How many people from the SAAS vendor organisation have the network administrator password within the data centre?
• How many people have the Shut-Down permission on the Server?
• How often are the servers need to be restarted?
• Does the SAAS vendor align with the Data Centre's SLA within their own SLA?

Internet based Security Threats

• Is the Site hosting the SAAS system SSL enabled?
• Is the Database server on the internet or behind a DMZ?
• If, Yes it is exposed to the internet, then Why?
• How is the system protected from SQL injection?
• (If in case the hacker gets access to Database) Are the critical data encrypted?
• Does the Application User security tightly aligned to the data security?
• Last but not the least, Does the SAAS vendor / provider get their system audited by Security Auditing authorities?

Typically all these (or most of them) are covered in the SLA provided by the SAAS vendor but this is something to my mind is a must for any customer to be aware of before signing as a customer for a SAAS offering.