Some of you who have used Amazon Web services have wondered about the role of SaaS in cloud computing. The good news is that you can develop Web-aware, cloud-friendly SaaS on top of these Web services. You can sell the SaaS to a large customer base, such as consultants or product engineers, and reduce the up-front expenses of purchasing software by offering less costly, on-demand pricing. Another advantage is that SaaS provides updates at a centralized location, eliminating the need for you to download frequent patches and upgrades.
In this article, I'll show you the similarities and differences between SaaS and cloud computing. I'll explore the role SaaS plays in cloud computing and how different it is from other forms of cloud computing, such as utility computing and Platform as a service (PaaS). I'll also give service categorizations and application examples and talk about combining multi-tenancy with virtualization. Then, I'll cover unused resource and interoperability problems and offer some solutions for them. Finally, I'll look at what criteria you need to test how well SaaS is performing in cloud computing and some security issues with SaaS.
SaaS is mature and should be considered part of a mashup or as a plugin to PaaS products or Internet-based services. It provides a complete turnkey application, such as enterprise resource management or plant engineering management, that you can access from a Web browser no matter where you are located.
The service maturity of SaaS is attributed to the virtual platform software on both servers and disks. The two next lower service maturity levels are PaaS and Infrastructure as a Service (IaaS). The lowest service maturity level is Internet-based services. PaaS runs APIs and virtual platform software on disks, while IaaS delivers a full-computer infrastructure via the Internet and provides only server virtualization for users of Amazon EC2 and IBM Blue Cloud, for example. Examples of Internet-based services include Amazon S3, Amazon Simple DB, and Google Base.
Example 1: Plant engineering management
You can build a mature SaaS that a plant engineering company could use to improve manufacturing cycle times and secure merchandise purchase, sales, and accounting transactions. The SaaS could help determine the business processes to use for capacity planning in subcontract manufacturing. The customer base would range from the plant manager and quality manager to line controllers and the COO and CFO.
SaaS is not only useful for executives to access data in the pay-on-demand subscription environment. Executives can make critical decisions in finance, plant engineering, manufacturing cycle times, supply management, and human resources capital planning. SaaS can be used as an operational business intelligence tool for decision makers in a manufacturing plant. For example, tools provided through SaaS could equip decision makers with knowledge on what metric goals should be achieved for material handling time, cycle time, and changeover time. The tools could also render analysis and offer diagnosis of the actions decision makers should take if a metric is not meeting the target.
Example 2: Distance learning and more
You can build a training program as a SaaS. DigitalChalk's SaaS model targets universities and corporate clients to deliver their training content (including distance learning) through its Web site. To build the SaaS, it created its own Amazon Machine Images (AMIs) and used Amazon S3, EC2, and SQS instead of a data center.
To develop other SaaS services, you can use IBM AMIs that EC2 will run. They include IBM DB2, IBM Informix, IBM Websphere Smash, and IBM Lotus Web Content. To expand your repository of AMIs, you can use either pre-configured AMI templates, or create an AMI containing your applications, libraries, data, and associated settings.
Microsoft® divides SaaS into two categories: line-of-business services and consumer-oriented services. Both are sold on a subscription basis. Line-of-business services are large custom business solutions for finance, supply-chain management, and customer relations in a pay-on-demand subscription environment (for example, plant engineering management). Consumer-oriented services target consumers at no cost and are supported by advertising.
As these categories appear to be limited, I add two more categories: shared resource services and outsourcing services. Shared resource services distribute services among a pool of users, and servers allow large companies to get peak load capacity at lower costs, reducing the need for larger internal data centers. Outsourcing services allows small and medium-sized business to provide services on a subscription basis by completely externalizing their data-center infrastructure (for example, distance learning).
Except for the consumer-oriented services, profitability is achieved only when the business delivers services to a large customer base. It must adequately cover high infrastructure costs with low margin with cheap pay-on-demand subscriptions—unlike utility computing that charges pay-per-use rates. In addition to subscriptions, the revenue model includes referral fees, transaction fees, consumption-based pricing, performance-based pricing, reseller margin, and revenue sharing.
Each example shows that SaaS has three attributes: configurability, scalabilty, and multi-tenancy efficiency. If the SaaS does not have one or more of these attributes, it is less mature. You can combine the best of multi-tenancy and virtualization for more flexibility in tuning the system for optimal performance.
Multi-tenancy refers to software architecture where a single instance of the software runs as a SaaS, serving multiple client organizations (tenants). With a multi-tenant architecture, data and configuration is virtually partitioned to allow each client organization to work with a virtual application instance. By consolidating IT resources in a single operation, multi-tenancy allows for cost savings over the basic economies of scale.
One disadvantage of multi-tenancy is that it can incur substantial memory and processing of applications when the customer base is small. When the customer base is large, multi-tenancy outweighs this disadvantage by reducing this overhead. This is accomplished by amortizing it over the customers. Another downside is that additional programming may be required to construct an efficient multi-tenant application, increasing the size of overhead.
Virtualization of servers in SaaS architectures is more than virtually partitioning data and configuration in multi-tenancy. One benefit of visualization is that it can increase the system's capacity to meet the demand (like increased buying in December), by dynamically adjusting the number of real servers and the logical size of resources, including storage and database resources. One downside is that virtualized servers may not be transferable from one vendor to another due to interoperability issues of the virtualization software.
SaaS running on top of Web services takes advantage of Service-Oriented Architecture (SOA) to enable software applications to communicate with each other. Each software service can act as a service provider or requester. A SaaS service provider exposes its functionality to other applications via public brokers. A SaaS service requester incorporates data and functionality from other services. Both leverage economies of scale in the deployment and management of SaaS services.
Web services are normally loosely coupled, whether the resource is scarce or not. To ensure that resources for service providers and requesters are not wasted when capacity goes up or down on demand, create a Web service with a coupling switch to supplement SaaS applications. This switch would flip to tight coupling from loose coupling when the Web service received an alert that its corresponding resource had reached certain levels of waste.
Problem 2: Interoperability issues
If your SaaS is Web-aware and cloud-friendly, the company may find it difficult to run the same SaaS application with different vendors who may have, for example, different formats for importing and exporting data. Consider this scenario: You have two SaaS applications that you want to mash up. One uses industry-standard APIs running on one vendor's cloud computing environment. The other is running proprietary APIs on another vendor's cloud computing environment. This mashup will not work without some re-engineering.
First you must address portability between these two cloud computing vendors. Do they already allow communication between the environments, or do you have to martial the data between them? Are the data formats and logic compatible between the two types of APIs, or do you need to reformat data or change the logic between the two applications? Currently there are no standards for APIs to import and export data. However, IBM and Amazon are working together to make the interoperability and resulting mashups easier to design and manage.
Testing is part of any software development to make sure cloud computing and SaaS go green. You need to conduct testing of SaaS services and applications to improve quality of services. To start testing, simulate the end user environment, such as multiple Web browsers, operating systems, and network connectivities. If you don't, you are off to a bad start. For example, one Web browser may have features that another does not have. The lack of features may impact the way a user accesses SaaS services in cloud computing or the way the unused resources are harnessed.
Next, test for multi-tenancy vulnerabilities, such as whether user A can impersonate user B due to software defect. Test virtualization vulnerabilities, such as whether server A can impersonate server B. Other areas you should test are how far a user can scale usage without overloading the system, how to best manage private keys in a pay-as-you-go environment, and how large amounts of data in the cloud should be backed up and restored. While version control and change management are not customer activities in the SaaS model, they must be tested to ensure they can be verified adequately. Also important is whether SaaS meets vertical needs, since SaaS is a horizontal application.
Keep in mind that a SaaS product in the cloud has different deployment and usage conditions than a product deployed in a typical data center environment. Therefore the testing requirements for the cloud-based application will be different as well. For example, SaaS products can be changed without the customer knowing it. Releases in SaaS deployment models tend to be more frequent than other models because the centralized management makes minor updates easier, so customer support issues for SaaS products tend to be of shorter cycle. Yet this short-release cycle can also cause a lot of pain for the customer if changes occur haphazardly without sufficient testing.
It's expensive to purchase, maintain, and operate the test infrastructure. It does not come cheap when you set up functional, regression, performance, and stress testing while the SaaS infrastructure grows. Before each final release of a SaaS product, you will need to set up Alpha and Beta testing environments to get feedback from potential customers. So it's important to plan for and get a large market share to achieve profits from cheap subscriptions, while absorbing high testing costs.
Disaster recovery, private key management, and disclosure of controls activities are security concerns in the SaaS environment in the pay-on-demand infrastructure. Without proper planning and implementation, the costs of security safeguards can far outweigh the economic advantages of SaaS and cloud computing.
Planning for a disaster recovery became a very important issue after Amazon's S3 and EC2 suffered a three-hour outage in the early part of 2008. During the outage, the consumers lost sales opportunities, and executives could not access critical business information. These impacts far outweighed data recovery and service credits provided by an SLA.
Instead of waiting for an outage to occur, consumers should do security testing on their own to check how well a SaaS service provider can recover data. The test is simple: Just e-mail the provider to get your stored data, and check how long it takes for the provider to recover. If it takes too long to recover, ask the provider why and inquire how much service credit you would get in different scenarios. If it takes a very short time to recover even for an enormous amount data, you then verify if the checksums can match the original data. You may need to test recovery during both peak and non-peak times.
One area of security testing you should do is to test a trusted algorithm to encrypt the data on your local computer you are looking at and then try to access data on a remote server you can't see in the cloud using the decryption keys. If you can't read the data when you have accessed it, the decryption keys are corrupted, or the server rejects it because the vendor is using its own encryption algorithm. Ask the vendor what encryption algorithm it is using.
Another issue is the potential problems with data in the cloud. To protect the data, you may want to manage your own private keys. Check with the vendor on private key management. Amazon will give you the certificate if you sign up for it.
Not all providers are willing to disclose how well they manage control activities in the SaaS environment. Some may have a policy of auditing their control activities.
Ask your provider if it is SAS 70 Type II certified on disclosing control activities and processes to consumers. This certification ensures comprehensive change management documentation, backup and recovery requirements, disaster recovery requirements, and physical-level security requirements of the data center, including access and mirrored data centers in cloud computing. If it is not certified, then ask the provider how you can get the information on the way it manages control activities, if at all. Certification is not required if you can satisfy yourself about the quality of your provider's procedures. Amazon has posted its security processes in an article that you can find in the Resources section below.
This article helps you plan for developing and managing SaaS in cloud computing. Potential users' demands for service with cheap subscriptions in the pay-on-demand infrastructure present a challenge for developers and other members of a project team. Being aware of and resolving the issues of developing and managing SaaS, including potential security problems, can make your team's experiences trouble-free. You can accomplish this by using IBM Rational Web Developer WebSphere Software and IBM Rational ClearQuest for defect and application tracking of SaaS being built with IBM AIMs (see Resources for more information).
Learn
- Read about Amazon's security processes.
- Learn more about mastering SaaS, whether you are curious, aspiring, established, or
expanding your knowledge.
- Want to learn how to
build a SaaS solution? Get demos to show you how.
- "Work with Web services in enterprise-wide SOA series" by Judith M.
Myerson offers information on how to work with Web services in enterprise-wide
SOAs.
- Browse Judith's series, Use SLAs in a Web services context, for details on service-level
agreements.
- Want more
information on Ajax tools? Read about them in "Survey of Ajax tools and techniques" (Gal Shachor, Yoav Rubin, Shmulik
London, Shmuel Kallner, developerWorks, July 2007).
- Read "Tight coupling Web services in the SOA" (developerWorks, Jan 2008).
- Read Judith's The Complete Book of Middleware, which focuses on the essential
principles and priorities of system design and emphasizes the new requirements
brought forward by the rise of e-commerce and distributed integrated systems.
- Get the business insight and
the technical know-how to ensure successful systems integration by reading Enterprise Systems Integration, Second Edition.
- Bring your organization into the future with RFID in the Supply Chain, which explains business processes,
operational and implementation problems, risks, vulnerabilities, and security
and privacy.
- The developerWorks SOA and
Web services content area
offers an overview of SOA and how IBM can help you get there.
- Stay current with developerWorks technical events and webcasts.
Get products and technologies
- See how IBM
Rational Web Developer for WebSphere Software for architecture
management, IBM Rational ClearQuest for change and release management, and IBM Rational Functional Tester Plus for quality management can help
when developing Ajax and other applications. These tools from IBM help
increase your productivity by reducing testing time and the costs of test labs
in your enterprise
-
IBM trial
products for download: Build your next development project with IBM
trial software, available for download directly from developerWorks.
Discuss
-
developerWorks blogs:
Get involved in the developerWorks
community.
Comments (Undergoing maintenance)
Table of contents
Next steps from IBM
Access IBM software products in the Amazon Elastic Compute Cloud (EC2) virtual environment.
My developerWorks community
Tags
Use the slider bar to see more or fewer tags.
Popular tags shows the top tags for this particular content zone (for example, Java technology, Linux, WebSphere).
My tags shows your tags for this particular content zone (for example, Java technology, Linux, WebSphere).
Popular article tags |
My article tagsSkip to tags list
Popular article tags |
My article tags
