2. WHAT IS SAAS?
• SaaS is a Software licensing and delivery model in
which software is licensed on a subscription basis
and is centrally hosted.
• It is also referred as “on-demand software”.
3. HOW SAAS IS DIFFERENT FROM OTHER MODELS?
Networking
Storage
Servers
Virtualization
OS
Middleware
Runtime
Data
Application
IaaS
Infrastructure as a service
Networking
Storage
Servers
Virtualization
OS
Middleware
Runtime
Data
Application
PaaS
Platform as a service
Networking
Storage
Servers
Virtualization
OS
Middleware
Runtime
Data
Application
SaaS
Software as a service
Managed By
Vendor
Managed By Client
Legends :
4. WHY SAAS?
• Lower Cost of entry
• Reduced time to benefit & rapid prototyping
• Pay as you go
• The SaaS vendor is responsible for upgrades, uptime & security
• Higher adoption rates
• Integration and Scalability
• Work anywhere
5. IS THERE ANY DISADVANTAGES IN SAAS?
• Loss of Control.
• Security concerns, since your data is stored in the cloud.
• Compliance – Certain countries/industries have regulation relating
to where data is stored.
• Switching between SaaS vendors is difficult.
7. KEY CHARACTERISTICS OF SAAS
• Multi-Tenancy
• Provisioning
• Configurability
• Scalability
• Maintainability - Application delivery and upgrades
• Integration
• Metering and Billing
• Monitoring - Application availability
• Analytics – User Experience, Performance
• Disaster recovery – backup and restore
8. WHAT/WHO IS A TENANT?
Azure Storage Service
CORP A
CORP B
CORP C
CORP D
Companies - Tenants
STREET & CO
LLC
NOR COM INC.
TOUCHPOINT
LOGIC LLC.
ARROW AUDIO
INC.
Corporate customers - Tenants
Customer 1
Customer 2
Customer 3
Customer 4
Corp Customers - Tenants
9. HOW THE SYSTEM IDENTIFIES THE TENANT?
• HTTP URL approach
• Tenant_ID will be identified based on sub-domain parameter in the URL [HTTP host
headers].
• https://companyA.yourproduct.com
• https://companyB. yourproduct.com
• Some customers might ask custom domain than sub-domain.
• Sub domain will give better isolation on cookies and CORS (Cross Origin Resource
Sharing), it makes cross-tenant CSRF & XSS bit harder.
• Query parameters can be used to identify the tenant.
• https://yourproduct.com/companyA
• https://yourproduct.com/companyB
• Authentication approach
• Based on user identity, Tenant_ID will be identified.
10. WHAT IS KEY CHARACTERISTICS OF MULTI-TENANCY
• Resource sharing
• High degree of configurability
• Isolation [Security and privacy]
12. MULTI-TENANCY & CONFIGURABILITY
• Page appearance and branding customization
• Allow the tenant to upload their own log to do branding
• Allow the tenant to upload tenant specific CSS file to change the style in all the pages.
• Complete page customization example Login page specific to tenant.
• Expose API that can be consumed by custom page’s
• Allow the tenant to upload the custom page into the application.
• Ability to enable & disable functionalities specific to tenant at application level.
• Ability to customize the business process or application flow specific to tenant.
• This can be achieved by using workflow & rule engine.
• Allow the tenant specific identity provider integration
• To get SSO (Single-Sing On) experience across their applications.
• Ability to add custom fields in the schema specific to the tenant
• Location: Tenant would like to access the application near by location [Geo-aware SaaS deployment]
13. MULTI-TENANCY & IDENTITY PROVIDER INTEGRATION
• Tenants use their exiting identity provider
• Tenants want to use Third party identity provider like Google /
Windows Live account
• Application provides its own identity provider, tenants will just
use it.
Note: All approaches uses claims-based authentication, only difference is source of the original claims
18. APPROACHES FOR DATA ISOLATION IN MULTI-TENANCY
1. Storing tenant data in separate databases.
2. Housing multiple tenants in the same database.
• Separate schema for each tenant [separate table]
3. Using same database and same set of tables to host multiple tenants.
• Each row will have tenant_id in the table.
Note: In Azure table, container level access policy can be implemented.
19. MULTI-TENANCY & PROVISIONING
Provisioning refers to the process of on-boarding new tenants to use the SaaS application.
• It includes allocation of system resources.
• Deployment of application components for this new tenant including new database if any
• Granting permissions required to various applications and application features.
• Other customization mentioned earlier.
• Example, Integrating their authentication provider, configuring logos
20. HOW TO IMPLEMENT PROVISIONING
• The tool to provision a new tenant should be independent of tenant
application itself. Since the same tenant and his configuration can be re-used
for future SaaS applications as well.
• The tool should have the capability to automate as much of the tasks to
provision new tenant.
• Example Windows Azure Pack (WAP) to automate the tenant provisioning.
21. SAMPLE APPROACH FOR PROVISIONING
Tenant Management
Application
Single Instance
Tenant facing SaaS
Application
Tenant facing SaaS
Application
Tenant facing SaaS
ApplicationSaaS Application2
Multi Instance
Tenant facing SaaS
Application
Tenant facing SaaS
Application
Tenant facing SaaS
ApplicationSaaS Application1
Multi Instance
IT/Support team access
Tenant Admins access
To do configuration/customization
on their own anytime, example theme
22. DISASTER RECOVERY
• Azure services provides the disaster recovery features by native.
• Such as Geo-redundant, multi instance, multiple data centre.
• Still, may be due to some technical issue (application bug or security issue)
the data go wrong/get deleted. In this case the same instance will spread
across the datacentres and geo-replications.
• To avoid this kind of scenarios, application should take care of taking regular
backup of individual tenant data and should have provision to restore the data
to specific point based on tenant request.
23. MONITORING
• Tenant specific applications should be monitored individually rather than entire SaaS application as
whole.
• Alerts should be raised in the form of Email/SMS based on application availability.
Monitoring
Tool
Example: Fusion Lite SaaS Application
Tenant1 App
Tenant2 App
Health Page
of tenant1
Health Page
of tenant2
Tenant1
Users
Tenant2
Users
Parse the content,
Response code: 200