The document discusses various aspects of software as a service (SaaS) architecture, including multi-tenancy, scalability, customer support, and implementation strategies. It emphasizes the importance of security, regulatory compliance, and operational control within cloud environments, along with the transition from traditional software models to subscription-based services. Additionally, it outlines the design considerations for application security, data management, and customer retention strategies.

1. Kannan Subbiah
Knowledge Universe Technologies India Pvt Ltd

2. Own a house
Vs
Rent a house
Own a Car
Vs
Engage Call Taxi

3. •Chargeable unit
•Geographical boundary
•Business Domain
•Implementation Partners
•…
•Hosting infrastucture
•Support Multi-tenancy •On-boarding / Exit
•Scalability •Customer Support
•Internationalization •Service Level
•… •Contract terms
•…

4. Subscribed
Self subscribe
Hosted to the software
or parts of
Hosted (ASP)
Affordability
software.
Software Software Customizable
In-house Owned and rented, but by tenants to an
H/W, S/W Managed, not designed extent
owned and Infrastructure to scale
managed. rented
Time

5.  Multi Tenancy
 Subscription based service
 Scalability
 Manageability
 Self Service Sign-up
 Tenant specific customization

6. Attribute Traditional SaaS
Application Delivery Installed Hosted
Updates / Release Cycle Larger / Longer Smaller / Shorter
Pricing One Time + Maintenance Subscription
Accounting CAP-EX OP-EX
Implementation Engage Partners / Simple, end user
consultants configurable
Operating Platform Multiple Single
Value proposition Once at the time of selling Continuous

7.  Pay per use
 Any where Access
 Subscription to service not software
 Least or no investment on infrastructure

8.  Stronger protection for IPR
 Operational control of the environment
 Recurring revenue stream
 Shared Infrastructure – PaaS / IaaS

9.  Microsoft – 4 level
 Scalability, Multi- Tenancy and Configuration
 Forrester – 6 Level
 SEI – for assessing the organization and not the
application
 Euro Cloud Star Audit
 None of them are popular

10.  Level 0 – Outsourcing
 Level 1 – Manual ASP
 Level 2 – Industrial ASP
 Level 3 – Single-app SaaS
 Level 4 – Business Domain SaaS
 Level 5 – Dynamic Business Apps

12.  Solution Design to address
 Internationalization
 Cloud Infrastructure
 Support business & operating model
 Multi-tenancy
 Extensibility
 Security and Audit
 Wider scope - cover industry needs

13.  Must Support
 Larger impact
 SLA driven
 Disclaimers
 Increased Focus on
 Reliability
 Availability
 Extensibility
 Scalability
 Quality, etc

14.  Migration from existing software
 Application Integration
 Data Integration
 Data Mining
 Authentication, Single Sign-on
 Network infrastructure

15.  Areas of support to include
 Hosting infrastructure
 Data center operations
 Systems and network monitoring
 Billing
 Customer education
 Longer customer retention for better RoI

16.  Agile approach
 Rapid releases and upgrades
 Primary focus on
 Rapid action on feedbacks
 Usage statistics
 Predict industry trends
 Platform and tools used
 Automated testing
 Service aggregation

17.  Driving Contracts online
 Termination and Migration
 Security, Privacy and related risks
 Country specific regulations
 SLAs

18. Data Security
IdM & SSO Data
Seggregation
Back up & Deployment
Recovery Model
SaaS Security
Availability Deployment
Environment
Regulatory Network
Compliance Security

19. Data Security
 Data Location
 Data Encryption
 Data Integration APIs
 Access Logs
 Return / destruction of data upon exit

20. Data
Seggregation
 Understand the Data & Application Architecture
 Separate Physical / Virtual Server(s)
 Separate Instance on shared hardware
 Separate Database
 Shared Database
 Authentication and Authorization

21. Deployment
Model
 Security aware developers
 Application Design
 Application / Data Partitioning
 Information Sensitivity
 Design for Performance & Scalability
 Configuration Management
 Security Testing
 Threat Remediation
 Build & Release Cycles

22. Deployment
Environment
 Boundary Protection
 Resource Priority
 Configuration Management
 Cloud Infrastructure
 Certification / accreditation
 Continuous Monitoring
 Audit

23. Network
Security
 Transmission Integrity
 Secure Data in transit (SSL)
 Intrusion Detection & Prevention
 Other standard security measures
 Man-in-the-middle
 IP Spoofing
 Port Scanning
 Packet Sniffing

24. Regulatory
Compliance
 Global Legal compliance
 SAS 70
 SOX
 HIPAA
 …
 Contractual obligations
 Need for Logs and Audit Trails
 Data Retention needs

25. Availability
 Application Design and Architecture
 Design for performance
 Graceful exits
 Instance Isolation
 Custom Code Modules
 SLA
 Uptime Guarantees
 Maintenance / Outage Notifications
 Documented BC & DRP plans
 Code Escrow

26. Back up &
Recovery
 Infrastructure
 Protection of back up location
 Encryption
 Access control to Backup location
 Recovery
 Documented process
 Drills

27. IdM & SSO
 Who manages it?
 Checks & Controls
 Id provisioning
 Secure storage
 Password Policies
 Federated IdM
 Trust relationships with tenants
 Secure federation of user identities

28.  Follow Me
 Email: kanna@vsnl.com
 Facebook: http://www.facebook.com/kannan.subbiah
 LinkedIn: http://in.linkedin.com/in/ksubbiah
 Blog: http://www.kannan-subbiah.com