More Related Content
Similar to Software as a Service
Similar to Software as a Service (20)
Software as a Service
- 1. Software as a Service
Challenges and solutions
Sathya Narayana Panduranga
© 2010 Ariba, Inc. All rights reserved. The contents of this document are confidential and proprietary information of Ariba, Inc.
- 2. The hype…
Ariba puts cloud at center of five-year vision
Forrester's Advice to CFOs: Embrace Cloud
Computing to Cut Costs
Gartner Sees Great SAAS Enterprise App Growth
Despite Downturn
Venture capitalists eye SaaS companies
Google Versus Microsoft: The Fight for the Future
of Cloud Computing
Salesforce.com Unveils Force.com Cloud
Computing Architecture
Oracle CEO Larry Ellison Spits on Cloud
Computing Hype
2 © 2010 Ariba, Inc. All rights reserved. The contents of this document are confidential and proprietary information of Ariba, Inc.
- 3. What is SAAS (software as a service)?
Application Hosted as a Service (requires
no or few tech staff at customer premises)
The service is accessible over Internet
(Anywhere anytime)
Usually subscription based billing model
(pay as you go)
Centralized software updates
No up-front cost (CapEx) to customers
Most successful ones use Cloud Computing
infrastructure
3 © 2010 Ariba, Inc. All rights reserved. The contents of this document are confidential and proprietary information of Ariba, Inc.
- 4. Opportunities
Ability to target global markets
Ability to serve the long tail
Can offer ‘try before you buy’ to attract
customers
Can build software on preferred platform /
technology stack
Version management hassles are reduced
Software upgrades and fixes need not be a
nightmare to you or your customers
4 © 2010 Ariba, Inc. All rights reserved. The contents of this document are confidential and proprietary information of Ariba, Inc.
- 5. Architectural Challenges
Scalability (remember, the world is our
market place)
Resource usage should be frugal
Resource usage should increase predictably
with load
Application architecture should support scaling
out
High Availability (reliability)
Fault tolerance (Recoverability from failure)
Graceful degradation under load
True multi-tenancy
5 © 2010 Ariba, Inc. All rights reserved. The contents of this document are confidential and proprietary information of Ariba, Inc.
- 6. Architecture challenges continued…
Application Responsiveness (Latency)
Improve user experience through thicker client
Parallelize computationally intensive processing
Reduce data latency by querying/updating
smaller sets
Manageability (deployment & monitoring)
Centralized deployment/node management
Failure detection and mitigation
Diagnostics
6 © 2010 Ariba, Inc. All rights reserved. The contents of this document are confidential and proprietary information of Ariba, Inc.
- 7. Architecture challenges continued…
Security
Intrusion prevention
Web App Security
Data security
Multi-tenancy (customizability)
User interface
Work flows
Data model
Authentication
7 © 2010 Ariba, Inc. All rights reserved. The contents of this document are confidential and proprietary information of Ariba, Inc.
- 8. Lessons learnt by the SaaS providers over the
years…
No single magic bullet (approach) to solving all the challenges.
8 © 2010 Ariba, Inc. All rights reserved. The contents of this document are confidential and proprietary information of Ariba, Inc.
- 9. Use component based architectures
Advantages:
Modularity
Loose coupling
Program to an interface
Easier to maintain and scale
9 © 2010 Ariba, Inc. All rights reserved. The contents of this document are confidential and proprietary information of Ariba, Inc.
- 10. Partition Database
Functional segmentation
Example: Items data separate from User data
Horizontal split
Example: Segment data based on range of a primary
access key (customer id 1-10000 separate from 10001-
20000)
Abstract segmentation logic from business logic
through an intermediate layer (Data access layer)
Advantages:
Each module can scale independently
Can isolate failures
Can use inexpensive hardware for modules with lighter
load
Security vulnerability can be isolated
10 © 2010 Ariba, Inc. All rights reserved. The contents of this document are confidential and proprietary information of Ariba, Inc.
- 11. Segment 1 Segment 1
backup
App Server
Comp 1 Segment 2 Segment 2
DAL
backup
Comp 2
Segment 3 Segment 3
backup
Data Partitioning illustration
11 © 2010 Ariba, Inc. All rights reserved. The contents of this document are confidential and proprietary information of Ariba, Inc.
- 12. Minimize DB Transactions
No all-encompassing/distributed
transactions
Auto-commit for most DB writes
Complex DB operations to be done through
PL/SQL at the DB layer
Advantages
Avoids wait-on-locks
Maximizes update performance
DB connections can be multiplexed leading to
better application performance
12 © 2010 Ariba, Inc. All rights reserved. The contents of this document are confidential and proprietary information of Ariba, Inc.
- 13. Partition Application modules
Segment application based on modules
Example: search deployed independently from
inventory
Segment application horizontally
Example: base services, business logic and Web
UI deployed independently
Advantages:
Modules can scale independently
Standard load balancers can be used between
modules
Minimizes resource dependencies
13 © 2010 Ariba, Inc. All rights reserved. The contents of this document are confidential and proprietary information of Ariba, Inc.
- 14. Little or no session state in web application
Session state is memory consuming
Session affinity needs to be taken care of in the
load balancer
Transient session state can be maintained through
a combination of cookies and in-memory database
Example MemCached (see next slide)
If session state is maintained, cleanup frequently
and as early as possible
Advantages:
Allows clean modular segmentation
Higher scalability
Help user move easily between independently deployed
applications (Ex: search to inventory)
14 © 2010 Ariba, Inc. All rights reserved. The contents of this document are confidential and proprietary information of Ariba, Inc.
- 15. MemCached illustration
Memory cache shared and
addressable from
distributed servers
Advantages
Expanded memory
Data can be stored and
accessed from any server
(including non
participating ones)
Fault tolerance (if one or
more servers fail, very less
impact)
Users include Wikipedia,
Flickr, Twitter,
LiveJournal, YouTube etc.
15 © 2010 Ariba, Inc. All rights reserved. The contents of this document are confidential and proprietary information of Ariba, Inc.
- 16. Move as much processing as possible to
asynchronous flows
Integrate disparate components asynchronously
Requires Message Queue infrastructure (JMS, Websphere MQ etc)
Programming models: Point-to-point, Publish-subscribe
Example (P2P):
Catalog search request is posted in the queue by the web application to the search
component.
Search request is processed by the search component in the order it arrived
The results are posted back to the queue or a temporary table
Web application displays this result upon refresh
Example (PubSub): Addition of a new catalog item triggers and event.
Subscribers of the event asynchronously take care of
Rebuilding search index.
Logging the activity
Advantages:
Graceful degradation upon load
Can decouple availability state
Can retry operations
16 © 2010 Ariba, Inc. All rights reserved. The contents of this document are confidential and proprietary information of Ariba, Inc.
- 17. Point to point
Search UI Search Engine
Req
Queue Messaging
Id: 1
Term: xyz
Res Models
Queue
Search Engine
illustration
Search UI
Publish-Subscribe
Add item
Catalog UI Catalog
Publish
Event: Add
Index Builder Activity
Logger
Subscribers
17 © 2010 Ariba, Inc. All rights reserved. The contents of this document are confidential and proprietary information of Ariba, Inc.
- 18. Scheduled batch processing
Move infrequent, periodic or scheduled
processing out of the application flow
For example:
Rebuilding search indices
Purging deleted items from the catalog
18 © 2010 Ariba, Inc. All rights reserved. The contents of this document are confidential and proprietary information of Ariba, Inc.
- 19. Adaptive configuration
System should be able to adapt to changing
load, processing time etc
Can change the number of nodes, processor
threads …
Load can be measured using message queue
length or average query execution times …
19 © 2010 Ariba, Inc. All rights reserved. The contents of this document are confidential and proprietary information of Ariba, Inc.
- 20. Failure detection
Central LAM (logs, alarms and metrics)
collection
Actively (if possible asynchronously) log
requests, application activity and
exceptions
Real time application performance
monitoring and alerts management
Buffered disc writes will allow the LAM to
scale
20 © 2010 Ariba, Inc. All rights reserved. The contents of this document are confidential and proprietary information of Ariba, Inc.
- 21. Failure mitigation
Assume everything will fail (network, disc, database, message
queue, nodes, third party services)
Detect failure at the earliest and raise alarm
Try to recover from failure and retry finite number of times
Log everything (application activity, data size, exception)
Application operations should always timeout and raise
alerts
Example: search query didn’t return results for 5 seconds
should
• timeout
• raise an alarm
• Try backup resource
21 © 2010 Ariba, Inc. All rights reserved. The contents of this document are confidential and proprietary information of Ariba, Inc.
- 22. Have roll-out and roll-back plans
One deployment will affect everyone
Make sure that every change made during
roll-out can be rolled back
Have a roll-back plan so that the
application can be brought back to the
previous deployment state easily
Have feature level switches to turn on/off
Can be a face saver
22 © 2010 Ariba, Inc. All rights reserved. The contents of this document are confidential and proprietary information of Ariba, Inc.
- 23. Multi-tenancy support (Customizability)
Support URL based/URL parameter based
UI style customization
In addition, time-zone, language and user agent
can be detected and used for customization
Support plug-in based architecture to
customize complex processing logic and
custom authentication support
Support for mixed mode DB schema for
customizability
mostly the same DB schema for everyone +
custom tables for the ones who want to
customize
23 © 2010 Ariba, Inc. All rights reserved. The contents of this document are confidential and proprietary information of Ariba, Inc.
- 24. Build with security in mind
Strong input validation on client and server side
Detect SQL/Javascript injection patterns
(signature) for better security
Throttle connect requests from the same IP
address to prevent denial-of service attacks
Escape data output to prevent Javascript injection
Access to database should not be allowed from
outside
Use SSL to communicate between different
components over the network
24 © 2010 Ariba, Inc. All rights reserved. The contents of this document are confidential and proprietary information of Ariba, Inc.
- 25. Test for security: Web App
Vulnerability Analysis tools
Example: Google SkipFish
tool for testing
SQL injection
Shell command injection
Javascript injection
Integer overflow
XSS (cross site scripting)
Denial of service attack
25 © 2010 Ariba, Inc. All rights reserved. The contents of this document are confidential and proprietary information of Ariba, Inc.
- 26. In addition……..
Simplified provisioning and self-service
drives down costs
Usability will make or break the product
Users are touchy about security and
privacy
Scalability separates the wheat from the
chaff
Customers look to reduce the cost of
operations through SaaS
Customizability increases the chances for
success
26 © 2010 Ariba, Inc. All rights reserved. The contents of this document are confidential and proprietary information of Ariba, Inc.
- 27. Using Cloud Computing Infrastructure
27 © 2010 Ariba, Inc. All rights reserved. The contents of this document are confidential and proprietary information of Ariba, Inc.
- 28. What is Cloud Computing
Computing using cloud infrastructure
(Potentially unlimited) pool of computing
resources offered by a vendor typically
using a subscription model for each unit of
resource
Virtualized infrastructure
Shared, multi-tenant environment
28 © 2010 Ariba, Inc. All rights reserved. The contents of this document are confidential and proprietary information of Ariba, Inc.
- 29. The evolution…
29 © 2010 Ariba, Inc. All rights reserved. The contents of this document are confidential and proprietary information of Ariba, Inc.
- 30. Cloud Computing Platforms
(or IaaS / PaaS)
Microsoft Windows Azure Services
Amazon EC2 (Elastic Computing Cloud), S3
(Simple Storage Service)
Salesforce’ Force.com cloud
Google’s App Engine
IBM Blue Cloud
VMware vCloud Express
Your own…..
30 © 2010 Ariba, Inc. All rights reserved. The contents of this document are confidential and proprietary information of Ariba, Inc.
- 31. Using cloud-computing for Scaling
Dynamically scale up/down the number of
instances
Based on load
Based on required parallelism (to get things done faster)
31 © 2010 Ariba, Inc. All rights reserved. The contents of this document are confidential and proprietary information of Ariba, Inc.
- 32. For High Performance Computing (parallel
processing)
Popular algorithm Map-Reduce
Popular platforms: Apache Hadoop,
Amazon Elastic map-reduce
32 © 2010 Ariba, Inc. All rights reserved. The contents of this document are confidential and proprietary information of Ariba, Inc.
- 33. For Storage
Dynamically scale the size of data-store
Distributed databases (NOSQL) can be
used for high update frequency. Popular
one: Cassandra (used by Facebook)
33 © 2010 Ariba, Inc. All rights reserved. The contents of this document are confidential and proprietary information of Ariba, Inc.
- 34. Takeaways
SAAS requires:
Scalability
Multi-tenancy
High-availability
Responsiveness
Fault-tolerance
Security
Manageability
Cost-effectiveness
34 © 2010 Ariba, Inc. All rights reserved. The contents of this document are confidential and proprietary information of Ariba, Inc.
- 35. Questions
35 © 2010 Ariba, Inc. All rights reserved. The contents of this document are confidential and proprietary information of Ariba, Inc.
- 36. © 2010 Ariba, Inc. All rights reserved. The contents of this document are confidential and proprietary information of Ariba, Inc.