A software provider wanted to develop a customizable health care information management system that could be installed on-premise or provided as software as a service (SaaS). The solution involved a master module handling security and subscriptions that could create "tenants" or "orgs" for each customer. Customized modules could be added separately to each org. The system was designed using service-oriented architecture and a service broker to allow independent modules to share information without being directly connected. The authorization system used access control lists and user groups to manage permissions for different features across customers.

1. Health Care Information system
Introduction
A software solutions provider in health care sector wanted to develop an information management
system which could be provided as on premise installation as well as on SaaS model. The system had to
be easily customizable with the capability of adding modules in a plug-and-play manner as well as set
access to features for each end customer. While the client had conceptualized the system quite well they
lacked the technical skills, or a technology partner, to convert the concept into a robust architecture and a
functioning system.
Objectives
 Deploy on premise as well as provide on SaaS model as required by end customer
 Allow turning modules on or off based on subscription
 Customize modules for particular customers based on their specific needs
 Capability to add custom modules so that they can be seamlessly integrated
 Create a central database of master data that can be shared across modules and customers
 Capability to integrate with external systems
Challenges
 Design system administration so that it is simple enough for on-premise installation yet can handle
requirements of a SaaS model
 Share data and control across modules which are built independently
 Create an authorization system which can allow for different sets of security needs for each customer
 Multi-tenant behavior needed
 Provide data isolation so that one customer’s data does not “cross talk” with others
 Management and maintenance for SaaS model

2. Solution
The solution designed for this application had a master module common to all customers which handled
security and subscription information. From this module system administrators can create multiple
“tenants” or the software to provide a virtually separate and independent environment called “org” for
each customer. The modules subscribed by customer could be added to these orgs separately for each
customer. Separate customized or completely new code bases could be easily deployed at system level
and added to org level by system administrators. Predefined configuration scripts were created to
generate this configuration quickly and easily for on premise installations.
The system was designed on Service Oriented Architecture (SOA) to enable sharing or information
between independent modules. A service broker was created which worked as a mediator between these
independent components so they did not have to be aware of each other. This was specifically needed to
make the system plug-and-play so as to allow adding of any number of custom components as and when
needed.
The authorization system was designed with multiple layers. Access Control Lists (ACLs) could be created
for allowing access to features. Users and user groups can be assigned to these ACLs with applicable
permission of each user or user group. The ACLs can then be assigned to a feature to which authorization
rules have to be set. These way same ACLs can be assigned to multiple features making administration of
permission very quick and manageable.
Technology Stack
 ASP.NET 4.0 with C#
 Windows Communication Foundation (WCF)
 SQL Server 2012
 Telerik controls
 jQuery