I think a lot of well established design patterns also fit into the SaaS mold. I agree SaaS and SOA do have a lot in common. When you say design patterns if you mean code level patterns and concepts then most of the distributed application patterns of the last decade or more are still quite valid. Data Transfer Object, Query Object, Value Object, Unit of Work. I’d check out Martin Fowler’s excellent Patterns of Enterprise Application Architecture (Addison Wesley Professional) and also Integration Patterns by the same publisher. In fact some of the ideas that would make my list go way back and include such basic concepts as Separation of Concerns. I’d still check out anything Fowler is saying on the subject though, the man is a genius.

posted August 4, 2008

A more important question to ask is:
Is this particular vendor's offering open and published or is it closed and proprietary, thus locking me into their grip and being a slave to their whims?
SOA has good design patterns to apply that do not suffer from vendor lock-in and a vendors horrible track record of honoring their partners, their customers, security, good design, open patterns that are open to review and improvement, and overall competing by merit. This particular vendor rarely innovates, they legislate and a professional with wisdom takes note of this.
PHB's being so prevalent, this vendor would not be where they are today if some down home good judgment and proper discernment were applied.
I invite you to take the professional challenge and look past a particular vendor's offering and look at what the trend of the industry is moving towards.
Don't let the fox advise you on how to build the chicken coop.

posted August 4, 2008

http://www.requestfill.com/article.php?article=119

By CSS Corp

Links:

• http://www.requestfill.com/article.php?article=119

posted August 4, 2008

I still see confusion between SAAS and SOA (Service Oriented Architecture). Amazingly same sort of confusion was around between SOA and Web Service, thankfully we don't read that from experts now.

SOA is a design approach for creating loosely coupled, interoperable, scalable and reusable software components. SAAS is a software delivery method, client can either acquire the software and operate within its infrastructure or you can host the software in your own data center and client purchases access for seats or named users. As a matter of fact webmail is the most successful and prominent example of SAAS. I believe Salesforce.com set the path to the term SAAS, offering an enterprise application as a service.

When it comes to considerations:
1. Scalability: SAAS offerings should be able to respond to high concurrent demand. Recently Apple's Me.com fiasco is a good example of importance of factoring scalability into any SAAS offering.
2. Security: Most large organizations avoid SAAS pointing to security considerations. Regulatory requirements for archiving ,recovery , audit trail (Sarbane-Oxley) or need for high level of confidentiality as in the case of HIPAA regulations are both weaknesses and opportunities in SAAS offerings.
3. APIs : Any ambitious SAAS project should count for a good API support. Enterprise applications do need to exchange information, support import and export functions. Both Google Apps and Salesforce.com offer API for their clients.

posted August 4, 2008

SAAS has unique challenges in three areas.

1) security, provisioning, and billing.
2) session management.
3) asynchronous communication.

Below I have suggested three patterns, one for each item in the list above, that can perhaps serve as a good place to start.


Message Interceptor Gateway- perhaps implemented with an ESB like ALESB or Mule.
advantages
- authorization based provisioning of services. Useful if for instance if you want to provide Gold Silver and Platinum level of services.
- back office replication. If the software that implements the core functionality is not inherently clusterable like, for instance, a J2EE applications, it may be necessary to partition your users across multiple installations. As an example an accounting application that stores user information in a proprietary database may require this kind of back office replication.
- standards based security and authorization.
- unified error handling

Prototype - Depending on your application of course, you may see requirements for caching of session data that are very different from what one would see in other web services. Consider using one of the open source or commercial COTS products for implementing the cache.
advantages
- If the service in implemented in a legacy application that was not built to scale to the number of customers you anticipate, the prototype pattern can be used to reduce the load on the legacy application.
-If your service is a composite of multiple services, the retrieval logic can be centralized using the Prototype pattern.

BPM- ( well not really patterns) need to handle Synch-to-Asynch Async-to-Syc Split-Join,Parallel-Split SLA...
advantages
If your service in implemented by multiple software components and you need to support scenarios with long running transactions, I would highly recommend looking into the rich set of design patterns associated with BPM. Consider using products like Aqualogic BPM or JBOSS jBPM or if the scenarios are minimal you can use an ESB such as ALESB or Mule.

posted August 6, 2008

Dear James,

I have gone through similar phase, I can provide you list of considerations we got to think of when writing application for SAAS.

Here are they:

Design and Architecture
• Generic Architecture (must be capable of leveraging several tenants with different level of agendas).
• SOA
• RIA (Rich Internet Application) User Interaction: AJAX (XML/JSON and JavaScript) or Flash or Silverlight
• User Interaction 2: Ease of use and flexible way of managing stuff over the web via Intuitive user interfaces
• Use of Implicit and Explicit Caching
• Fault Tolerant Infrastructure (Automatically switching up to Self Stabilizing and balancing mode in case of chaos detection)
• Environment Centric Design (Rather than old days of Write Once, Run Everywhere, you can utilize full power of infrastructure and platform, Write Once for your environment, Vendor's Choice, be SAAS and then you don't need to run it anywhere else)
• Plug in Play Architecture allowing Service Upgrades, Hot Deployment of Patches and Service Upgrades in seamless manner.
• Built-in BI Modules, not just for vendor but also making it available at user level (charts, reports and analytics)
• Mashups

Tenancy Model
• Ad Hoc/Custom - Separate Customization on Separate Instance per Tenant
• Separate Instance per Tenant but with Shared Customization among all Instances
• Single Instance - Multiple Tenants
• Multiple Instances (for Scaling up via Load Balancers) - Multiple Tenants
• Level of Customization (Data, UI, Processes/Workflows, Business Rules, Schema, Extending Schema, Change of Logic)
• Calculation of Monetization according to chosen tenancy Model

Scale
• Load Balancing Multiple Servers
• GRID Architecture/ Distributed Computing guaranteeing nearly 0% downtime (using Low-cost commodity servers)
• Virtualization and Provisioning
• Cloud Computing using existing Infra Structures such as Amazon/Google Web Services
• Automated Load Testing to test the model on multi-tenancy, and multiple users per tenant, and Benchmarking according to standards

Data Store
• Data Redundancy and Recovery (Multiple Backups, same information at more than two places and automatic failover for recovery within seconds)
• Data Retrieval Performance (i.e. Google BigTable, Amazon S3)
• Data Storage Scaling (Array of Disks can be treated like Disk Group when there is Virtualization layer on it)
• Database Grid (Data Clusters over several Servers, Distributed infrastructure)
• Data Restoring, strategy to restore data for one customer, without impacting others
• Moveable Tablespaces
• Data Partitioning (maintaining large datasets with performance, data can be partitioned wrt parent/child relationship, partitions can also be moved)
• Data Caching (such as Berkely DB acts as a cache to Oracle Database)

Security
• Multi-Tenancy with consideration of Data Privacy
• Data Encryption by Standards
• Multi-Token based Authentication (WS*) and Authorization (OAuth)
• User Tracking and Logging
• Field level security, roles provisioning and management
• Multi factor Authorization based upon roles over Datastore and Data Management
• Automated self service features such as Password Resets and Notifications
• Secure Cross domain Single SignOn Service
• Security Auditing and Monitoring Practices

Hope it's going to come helpful. Let me know if you need any more insight over anything mentioned, I would love to help you.

Regards,
- Ali Sohani
Project/ Product Development Manager - Visionet Systems inc.
Software Architect and Researcher on Cognitive Science - Nanosoft Systems

Links:

• http://www.oracle.com/technology/tech/saas/pdf/oracle%20saas%20platform%20t...
• http://download.microsoft.com/download/e/d/4/ed41f846-d18d-47b7-a232-4e679b...
• http://ic.infusionangels.com/Archives%20PowerPoint/SaaS%20Software%20as%20a...

posted August 8, 2008

James

Some thoughts on your query. I must say a good one also...

0. Overall design paradigm for multi company
1. Transaction Security
2. Transaction Audit
3. Transaction Handling
4. Transaction Monitoring
5. Database storage
6. Usage metrics
7. SLA management
8. Application administration
9. Application Maintenance
10. Scalability
11. Database design - optimization
12. Customization to base application
13. Application configuration
14. Integration framework
15. Load Testing
16. Data privacy & compliance
17. Database backup
18. Clustering application
19. DB redundancy

I am sure i have missed some more..

Shyam

posted 9 months ago

Hi James,

You have got excellent responses. You may also to read an article "Architectural manifesto: An introduction to the possibilities (and risks) of cloud computing", which appeared recently on IBM DeveloperWorks. (Link listed below.)

Best Regards,

Mohan Bavirisetty

Links:

• http://www.ibm.com/developerworks/library/ar-archman10/?S_TACT=105AGX01&S_C...

posted 9 months ago

There is a lot of misconception of what SOA is and what SaaS is.
First SaaS is *not* an MS implementation, although Microsoft (MS) does have SaaS modelings.

Second. SOA isn't a pattern. SOA refers to your app being a Service that other applications can connect to. (And again this is an oversimplification.) People have put forth frameworks and patterns to define how they application should communicate as a service, however *you can* have an SOA that doesn't follow a strict pattern.

Patterns are nice because if you follow a pattern it makes it easier to support and integrate, however, do not confuse patters with the underlying concept of SOA and SaaS.

SaaS is exactly what it says 'Software as a Service'. In its truest form is that it refers to hosting an application as a service that you can charge for, rather than bringing the software in house where you have to maintain the software.

A good example of this is Salesforce.com where you have a CRM system that you pay for as a service and you do not own the software, nor the hardware.

If you want to consider SaaS as a business model, then you have a couple of considerations that you may not have if you were designing the application for 'in-house' use.

Primarily you would have to add on more security and audit capabilities and of course a billing module.

I don't know if this is answering your question directly, but you have to define by what you mean as SOA. Too many people are caught up in the 'patterns' or framework definitions as SOA when they are reflective of an implementation.

I have written SOAs prior to when the term SOA was coined and used wide stream.

posted 5 months ago

James:

Traditionally, deploying large-scale business-critical software systems, such as ERP and CRM application suites, has been a major undertaking. Deploying these systems across a large enterprise can cost hundreds of thousands of dollars in upfront licensing cost, and usually requires an army of IT personnel and consultants to customize and integrate it with the organization's other systems and data.

The time, staff, and budget requirements of a deployment of this magnitude represent a significant risk for an organization of any size, and often puts such software out of the reach of smaller organizations that would otherwise be able to derive from it a great deal of utility.

The on-demand delivery model changes some of this. SaaS applications don't require the deployment of a large infrastructure at the client's location, which eliminates or drastically reduces the upfront commitment of resources.

With no significant initial investment to amortize, an enterprise that deploys a SaaS application that turns out to produce disappointing results can walk away and pursue a different direction, without having to abandon an expensive on-premise infrastructure.

Additionally, if custom integration is not required, SaaS applications can be planned and executed with minimal effort and roll-out activities, creating one of the shortest time-to-value intervals possible for a major IT investment. This has also made it possible for a number of SaaS vendors to offer risk-free (and often literally free) "test drives" of their software for a limited period, such as 30 days. Giving prospective customers a chance to try the software before they buy it helps eliminate much of the risk surrounding software purchase.

If you need some consultants to provide a good drill down on your questions I can provide some contacts at Manhattan Associates. Keep in mind Scability, Security & the Apps., protocall.

Best Regards,



Bill Stankiewicz

Vice President and General Manager

Shippers Warehouse of Georgia

Office: 678-364-3475

Williams@shipperswarehouse.com

http://www.linkedin.com/in/billstankiewicz2006

http://www.slideshare.net/BillStankiewicz.

Sustainable Consumer Packaged Goods member

CPG Branding and Forum Member

P Please consider the environment before printing this e-mail

“Change doesn't start on the surface. It's generated from consciousness.”
Deepak Chopra

posted 5 months ago