WHAT ARE THE CLOUD APPLICATION (SAAS) SERVICES ? Now a days the availability of reliable high speed broadband Internet access, service-oriented

architectures (SOAs), and the economic management of dedicated on-premises applications are

driving a transition toward the delivery of Cloud applications -

“Cloud applications or "Software as a Service (SaaS) applications deliver software as a service over the Internet,

eliminating the need to install and run the application on the customer's own computers and simplifying

maintenance and support, and equipped with decomposable applications , managed services , shared hardware /

software /admin resources and Web-based services”.

It’s a paradigm shift which imposes a new set of technical challenges. Existing application

frameworks are not designed and deployed to handle the SaaS challenges smoothly. This void leads

to new paradigm shift called platform as a service (PaaS) -

“Hosted application platforms are managed environments specifically designed to meet the unique challenges of

building Software as Service applications and deliver them more economically as compared to traditional

standalone deployments.”

DATA SECURITY - A MAJOR CONCERN FOR CLOUD APPLICATIONS

Trust, or lack of trust, is the number one factor blocking the adoption of SaaS. SaaS applications

provide customers with centralized, network-based access to data with much less overhead as

compared to using a locally-installed application.

In order to harness the power of SaaS, an enterprise must give up a level of control over its own data

and needs to trust the SaaS vendor to keep their data safe and away from snooping eyes.

To earn this trust, one of the highest priorities for prospective SaaS vendors is to create data architecture that should be -

• Robust and secure to satisfy tenants or clients data security needs, • Efficient and cost-effective to administer and maintain. • Highly manageable by implementing multi-tenancy and meta data driven architecture as

fundamental design approach Some obvious questions that arise are -

• Why multi-tenancy? • Why meta-data driven architectures are the premier choice for implementing multi-tenancy?

Cloud application services (SaaS) – Multi-Tenant Data Architecture

Shailesh Paliwal Infosys Technologies Limited

The paper starts with a generic discussion on the cloud application services and security concerns then expands the

concepts with 3 main data management approaches of multi-tenant data management. After that paper describes

reference architecture including standard cloud computing taxonomy for meta-data driven architecture approach and

a conceptual data model to support the architecture. At the end it incorporates a comparison between green field

application verses existing application migration assessment for target Software as a Service (SaaS) environment.

RATIONALE • The multi-tenancy architectural approach can benefit both application providers and users.

Operating just one application instance for multiple Enterprises yields tremendous cost benefits

for the provider as well as the tenants.

• Enterprises can customize an application as though they have their private application instance.

The application instance dynamically morphs for any particular tenant need.

• Instead of isolated silos of applications a multi-tenant application is one large community hosted

by the provider.

• There is much less development and maintenance cost due to just one platform (operating

system, database etc).

• Less administrative work and staff is needed for the shared hardware and software environment,

which leads to further cost savings.

• Tenants can operate in virtual isolation, by implementing virtualization.

• Because of a shared hardware and software stake, it is easy to manage the user access to various

applications and data, which leads to greater collaboration and integration with faster time to

market.

• Various sets of user population can provide feedback on application operations e.g query

responses , errors etc, which enables the provider to make improvements in common hardware

and software in order to benefit the entire user community at once.

• Some side benefits of multi-tenancy are quality services, user delight, and repeat business.

MULTI-TENANT DATA MANAGEMENT – 3 APPROACHES

The degree of isolation for a Software as a Service application can vary significantly depending on business requirements. There are three main approaches, each of which lies at a different location in the scale between isolation and sharing. Refer to Figure 1 below.

Figure.1. Multi-tenant Data management – 3 Approaches, each of which lies at a different location

in the scale between isolation and sharing

1. Separate DB : Least preferred as it is very much isolated and expensive

2. Shared DB – Separate Schema : Moderately preferred - it reduces the resource cost but with

a high maintenance cost

3. Shared DB – Shared Schema : Most preferred approach as DB and schema are shared – it reduces

the resource and maintenance cost by a large extent

MULTI-TENANT APPLICATIONS – CONCEPTS

DEFINITION

In order to achieve cost efficiencies in delivering same applications to various sets of users it is a vital

and obvious choice that an increasing number of applications are Multi-tenant instead of single-

tenant.

A Multi-tenant application should be able to satisfy the needs of multiple sub-organizations or sections

within the organization (multiple tenants), using the single, shared stake of software and hardware

resources and staff needed to manage (Figure 2).

Figure.2. A Multi-tenant application shares a single stack of resources both hardware and

software to cater multiple tenants (Organizations, sub-organizations , sections etc)

META-DATA-DRIVEN REFERENCE ARCHITECTURE

• A traditional static application is not capable of addressing unique challenges of multi-tenancy.

• A Multi-tenant application should be dynamic in nature, or polymorphic, to fulfill the specific

expectations of various tenants and their users.

• Application components need to be generated at runtime from meta-data—i.e. data about the

application itself.

• It should be a well-defined meta-data driven architecture (Figure. 3), with a separate component

for –

1. Runtime application data

2. Meta-data that describes the base functionality of an application

3. Meta-data that corresponds to each tenant specific data and customizations

• It enables the ability to independently update the core system, modify the core application, and

customize tenant-specific components with virtually no risk affecting others.

• In SaaS environments it’s a nightmare to manage a vast, frequently changing set of actual

database structures on behalf of each application and tenant. It is suggested to use “virtual”

database structures using a set of Meta-data, data, and pivot tables, as illustrated in Figure 4

below.

Figure.3. A virtual” database structures using a set of Meta-data, data, and pivot tables

CLOUD COMPUTING TAXONOMY FOR SAAS MODEL

Reference : The open group

The below Figure 4 shows the overall cloud computing taxonomy for SaaS Model. It covers horizontal

layers from Hardware, software, database, and application to the service provider layer and vertically

from service consumer, security, management to service developer layer.

Figure.4. SaaS Model Cloud Computing Taxonomy – Reference : The open group

META-DATA-DRIVEN REFERENCE DATA MODEL – CONCEPTUAL

As compared to managing a vast frequently changing set of actual database structures on behalf of

each application and tenant, it is advisable to manage “virtual” database structures using a set of

Meta-data, data, and pivot tables, as illustrated in Figure 5 below.

When tenants create custom application entities (i.e., custom tables), programmatically need to track

of Meta-data concerning the entities, their Attribute, relationships, and other entity definition

characteristics.

A few large database tables store the structured and unstructured data separately for all virtual

tables, and a set of related, specialized pivot tables in order to maintain data that makes the combined

data set fully functional.

Figure.5. Reference conceptual model consists of a set of Meta-data, data, and pivot tables that

allow for functional access to the actual data of “virtual” tables

GREEN FIELD SAAS IMPLEMENTATION VS EXISTING APPLICATION MIGRATION INTO

SAAS

Green Field SaaS implementation :

A Green Field SaaS implementation is comparatively simple and pretty straight forward as it requires

subscribing a new tenant or organization in SaaS application setup. SaaS Meta data driven reference

data model can support “N “number of tenants connected to a single SaaS application environment.

Existing application migration into SaaS :

An existing application migration into SaaS environment is not a simple task and requires a

comprehensive assessment for checking the feasibility of existing application migration into SaaS

multitenant application. Following the list of assessment suggested –

Application Assessment

Database - Degree of database extensibility in the AS IS application architecture.

GUI - Quality and degree of flexibility in the AS IS user interface.

Reporting - Evaluation of the quality and degree of flexibility in the reporting system.

Workflow - Does the existing application use workflow to enable customers to extend the functionality?

Usability – Predictability and ease of use of the existing Application.

Functionality - Size and complexity of the existing Application on S/M/E scale.

Customizable Business Logic – Are the customers enabled to add their own business logic in existing

system ?

Table.1. SaaS Multitenant application migration technical Assessment – Application

Operational Assessment

Architecture – AS IS architecture and gap analysis for migration to SaaS architecture.

Availability – Current SLAs for the existing application availability and any steps required to reach SaaS

minimum availability level of 99.9%.

Scalability - Scalability matrices of the existing application. Scalability targets in SaaS version of the

application.

Performance – AS IS performance SLAs and matrices (user response times) and the expected performance

SLAs and data centre transaction time in SaaS environment.

Security – Assessment of existing application security compliances targeting to the Internet based SaaS

application environment and Gap analysis.

Table.2. SaaS Multitenant application migration technical Assessment - Operational

SUMMARY This paper emphasizes the following -

• The Data Architecture of a SaaS application should be robust , secure, efficient , cost-effective and

highly manageable. Multi-tenancy and meta-data driven architecture for SaaS applications is the

way out and able to address these key issues.

• By using multi-tenant and meta-data driven architecture Tenants can operate in virtual isolation

and dynamically morph for their particular need.

• Operating just one application instance hosted on shared hardware for multiple Enterprises

yields tremendous cost benefits for the provider, less administrative work, less development cost,

greater collaboration and integration with faster time to market. At the end of the day it results in

quality services, user delight, and repeat business.

• The design approaches and reference Meta-driven data model for multi-tenant applications

discussed in this paper can assure relative data security and trust while using various

approaches. A “shared schema shared database” approach is important for the success of the

SaaS application.

• In SaaS environments it’s a nightmare to manage a vast, frequently changing set of actual

database structures on behalf of each application and tenant. It is suggested to use “virtual”

database structures using a set of Meta-data, data, and pivot tables.

• Existing application migration into SaaS as compared to Green Field SaaS implementation

imposes lots of challenges and is not a simple task. It requires a comprehensive assessment for

checking the feasibility of existing application migration into SaaS multi-tenant environments.

This paper also covers the detailed assessment parameters.

DISCLAIMER The author has taken great care while coming up with the contents of this paper, but any and all

responsibility for any loss, damage or destruction of data or any other property which may arise from

relying on the paper is explicitly disclaimed. The authors are not liable for monetary damages arising

from such loss, damage or destruction.

REFERENCES

MSDN - http://msdn.microsoft.com/ Sales force - http://www.salesforce.com/platform/ The Open Group - http://www.opengroup.org/

AUTHOR’S PROFILE

Shailesh Paliwal is a Senior Technology Architect at Infosys’s Cloud Unit. He has over 15 years of IT

experience articulating the next steps in the evolution of information technology toward strategic

business applications and services that deliver performance coupled with intelligence throughout

organizations. He has specialized expertise in the areas of Data and Information Architecture,

Database Design, Data warehouse design , Data Modeling, Dimension Modeling, NFR Validation,

Workload Modeling, Performance Tuning , Master Data Management and Business Intelligence.

He is a DAMA Certified Data Management Professional and TOGAF certified Enterprise Architect.

He can be contacted at shailesh_paliwal@infosys.com