Software as a Service
-
Upload
spanduranga -
Category
Technology
-
view
159 -
download
4
description
Transcript of Software as a Service
© 2010 Ariba, Inc. All rights reserved. The contents of this document are confidential and proprietary information of Ariba, Inc.
Software as a ServiceChallenges and solutions
Sathya Narayana Panduranga
© 2010 Ariba, Inc. All rights reserved. The contents of this document are confidential and proprietary information of Ariba, Inc. 2
The hype…
Ariba puts cloud at center of five-year vision
Forrester's Advice to CFOs: Embrace Cloud Computing to Cut Costs
Gartner Sees Great SAAS Enterprise App Growth Despite Downturn
Venture capitalists eye SaaS companies Google Versus Microsoft: The Fight for
the Future of Cloud Computing Salesforce.com Unveils Force.com Cloud
Computing Architecture Oracle CEO Larry Ellison Spits on Cloud
Computing Hype
© 2010 Ariba, Inc. All rights reserved. The contents of this document are confidential and proprietary information of Ariba, Inc. 3
What is SAAS (software as a service)?
Application Hosted as a Service (requires no or few tech staff at customer premises)
The service is accessible over Internet (Anywhere anytime)
Usually subscription based billing model (pay as you go)
Centralized software updates No up-front cost (CapEx) to customers Most successful ones use Cloud
Computing infrastructure
© 2010 Ariba, Inc. All rights reserved. The contents of this document are confidential and proprietary information of Ariba, Inc. 4
Opportunities
Ability to target global markets Ability to serve the long tail Can offer ‘try before you buy’ to attract
customers Can build software on preferred platform
/ technology stack Version management hassles are
reduced Software upgrades and fixes need not
be a nightmare to you or your customers
© 2010 Ariba, Inc. All rights reserved. The contents of this document are confidential and proprietary information of Ariba, Inc. 5
Architectural Challenges
Scalability (remember, the world is our market place) Resource usage should be frugal Resource usage should increase predictably
with load Application architecture should support
scaling out High Availability (reliability)
Fault tolerance (Recoverability from failure) Graceful degradation under load True multi-tenancy
© 2010 Ariba, Inc. All rights reserved. The contents of this document are confidential and proprietary information of Ariba, Inc. 6
Architecture challenges continued…
Application Responsiveness (Latency) Improve user experience through thicker
client Parallelize computationally intensive
processing Reduce data latency by querying/updating
smaller sets
Manageability (deployment & monitoring) Centralized deployment/node management Failure detection and mitigation Diagnostics
© 2010 Ariba, Inc. All rights reserved. The contents of this document are confidential and proprietary information of Ariba, Inc. 7
Architecture challenges continued…
Security Intrusion prevention Web App Security Data security
Multi-tenancy (customizability) User interface Work flows Data model Authentication
© 2010 Ariba, Inc. All rights reserved. The contents of this document are confidential and proprietary information of Ariba, Inc. 8
Lessons learnt by the SaaS providers over the years…
No single magic bullet (approach) to solving all the challenges.
© 2010 Ariba, Inc. All rights reserved. The contents of this document are confidential and proprietary information of Ariba, Inc. 9
Use component based architectures
Advantages:ModularityLoose couplingProgram to an interfaceEasier to maintain and scale
© 2010 Ariba, Inc. All rights reserved. The contents of this document are confidential and proprietary information of Ariba, Inc. 10
Partition Database
Functional segmentation Example: Items data separate from User data
Horizontal split Example: Segment data based on range of a primary
access key (customer id 1-10000 separate from 10001-20000)
Abstract segmentation logic from business logic through an intermediate layer (Data access layer)
Advantages: Each module can scale independently Can isolate failures Can use inexpensive hardware for modules with
lighter load Security vulnerability can be isolated
© 2010 Ariba, Inc. All rights reserved. The contents of this document are confidential and proprietary information of Ariba, Inc. 11
Segment 1
Segment 2
Segment 3
DAL
Segment 1 backup
Segment 2backup
Segment 3backup
App Server
Comp 1
Comp 2
Data Partitioning illustration
© 2010 Ariba, Inc. All rights reserved. The contents of this document are confidential and proprietary information of Ariba, Inc. 12
Minimize DB Transactions
No all-encompassing/distributed transactions
Auto-commit for most DB writes Complex DB operations to be done
through PL/SQL at the DB layer Advantages
Avoids wait-on-locks Maximizes update performance DB connections can be multiplexed leading
to better application performance
© 2010 Ariba, Inc. All rights reserved. The contents of this document are confidential and proprietary information of Ariba, Inc. 13
Partition Application modules
Segment application based on modules Example: search deployed independently
from inventory Segment application horizontally
Example: base services, business logic and Web UI deployed independently
Advantages: Modules can scale independently Standard load balancers can be used
between modules Minimizes resource dependencies
© 2010 Ariba, Inc. All rights reserved. The contents of this document are confidential and proprietary information of Ariba, Inc. 14
Little or no session state in web application
Session state is memory consuming Session affinity needs to be taken care of in
the load balancer Transient session state can be maintained
through a combination of cookies and in-memory database Example MemCached (see next slide)
If session state is maintained, cleanup frequently and as early as possible
Advantages: Allows clean modular segmentation Higher scalability Help user move easily between independently
deployed applications (Ex: search to inventory)
© 2010 Ariba, Inc. All rights reserved. The contents of this document are confidential and proprietary information of Ariba, Inc. 15
MemCached illustration
Memory cache shared and addressable from distributed servers
Advantages Expanded memory Data can be stored and accessed from any server
(including non participating ones) Fault tolerance (if one or more servers fail, very less
impact)
Users include Wikipedia, Flickr, Twitter, LiveJournal, YouTube etc.
© 2010 Ariba, Inc. All rights reserved. The contents of this document are confidential and proprietary information of Ariba, Inc. 16
Move as much processing as possible to asynchronous flows Integrate disparate components asynchronously Requires Message Queue infrastructure (JMS, Websphere MQ etc) Programming models: Point-to-point, Publish-subscribe
Example (P2P): Catalog search request is posted in the queue by the web application to the
search component. Search request is processed by the search component in the order it arrived The results are posted back to the queue or a temporary table Web application displays this result upon refresh
Example (PubSub): Addition of a new catalog item triggers and event. Subscribers of the event asynchronously take care of Rebuilding search index. Logging the activity
Advantages: Graceful degradation upon load Can decouple availability state Can retry operations
© 2010 Ariba, Inc. All rights reserved. The contents of this document are confidential and proprietary information of Ariba, Inc. 17
Search UI Search Engine
Search UISearch Engine
Req Queue
Res Queue
Id: 1Term: xyz
CatalogCatalog UIAdd item
Index Builder Activity Logger
PublishEvent: Add
Subscribers
Point to point
Publish-Subscribe
Messaging
Models
illustration
© 2010 Ariba, Inc. All rights reserved. The contents of this document are confidential and proprietary information of Ariba, Inc. 18
Scheduled batch processing
Move infrequent, periodic or scheduled processing out of the application flow
For example: Rebuilding search indices Purging deleted items from the catalog
© 2010 Ariba, Inc. All rights reserved. The contents of this document are confidential and proprietary information of Ariba, Inc. 19
Adaptive configuration
System should be able to adapt to changing load, processing time etc
Can change the number of nodes, processor threads …
Load can be measured using message queue length or average query execution times …
© 2010 Ariba, Inc. All rights reserved. The contents of this document are confidential and proprietary information of Ariba, Inc. 20
Failure detection
Central LAM (logs, alarms and metrics) collection
Actively (if possible asynchronously) log requests, application activity and exceptions
Real time application performance monitoring and alerts management
Buffered disc writes will allow the LAM to scale
© 2010 Ariba, Inc. All rights reserved. The contents of this document are confidential and proprietary information of Ariba, Inc. 21
Failure mitigation
Assume everything will fail (network, disc, database, message queue, nodes, third party services)
Detect failure at the earliest and raise alarm Try to recover from failure and retry finite number of
times Log everything (application activity, data size,
exception) Application operations should always timeout and raise
alerts Example: search query didn’t return results for 5 seconds
should • timeout• raise an alarm• Try backup resource
© 2010 Ariba, Inc. All rights reserved. The contents of this document are confidential and proprietary information of Ariba, Inc. 22
Have roll-out and roll-back plans
One deployment will affect everyone Make sure that every change made
during roll-out can be rolled back Have a roll-back plan so that the
application can be brought back to the previous deployment state easily
Have feature level switches to turn on/off Can be a face saver
© 2010 Ariba, Inc. All rights reserved. The contents of this document are confidential and proprietary information of Ariba, Inc. 23
Multi-tenancy support (Customizability)
Support URL based/URL parameter based UI style customization In addition, time-zone, language and user
agent can be detected and used for customization
Support plug-in based architecture to customize complex processing logic and custom authentication support
Support for mixed mode DB schema for customizability mostly the same DB schema for everyone +
custom tables for the ones who want to customize
© 2010 Ariba, Inc. All rights reserved. The contents of this document are confidential and proprietary information of Ariba, Inc. 24
Build with security in mind
Strong input validation on client and server side
Detect SQL/Javascript injection patterns (signature) for better security
Throttle connect requests from the same IP address to prevent denial-of service attacks
Escape data output to prevent Javascript injection
Access to database should not be allowed from outside
Use SSL to communicate between different components over the network
© 2010 Ariba, Inc. All rights reserved. The contents of this document are confidential and proprietary information of Ariba, Inc. 25
Test for security: Web App Vulnerability Analysis tools
Example: Google SkipFish tool for testing
SQL injection Shell command injection Javascript injection Integer overflow XSS (cross site scripting) Denial of service attack
© 2010 Ariba, Inc. All rights reserved. The contents of this document are confidential and proprietary information of Ariba, Inc. 26
In addition……..
Simplified provisioning and self-service drives down costs
Usability will make or break the product Users are touchy about security and
privacy Scalability separates the wheat from the
chaff Customers look to reduce the cost of
operations through SaaS Customizability increases the chances
for success
© 2010 Ariba, Inc. All rights reserved. The contents of this document are confidential and proprietary information of Ariba, Inc. 27
Using Cloud Computing Infrastructure
© 2010 Ariba, Inc. All rights reserved. The contents of this document are confidential and proprietary information of Ariba, Inc. 28
What is Cloud Computing
Computing using cloud infrastructure (Potentially unlimited) pool of
computing resources offered by a vendor typically using a subscription model for each unit of resource
Virtualized infrastructure Shared, multi-tenant environment
© 2010 Ariba, Inc. All rights reserved. The contents of this document are confidential and proprietary information of Ariba, Inc. 29
The evolution…
© 2010 Ariba, Inc. All rights reserved. The contents of this document are confidential and proprietary information of Ariba, Inc. 30
Cloud Computing Platforms (or IaaS / PaaS)
Microsoft Windows Azure Services Amazon EC2 (Elastic Computing Cloud),
S3 (Simple Storage Service) Salesforce’ Force.com cloud Google’s App Engine IBM Blue Cloud VMware vCloud Express Your own…..
© 2010 Ariba, Inc. All rights reserved. The contents of this document are confidential and proprietary information of Ariba, Inc. 31
Using cloud-computing for Scaling
Dynamically scale up/down the number of instances Based on load Based on required parallelism (to get things done
faster)
© 2010 Ariba, Inc. All rights reserved. The contents of this document are confidential and proprietary information of Ariba, Inc. 32
For High Performance Computing (parallel processing)
Popular algorithm Map-Reduce Popular platforms: Apache Hadoop,
Amazon Elastic map-reduce
© 2010 Ariba, Inc. All rights reserved. The contents of this document are confidential and proprietary information of Ariba, Inc. 33
For Storage
Dynamically scale the size of data-store Distributed databases (NOSQL) can be
used for high update frequency. Popular one: Cassandra (used by Facebook)
© 2010 Ariba, Inc. All rights reserved. The contents of this document are confidential and proprietary information of Ariba, Inc. 34
Takeaways
SAAS requires: Scalability Multi-tenancy High-availability Responsiveness Fault-tolerance Security Manageability Cost-effectiveness
© 2010 Ariba, Inc. All rights reserved. The contents of this document are confidential and proprietary information of Ariba, Inc. 35
Questions
© 2010 Ariba, Inc. All rights reserved. The contents of this document are confidential and proprietary information of Ariba, Inc.