The term ISV refers to expanding sales channels by moving a solution configured on-premises to the cloud. In other words, ISV on the Cloud is equivalent to creating SaaS.
Software as a Service (SaaS) is licensed and centrally hosted on a subscription basis, rather than the traditional all-in-one licensing method of selling solutions. This form can be a delivery model for many business applications, including ERP and messaging software, management software, virtualization, and more.
Early Internet-based software had features similar to on-premises applications, unlike SaaS applications. Since the software was originally built as a single-tenant application, it had limited data sharing capabilities. However, SaaS applications contain a number of features that make them competitive compared to on-premises applications, and they can all be configured as single-instance, multi-tenant architectures.
SaaS providers centrally host applications and data. Patches, extensions, and upgrades are operated transparently in the application environment, and business users do not feel any inconvenience when using them. This SaaS provider also provides an OpenAPI to allow business users to extend its functionality easily. Business users can customize SaaS functions to fit their business form through OpenAPI.
First, it can be said that migrating existing on-premises applications to SaaS is the evolution of applications to cloud-native. The following considerations are necessary to use cloud services with many advantages properly.
Many companies still use a monolithic architecture approach. Even monolithic applications can be built, patched, or changed without affecting the overall application by tiering them to a 3-tier, etc.
Unless you plan to create a large production environment, we recommend a monolithic approach that is easy to develop and manage. However, this architecture is difficult to change, so if scaling or a lot of change is expected, you should choose microservices architecture.
Microservices architecture breaks down services into units to create independent and isolated processes and architectures; each service can be developed, deployed, tested, and patched independently.
You can also focus each microservice on a single business offering. Streaming services are the most successful microservices architecture. Netflix uses various microservices for billing, analyzing your watch history for movie recommendations, identifying devices to optimize your viewing experience, and adding copyright notices to all your files. Netflix has even made their process open-source, explaining how they develop and operate, making it easy for other companies to run microservices.
Microservices allow multiple teams to manage independent services coded in different languages and deployed on different infrastructures. For this reason, microservices architecture allows for scalability, CI/CD operations, and troubleshooting without disrupting the entire service to change or troubleshoot the application.
Enterprise users running SaaS solutions can manage these applications themselves and do not need to hire experts. It should also allow operators to customize the SaaS solution according to their needs without writing any code.
SaaS provides an easy-to-use API in its architecture to give users more flexibility in customizing the platform. Also, you must provide a manual to use this API. You can get more value from your SaaS architecture by integrating third-party tools you already use or want to use.
Multi-tenant architecture allows efficient use of resources when multiple users run the application.
If you have heavy users whose workloads take up most of their resources, these users can degrade the user experience of other tenants in a multi-tenant environment.
Monitoring and logging systems must be configured so resources can be controlled in the SaaS environment before such a situation occurs.
Most enterprises choose an on-premises architecture because they are concerned about the security of their data. Data security is one of the most expensive areas for businesses to invest in with a number of recent incidents. We must provide a tight service to protect this data.
Making role-based access control (RBAC) a key component of your SaaS architecture can help increase data security. RBAC can be used as a feature to prevent other users from accessing and changing data that is not directly related to their role in the organization.
If you're delivering applications for a specific industry, you need to build SaaS applications with out-of-the-box compliance. Compliance varies by industry, but policies, such as the General Data Protection Regulation (GDPR), apply across the board.
When we configure our applications, we must choose an infrastructure that considers compliance, including GDPR.
If business applications are innovated with SaaS, our business channels can become closer to customer contact points compared to the existing single offline channels. We need to be able to scale the environment of SaaS as applications grow in popularity.
This requires designing SaaS architecture to auto scale easily and handle increasing loads without compromising performance. You can achieve this by ensuring that your SaaS architecture supports seamless horizontal and vertical scaling.
We need to configure a SaaS solution with high availability. SaaS users have very little tolerance for service downtime. We need to know that prolonged service outages reduce customer satisfaction, resulting in loss of customers, business, and competitive advantage.
We need to have a multiplexed configuration at the network, instance, and database levels to achieve this high availability.
Transforming applications to SaaS means changing our business model to subscription or pay-as-you-go.
We need to drill down into monitoring and logging systems for our resources to understand how much our customers are using our applications. In addition, if you anticipate the time when customer access will increase rapidly and prepare for expansion in advance, you can enhance the quality of service.
Since applications configured in the existing on-premises environment communicate data through a private network, there is no need to worry about network quality.
However, many factors will increase network latency when the service is configured in the cloud environment, such as communication with the main server, communication with the DR server, and the connection of overseas users.
We must consider accelerating network communication to improve the quality of service.
Alibaba Cloud provides various services to satisfy the SaaS architecture requirements above.
The Alibaba Cloud services described in the section above enable you to transform your on-premises applications to SaaS cost-effectively, securely, and easily. An example architecture is shown below:
The service logic expressed in the architecture above is divided into a total of five. You can refer to the explanation of why the service is arranged in the form below.
The first thing to consider when migrating an on-premises application to the cloud is the migration of the application itself. In the cloud environment, we already have everything of an environment where a company loses, and we can select a service according to the type of service.
1) Public Subnet (NAT and SLB)
Most enterprise environments are configured in closed-network environments. Subnets can be divided so that a closed network can be maintained even in a cloud environment. In this environment, you need a module that requires an Internet connection or a service that acts as an ingress router that allows customers to connect to the server.
In such a limited network environment, we can configure an architecture that can satisfy scalability and security by using NAT and SLB services to help connect to the public network.
2) Function Compute
Sometimes, when we configure microservices, we run services (login, logout, etc.) that do not need to maintain the server 24/7 among modules. In such a case, you can consider implementing a Serverless service.
We can implement Serverless easily using Function Compute (FC). This service can increase customer scalability and cost-effectiveness.
3) ACK and ASK
Among the many applications implemented recently, most of the modules that value scalability are implemented as a container environment. Alibaba Cloud ACK provides a Kubernetes environment that can manage containers efficiently. We can configure ACK using various types of instances, such as CPU, GPU, and High Memory.
If the application has the most suitable architecture for a legacy environment that is not a Serverless or container environment, you can consider moving to the instance environment as is.
Alibaba Cloud provides the fastest and highest SLA virtual machine in the ECS instance environment to perform cost-effective instance migration.
The most difficult part of moving legacy applications to the cloud is data migration. Alibaba Cloud provides a variety of DBMS and storage services for each data type. This way, migration can be performed more easily without major data changes.
1) Polar DB / RDS
A relational database is the most common database for managing data of service applications provided by enterprises. The same relational database has a different data structure depending on the type of vendor/open-source project. For this reason, the migration of databases is considered the most difficult migration process.
Alibaba Cloud provides a variety of commonly used RDBMS-based services and a migration service that helps you perform data migration easier and faster.
We can perform the data transfer without issues using these services.
2) OSS / NAS
Enterprise SaaS applications need to consider the process of storing data efficiently. In addition, a storage configuration suitable for the form, such as a data lake or shared storage, is required based on the properties in which data is stored.
In this case, we can use OSS and NAS as a representative of Alibaba Cloud's various storage services. OSS provides object storage, allowing you to store and utilize various data cost-effectively, such as object storage and file system. In addition, if you need shared storage, you can use NAS with network and storage optimization to store and utilize data faster.
We only need to consider the North-South bound network when configuring our application in the legacy environment. However, when an application moves to a cloud environment, all internal communication (East-West bound) must be taken into account.
We can solve network issues that occur in various types of channels by using the following network services of Alibaba Cloud:
If the service provided mainly provides large-capacity content (photos, pictures, and videos), network delays for customers will be fatal to the business. The most needed service in these cases is the CDN.
Alibaba Cloud CDN is cost-effective and has the advantage of DCDN, which can handle static and dynamic content. Alibaba Cloud also has the most CDN PoPs in Asia, allowing large content delivery to customers faster.
2) Global Accelerator
Cross-border data communication must be considered when customers with overseas offices use our SaaS. In particular, public networks between China and South Korea can incur a lot of latency and jitter. In this case, data communication can be performed faster and more reliably using Alibaba Cloud Global Accelerator.
3) API Gateway
We discussed the need to provide an API for customer-specific customization of SaaS in the steps above. Management is required for this open API.
We can use the API Gateway service to manage our APIs. API Gateway can manage versions and permissions for APIs and monitor all traffic.
If an enterprise wants to access a secure protected environment (VPC), it is necessary to use a protected network rather than a public network. In addition, the isolated private network must decide whether to access or not according to the role of the operator.
We can connect these cases with a VPN service. A VPN service allows you to connect to a more secure VPC, increasing the security of your operations.
5) Express Connect
In some ISV applications, only the clients are deployed to the cloud, and the main servers are kept in the local IDC. From this point of view, reliable and fast communication is essential for client-server data communication.
We can use Express Connect in these cases. If you use Express Connect, you can construct a stable and fast network using the dedicated line provided by Alibaba Cloud without building an expensive dedicated line.
There are various ways to configure DR in the enterprise, such as hot, warm, and cold forms. In particular, DR in the cloud environment consists of logic that synchronizes data and service sinks by connecting the production VPC and the DR VPC through a private network.
You can use the CEN service to configure a network between different VPCs as a private network.
One of the easiest benefits of moving our applications to the cloud is the integration of security-related services. Security is the area where we spend the most money in an on-premises environment. The initial investment can be reduced significantly by replacing this large-scale security with cloud services.
1) Anti-DDoS, WAF, and Cloud Firewall
When our applications are moved to the cloud, the first security consideration to consider is network-related security enhancements.
Anti-DDoS, Alibaba Cloud's network security service, defends against DDoS attacks from around the world effectively. Security attacks at the application layer can be defended using bots in WAF, and attacks at the network layer can be defended using Cloud Firewall. We can use these three services to keep our SaaS safe.
2) Security Center
Security Center is a centralized security management system that dynamically identifies and analyzes security threats and generates alerts when threats are detected. Security Center provides several features to ensure the security of cloud resources and servers in your data center. Features include ransomware protection, antivirus, web tamper protection, container image scanning, and compliance scanning. This enables you to automate security operations, response and threat tracking, and meet compliance requirements.
3) SSL Certification
If it is a service that provides web-based SaaS, it is necessary to configure the HTTPS protocol. The HTTPS protocol must be managed by SSL Certificate. You can use Alibaba Cloud's SSL Certification service to manage these SSL certificates.
RAM allows you to create and manage accounts and grant different privileges to a single account or group. This way, you can grant different identity access to different Alibaba Cloud resources. This service allows us to perform RBAC-based user account and service management.
This article discussed the services and architecture of Alibaba Cloud that can help you create a legacy application ISV on the cloud, such as configuring SaaS.
These services enable us to transform our business cost-effectively, quickly, and safely when migrating our applications to the cloud.
If you have any questions about this architecture or would like any consulting, please send an e-mail to email@example.com.
Rupal_Click2Cloud - July 27, 2021
JJ Lim - December 31, 2021
Alibaba Cloud Community - January 7, 2022
ApsaraDB - November 17, 2020
Alibaba Clouder - October 29, 2018
OpenAnolis - July 8, 2022
Make identity management a painless experience and eliminate Identity SilosLearn More
A convenient and secure cloud-based Desktop-as-a-Service (DaaS) solutionLearn More
BaaS provides an enterprise-level platform service based on leading blockchain technologies, which helps you build a trusted cloud infrastructure.Learn More
A fully-managed Apache Kafka service to help you quickly build data pipelines for your big data analytics.Learn More
More Posts by JJ Lim