IT@Intel White Paper

Intel Information Technology Cloud Computing October 2009

Architecting Software as a Service for the Enterprise

Executive Overview

The reference architecture As part of our cloud computing strategy, Intel IT has been opportunistically taking provides a proven template advantage of external offerings of software as a service (SaaS) applications. To solution that Intel SaaS project prepare for broader SaaS adoption, we designed a SaaS architecture that will teams can immediately apply to enable us to shift to a more strategic view and facilitate faster, more standardized specific implementation projects. implementations.

To create our architecture, we analyzed • A reference architecture providing a proven SaaS industry trends and scanned existing template solution that Intel SaaS project Intel SaaS implementations to gather best- teams can immediately apply to specific known methods and architectural techniques. implementation projects. We then extended existing enterprise The SaaS architecture promotes standardization application frameworks and architecture to and best practices. It defines the components create the elements that comprise the SaaS and capabilities required for deployment and architecture, including: a vocabulary for consistent communication Catherine Spence with SaaS providers. Our goal is to facilitate Enterprise Architect, Intel IT • A use-case model based on a typical scenario that requires back-end data a shift from organic growth to prescriptive deployment of SaaS applications at Intel, with Jason Devoys exchange between Intel and the greater consistency among implementations Enterprise Architect, Intel IT SaaS provider. and reduced implementation effort. • A conceptual architecture that provides Sudip Chahal a long-term view of all the components Principal Engineer, Intel IT required in a complete SaaS implementation. IT@Intel White Paper Architecting Software as a Service for the Enterprise

Contents BACKGROUND specialized point solutions: Expense reporting was an early example, and adoption has grown Cloud computing is an important Executive Overview...... 1 as we have continued to identify specialized trend that includes several categories Background solutions that make sense to outsource. We’ve ...... 2 of service, all offered on demand experienced accelerating growth of SaaS in the over the Internet in a pay-as-you-go SaaS Architecture ...... 3 last few years. Based on the success of these model. Software as a service (SaaS) Environmental Scan...... 3 solutions, we expect growth to continue. is one of these categories; others Use-Case Model...... 5 include platform as a service (PaaS) The opportunistic use of SaaS has yielded Conceptual Architecture...... 6 and infrastructure as a service (IaaS). benefits such as cost savings, improved agility, Reference Architecture ...... 8 See the sidebar “A Cloud Computing and faster time-to-market, as well as increased Conclusion...... 10 Taxonomy” on page 3 for more details. flexibility in scaling to support more users as necessary. It has also provided a venue for Contributors...... 10 Intel IT has defined an overall cloud experimenting with new capabilities. computing strategy based on growing the Acronyms...... 10 As our use of SaaS increases, we must be cloud from the inside out. We are developing able to scale the environment, be positioned a private internal cloud that will eventually to take advantage of standardization, and extend to, and support interoperability with, provide guidance to suppliers about how the Internet or external cloud. Over time, to integrate with enterprise applications. In this strategy will allow Intel to dynamically addition, future solutions will likely require transfer workloads in and out of the more frequent data exchange between Intel enterprise, taking into account considerations and our providers, with lower tolerance for such as cost, security, and compliance. failure. We also look to improve security and As we grow our internal cloud and determine manageability, which currently require a great how best to take advantage of the external deal of work, due diligence, and carefully cloud, we have also been opportunistically calculated risk. taking advantage of external SaaS offerings These requirements led us to develop a SaaS that deliver value such as increased agility architecture that will help us shift to a more and cost savings. strategic view of SaaS and enable faster, SaaS is the most mature category of cloud more standardized implementations. Using service, since it evolved from the application- the SaaS architecture, we can proactively service-provider model of software hosting. assess applications in our portfolio, exploring With SaaS, software applications are rented opportunities to simplify our environment, from a provider as opposed to purchased for gain faster access to new features, and IT@INTEL enterprise installation and deployment. reduce cost. IT@Intel is a resource that enables IT Intel has successfully used a variety of SaaS professionals, managers, and executives to engage with peers in the Intel IT applications. These typically have been organization—and with thousands of other industry IT leaders—so you can gain insights into the tools, methods, strategies, and best practices that are proving most successful in addressing today’s tough IT challenges. Visit us today at www.intel.com/IT or contact your local Intel representative if you’d like to learn more.

2 www.intel.com/IT Architecting Software as a Service for the Enterprise IT@Intel White Paper

SAAS ARCHITECTURE Intel SaaS project teams can immediately INTEL SAAS DEPLOYMENTS apply to specific implementation projects. Over time, Intel has experimented with or Our goal was to provide a proven deployed a variety of SaaS applications, template solution that comprehends the Environmental Scan including four of the five most widely used unique requirements of SaaS, defines the The environmental scan incorporated two SaaS categories: customer relationship components and capabilities required for activities. First, we examined industry trends. management (CRM), human resources deployment, and promotes consistent Second, we surveyed representative Intel management systems, collaboration, and communication with external solution SaaS deployments to gather architectural business expenses. providers. techniques and best-known methods. We surveyed 14 SaaS solutions that had We began by conducting an environmental been used at Intel. Of these, 11 were in INDUSTRY TRENDS scan of industry trends and existing production use: these included expense and Our examination of industry trends painted a Intel SaaS solution architecture. We then time-card tools, online learning, hiring tools, positive picture of SaaS, with a rich application developed a series of architectural elements. and health benefits. Table 1 summarizes the pipeline. Though the market is still relatively These included a use-case model and a characteristics of these applications. conceptual architecture that represent a small, it is expected to grow up to 40 percent Key findings of our survey included: long-term vision of the key capabilities annually; as a result, some analysts expect required in a complete SaaS offering. that one quarter of all business software Uses and benefits. Intel’s most successful Because not all of these capabilities are will be delivered using SaaS by 2011. In one SaaS projects have involved the delivery available today, we also developed a near- survey of organizations using SaaS, over of non-critical capabilities: commoditized term reference architecture based on 90 percent said they were satisfied. Many functions that do not contribute directly to existing enterprise application frameworks software suppliers are creating SaaS solutions Intel’s competitive advantage. The biggest and architecture. The reference architecture based on their traditional offerings; this will benefit has been that SaaS provides agility, provides a proven template solution that create additional outsourcing options. with fast access to new functionality.

Table 1. Characteristics of Software as a Service (SaaS) Applications in Use at Intel

Application Categories • Good candidates for SaaS are applications with industry-standard workflows, which do not involve intellectual property or sensitive data, such as human resources management, employee stock options, medical benefits, and expense reports.

Users • The number of users varies—from participants in a small pilot project to a majority of Intel employees for several applications. • About half of SaaS applications are used globally and half are specific to the United States.

Business Drivers • Agility and time to market. • Lower cost: No need to develop and maintain internal expertise for commoditized capabilities with industry-standard workflows.

Costing Model • Most applications use subscription licensing, with a fee paid at regular intervals—yearly, quarterly, monthly. • A few applications are priced per transaction.

Platform • In about 30 percent of cases, suppliers provide a dedicated hardware platform for Intel’s application; in the other 70 percent, the platform is shared. The application is typically not virtualized. • In about half of the cases, suppliers provide a dedicated application instance for Intel; the rest use a standard multi-tenant shared instance.

Disaster Recovery • There is a disaster recovery plan for most applications.

Security • All SaaS solutions have undergone a security risk assessment. Most data has a relatively low security rating. • Half of the SaaS applications use single sign-on (SSO); the rest use personal profiles. • Data may be encrypted in transit and at rest. Native Web applications use HTTPS/SSL to protect important data during transmission.

Monitoring • Typically, vendors monitor applications and infrastructure and send us selected or summary alerts.

www.intel.com/IT 3 IT@Intel White Paper Architecting Software as a Service for the Enterprise

We realized even more value when we outsourced the application-specific help A Cloud Computing desk along with the software. Taxonomy We have also benefited from the expertise To promote the use of common definitions, • Platform as a service (PaaS). of outsourcing suppliers, which has enabled Intel has developed a cloud computing On-demand software development us to focus internal resources on other more taxonomy. We referenced existing platforms. critical tasks. works of cloud taxonomy and used • Infrastructure as a service them as input to develop our own. The We have generally seen reduced costs (IaaS). On-demand computing taxonomy includes several established from using SaaS solutions—however cost infrastructure. categories of cloud computing service, has historically been a lower priority than as shown in Figure 1. • Cloud software. Unique purchased/ functionality. We like the ability to pay for packaged software used to build and Elements of the taxonomy include: only what we use, and we like solutions that run cloud services. could scale up and down based on demand. • Software as a service (SaaS). • Service as a service. Horizontal On-demand software applications. Users generally have reported good service that is subscribed to and With SaaS, software applications are experiences, especially in the areas of used as a component of SaaS, IaaS, rented from a provider as opposed usability and responsiveness. In some cases, or PaaS offerings. An example is a to purchasing them for enterprise billing service. users had difficulty distinguishing SaaS from installation and deployment. At the internally installed enterprise applications. • Cloud client. Client-centric services and top of the pyramid, this is the most We observed that Intel users are technically run-time software for cloud execution. mature category of cloud service; a savvy and like a self-service approach, so wide variety of applications are already they are comfortable with the SaaS model. available for enterprise use One innovative SaaS use has been to temporarily try new capabilities to inform our broader strategy and long-term plan. Cloud Client For example, we experimented with an

Software on-demand CRM product with the intent of as a Service meeting immediate internal demand while Platform as a Service we planned the deployment of an enterprise

Infrastructure CRM solution. When the product did not meet as a Service Intel’s needs, we were able to de-provision it Cloud Software Service as a Service quickly. This exercise provided insights that have influenced our current CRM direction. Figure 1. Intel adopted a cloud computing taxonomy using input from existing works. Integration. The business process, application, and data integration required depends on the extent to which a SaaS application is

4 www.intel.com/IT Architecting Software as a Service for the Enterprise IT@Intel White Paper

tightly coupled with the Intel environment. We we assign these security ratings relative to of data in contracts, including liability in the found that the key has been to evaluate the the sensitivity and importance of the data. event of legal action. intersection of each SaaS solution with our We requested evidence of protection level existing business processes, systems, and data. and encryption; with multi-tenant solutions, Use-Case Model we probed how suppliers separate Intel’s As part of our SaaS architecture, we defined Ideally, we want a good fit between a information from that of other companies. In a use-case model that shows how the SaaS application and our business process, some cases, we required a physical inspection system behaves from a user-centered design with minimal need for configuration or of the provider premises and employee perspective. Our model, shown in Figure 2, customization. Where changes are required, background checks. focuses primarily on IT-approved solutions for we have favored configuration of SaaS commoditized functions used by many Intel applications over customization, but we have Regulatory compliance. We identified a few employees, though there is enough flexibility customized software in some cases where it areas as important for regulatory compliance. in the model to include some cases in which is necessary to meet Intel business needs. We Employees’ personal data must be protected, an Intel department or end-user sources their gathered best practices for testing and for such as bank account information associated own solution. troubleshooting—which is challenging when with expense reports. We also need to help multiple parties, including an Internet service ensure intellectual property protection; for There are three types of primary SaaS user provider, are involved. example, we do not want to store sensitive roles within Intel. documents in the cloud for potential access Security. With our existing SaaS applications, • IT users. Primary IT user roles are by controlled countries. We have to comply we have adopted a comprehensive approach applications administrators and with local and national financial reporting to security. The rigor of our assessment was SaaS specialists. The administrator regulations. We explicitly defined jurisdiction based primarily on the security rating of data; is responsible for the decision to use

Decide SaaS Manage Users Intel SaaS Uses Specialist Set up Intel Agree Contract Service SaaS Provider IT Administrator Uses

Deliver Metrics Exchange Uses Set up Provider Data Service and Indicators Pay Usage

Deliver Audit Service Security Extends Uses Remove SaaS Request Service Meter Uses Manage Usage Versions

End User Consume Uses Manage Service Service Extends

Request Work Service Offline Removal

Figure 2. Software as a service (SaaS) architecture use-case model.

www.intel.com/IT 5 IT@Intel White Paper Architecting Software as a Service for the Enterprise

SaaS for a particular application and for • Multi-tenant efficient. The design Intel’s data and user accounts are typically any integration work needed to deliver the should support multiple tenants using a hosted by the SaaS provider. We considered service within Intel. The SaaS specialist single instance of the application. The the following capabilities: is the technical resource who delivers data must be segregated for each tenant. • Identity and federation. Identity uniquely any personalization, programming, and • Configurable. The application can identifies a user or another entity such as customization for Intel. be configured to meet the needs of an Intel application or system. An example • End users. Primary end users are individual each tenant, using metadata and a is a user name. Federation describes the workers at Intel who use SaaS applications metadata execution engine—also known function of enabling users in one domain for job-related activities. Workers are located as a business rules engine. Routine to securely and seamlessly access data within the enterprise or connected to Intel configuration changes should be possible within another domain. while traveling or working from home. without the need to coordinate downtime • Authentication and single sign-on with other tenants. • SaaS provider. This is the external provider (SSO). The process of identifying an that delivers a software service over the • Scalable. Multi-tenant usage can result individual, usually based on a user name Internet to Intel. in millions of users. Applications should be and password. In the context of SaaS, this The model describes a typical SaaS solution designed from the ground up to scale up includes the ability to achieve SSO across in which back-end integration is required. It and scale out—and to be able to do this multiple cloud applications and services. dynamically, on demand. encompasses the entire service life cycle and • Authorization and role-based access includes use cases to define SaaS selection, control. After an identity has been SAAS CAPABILITIES initial setup at Intel and the SaaS provider, confirmed, authorization is the process Many capabilities make up the SaaS user consumption of the service, ongoing of giving individuals access to system conceptual architecture. We group these data exchange and administration, and objects based on their identities. Identities into presentation, security, application, service end of life. are usually assigned to roles for ease of operations, and infrastructure categories, as managing access. Conceptual Architecture shown in Figure 3. The following sections describe the most important capabilities. • Entitlement. The process of granting access The conceptual architecture is intended to a specific resource. Tenants are usually to represent a three- to five-year vision of Presentation responsible for maintaining their own user SaaS architecture, free of implementation This includes all capabilities exposed to the accounts using delegated administration. technology details, and to establish common user, such as: • Encryption. Data may need to be encrypted capability definitions. The conceptual in transit (between applications or between architecture depicts all the key capabilities • Menu and navigation. These provide the layers within an application) and at rest required in a complete SaaS offering, the access to the features and functionality (while stored). logical separation of capabilities into tiers, and within an application, organized in an the logical grouping of capabilities. We do not intuitive way so that the user can select • Regulatory controls. Tracking and expect that individual SaaS applications will the desired function. reporting who accessed what, when, necessarily include every capability described • Reporting. Application-specific predefined and why. It includes tracking access to in the conceptual architecture. or ad-hoc reports. application features and data, the security rating of the data, and the implementation KEY FEATURES Security of a data retention policy. It also includes A well-designed SaaS application has several Security is one of the most important identifying whether individuals are located key architectural features. It should be: categories of SaaS capabilities, given that in controlled countries.

6 www.intel.com/IT Architecting Software as a Service for the Enterprise IT@Intel White Paper

Presentation

Menu and User Display and Reporting Navigation Controls Rendering

Security Application Operations

Identity and Monitoring and Federation User Profile Workflow Alerting

Authentication and Notification and Exception Backup and Single Sign-on Subscription Handling Restore

Authorization and Metadata Execution Role-based Access Control Engine Orchestration Provisioning

Entitlement Metadata Data Configuration and Services Synchronization Customization

Performance and Encryption Messaging Availability

Regulatory Metering and Controls Indicators

Infrastructure Networking and Database Storage Compute Communications

Figure 3. Intel IT’s conceptual architecture for software as a service (SaaS) includes capabilities in five categories.

Application • Workflow. The defined series of user- Operations These represent the typical business layer or based tasks within a process to produce These are the capabilities needed to middle tier of a SaaS application: a final outcome. An example is creating a efficiently keep the SaaS application running: purchase order. • User profile. The attributes and • Monitoring and alerting. Polling application information that describe a user, such as • Exception handling. The process of components, services, and infrastructure to name, e-mail address, and role. raising and managing exceptions within an detect failures. On detection, an alert is sent application. This includes how application • Metadata execution engine. Statements to the appropriate support group. errors are exposed to the user and how that define or constrain some aspect • Performance and availability. Performance error messages are logged. of the business. They are intended to describes how the application performs assert business structure or to control or • Orchestration. The series of technical under load, both in terms of the number influence the behavior of the business. tasks performed within a process to of users and the transaction volume. In produce a final outcome. An example is an • Metadata services. Information about the context of SaaS, this should allow extract, transform, and load sequence to which data is contained and exposed applications to dynamically scale based move data between business applications. within an application and about how on runtime usage and demand. Availability content is organized. • Data synchronization. The capabilities is a measure of how much of the time for synchronizing data held within the the application is available to users and is application with external data. represented as a percentage.

www.intel.com/IT 7 IT@Intel White Paper Architecting Software as a Service for the Enterprise

• Metering and indicators. Tracking and between internal Intel systems and data stores Additional work is required to qualify an reporting items specifically related to the hosted by the SaaS provider—as their biggest externally hosted SaaS solution, so it is service-level agreement, such as usage, challenge. It’s important to keep this data important to identify whether SaaS is an availability, number of failures, and mean synchronized between internal and external option early in the life cycle of an application time to respond to and fix problems. systems, so data transfer may need to occur implementation project; the additional frequently, often on a scheduled basis. security review and requirements may affect Infrastructure the overall agility and viability of the project. The key challenge is locating the right The underlying technical capabilities version of the data, since data can be Intel’s security controls tend to be more required for storing data and moving it stored within the enterprise, in the cloud, mature than those of SaaS suppliers, around the network: or at both locations. Considerations include and we must consider complex legal and • Database. In a multi-tenant data architecture, finding the master copy of data, searching regulatory requirements. Providers must there could be one database per tenant or for data, and governance. be able to explain how jurisdiction of one database shared by multiple tenants data is maintained. Together with the Through our environmental scan, we discovered with the data indexed by a specific tenant provider, we must be prepared to respond that various tools and designs are used to identification. to e-Discovery and legal notices. We must exchange SaaS data today, with no common also address privacy concerns, comply with • Compute. The physical clients, servers, or architecture across all the implementations. export restrictions that cover access from virtual machines that execute code. This highlights the need to standardize on a controlled countries, be prepared to satisfy single data interchange reference architecture. Reference Architecture audit requirements, and understand how the We’ve identified two types of data The purpose of the reference architecture supplier verifies that old data is destroyed. interchange: asynchronous and synchronous. is to provide a proven template solution From our environmental scan of existing An asynchronous, or batch, interchange is that project teams can immediately apply deployments, we identified several other key typically used for back-end data exchange. For to specific application domains. Accordingly, elements needed for a successful project: example, a SaaS expense report application it includes only a subset of the capabilities needs to know about the management • Classification of the data by an IP attorney. described in the conceptual architecture structure to enable management approval of and is more near-term in nature—one to • Rigorous due diligence to help ensure the travel expenses. This requires employee data two years. The reference architecture also required controls are included in the contract. to be periodically copied from the enterprise provides a common vocabulary for discussing • Completion of an information security to the expense report application. implementations; one goal is to increase the risk assessment. commonality between them. In contrast, synchronous, or real-time, • Protection of data in transit and at rest. interchange involves data that is dynamically Figure 4, on the next page, shows the high- retrieved in real time directly from its • Making sure that suppliers provide level reference architecture for a typical SaaS source. Today, there is limited use of real- satisfactory disaster recovery and offering at Intel. It includes summary views of time exchange for enterprise data, but we business continuity plans. data interchange, manageability, and security anticipate increased use in the future. capabilities. We also developed more detailed For our users, it would be ideal to be able architecture designs for each of these areas; to achieve SSO or reduced sign-on to avoid SECURITY key aspects of these are summarized in the continually re-authenticating for each SaaS providers must comply with a number following sections. application. In the future, we’d like to see of security policies. We have done a good this implemented with a federated identity DATA INTERCHANGE job of assessing providers in advance of approach using tokens that the SaaS implementation to help ensure they meet Intel SaaS project teams cite data interchange— provider can decrypt and read. This would our requirements, but we will continue to moving employee data and other information enable users to log on to the Intel network move cautiously. and immediately have access to all their

8 www.intel.com/IT Architecting Software as a Service for the Enterprise IT@Intel White Paper

applications, without having to maintain Today, Intel users who are experiencing problems and certifications for use by service providers. individual profiles for each SaaS provider. typically call their local Intel service desk. It is then This will provide organizations consuming the support agent’s responsibility to escalate the SaaS applications with a common set of MANAGEABILITY issue to the SaaS provider’s service desk. metrics, which will eliminate many of the To date, automated manageability has not been initial validation steps currently required. As we prepare for wider deployment of more- a priority for us because we have had relatively critical applications, the ability to automatically How much manageability data we will require few applications and they have generally not acquire reliable and complete manageability from SaaS providers is still an open question. Our been business-critical. Intel relies largely on data will become increasingly important. goal is to minimize introspection into incidents, user feedback and SaaS provider data to help focusing more on application performance, ensure the providers are meeting contractual We plan to work with standards bodies to reliability, and common tracking of requirements. obligations and addressing inadequacies. develop verifiable manageability standards

External Cloud Data Sources

SaaS Application Validate User Push Data File Server • Features Workflow Engine Federation Service Desk Pull (SaaS Provider) Services (SaaS Provider) Create SaaS Provider File • Scheduling • Token Service • Ticket Ticket Support • Transform Management

Internet

Demilitarized Copy File Access Provision Communicate Zone (DMZ) Ticket Data Transfer • Transfer

Intranet Pull File Security Manageability Services Capability Copy Workflow Engine • Authentication File • Scheduling • Federation

Pull File Authenticate File Server Intel Data User Management Create Ticket • Transform Service Desk Configure View IT • Configure • Ticket Ticket Support Management Pull Data IT Intel Internal Administrator Applications

Data Sources

Data Interchange Security Manageability

Figure 4. Intel IT’s summary view of software as a service (SaaS) reference architecture.

www.intel.com/IT 9 IT@Intel White Paper Architecting Software as a Service for the Enterprise

CONCLUSION The architecture provides a critical level of consistency; building and deploying solutions CONTRIBUTORS The success of SaaS applications at that are similar in design enables Intel to Intel to date, together with our industry William Giard reuse capabilities and reduce the amount of analysis, suggests that adoption will Thiru Thangarathinam effort and time required for each project. continue to grow. Our goal is that our Jay Hahn-Steichen SaaS architecture enables Intel’s use of For the future, we are targeting governance Stacy Purcell SaaS to progress from organic growth and auditing as two areas for additional All members of the Intel IT SaaS team to prescriptive deployment, with the design consideration. Using our SaaS reference architecture helping to drive architecture as a guide, we will continue ACRONYMS consistent designs, quickly, for new to work with our suppliers to standardize SaaS projects. on capabilities that will enable faster and CRM customer relationship more cost-effective deployment of business management We are continuing to add to our architecture solutions that are easier to integrate, more IaaS infrastructure as a service capabilities for exchanging information, manageable, and highly secure. PaaS platform as a service managing solutions, and increasing security. SSO single sign-on SaaS software as a service

For more straight talk on current topics from Intel’s IT leaders, visit www.intel.com/it.

This paper is for informational purposes only. THIS DOCUMENT IS Intel and the Intel logo are trademarks of Intel Corporation in the U.S. and other PROVIDED “AS IS” WITH NO WARRANTIES WHATSOEVER, INCLUDING countries. ANY WARRANTY OF MERCHANTABILITY, NONINFRINGEMENT, FITNESS * Other names and brands may be claimed as the property of others. FOR ANY PARTICULAR PURPOSE, OR ANY WARRANTY OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. Intel Copyright © 2009 Intel Corporation. All rights reserved. disclaims all liability, including liability for infringement of any proprietary rights, relating to use of information in this specification. No license, express Printed in USA Please Recycle or implied, by estoppel or otherwise, to any intellectual property rights is 1009/KC/KC/PDF 322460-001US granted herein.