Multi-tenant

UNIT4 Agresso Sparks a Debate Over Multi-tenant SaaS

 

Looking Beyond The Label to The Real Value Add

On June 28, 2012, UNIT4, a global enterprise software provider, sparked a debate by announcing that its Agresso Business World ERP has been accredited by Technology Evaluation Centers (TEC) as “reinventing cloud multi-tenancy.” UNIT4 has broken free from the traditional multi-tenant model of housing all clients’ data in a shared database, partitioned for privacy and security. While all clients share a single instance of the software, each has its own database. The debate? Is this non-traditional approach really multi-tenant? In the world of enterprise applications labels have become important because unless you can check the right boxes, you don’t get invited to the party. But a word of caution: Look beyond the label to the real value delivered.

Understanding the Labels

There is still much confusion over cloud and Software as a Service (SaaS) delivery models and much of this confusion is regarding the issue and definition of multi-tenancy. Some industry observers make it a prerequisite for “true SaaS.” Others put further restrictions on it and create their own brand of SaaS.

Cloud versus SaaS

Many use the terms “cloud” and “SaaS” interchangeably, but there are some important differences. The National Institute of Standards and Technology (NIST) is often quoted as an authority on such definitions. NIST defines cloud computing as:

“…a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources—for example, networks, servers, storage, applications and services—that can be rapidly provisioned and released with minimal management effort or service provider interaction.”

It goes on to describe five essential characteristics, three service models, and four deployment models. SaaS is one of the service models (the deployment models are private, community, public and hybrid.) NIST’s Cloud Computing Synopsis and Recommendations goes on (for 81 pages) to describe many different facets of cloud, but it is clear that cloud and SaaS are not synonymous or interchangeable.

For our purposes here, let’s simplify the distinction between cloud and SaaS in the context of enterprise applications:

  • Cloud refers to access to computing, software, storage of data over a network (generally the Internet.) You may have purchased a license for the software and installed it on your own computers or those owned and managed by another company, but your access is through the Internet and therefore through the “cloud,” whether private or public or any flavor in between.
  • SaaS is exactly what is implied by the acronym. Software is delivered only as a service. It is not delivered on a CD or other media to be loaded on your own (or another’s) computer. It is accessed over the Internet and is generally paid for on a subscription basis. It does not reside on your computers at all.

All SaaS is cloud computing, but not all cloud computing is SaaS.

Multi-tenancy

Some industry observers would have you believe that enterprise applications must be multi-tenant in order to qualify as SaaS or even cloud computing. Some refer to NIST to support that belief. Indeed one of NIST’s five essential characteristics of cloud computing is resource pooling.

The provider’s computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand.”

Those insisting on multi-tenancy make the assumption that the application and the database must be among those pooled resources. But NIST doesn’t even list the application in its examples of pooled resources. NIST does list as examples: storage, processing, memory, and network bandwidth. Storage of course could be interpreted as the database, but it also could be interpreted to be the storage devices housing the database(s). So NIST doesn’t insist on the application (or the database) being shared among multiple tenants in order to be considered either cloud computing or SaaS.  But in order to be multi-tenant, there does need to be some resource pooling.

While definitions might vary, Mint Jutras has always distinguished between multi-tenant and single-tenant (also referred to as multi-instance) as follows:

  • Multi-tenant SaaS: Multiple companies use the same instance of hosted software; configuration settings, company and role-based access personalize business processes and protect data security.
  • Single-tenant (or Multi-instance) SaaS: Each company is given its own instance of the (hosted) software, but may share common services, such as an integration platform, and security.

The Debate

Indeed the debate over multi-tenancy seems to be fueled entirely by industry observers and the solution providers. In fact some vendors keep the debate going by accusing other vendors of offering “false cloud” solutions. Their definition of a “false cloud” seems to be any cloud offering that is delivered differently than their own. As with other technology-based debates, end users (those actually subscribing to SaaS solutions), especially line of business executives, often don’t understand the difference between multi- and single-tenancy and don’t seem to care. But they do care about the value delivered by the different options.

Up until now UNIT4 has not actively engaged in this debate, preferring instead to focus entirely on what it feels is the model that delivers the most value to its customers. However, with this announcement, it finds itself squarely in the middle of it whether it wants to be or not.

The Value of Multi-tenancy

So what is the added value delivered through multi-tenancy? The value to the solution provider is clear. It is far easier and more cost-effective to manage one version of the software, rather than a separate instance for each customer. Presumably the added efficiency allows the solution provider to focus more resources on improving the technology and developing more features and functions, which directly benefits its customers. That translates to more frequent and more robust updates, hopefully as “opt-in” enhancements. After all, the customer may not be ready to consume the new features on the same timetable as they are delivered.

Of course simply because the solution provider offers a multi-tenant solution doesn’t guarantee updates will be either more frequent or more robust. Those offering both SaaS and on-premise solutions (and this includes UNIT4) also need to be cognizant of the clients that manage their own upgrade process.

Is there a perceived downside to multi-tenancy? Yes, there can be. The Mint Jutras 2011 Enterprise Resource Planning (ERP) Solution Study explored both the appeal of SaaS ERP as well as concerns over this deployment option.

While the upgrade process is viewed by many on the plus side of the SaaS equation (48% see reduced cost and effort of upgrades and 39% value more leading edge technology through more frequent updates), some actually view it negatively. Twenty-six percent (26%) of respondents expressed the concern that they were losing control. Indeed in a multi-tenant environment, the customer typically has little control over the timing of the upgrades. However is there really a negative impact? If the solution provider bears the burden of the effort associated with upgrading and innovation is delivered in such a way that the customer may optionally choose to take advantage of an enhancement – or not – then there is no down-side and a lot of up-side.

In many cases “We want to control our own upgrade process” actually translates to “We don’t have time” or “We don’t want the disruption of an upgrade.” And yet by not keeping current on the latest release of the software you are essentially letting your maintenance dollars go to waste.

Of course in a SaaS environment, those would be your subscription dollars. Even though upgrades at first might feel like a forced march, that forced march is actually good for you. All bug fixes and regulatory requirements are in place. When you are ready to turn on the new functionality, it will be there. So the combination of frequent updates and this “opt in” capability is an important characteristic by which you should evaluate potential solutions.

The perception of the need for customization may also cause companies to shy away from a multi-tenant environment. In fact 25% of our survey respondents indicated the requirement for heavy customization would prevent them from considering SaaS altogether. Yet there are many different ways of “customizing” a solution today and not all of them involve source code changes or present barriers to a multi-tenant SaaS solution.

This is where Agresso Business World’s Vita architecture comes in. UNIT4 specifically targets what it calls Businesses Living IN Change (BLINC) by designing its solution to enable those organizations to embrace change simply, quickly and cost-effectively. This means adapting the solution without the kind of source code changes that can be troublesome in a multi-tenant environment. The Vita architecture dynamically couples data, business processes and the delivery methodology to move forward in lockstep even if the very structure of the organization changes resulting from merger and acquisition, restructuring, new or changed business processes, compliance requirements or financial management driven change.

But what about the database?

Notice the Mint Jutras definition of multi-tenant does not reference the database at all, even though traditionally most solution providers offering multi-tenant solutions co-mingle multiple clients’ data in a single, partitioned database. But the real value of this is not in the co-mingling of the data but in having a single definition of the structure of the data. In this way, the single instance of the software can always find the data it is looking for in the same way.

Think about it like floors in a hotel. The layout is and configuration of rooms is the same from floor to floor. The bathrooms are always located in the same spot and laid out the same way so that the plumbing can run in a straight line through the various floors. The same is true for the heating and air conditioning. This makes for easier maintenance as well. But each room is separate and secured from all the other rooms, not just with a partition, but also with a locked door.

Each Agresso Business World SaaS client has its own database, separate and secure, but all share the same definition and structure. This creates the benefit of portability and security without compromising the multi-tenant advantage of a single instance of the software. The issue of portability becomes important in the event a client decides to move from a SaaS deployment to on-premise.

But security is an issue all by itself. The Mint Jutras ERP Solution Study confirmed that security is still the top concern in considering a SaaS deployment option. Mint Jutras would agree that every company implementing any enterprise application, and especially those including the financial system of record for the business, should be concerned about security. But everyone should be concerned over security, regardless of deployment option.

Many assume an on-premise solution is inherently more secure than a cloud-based SaaS solution. But is it? Unless your data center is completely contained with no possibility of access from outside the four walls of your building you could be vulnerable to unauthorized access. That means no VPN access. It means no external consultant or guest ever connects his or her laptop to your network. It means no laptop ever leaves the building to be potentially connected to any other network, then brought back and connected to yours. There aren’t too many installations, if any, like this in the world today.

So would you rather secure your own data, or have a company whose livelihood and very existence depends on security, one that has passed a SAS 70II audit, secure it?

Furthermore, recent news suggesting that more than 236,000 LinkedIn passwords may have been compromised reminds us that even the most highly visible and tightly secured cloud based data can be vulnerable. A report from the Privacy Rights Clearinghouse (PRC) notes 535 breaches during 2011, involving 30.4 million sensitive records. Records leaked may have contained information such as Social Security numbers, financial account numbers, driver’s license numbers and medical information.

So if these kinds of security breaches are possible, which is a safer environment? One in which a thief needs only hack into a single partitioned database to have access to the data of potentially thousands companies? Or one in which a thief would have to hack into thousands of individual databases?

Conclusions and Key Takeaways

The debate over true SaaS and multi-tenancy is likely to continue as long as solution providers offer different flavors and various industry observers form different opinions. If you simplify the definitions of cloud and SaaS, as well as those of multi-tenancy and single-tenancy you find many of the arguments about what is “true” SaaS disappear.

However there are some real benefits to a multi-tenant environment, benefits UNIT4’s approach with Agresso Business World takes advantage of. The rewards of multi-tenancy are in the ability to manage shared resources in an efficient and cost effective manner, particularly when these efficiencies result in more frequent and robust enhancements. These advantages are not compromised by allowing each SaaS client its own database, providing the definition and structure remains consistent. And in doing so, portability and security is enhanced.

Tagged , , , , , , , ,