Wednesday, January 28, 2009

Visibility and control over API use is crucial as enterprises ramp to SaaS and cloud models

Listen to the podcast. Download the podcast. Find it on iTunes and Podcast.com. Learn more. Sponsor: Sonoa Systems.

Read a full transcript of the discussion.

As established enterprise IT expectations meet up with cutting-edge cloud delivery models, there's a clear need for additional trust and maturity in order for enterprises to further adopt cloud-based services. Enterprise IT expectations on visibility, control, and security to software as a service (SaaS), and cloud-based applications delivery need tools that manage the applications use and the use patterns for providers.

This podcast examines how one SaaS provider, Innotas, has developed a more matured view into services operations and application programming interfaces (APIs) and how they can extend the benefits from that visibility to their customers. We'll hear how Innotas, an on-demand project portfolio management (PPM) service, derives more analytics from network activity and thereby provides mounting confidence in how services are performing.

To better understand how Innotas has better managed services based on service level agreements (SLAs) monitoring, I recently interviewed Tim Madewell, vice president of operations at Innotas, as well as Chet Kapoor, CEO of Sonoa Systems.

Here are some excerpts:
Innotas is an on-demand PPM solution. We focus on IT organizations and provide software access via a standard Web browser for managing projects, as well as non-project work within an IT department. ... One of our differentiators was that being on-demand and multi-tenant from day one enabled us to be one of the early adopters in the SaaS world and in subscription-based software.

We have seen how the attitude around SaaS has matured and evolved. SaaS has become more standard and available, and as the technology has matured, especially around security, the acceptance level for SaaS has improved. One of the things that benefit us is in focusing on IT. Typically this type of change in acceptance for software starts within the IT organization itself.

To be a business application in a SaaS model today means that you have to step up and be enterprise class. We look at ourselves as an extension of all of our customers' internal IT and operations groups and we need to live up to those same standards. ... Once we get past the initial security challenges, folks are very interested and concerned about reliability and performance.

When [applications were] traditionally inside your four walls, there was a greater sense of control. As soon as you step into the cloud or with any SaaS provider, some of the benefits and the value proposition is that they control it, they manage it for you, but you're giving up some control. Building that confidence and acceptance into the solution is important, and ties back to being enterprise class.

Sonoa helped me identify problems or potential problems earlier. When I turned up the ServiceNet product it decoupled the traffic from my Web users, my end-users, the traditional users from my back end, and from my API.

That visibility gave me some input into when my servers were getting hot or heating up. I was seeing a lot of activity and started to differentiate if this activity was generated through the front end or through the back end.

So, my immediate return was to give my operations team a solution and a tool that gives them better visibility and then to control some of that traffic on the back-end. ... With this visibility I'm able to put in some controls that will give me the ability to look at how I make more and better use of the capacity that I have today.

You always start by wanting to see the needle, because you can’t move the needle, if you don’t see it. ... I want to know who is using my service, what are they using it for, how long are they using it, things like that. You have to have visibility into the services you provide.

The next thing you say is, "Okay, now that I have visibility, I want to start putting in some security access control." ... And you want to start by saying, "I want to give priority access to priority customers." ... And, they want it to be available at a scale where all their customers are getting it.

We've been working with companies like Innotas to get them through this evolution. Some customers choose to get our technology in the form of appliances. Some of them do it in the form of software, as Tim has. And, some of our customers are choosing to get our technology right in the cloud itself where they do not have any data-center whatsoever.

The easier we can make it for enterprises to access the information for their composite applications through APIs, the more successful companies like Innotas are, and there is more adoption. IT and enterprises end up saving money.

We're very familiar with the different user types in an application. You may have view-only users, standard users, or power users. We can take the same view on the back end with Web-services. There are certainly different levels of users or different levels of service you could provide for users, depending on their needs. ... Now, I've got the ability to take a look at offering some tiered services or tailoring my back-end user type and then tying that to my revenue model.

[Enterprise] customers will write applications or custom applications, where they probably want to use Oracle or SAP inside the firewall and maybe have another custom application of some sort, Innotas or Salesforce.com or whatever -- outside. They want to write a composite application, a mashup, or whatever you decide to call it, and they want all these different services.

A critical need that we find is that customers start to get nervous. It's not so much with the Innotases of the world, because they are fairly secure. They run like an enterprise application, but it’s available in the cloud. It happens when you start using things like Amazon Elastic Compute Cloud (EC2), and people are starting to put custom applications there. ... They probably do it in a very hybrid model because I don’t think on-premise computing is going away.

What we’re finding is there is a need for a way to govern what goes on outside the enterprise. Govern could be a fairly heavy word, so let me be more specific. You want to have visibility into, how many accounts I have at EC2, for example. ... They want to have some visibility into what is happening with the cloud. Then, as they get more visibility, they want to see if they are paying extra for SLAs and how the SLAs are being mapped.

The second aspect of this is that it's probably a new revenue stream for Web 2.0 and SaaS companies, as well as enterprises. They've maximized or have worked very hard on their channels, whether user access or a browser-based channel. Now, they have an opportunity to go after a different set of folks who are trying to not just go off and use Innotas through a browser or Salesforce.com through a browser.

If you really think about the person who is doing a mash up, every consumer is probably going to be a provider at some point, and every provider is going to be a consumer at some point. ... [We] have been working on taking what Sonoa provides with a ServiceNet product, and making it available as a service. We have some customers that are already going in production. It's something that we will start talking about in the very near future.
Read a full transcript of the discussion.

Listen to the podcast. Download the podcast. Find it on iTunes and Podcast.com. Learn more. Sponsor: Sonoa Systems.