SaaS Infrastructure is the first key component to building a secure Software as a Service platform.
This article is one in a series of articles discussing how to build a secure SaaS platform.
Infrastructure experts will quickly chew threw this article but the evolution may help developers understand the evolution of their creations.
Step 1: building somewhere for your solution to live.
- Hosting Evolution
- Security
- Forward planning
- Wrap Up
[read more=”Read more” less=”Read less”]
Hosting Evolution
Stacks
The first challenge you have is to work out is which technology stack you’re actually going to use.
There are many to choose from.
In modern day terms you’re going to go Windows or some Linux approach most probably.
Once you’ve worked out which stack you’re going to use then it’s a case of getting your hands on the operating system software.
SaaS Infrastructure hosting
There is an evolution of possibilities worth following.
Basic setup
Firstly start with building the solution on your own development machine. Chances are that’s going to be a Windows machine.
If you have Windows you have IIS natively available to you. Installing Apache and PHP is another easy option
If you prefer using Linux then use something like Virtual Box to enable you to set up a Linux solution on your Windows machine.
Your first server solution
Once that’s done you’re going to find a separate machine to act as a server.
This machine hosts your solution and you evolve your server configuration and optimisation skills.
You have a SaaS infrastructure but it is far from professional standards and prone to a lot of failure.
It will however teach you a lot about what goes into your solution.
Your first server suite
Following that you will expand your solution to separate your SaaS solution and your database onto two separate machines.
If you can afford it, next is to get a firewall and load balancer solution set up.
So you have four parts and your own development environment.
With at least 3 if not 4 machines going you’ll have to find a room for it all.
Whilst not industry grade your SaaS Infrastructure is growing
Hosted
After a while of playing with these servers in terms of optimising and tweaking them you’ll realise that the Internet connection into them needs to be consistently available.
For a professional solution using your own ISP, no matter how good, is still prone to the road being dug up outside or your building having power issues.
The next evolution is to get your solutions into a hosting centre. At this point your SaaS Infrastructure is getting serious.
At this stage it is possible to copy an entire server into an image. A backup photocopy of the machine in its entirety.
This is often called ghosting or cloning and there are many tools on the market to help you do this.
Do note that your image is built to go onto the same hardware, as the drivers that run the hardware will need to be the same.
High availability
Time passes as you’re in the data centre and you realise that doing updates and patching means machines will become unavailable.
So now you have to get two of everything. Two web servers and two Db servers represent the minimum SaaS infrastructure for a professional solution.
You look at your load balancer and router configurations and ensure they are highly available as well.
The simple test question is, while this is updating does my solution go offline?
Virtualisation
Your service grows and is used and clients find more and more ways of making the most of it’s availability.
More CPU, Ram and Hard drives become a challenge.
Whilst it was simple previously to change something out when you could get to the machine, in a secure data centre this becomes problematic.
There needs to be a way of increasing your kit without costing a fortune and lots of down time.
Enter virtualisation. A point and click way of increasing CPU cores, RAM and Hard Drive space as you need it.
Now that all your servers are virtualised you need to be able to move your servers easily. You can “copy” an entire virtual machine and move it.
These can become templates. A template Db server or a template web server.
Containers
When you have a minimum of 5 machines to manage (3 web servers, 2 database servers) you end up with a lot of maintenance overhead.
Quite simply they all have an operating system which needs to be updated.
Using containers you only have one operating system to maintain and you can spin up applications (also shortened to apps) within the container.
This makes things faster and can vastly reduce maintenance.
Docker ends up being very handy in this setup when you create your templates, as now you don’t need to include the OS in the solution.
Here’s Microsoft’s explanation.
Security
Testing Suite
Patches, updates and fixes are part and parcel of infrastructure management. When you install an update you run the risk of tripping something else up.
So the helpful update, becomes a necessary evil. One update and kill an entire solution, so having testing suites is also useful.
A testing suite allows you to do your updates in isolation and make sure nothing breaks.
Yes this adds more solutions to your SaaS Infrastructure for you to manage but it’s much better than seeing your live solution suffer.
You’re going to end up patching and updating no matter what SaaS Infrastructure you use.
For all but the container approach plan for the time and out of hours that goes into keep your solutions up to date.
Tools like ManageEngine’s Desktop Central will save you many hours.
Security standards
At this point lean on security standards. Not only will they help you identify holes in your SaaS Infrastructure, they may give you ideas and opportunities.
In order start with
- OWASP
- ISO27001
- PCI DSS
A PCI DSS solution will require you to include another server to act as a jump off server to the Db servers. So you’ll be up to 6 machines at a minimum.
I don’t deal with hardening in this article but this will be updated when I write a future article on the topic.
In the meantime here are some of my articles on security.
Forward planning
Centralisation of documentation
Never underestimate having one central place for having all your materials.
You will need a backup strategy for this repository of knowledge though as well.
You’ll have your source code, so set aside a machine to house some version management.
A folder for different forms of documentation in a central place. Cloud solutions as well as local management works.
Keeping logs, error reports and system outputs in a structured way comes in handy when you get time to come back to analyse your trends.
Then having all your install software, contracts, keys and other parts that go into building an application will save your business a lot of time and hassle in the future.
Version management
You’re going to need a tool to help you manage the versions of your software.
There are a number of software solutions for version management but in my career git has been the best by far.
You need to not be afraid of the command line interface though.
Replication
When choosing a Db solution get one that supports replication. It doesn’t matter which replication strategy you choose.
Early on it won’t matter but as soon as you hit high availability requirements you’re going to need to be able to replicate.
Wrap Up
So there are a few simple steps to this process.
- Choose the stack you’re going to work in
- One of two paths, step by step as above or jump straight to a specific stage.
- Write down everything that goes into configuring and setting up
- Wherever possible use tools
- When you’ve built an initial pass at your solution immediately start using security standards to harden it.
So no matter what amount of resources you have it is is possible to build a SaaS solution. From a single machine through to a secured high availability containerised suite.
[/read]
