For the past couple of years, software-as-a-service has been in the tech headlines. Salesforce.com and Microsoft Dynamics CRM Live provide customer relationship management (CRM) functionality. Google Apps, Zoho, NetSuite and many others offer productivity and database applications. Amazon S3/EC2/SimpleDB, Google App Engine, and Microsoft Sql Server Data Services support hosting databases and custom applications in the cloud.
The last of those — full custom applications hosted on someone else’s servers — is very cool and very powerful. However, I’ve been especially interested in how existing functionality can be extended by customers, along the lines of Salesforce.com and Dynamics CRM Live.
Both of these services provide CRM functionality. But to be useful, any CRM platform needs to be customized to fit the specific needs of each customer. Your “Customer” entity may need to contain different fields than mine. You have special business rules to define when a customer is “preferred”, and I don’t have a concept of preferred customers at all. Your sales process has an entirely different workflow than mine. Etc. This type of customization ranges from adding a new field to a standard entity, to adding custom entities and relationships, to writing entirely new application modules that act on the data in the system.
The challenges of letting dozens, hundreds or thousands of customers host their code on your servers are numerous: How do you prevent one application from consuming too much CPU or RAM or disk space and affecting other customers’ applications? How to you create a security sandbox for each application, preventing it from, say, writing the another customer’s portion of the file system or even the system folders?
Virtualization can certainly address these issues, and that’s the approach Amazon takes with EC2. New OS instances, entirely separate from one another, are provisioned on demand. Application servers like Microsoft IIS can separate each web application into its own process — many thousands of websites are hosted this way on shared servers, safely and effectively. These approaches work very well for “host your custom application” scenarios.
But for a company providing a SaaS solution, like a CRM or ERP or CMS, hosting many customers on the same server infrastructure — multitenancy — is one of the keys to the economy of scale that can make SaaS cheaper than self-hosting. In that kind of environment, how do you allow a customer to replace or extend parts of the core application in a safe, resource-managed way?
As a .NET developer, I am especially interested in how to accomplish this goal for .NET code. You’d probably want to limit the parts of the .NET framework that could be used, to ensure that unsafe operations could not be performed. You’d want to place strict constraints on disk and network I/O so that they could not be abused (accidentally or maliciously). You’d want each customer’s code to run inside of its own little security sandbox within your server application.
That all sounds similar to the requirements for hosting custom code inside a web browser. Microsoft is spending a lot of time and energy on Silverlight to give it as much of the power of the full .NET framework as possible, but sandboxed so that it is safe to run within a web browser. Could Silverlight be adapted to safely run custom code in a multitenant server environment?