Do what you do best and let others do the hosting

Do what you do best and let others do the hosting.
By Mike Jalonen, CEO, OnDemand Solutions, Inc.


Retaining clients is critical in the success of a Software as a Service (SaaS) company and retention is often determined by how well the software company can ensure uptime and availability of their software to the end user. This raises the question of whether Independent Software Vendors (ISV’s) should outsource the critical hosting infrastructure component of their business or keep it in house?


To decide on the best approach for your company you have to consider both cost against risk. Without a doubt hosting your own software can be expensive, and requires a different set of skill than is required for developing software applications. At a high level, all SaaS companies need to have software to solve the customer’s needs, hardware to run the software on, power to keep the hardware on, and an internet connection so people can access your software and hardware remotely. Unlike with the traditional software model where the customer owns the software, hardware, and infrastructure, in a SaaS model, the customer does not have access to fix a problem should something happen with any of these key components. For example, the SaaS customer does not have access to fix a broken hard drive, turn on a generator for backup power, or reboot the software if it were to “freeze”. These four crucial areas (software, hardware, power, and internet connection) now become the sole responsibility of the SaaS ISV. Along with this responsibility comes the high cost of keeping this complex operation running smoothly.


As a result of a large shift of responsibility from the customer to the ISV and the need for availability, many clients will require that the software company provide Service Level Agreements (SLA’s). SLA’s ensure the client that there will be a controlled amount of downtime. Each SLA will define what the customer will receive in terms of compensation if there is an interruption to the availability of the software that is now the responsibility of the ISV. SaaS ISV’s need to be responsible not only for ensuring the software is bug-free but also that the application is available constantly to meet the SLA’s agreed to by the client. If SLA’s are not kept, there are penalties or even worse, clients could leave. Many traditional On-Premise companies also comply with SLA’s but generally these SLA’s are for fixing bugs within the software only. The customer who purchases On-Premise software is most likely always responsible for the hardware that runs the software, the power, and the network that the software and hardware run on.


Many ISV’s find that developing software and providing software delivery and uptime services are different businesses altogether and require different skill sets. Therefore a vast majority of small and medium businesses (SMB) software companies recognize that it can be nearly impossible to manufacture software and provide application delivery (hosting) as well. With the onset of datacenters taking advantage of economies of scale, it can be very cost prohibitive for an ISV to have a secure location with redundant power and internet connection not to mention having staff available 24x7 to attend to software and hardware. Datacenters can provide these services much more economically by spreading the costs over many customers (similar to how the expenses of a SaaS company are spread out to clients). For this reason, many software companies (especially ISV’s in the SMB market) choose to outsource the delivery of their application to datacenter facilities.


Datacenters began with early computing. Computers and the infrastructure (cabling, etc.) required to keep them connected were very large and expensive. The computer equipment required a lot of power and constant environmental controls (such as temperature to avoid overheating) were critical. Over the years, with advances in technology, datacenters and their infrastructure have been able to scale to support many more clients and advances in technology. Data centers saw huge growth during the dot-com bubble. Then, as like today, datacenters began to look for ways to differentiate because customers began to view datacenters as a commodity.
So, what are the some of the key differentiators you should consider when looking for a datacenter to host your SaaS application?

• Does the datacenter specialize in co-location, dedicated, or managed hosting?

• Does the provider have experience in application hosting for software companies?

• What level of support do they provide from the Network Operations Center (NOC)?

• What rating or level of service does the provider offer?

• Does the provider offer a platform with specialized services such as analytics or billing? These services may be able to get you to market faster.

• Is the hosting company SAS70 certified? Is that important for your application?

• Where is the datacenter located?

With all these choices, what is best provider for your SaaS company? Each of these considerations will impact cost and profitability of your company. Making the wrong decisions can cost more than monthly recurring revenue that these providers collect, it can cost losing customers.

• Does the datacenter specialize in co-location, dedicated, or managed hosting?

Co-location or shared hosting is offered at a relatively low price point because datacenters can provide the greatest level of scale by providing one server for multiple customers. Shared hosting is not advisable for today’s SaaS ISV’s for many reasons including server administration, application security, and uptime (if one clients software affects the server that is shared with your application, your application will most likely be affected). At a minimum, SaaS ISV’s require a dedicated hosting service where the application is isolated on dedicated servers.
Dedicated hosting providers may provide the following types of support:

• Unmanaged: little to no involvement from the hosting service provider other than maintaining security on the network. Customer provides all maintenance, upgrades, patches, and security.
• Self Managed: Limited to regular monitoring and some maintenance from the service provider.
• Managed: Includes medium level of management, monitoring, updates, and a limited amount of support.
• Fully Managed: Includes monitoring, software updates, reboots, security patches and operating system upgrades.
Depending on the level of in house expertise and desire to be involved with your hardware, software, and infrastructure you should choose a dedicated model that best suits your budget, ROI, and peace of mind.

• Does the provider have experience in application hosting for software companies?

Providing hosting and support for ISV’s is different than for internal business applications being outsourced. SaaS hosting for software companies relies on providing a single instance for multiple tenants where as with traditional application hosting, each client has their own installed version of the software. In the traditional approach, if one client is down that can be bad news. With the SaaS model the risk is that the entire application fails and it will affect every customer. Companies that have been providing hosting for these types of clients are familiar with these challenges and can offer experiences to the ISV to help avoid situations like these.

• What level of support do they provide from the Network Operations Center (NOC)?

The people that are part of the NOC are responsible for monitoring the network and escalating issues for resolve in a hierarchal format. NOCs have levels which define how experienced a technician is. It may be beneficial to learn about how experienced the technicians at the data center are and what their procedures are in terms of escalation.

• What rating or level of service does the provider offer?

Each datacenter can be classified by the TIA-942 Data Center Standards Overview. The simplest is a Tier 1 data center, which consists of the most basic ingredients such as a room with little to no redundant components, may or may not have a raised floor, UPS, or generator, annual downtime of 28.8 hours, and must be shut down completely to perform preventive maintenance. In contrast, the Tier 4 data center has an annual downtime of 0.4 hours, is fault tolerant and is designed to host mission critical systems, with fully redundant subsystems and compartmentalized security zones controlled by biometric access control methods. Construction cost per square foot is greatly affected by the tier rating of the data center and so are the costs associated with utilizing the respective data center.

• Does the provider offer a platform with specialized services such as analytics or billing?


For the most part, hosting companies and data centers work with companies of all types – not just ISV’s. There are two categories of clients – clients who are interested in hosting internal facing applications (only viewed by their internal staff) or clients with externally facing applications offered to support their business offering (i.e. GEICO auto insurance) and clients such as ISV’s interested in hosting external facing applications for resale to their clients. In the case of the later, the hosting provider may offer some services that may be able to get you to market faster. These are services that can generally be offered to SaaS application providers because of the nature of the architecture of a SaaS application. Examples are billing, metering, and provisioning of clients and users, reporting and analytics of how users use your software (how many times they log in, what features do they use most, etc.), a common third party integration interface for third party applications, etc.


• Is the software company SAS 70 certified? Is that important for your application?

SAS 70 certification is for assessing certain service organizations that provide outsourcing services that affect the operation of the contracting party. Examples of service companies who apply for SAS 70 certification include hosted data centers, insurance claims processors, and credit processing companies. SAS 70 is the definition of standards that auditors must use to assess the internal controls of these service organizations. ISV’s who maintain sensitive information or in the healthcare or financial services industries will want to investigate whether the hosting company that holds your customer information is SAS 70 certified. Hosting companies who have become SAS 70 certified (either Type I or II) have invested a lot of time and resources and as a result this may be one more factor of why they may be more expensive.

Do what you do best.

Unless your company is Google or Salesforce.com, building your own hosting facility is probably not advisable. Today’s data centers and delivery partners are very sophisticated and are taking advantage of the huge economies of scale that will keep your expenses down and your applications up. Nicholas Carr’s book, The Big Switch, describes how manufacturing plants in United States during the 1800’s were required to generate their own electricity (on top of their core business of manufacturing). Then technology enabled the electronic grid system that we use today in our homes and businesses. Manufacturing companies who were producing their own electricity could then get more affordable and reliable electricity from an outside source taking advantage of the economies of scale. Hosting and data delivery has also reached that same plateau. So rather than thinking of weather you want to install a server, hook up your redundant hardware in your office, and provide users access we recommend spending your time evaluating which provider is right for you. This way you can focus the talents of your company on what you do best, and let hosting companies do what they do best. It’s a win-win for both.