Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ


Choose your language

InfoQ Homepage News Considerations for an S+S Implementation

Considerations for an S+S Implementation

This item in japanese

The article, Design Considerations for S+S and Cloud Computing, written by eight architects from Microsoft, is a collection of design considerations to be taken into account when planning the architecture of a Software plus Services (S+S) solution for the enterprise.

The authors, Fred Chong, Alejandro Miguel, Jason Hogg, Ulrich Homann, Brant Zwiefel, Danny Garber, Joshy Joseph, Scott Zimmerman, and Stephen Kaufman, define S+S as an extension of Software as a Service (SaaS) that

offers organizations more options for outsourcing development, management, deployment, and operational aspects of the technologies that run their businesses. S+S works in conjunction with principles of service-oriented architecture (SOA). S+S helps an SOA-enabled enterprise increase its technology choices by providing multiple modes of sourcing, financing, and deploying application software and services.

S+S is complementary to SOA by providing “the computing model for organizations to optimize their IT investments through cloud computing and solutions that are deployed in-house.” S+S does not invalidate SOA where it is used, but it rather helps it to “optimize its technology choices by making available multiple modes of sourcing, financing, and deploying application software and services.”

This is the relationship between S+S, SOA and Cloud Computing as the authors envision it:


The article addresses a number of concerns through the following perspective on the enterprise architecture:


Enterprise Architecture

To approach an S+S implementation, the enterprise architects need to evaluate the IT resources available, including systems, applications, personnel and expertise, deciding what is available internally and what needs to be outsourced. For that, the authors suggest a model already in use by a number of large organizations:

  • Proprietary and mission-critical systems—Systems that are proprietary or mission-critical in nature or that provide competitive advantages are often considered too important to risk outsourcing to an off-premises service provider. As a result, these systems are usually designed, developed, operated, and managed by the existing IT department of an organization.
  • Nonproprietary and mission-critical systems—Systems that are nonproprietary yet still mission-critical might be developed by another company, but might still be designed, operated, and managed by the existing IT department an organization.
  • Nonproprietary systems—Systems that are nonproprietary and deliver standardized functionality and interfaces are often good candidates for outsourcing to a cloud-service provider if appropriate service-level agreements (SLAs) can be established with the service providers. E-mail, calendaring, and content-management tools are examples of such systems.

They also suggest considering the IT maturity of the organization, the ROI or cost savings resulting, and the easiness of adoption of an S+S solution.

Software Architecture, Integration Design

Regarding software integration, the authors start from the premise that most enterprise applications are connected with others “through a variety of techniques such as data integration, functional integration, and presentation integration.”

In the case of tightly coupled systems, they say that an

organization either establishes course-grained facades around subsets of functionality within its subsystems or adopts integration technologies that provide a bridge between legacy applications and services that could be hosted locally or off-premises.

For those using SOA services, the authors suggest considering the migration of these services to the cloud, including using Internet service bus technologies since the casual message bus technologies do not suffice for this approach.

Software Architecture, Application Design

The authors consider that “applications that are designed according to the principles of service orientation provide a solid foundation for the adoption or integration of S+S applications”, but that is not enough. There are a number of important issues to consider when adding remote services to the enterprise IT portfolio:

  • implementing strategies for the case when remote services fail
  • using compensating transactions instead of atomic transactions
  • using asynchronous messaging
  • updating the applications consuming services when the services change
  • testing S+S applications have specific requirements

Software Architecture, Information Design

The authors notice that S+S forces organizations to have a new approach to information design:

Traditionally, enterprise applications have focused on data consistency, transactional reliability, and increased throughput. They have usually relied on relational data models and relational database-management systems that use the atomicity, integrity, consistency, and durability (ACID) principles as the measure of a reliable database design. S+S forces organizations to think about their information-design process very differently.

To support the data as a service paradigm

services and underlying data structures must be designed to support much greater volumes of transactions and/or they must manage much greater volumes of data than in the past. This makes changes to schema designs and data-partitioning strategies necessary. Partitioning strategies must support scaling out of the underlying databases, usually by functional segmentation or horizontal partitioning. Such strategies, however, might affect the ability to obtain optimal performance. This explains why some high-performance systems are moving away from ACID reliability and toward Basically Available, Soft State, Eventually Consistent (BASE) consistency, as well as toward decoupling logical partitioning from physical partitioning schemes.

Infrastructure Architecture

In this area, the authors are quick to remark that in the past enterprises had to buy all the computing infrastructure needed, including servers, storage devices, networking equipment and desktops. Sometimes they even had to erect buildings and data centers to host all that equipment and the associated personnel. Cloud computing, especially Infrastructure as a Service (IaaS) and virtualization, provide new opportunities for the companies, being able to transfer some of the infrastructure needs to other organizations.

In spite of the benefits brought by IaaS, the enterprise architects still have to weight a number of design considerations concerning availability, scalability, security, reliability, and manageability.


Security has been an important factor for the enterprises during the last 20 years. All the security lessons learned since the Internet made its debut are still applicable. The key S+S security elements are:

S+S security covers a broad spectrum of topics, ranging from the provisioning of identities and their entitlements, to enabling enterprise single sign-on between on-premises systems and cloud services, to protecting data in transit and at rest, to hardening application code deployed on cloud platforms against malware and penetration attacks.


While taking care of the applications and services residing inside the corporate firewall, the IT management needs to consider the outside ones, “not only from a deployed technology perspective, but also from the perspectives of IT roles and accountabilities, operational procedures, and policies that govern the use and operation of deployed software and services”:

For example, applications that are outsourced to an SaaS provider are now maintained by administrators and operators who are not employees of the enterprise. In the S+S world, traditional IT roles and accountabilities might need to be collapsed into a single service-provider role that is contractually responsible for the duties that are specified in an SLA. Legally enforceable liability clauses should also be clearly defined to mitigate any negative result that might occur because a service provider cannot perform its responsibilities satisfactorily. Similarly, IT-management processes for resolving user issues and technical problems are now handled by the service provider. Establishing clear escalation procedures and integrating effective communication channels into the end user–support process of the enterprise are vital for the minimization of service disruptions.


When it comes to operations, the authors suggest to

consider the business impact of outsourcing IT operational roles and responsibilities. Business continuity, liability, and employee and customer satisfaction are all key concerns that must be addressed by establishing clear SLAs with reliable cloud-service providers.

The enterprise should continue to play a proactive role in IT operations for its hybrid software-and-services environment. However, instead of focusing on execution details, enterprises should put monitoring systems in place that enable them to detect technical issues at the outsourced services. Enterprises should also establish operational procedures to ensure that problems are resolved by the service providers as quickly as possible.


For the conclusion, the authors mention three ways in which an organization can relate to cloud computing:

  • Consume the Cloud - outsourcing applications and IT services to third-party cloud providers. Examples: Microsoft Business Productivity Online Suite, CRM Online, and Live Meeting services.
  • Use the Cloud – using platforms and infrastructure services available in the cloud. Examples: Windows Azure and SQL Azure.
  • Embrace the Cloud – becoming a cloud services provider. BizTalk Server Enterprise Service Bus Toolkit helps with that because it “can integrate data feeds and orchestrate workflows that process information exchange via cloud services.”

Rate this Article