Where Multitenancy Fails, the Sugar Open Cloud Steps In

Note:  This is the first in a series of posts on Outsiders by SugarCRM co-founder Clint Oram. I wanted Clint to share his ideas and vision around some very “Sugar specific” business and technology issues. Mitch and I have found a nice bit of objectivity, or as close to it, here on the blog – and I believe that not only is inviting Clint to talk on Outsiders a nice way of preserving my own objectivity – frankly, he knows this stuff even better than myself. So, here are Clint’s initial thoughts…enjoy!

It’s my pleasure to get the chance to share some ideas on the software industry with you here in CRM Outsiders.  For my inaugural post here on CRM Outsiders, I looked at a great list of topics I’d like to discuss.  From open source to social CRM to SugarCRM’s phenomenal growth this past year, there is a lot to choose from. To kick it off, I’d like to first focus on the topic that has been consuming the software industry for the past 10 years … software-as-a-service and how it has evolved.

As you may have read, we’re  going through some amazing changes right now in terms of how business software is being delivered to your desktop and who is doing the delivering. There is a massive consolidation taking place right now in the software vendor marketplace, leaving very few vendors like SugarCRM who are focused on being the best at one thing (we just do CRM and we do it really well).  Software-as-a-service (SaaS), cloud computing and open source software have completely reshaped how you get your software.  And after 10 years of delivering business apps via a web browser from a SaaS or “on-demand” service, we’ve learned a lot about what works and what doesn’t.

Yesterday’s SaaS design

With time comes experience.  We’ve learned a lot of new tricks over the past 10 years for building SaaS solutions; new architectural design principles, new technologies, new best practices.  For instance nobody builds a SaaS infrastructure from scratch anymore.  New SaaS vendors are building on top of proven cloud platforms like Microsoft Azure, Amazon EC2 or Rackspace Cloud. Applications written in open source PHP running on open source MySQL have come to dominate the cloud computing universe.  Portability across cloud platforms is becoming more and more important for software companies like SugarCRM as we look to manage costs and give our customers several proven cloud platforms to choose from.

A decade ago, the costs of a SaaS vendor’s proprietary Sun hardware and Oracle software would have been absolutely huge.  So SaaS vendors designed around as few machines as possible using as few connections to that expensive database.  Today, compute infrastructure is cheap.  Running a lot of MySQL databases side-by-side is easy and exactly what MySQL was designed for.  It’s much easier now to scale an app across a lot of hardware.  You can even turn all of this infrastructure spend from a capital expense to an operating expense by outsourcing it to a cloud platform vendor.

That means 10 years ago, you would have designed your SaaS solution using the “multitenancy” approach.  Multitenancy means that a SaaS vendor has one large instance of its SaaS application connecting to one large instance of the database which then uses app logic to keep customer data logically separated in the database.  This allowed SaaS vendors to have as few machines possible running that expensive hardware and software.

Multitenancy works well for putting a lot of customers (tenants) on limited hardware.  This then helps the vendor save on hardware and software costs.  Support costs are also minimized with one version of the app running.  I’ll be the first to admit, reduced costs has helped the industry with dramatically lower CRM prices for our customers than 10 years ago.  But there are some downsides.

Simple multitenancy is prone to some catastrophic failure points.

The guys over at WordPress ran into a big issue last week.  You see in a “true” multitenancy software world, all customers share the same version of the same app running in one giant single instance.  But what happens if a mistake is made and a nasty bug is rolled out to all of the customers at the same time?  Then everybody goes down at the same time.

When this very nasty, but entirely possible, scenario happened at WordPress, some very big blog sites went dark.  TechCrunch, GigaOm and others.  From what is reported, WordPress has three data centers, 1300 servers, and serves up about 10 million blogs.   All went off the air at the same time due to one bug being rolled out into production. Matt Mullenweg told Read/WriteWeb:

“The cause of the outage was a very unfortunate code change that overwrote some key options in the options table for a number of blogs. We brought the site down to prevent damage and have been bringing blogs back after we’ve verified that they’re 100% okay.”

A better way to design SaaS

As Bob Warfield, serial entrepreneur and experienced SaaS executive posted though, there are better ways now to design a SaaS infrastructure that won’t be as vulnerable to a scenario like what happened with WordPress’ multitenant blog site.  As Bob writes, in the world of software, bugs do happen and its how you’re set up to respond to these unplanned issues that matters most.

The key idea in modern SaaS design that goes beyond simple multitenancy is to design around multiple clusters, or “hotels” as Bob calls them, of your SaaS software running across multiple machines that can be quickly isolated during the recovery scenarios … such as when  a software bug is accidentally put into production.  Each of these instances typically hosts hundreds to thousands of your customers.  What is critical here is that the SaaS vendor must have a management console for easily provisioning and upgrading all of these clusters.  With a hotel design, you still get the cost benefit of shared hardware across many customers but don’t tie the production environment together so closely that one mistake brings down the whole service.

Multi-instance brings security and reliability

At SugarCRM, we have one of the most modern approaches to SaaS architecture that I have seen today.  Designed to be light-weight, modular and portable, all of our customers would never be taken out by a single software bug.  The Sugar On Demand service is designed to have large groups of customers share an application template on a server cluster, our idea of a hotel.  Each server cluster has one application template that houses hundreds to thousands of customers on that machine. We then have the Cloud Console for managing all those Sugar instances across all the clusters.

This then allows us to stage the roll out of our new releases where we can upgrade one group of customers at a time and wait a day in between each group of upgrades.  That way if we find an issue during upgrades, not all of our customers get hit.  We can isolate the impact, fix the issue, and then upgrade the rest of the customers.  Great flexibility for our customers and for us.

We’ve even gone even a step further and allowed true data segregation for our customers by provisioning a MySQL database for each customer’s instance.  This design gives us more flexibility in providing database backups to our customers and makes it physically impossible for customer data to inadvertently co-mingle with other customers’ data.  We call this hoteling design approach “multi-instance” SaaS.

The Sugar Open Cloud brings true portability

Now there is a next level to our SaaS design that makes SugarCRM really stand out in the crowd.  We have taken that same modern SaaS architecture used in our Sugar On Demand located at sugarondemand.com, packaged it for all of our service provider partners around the world and enabled them to run SugarCRM-as-a-service on any cloud platform.  This enables our partners to then deliver regional and industry vertical SaaS CRM solutions run in their local world-class data centers.

Now that’s true open cloud portability.  We call that part of the puzzle the “Sugar Open Cloud”.

Needless to say, with this light-weight and distributed model for delivering the Sugar application to our customers around the world, we’ve designed past the limitations of multitenancy and given the SugarCRM customers a level of security and reliability that is unrivaled by any other CRM vendor today.

Now that’s the way to build a SaaS solution for the next decade.

5 thoughts on “Where Multitenancy Fails, the Sugar Open Cloud Steps In

  1. Hi Clint:
    How does SugarCRM upgrade their 10 million Sugar OnDemand instances to Sugar 6? What is your internal process to upgrade all of these independent instances?

    • With our Sugar management tool, Cloud Console. This is a system management tool we built that knows about every Sugar instance, every cluster (or hotel) and every application template. With a click of the button, we apply the upgrade package to each cluster updating the template files shared by the instances on that cluster and each instance’s database schema. All the benefits of multitenancy in terms of ease of management without losing flexibility or control.

  2. Pingback: WordPress.com Outages Don’t Scare Me « Jason Nassi

  3. Your hosting costs must be massive.
    With multitenancy, they would be tiny.
    When do you expect to make any money?

  4. Billy

    Thanks for the response. As Clint noted, tools like Cloud Console, the n-level scalability of an open source back end and hosting infrastructure and the distributed nature of the model – the hosting costs are actually not significant at all.

    SugarCRM is proving that a company can run a profitable business without a huge, monolithic and limiting multi-tenant model. Expect to hear more about this in 2011.


Comments are closed.