The third way

When a new technology emerges, it inevitably receives one of two reactions from pundits and experts. Either it is doomed to failure, they say, or it will completely replace everything that has come before it.

For every Erasmus Wilson, the Oxford professor who declared in 1878 that electric light would never take off, there is an Alexander Lewyt, who in 1955 believed that nuclear power was so revolutionary it would be powering vacuum cleaners within a decade.

Far from warning technology vendors off such bold statements, the litany of failed predictions actually inspires them in their approach to marketing.

In an interview with Forbes magazine in 2007, Marc Benioff, CEO of software-as-a-service pioneer, admitted that he manufactured his company’s “End of Software” message – which said that in the future, no code would ever be stored on the end-user’s device – primarily to give journalists something to write about.

It is far trickier to make the case for the middle ground. One company trying to do just that is Microsoft. The company’s current messaging on web-based software, which it explains with the phrase ‘software plus services’, has none of the revolutionary zeal of’s death knells.

Until now, the industry reaction to the argument that the ideal software paradigm is one that combines on-premise and web-based software, has been to scoff. “Isn’t this the worst of both worlds?” one IT consultant and blogger recently asked.

But when the software giant revealed a few more details of its service-oriented architecture strategy in November 2007, the idea gained authority and the possibilities of the combined model were illuminated.

Sliced services

“The future of SOA is around SaaS, not large SOA stacks. Vendors want to make it complicated by redefining SOA”

Annraí O’Toole, Cape Clear

Under what it has dubbed the ‘Oslo’ strategy, Microsoft plans to offer software services – free-standing bundles of application functionality available as services – on-demand from both the company itself and third-parties. SOA integration technology will allow ISVs and businesses to build applications that are a mix of on-demand/on-premise hybrids.

“There will be three types of services,” explains Gavin King, senior product manager in Microsoft’s Connective Systems division. “Firstly, there are building block services, such as identity management, which will be used by developers – along with on-premise code – to build applications.

“Then there are attached services, which will be used to augment applications, like email filtering,” King continues. “And finally there are finished services, such as Live CRM, that are analogous to what we now describe as software as a service (SaaS).” All of these will be available as on-premise or hosted software, and will be managed and integrated using the BizTalk Server business process management (BPM) product.

“The high-profile outage at prompted Salesforce to provide an Offline edition,” says King. (In 2005,’s on-demand CRM application was unavailable for almost 24 hours.) “What that really highlighted is that there needs to be some flexibility between services and on-demand software.

"We should be able to offer customers on-premise and off-premise, and a platform that allows customers to use any combination down that spectrum,” he adds.

Tom Keane, president of ecommerce service provider and Microsoft partner Nitrosell, believes that the hybrid model has enormous potential, particularly in the retail sector in which his company operates.

“If a retail application goes down, the shop-owner might as well close the door,” he explains. “Retail systems need to be resilient and self-contained. Plus, the bandwidth needed for the data volumes for real transactional systems is just not widely available today. At the moment, you can only do applications with low data volumes such as salesforce automation on demand.”

That means the 100% software-as-a-service model is, for the meantime, untenable, says Keane. But that does not mean retailers should be denied the benefits of online computing.

In practice: On-demand curve

The on-demand software delivery model is not restricted to the applications space. Here is just a selection of computing services that are going on-demand.


Most storage service providers that offer remote storage along with back-up and archiving services may have mostly gone the way of the ill-fated application service providers (ASP), but a new wave of storage-as-a-service providers are eager to succeed where they failed. Mainly targeting the SMB space, suppliers including Iomega and MTI recently found themselves with a heavyweight in their space as Google appears to be ready to offer an on-demand storage service. 

Data warehousing

Business intelligence supplier Kognitio recently unveiled what it describes as ‘data-as-a-service’ – a remote, hosted data warehouse that allows businesses

to perform complex analytics on a pay-as-you-go basis. The idea is not exactly new, however: IT services providers such as Capgemini often host their customers’ data remotely to keep hardware and management costs in check.


Information security outside the firewall may seem counter-intuitive, but the difficulty companies have experienced in trying to enforce security policies on thousands of machines makes a single, scalable security platform delivered over the web an appealing prospect. Enterprise security-as-a-service providers include IBM’s ISS, Qualys and Panda. 


Why go to the bother of implementing and maintaining an enterprise service bus when somebody else will do it for you? The biggest market for integration-as-a-service is among SaaS providers themselves, but according to Treb Ryan, CEO of SaaS hosting services specialist OpSource, there is nothing to stop end-user organisations adopting the model.

Systems management

IT giant HP announced in October 2007 that it is to use the assets it acquired with systems management company Mercury to offer tools including software

portfolio management and availability monitoring on an on-demand basis. Vendors offering similar services include service management provider Numara Software.


US company BlueLock claims to deliver ‘infrastructure-as-a-service’. What this means is that the company will provide access to hardware and systems management services on a monthly subscription basis, leaving the customer to manage its own applications remotely. Indian IT services company Wipro is said to have a similar service in the pipeline.

Nitrosell’s WebStore service is a web services-based ecommerce platform that integrates with retailers’ on-premise applications to provide the data for an online retail site. Not only is the data retrieved from on-site systems fed to the web store, it also feeds into online retail platforms such as Google’s Froogle shop, expanding the retailers’ potential audience.

“On-premise, multi-channel retail solutions can cost anything from £100,000 to £250,000,” explains Keane. By taking the best parts of on-premise and on-demand software, he says, “we can provide enterprise-class software for a fraction of the price”.

Integration in the cloud

On closer inspection, Microsoft’s ‘software-plus-services’ credo appears to be more than just a fudge to avoid cannibalising its existing install base – a favourite jibe of rivals.

And although it may fly in the face of  Benioff’s fighting talk that galvanised an obscure subset of software providers into a ‘movement’, Microsoft’s strategy bodes well for SaaS providers.

According to research conducted by business communications provider Colt Telecom, 88% of UK IT directors expect to increase their use of SaaS by 2009. Analyst Gartner predicts the worldwide market for SaaS will grow from $6.3 billion in 2006 to $19.3 billion in 2011. Consultant Saugatuck Technology also observes a rapid take-up of  SaaS – it predicts that the number of organisations using at least one SaaS application will rise from 11% in 2006 to 26% in 2007, reaching 47% by 2008.

However, no discussion of SaaS can exclude the topic of integration. Integration has been the bugbear of the SaaS industry for most of its short life.

Software-as-a-service’s harshest critics, who have long argued that the model would never sit comfortably alongside on-premise enterprise software, seem to have done the ‘movement’ a favour. As a result of the model’s early shortcomings, providers of SaaS now stand among the most mature adopters of SOA techniques and open standards.

“[SaaS] vendors get it,” writes Robert Schneider, a consultant and author on the topic of SOA. “SOAP-based, WSDL-defined services have become the de facto standard for integration with SaaS solutions.”

That is because SOA represents the best chance for SaaS vendors to promote enterprise adoption of their products. Some SaaS providers have decided not to wait for their target customers to start down the road to SOA, and instead offer SOA integration as part of their service.

One example is Workday, the on-demand business application services provider established in 2006 by PeopleSoft veteran Dave Duffield. Stan Swete, the company’s CTO, says that while the company realised the on-demand model would be attractive, it also knew there was “concern that the on-demand model can limit integration”.

It has therefore embedded an enterprise service bus (ESB) – the nerve centre of an SOA – into its hosted applications. This allows customers to integrate legacy applications with their Workday services without investing in SOA kit themselves.

Annraí O’Toole, CEO of Cape Clear, the company which provides Workday with its embedded ESBs, believes that this use of SaaS is more in keeping with the principles of SOA than the expansive software infrastructures that integration vendors sell under the SOA banner.

“The future of SOA is around SaaS, not large SOA stacks,” he says. “SOA was meant to be simple. Vendors want to make it complicated by redefining SOA as a massive complex stack, and that is all wrong.”

While currently being pioneered by SaaS vendors, there is nothing to stop IT departments using this combination of SaaS and SOA to build a responsive and demand-driven IT infrastructure, combining both on-site and online code, says O’Toole. “I do believe that in three years we won’t talk about SOA or SaaS,” he adds. “It will just be how IT is done.”

There are still problems to be addressed regarding SaaS integration, however. While facts and figures may pass between on-demand applications and on-premise infrastructure easily enough as a result of standards-based SOA, the business context for that data is harder to deal with.

“Semantic interoperability is the elephant in the room,” says Robert Schneider. “No SaaS provider, without direct consultation, can solve the mismatch between the various ways business applications read and produce XML documents.”

Master data management may be the solution to this problem, says Schneider. But for most organisations this hurdle will limit which applications can be consumed as on-demand services, even as they adopt SOA management techniques.

Level crossing

If on-demand software services are to be built into applications, and become the building blocks of business-critical systems, service-level agreements between providers and customers will become all the more critical.

Following its well-publicised outage in 2005, was quick to establish, a page on its web site where users can check the performance of the servers that host their applications.

Given that CRM is a fairly discrete application that rarely needs sub-second response times, information on whether the server is working or not is all that provides. Similarly, most SaaS providers offer their customers SLAs in terms of uptime only, promising that, if nothing else, the application will be available as close to permanently as they can manage.

But as SaaS mixes with other systems, the terms of SLAs from SaaS providers will have to become more sophisticated. From network performance to security assurance, many factors are at play when building reliable, scalable and resilient hybrid systems.

If a composite application depends on a mix of on-premise software and on-demand services, for example, the response times for the on-demand services must be guaranteed –  otherwise the whole system is in danger of breaking.

This means that the SLAs provided by SaaS providers will have to move beyond rough descriptives such as uptime and take a more business-relevant form, more akin to those established with business process outsourcing providers. To date, this is the exception rather than the norm among SaaS contracts.

Geoff Gilton of COLT believes that the answer to providing application-level SLAs lies in application-level virtualisation. COLT offers SaaS providers, as well as end-user organisations that want to wash their hands of internal application management, a hosting service based on that technological wizardry.

Application-level virtualisation allows the application to be spread across multiple physical servers in a grid computing model. This means the SLAs of application delivery can be maintained, whatever happens to the underlying servers.

Gilton adds that it will be the companies such as COLT with the experience of managing large systems and high-availability networks that will enable the ‘software-plus-services’ methodology. “The ISVs just don’t have the experience to support business-critical systems,” he says. “Look at Google Apps [the search giant’s online applications suite] – the only SLA you get with that is three nines [99.9%] availability.” That is a level many corporates won’t tolerate.

Organisations hoping to deploy hybrid systems should not expect SaaS providers to solve all of their problems: if it is to be profitable, the SaaS business model relies on a limited amount of consultancy and interaction with the customer to be profitable.

Instead, as the adoption of SaaS expands and software services increasingly integrate with on-premise software, businesses would be wise to brush up on the best practices associated with SOA, such as governance, network load-modelling and asynchronous messaging.

This is where Microsoft’s ‘software-plus-services’ strategy looks plausible. While the sincerity of its commitment to the open standards associated with a true SOA is open to debate, the company’s SOA development and management tools are its strong points, according to SOA consultant Robert Schneider.

If that translates into reliable and scalable hybrid software, the company’s offering of a blend of software and services may prove to be the winning formula for applications in the future.

Pete Swabey

Pete Swabey

Pete was Editor of Information Age and head of technology research for Vitesse Media plc from 2005 to 2013, before moving on to be Senior Editor and then Editorial Director at The Economist Intelligence...

Related Topics