How I transformed an On-Premises Product to SaaS based offering

Introduction

I am going to share my experience in transforming an On-Premises SharePoint based Product to a SaaS based offering.

A SharePoint based custom product is designed to install directly on On-Premises SharePoint app server, providing advanced file-based operations, parse SharePoint pages and workflow activities designed to improve business automation. It enhances SharePoint’s native experience with custom actions and events. It is dependent on some third-party software and DLL libraries which is required to be installed on the SharePoint server. Additionally, it supports SOAP based web service for custom development, enabling developers to create customized solutions and automate processes. This product is ideal for organizations looking to maximize their On-Premises SharePoint environment's potential by extending its functionality with powerful, bespoke features. Basically, it is offered as a Commercial Off-The-Shelf (COTS) software that needs to be installed on a Windows server. Organizations must purchase a license to use it.

The diagram shows a product ecosystem, highlighting its various components, interactions, and dependencies. Here's a description of the key components:

SharePoint Application Server

• SharePoint Product: Product installed on the server using windows installer.
• SharePoint DLLs: Product makes use of SharePoint DLLs to do operations on the custom list, libraries, and pages.
• Third Party Software: Third Party software installed as a dependency on the server, providing additional functionalities.
• Event Logs: Product sends all events, errors, and system activities for monitoring and troubleshooting to the windows event logs.

SharePoint Product

• Code Libraries (DLL): Custom DLL libraries that performs core operations and interacts with third party software and SharePoint libraries.
• Web Services: Provides SOAP-based web services that facilitate interactions and data exchange between the SharePoint server and other components.
• Web Interface: It provides user interface for custom settings, configurations, and access functionalities.
• Workflow Activities: Custom-defined workflows activities to design custom SharePoint workflows.
• Custom Actions: Custom actions provided to enhance SharePoint functionalities using simple context menu like interface.

SharePoint Components

• Custom Apps: Custom developed applications that run within the SharePoint environment, providing specific functionalities and solutions. It makes use of SOAP based web services.
• Workflows: Automated processes designed to manage tasks and information flow within the organization. It makes use of custom activities.
• Pages: SharePoint pages where users publish articles and content. Product enhances it productivity by providing ribbon based custom actions.
• Documents: Documents stored in SharePoint document libraries interacts with custom actions.
• InfoPath Forms: Customizable forms created using Microsoft InfoPath, integrated into SharePoint for data collection and workflows.

Users

• Users interact with the SharePoint front end, utilizing custom apps, workflows, pages, documents, and InfoPath forms to perform their tasks and access information.

Why digital transformation was needed?

Buying and using the software product presents several challenges for organizations. Organizations requires a substantial upfront investment for purchasing licenses and often entails additional costs for periodic renewals or upgrades. Deployment and maintenance can be complex and resource-intensive, demanding specialized IT skills and significant manual effort. Scaling a software requires additional hardware and software licenses. Managing updates and upgrades can lead to compatibility issues and downtime.

Product presents several challenges for owners in terms of marketing, distribution and upgrades. Differentiating the product from similar offerings in a competitive market can be difficult. Convincing potential customers that the software can adapt to their specific needs can be difficult at times. Navigating the complexities of distributing software internationally, including compliance with local laws and regulations is not ideal. Moreover, managing support, bug fixes, operating system compatibility can add to the cost and takes a hit on the profitability.

Industry was moving towards the cloud and not supporting a cloud is a major risk of product becoming obsolete in the market place. Due to which a digital transformation of the product was need of the hour. We decided to develop an equivalent SaaS offering, delivering a cloud-based service which is easy to adapt, secure, supports industry standard authentication protocols, that integrates seamlessly with SharePoint Online (M365) and Microsoft Power Platform, while also supporting custom integrations as well as catering to different regions. We all know advantages of SaaS based product. It solves software distribution, managing infrastructure, scaling and usage problems that organizations face.

How SaaS based product looks like?

We redesigned the product for the Cloud by,

a.?Breaking it down into different parts and components

b.?Applied approach from the 7-Rs of cloud migration against each component

c.?Selected suitable Azure services for each component

?

Here is how the end-product looks like in azure landscape.

Following Azure services are used for this solution,

Azure Virtual Machines (VMs) are scalable, on-demand computing instances provided by Microsoft Azure. They enable users to deploy Windows based VM, offering flexibility in choosing sizes, configurations, and operating systems. Using VM which is offered as Infrastructure-as-a-Service (IaaS) was required since we have dependency on installing third party software and DLLs which was not possible on platform-as-a-service (PaaS) services.

We have used VMs in different Zones to keep redundancy and handle HA/DR scenarios. VMs handles the traffic over HTTPs and Load balancer is used to balance the requests. Refactoring of Code Libraries (DLL) was required to support this architecture.

Azure Load Balancer was used distribute incoming traffic across multiple virtual machines to ensure high availability and reliability of endpoints hosted in Azure.

Azure App Service is a fully managed platform-as-a-service (PaaS) offering from Microsoft Azure that enables developers to build, deploy, and scale web apps and APIs quickly and efficiently. It supports multiple programming languages and frameworks. Azure App Service provides built-in autoscaling and load balancing, ensuring high availability and performance. It integrates seamlessly with Azure DevOps for continuous deployment and offers easy integration with Azure SQL Database.

We have deployed our web interface and web services using Azure App Services. The choice to use App Services was due to our existing classic .NET framework-based services and redesigning them for containerization would have required significant development effort.

The service includes various components such as registration pages, login pages, authentication logic, and issuing access tokens and API keys. It also provides REST-based services, as well as a UI for SharePoint add-in and other SharePoint functionalities.

Azure SQL is a fully managed relational database service from Microsoft Azure, designed to provide high performance, scalability, and security for cloud-based applications. We have used azure SQL to store user details, subscription information, usage logs, etc.

Azure Key Vault is a cloud service designed to securely store and manage sensitive information such as encryption keys, secrets, and certificates. We have used key vault to store SSL certificates, Client Secretes, API Keys, Tokens, etc.

Azure Application Gateway is a web traffic load balancer that enables you to manage traffic to your web applications. It also offers Azure Web Application Firewall (WAF) that provides centralized protection of your web applications from common exploits and vulnerabilities. We have used app gateway to give access to the REST based API and a web site over HTTPS. Request coming from azure front door is routed to app service.

Azure Front Door is a scalable and secure entry point for web applications, offering global load balancing and dynamic content acceleration. It routes traffic across various Azure regions, optimizing performance and ensuring high availability by intelligently directing users to the closest or fastest available backend.

We have utilized Azure Front Door primarily to direct traffic based on region, which helps reduce latency by serving requests from the nearest location or region. It identifies the source of the request and routes the traffic to the appropriate app gateway. We have set up resources in three different regions: US East, UK South, and Australia East. Traffic from the EU is handled exclusively by UK-based resources, ensuring compliance with regulations like GDPR by storing data within the respective regions.

Azure DNS is a cloud-based domain name system service that allows you to host your DNS domains in Azure. It provides fast and reliable name resolution by using a global network of name servers, ensuring low latency and high availability. Azure DNS integrates seamlessly with other Azure services. We have used azure DNS to map azure app services with custom domain using CNAME records.

Azure Log Analytics Workspace and Azure Monitor is used to capture logs and events.

Azure DevOps is a suite of development tools and services provided by Microsoft Azure that supports the entire software development lifecycle. We have used Azure Repos for source code management, Azure Pipelines for continuous integration and continuous deployment (CI/CD), Azure Test Plans for automated testing.

Other Considerations,

In addition to the services mentioned above, we have implemented the following principles and configurations in our design:

·? Virtual Network and subnets are used to ensure physical isolation of services.

·??Network Security Groups are applied at the subnet level to restrict inbound and outbound traffic.

·??Web Application Firewall is employed to protect services from external threats.

·??Private endpoints ensure that connections to services remain private and are not accessible from outside.

·??All inbound and outbound traffic uses HTTPS.

·??Services are configured to accept only local traffic and private IPs.

·??All events and diagnostic logs are captured in Blob Storage and Log Analytics Workspace (LAW).

·??Auto-scaling (both horizontal and vertical) is enabled for Virtual Machines and App Services.

·??Automated alerts for usage and critical failures are configured.

Supporting Different Platforms and Services

To expand product reach and increase adaption, our goal was to develop a versatile offering compatible with diverse platforms and systems.

Microsoft Power Platform comprises a suite of low-code/no-code tools enabling users to build custom business applications, automate workflows, analyze data, and create virtual agents. This suite supports Power Apps and Power Automate.

We developed a Custom Connector for the Power Platform using an industry-standard Swagger file, also known as an OpenAPI Specification (OAS). This file format provides a structured and comprehensive method for defining RESTful API endpoints, request and response formats, parameters, authentication methods, and other essential details. Typically written in JSON or YAML, a Swagger file serves as both documentation and an API contract, simplifying integration for developers. Our Connector utilizes the OAuth 2.0 protocol for authentication.

The REST API was designed to facilitate various operations through multiple RESTful endpoints. It can seamlessly integrate with any application that supports APIs, utilizing JSON for requests and responses. Authentication for this API is handled using OAuth 2.0 and API keys.

We developed a SharePoint Add-In (custom application) hosted in the App Store, enhancing SharePoint's functionality by introducing new features to sites and documents. This provider-hosted app interacts with Azure App Service as its backend.

Our Subscription Model was crafted to onboard various customers, offering usage-based pricing and supporting multiple environments and tenants.

Conclusion

In conclusion, we've explored the transformation of on-premises products into cloud-supported SaaS offerings, the utilization of Azure services for designing robust cloud solutions, and the strategic use of REST-based APIs to facilitate integration across diverse platforms and services.