http://bit.ly/SugarCRMfreeTrial - - - - - Try SugarCRM For Free. No credit card required. Nothing to install. Get up and running in under a minute!
Executive Summary
• Software-as-a-service (SaaS) has evolved over the past 15 years
through three distinct phases: the ASP model, multi-tenant SaaS
and now multi-instance SaaS.
• Hosted applications, in their various forms, offer the main benefit of
eliminating the need for end user organizations to manage technology
infrastructure. However, the level of application access and
control is severely limited with older, proprietary SaaS models.
• A new generation of SaaS is emerging, led by SugarCRM. Called
multi-instance SaaS, this model combines the flexibility and control
associated with on-site software with the ease of deployment and
universal access of SaaS offerings.
• In addition to greater flexibility and control for users inside the Sugar
On-Demand environment, the Multi-Instance model allows for
greater portability between application operating environments.
• This portability lowers risk, and gives end user organizations greater
choice and freedom along the application lifecycle.
Software-as-a-service (SaaS) and cloud computing are hot topics
because they allow companies to better manage their IT investments. As
the concept of hosted applications evolved over the last 15 years, providers
of Customer Relationship Management (CRM) software and customers
alike have embraced the SaaS or on-demand model. There are a lot of
benefits certain organizations will see from SaaS CRM software. But the
SaaS models of the past have also had some drawbacks.
This has now changed. With Sugar On-Demand, SugarCRM is at the forefront
of the third generation of SaaS applications. But before outlining the
unique benefits of Sugar On-Demand, it is important to examine how
SaaS has evolved over the years. And, it is important to note how Sugar
On-Demand solves a lot of the issues and user-related problems inherent
in SaaS software in previous iterations of the model.
2. Sugar On-demand Technical Overview
Executive Summary
• Software-as-a-service (SaaS) has evolved over the past 15 years
through three distinct phases: the ASP model, multi-tenant SaaS
and now multi-instance SaaS.
• Hosted applications, in their various forms, offer the main benefit of
eliminating the need for end user organizations to manage technol-
ogy infrastructure. However, the level of application access and
control is severely limited with older, proprietary SaaS models.
• A new generation of SaaS is emerging, led by SugarCRM. Called
multi-instance SaaS, this model combines the flexibility and control
associated with on-site software with the ease of deployment and
universal access of SaaS offerings.
• In addition to greater flexibility and control for users inside the Sugar
On-Demand environment, the Multi-Instance model allows for
greater portability between application operating environments.
• This portability lowers risk, and gives end user organizations greater
choice and freedom along the application lifecycle.
Software-as-a-service (SaaS) and cloud computing are hot topics
because they allow companies to better manage their IT investments. As
the concept of hosted applications evolved over the last 15 years, provid-
ers of Customer Relationship Management (CRM) software and customers
alike have embraced the SaaS or on-demand model. There are a lot of
benefits certain organizations will see from SaaS CRM software. But the
SaaS models of the past have also had some drawbacks.
This has now changed. With Sugar On-Demand, SugarCRM is at the fore-
front of the third generation of SaaS applications. But before outlining the
unique benefits of Sugar On-Demand, it is important to examine how
SaaS has evolved over the years. And, it is important to note how Sugar
On-Demand solves a lot of the issues and user-related problems inherent
in SaaS software in previous iterations of the model.
1
SugarCRM Technical White Paper
3. Sugar On-demand Technical Overview
The Evolution of On-demand Applications
With the rise of the Internet in the mid-1990s, a few companies emerged
with a new model for delivering software called ASPs (Application Service
Providers). The ASP model was a managed services model, where com-
The ASP model has many
panies bought their licenses as they would if running them on their own downsides. It eliminates
site, but paid additional fees to the ASP to manage and maintain the
applications. These application deployments were managed by the ASP user choices, since users
on a one-to-one basis, and delivered over the pre-broadband internet.
Scale was impossible to reach, and thus these companies faded away.
can usually choose the
application, but not other
The ASP Model components, such as
Pros • Provides a turnkey application system
• Little IT infrastructure needed by end users hardware or network used
• More predictable IT costs in the deployment. Also,
Cons • Expensive in the long run, monolithic, inefficient
• Integration costly or impossible customization is much
• Users have zero ownership of the application
more difficult and
Key Providers • Corio
• USi expensive.
The end of the 1990s brought a new concept of hosted application deliv-
ery. More ubiquitous Internet connectivity and a general understanding
that the web would be the focal point of most software development led
this new model. New advances allowed vendors to create a superset of
an application, and allow many customers to access this superset appli-
cation, rather than have to fully provision a full instance for each customer.
Called “multi-tenancy,” several new application vendors began pushing a
flavor of this concept. CRM providers were at the forefront of this model.
And unlike the ASP model, where the managed service provider was simply
a middleman of sorts, the vendors pushing multi-tenant SaaS products are
both application developer and service provider. The model has some
advantages, in that it allows the vendor to scale operations and manage
customer upgrades and routine maintenance more cost effectively.
However, multi-tenancy as a single deployment choice has drawbacks.
These include limited access to code for end-users, as well as data owner-
ship issues. In essence, multi-tenancy is a form of customer lock-in strategy.
Multi-Tenant SaaS
Pros • Lower subscription costs for end users
• Upgrades are automatic and relatively seamless
• Lower risk than with client/server investments
• Easier administration for SaaS providers
Cons • User has little control over the application
• True customization is impossible
• Integration with other internal systems severely
limited
• Critical data on shared databases/servers outside
the firewall
• Downtimes effect all users
Key Providers • Salesforce.com
• NetSuite
• Microsoft Dynamics Online
2
SugarCRM Technical White Paper
4. Sugar On-demand Technical Overview
In recent years, several shifts have helped evolve on-demand applica-
tions. Open source software, and a general drop in server software costs
coupled with a move toward cloud computing, have opened up a great
opportunity for software providers. Now, companies need not rely on a
multi-tenant architecture to reduce internal costs while also delivering
lower cost software to their customers.
SugarCRM has taken the lead in creating on-demand software offerings
“We believe that the that promote greater user control, as well as flexibility and freedom.
SugarCRM’s use of open source components inside its on-demand infra-
benefits of a multi-tenant structure and its innovative application design have resulted in a highly
scalable, affordable and flexible offering. Users of Sugar On-Demand
architecture (MTA) accrue have greater access to their application from both a customization and
primarily to the vendor. data perspective than users of older multi-tenant SaaS products.
These vendors offer end SugarCRM’s unique approach to vendor-hosted on-demand CRM appli-
cations is called “multi-instance”.
users less flexible
software than a hosted Legacy Multi-Tenant Multi-Instance
model in order to reduce Single datacenter using the Cloud computing using the
Internet as an access pipe for Internet as the platform for
Internet Model
the technical and vendor centric CRM customer centric CRM
applications applications
administrative costs Vendor cloud, partner cloud,
Deployment Options On-demand only
associated with private cloud
Multi-instance dedicated
supporting the unique Database Tenancy Multi-tenant shared database
database
requirements of multiple Development Language
Proprietary with a limited Web-native open source
number of developers (PHP)
customers. MTA is Development Process Proprietary Open
appropriate at the low end APIs Narrow, proprietary Open, standards based
Limited with no database Deep with full database
of the market, where Customization
access access
customers are On-demand Architecture Monolithic Distributed
comfortable deferring to Hardware Proprietary Commodity
the vendor for best Sugar On-Demand: Key Differentiators
practices.”
Sugar’s multi-instance architecture is built upon a template and instance
model. In essence, a master “template” of a version of the application
Peter Goldmacher (Sugar Professional, for example) houses all of the shared portions of the
Cowen and Company Sugar application. Then, “instances” or file sets unique to individual users,
are provisioned as user accounts are generated. These instances enable
greater customization for individual end user deployments versus older
multi-tenant SaaS models.
In addition, Sugar’s multi-instance database concept offers accounts
more control over their data, greater isolation from other accounts, and
heightened security. Sugar’s architecture offers the same benefits
expected in an on-demand application, but with greater customization
capabilities since each account receives their own instance of the data-
base. The benefit of Multi- Instance versus older multi-tenant databases
is illustrated here:
3
SugarCRM Technical White Paper
5. Sugar On-demand Technical Overview
Multi-Tennant vs. Multi-Instance
Your data
Your data
A single, shared database for many user accounts. Multiple, dedicated databases for each user.
Also, multi-instance Saas gives the users greater power in other ways as
well. Upgrades can be performed just as seamlessly as with multi-tenant
SaaS applications. But now users can choose if and when they want to
upgrade to new features. Also, Sugar’s multi-instance SaaS concept
allows users to originate their deployment in the Sugar On-Demand cloud
or in a partner cloud, with the option to move to their deployment to their
own could at any time. Users can also move their deployment between
the Sugar On-Demand cloud and a partner cloud. Or conversely, Sugar
On-Site users can port their deployment to an on-demand model at any
time as well.
4
SugarCRM Technical White Paper
6. Sugar On-demand Technical Overview
Sugar On-Demand And the Sugar Open Cloud
SugarCRM has long seen the importance in developing CRM applica-
tions based on the benefits of open source software and cloud computing.
The Multi-Instance architecture of Sugar On-Demand gives the applica-
tion greater portability between various traditional, SaaS and cloud-based
operating environments such as Microsoft Azure and Amazon EC2.
It is very important to have this kind of flexibility. CRM applications are not
static, they are dynamic integrations of business processes inside Sales,
Support and Marketing organizations and as customers get more mature
in their use of the CRM application, these dynamic integrations become
more complex and move across the different businesses of the organiza-
tion. Application level integration also becomes more complex starting
out with a simple integration between the CRM application and one other
business application to complex integrations with systems in support,
marketing, HR, finance, manufacturing and engineering.
As a customer’s CRM system matures and increases in complexity, the
deployment requirements may change. The customer may want to move
the CRM application from the Sugar On-Demand environment to a part-
ner-managed cloud to be closer where other applications are hosted. Or
the customer may want to move the CRM application on-site in the cus-
tomer’s private cloud to integrate with other on-site applications or to
comply with regulatory and privacy requirements.
Because of the multi-instance database model, customers can seam-
lessly move between these clouds, a flexibility unique to SugarCRM.
This deployment model is made possible and supported by the Sugar
Cloud Console.
Multi-Instance atop the Sugar Open Cloud
Pros • Fast deployment
• Lower risk
• Deep ability to customize, not just configure the
application
• Easier access to your CRM data
• Ensure the uptime, performance and security you
require is in place
• User gains more control over the CRM solution
• User can move the CRM application between
sugar, partner and private cloud
• CRM application evolve with customer’s needs and
maturity level
Cons • None, multi-instance SaaS allows users to reap all
the benefits of SaaS, with all the control and cus-
tomization of an on-site deployment
• Multi-instance SaaS also gives customers the
choice and freedom to move their deployment as
their needs and requirements change
Key Providers • SugarCRM—Sugar Partners including Tata
Communications, Levementum, Plus Consulting,
BT, etc.
5
SugarCRM Technical White Paper
7. Sugar On-demand Technical Overview
Sugar Cloud Console
Sugar Open Cloud—
Sugar Cloud Console is the key component in the multi-instance SaaS
architecture. Cloud Console enables administrators to efficiently manage The Power to Choose
Sugar data centers. As a system management tool it allows these admin-
istrators to provision and manage thousands of SugarCRM instances A CRM system is meant to make your
across one or more clusters in a datacenter. company more flexible and make busi-
ness process easier to execute. So why
Sugar Cloud Console provides the ability to deploy and manage multi- are so many CRM systems so rigid in
ple Sugar instances efficiently while reducing costs associated with terms of how you can deploy them?
creating, supporting, upgrading, and maintaining these instances. For SugarCRM believes its users should have
example, Sugar administrators need to manage various environments the freedom to choose how you deploy
ranging from live instances to production instances to QA/Developer/
and manage your CRM system. Rather
Sandbox instances. They must also manage upgrades and customiza-
than lock customers in to one version, be
tions as they move them from QA into production. In addition, cloud
partners who provide Web applications as part of Sugar On-Demand it on-demand or on-site, customers can
encounter many tasks in provisioning, upgrading, and maintaining all bring an on-demand version on-site easily.
the various customer instances that they host. All these tasks are auto- And conversely, users who wish to make
mated with Cloud Console. their IT concerns more simple, can take an
on-site deployment of SugarCRM into an
on-demand environment.
CREATE MANAGE MONITOR REPORT Many CRM vendors are just now coming
• Application Templates • User Management • License Management • Auditing
• Instance Cloning • Application Testing • System Performance • System Reports
around to this concept. But SugarCRM
• Sandbox • Updates • Activity Reports • Performance Dashboards was one of the first to offer this kind
• Subscription management • Archiving
of flexibility, and have customers take
advantage of this advantage. Companies
like Purchasing Solutions and Brinkman
Beverages have successfully moved
from on-demand to on-site. So, not only
does SugarCRM offer the most cutting
Sugar Professional Sugar Professional Sugar Enterprise Sugar Enterprise Sugar Professional edge SaaS products, but customers can
[Manufacturing] [Telecom] [Technology] [Media] [Public Sector]
always rest assured their CRM system
will fit their needs given SugarCRM’s
Sugar Administrators have a secure login to Cloud Console (CC) to per- unprecedented flexibility.
form all the steps requires to create, manage, monitor and report on all
customer instances on a specific cluster. This login is through a com-
pletely different logical path from how end users access their applications.
6
SugarCRM Technical White Paper
8. Sugar On-demand Technical Overview
SAN/NAS MASTER DB Slave DB
6. CC Server will
send out notifications
to appropriate parties 2. Action jobs are 3. CC Client Node
for certain completed logged in the Actions “wakes up” to check
tasks (installs, module table in the for jobs to run for the 4. CC Client Node attempts
upgrades, etc…) CC Server DB cluster that it runs on to complete its job on the
cluster
CC Clients/Nodes run as
CRON jobs on the cluster
CC Server application server(s)
CC Database
Add Server 1 Add Server n
5. CC Client Node
updates job status as
soon as the task is
completed Switch
Firewall
Load
Balancer
1. CC User creates an action
such as provisioning a new
instance or upgrading an Firewall
existing one
CC User Sugar Pro/Ent User
7
SugarCRM Technical White Paper
9. Sugar On-demand Technical Overview
Sugar On-Demand Architecture
For the Sugar On-Demand environment, SugarCRM has invested millions
of dollars to design and deploy a linearly scalable multi-instance SaaS
architecture. In this architecture, Sugar utilizes the same open source
technologies that power leading companies such as Google and YouTube.
Currently the Sugar On-Demand footprint covers both North America and
Europe with datacenters on both continents and extends to the rest of the
world using an extensive Internet peering infrastructure.
SugarCRM realized early on that relying on the Sugar On-Demand cloud
exclusively would make it is impossible to reach all customers with the
same performance globally. This is why Sugar has partners around the
world who choose to deploy an instance of Sugar On-Demand in their
local market. As of the end of 2009 some of these partners are: Amazon,
British Telecom, Levementum, Microsoft, Plus Consulting, RedPill, Synolia
and Tata Communications.
SugarCRM® Clustering Best Practices NOTES ON ARCHITECTURE
Load Balancers
• Session persistence is required.
• Some SOAP clients do not support cookies. For those SOAP client sessions
persistence must be assured by other methods.
• Sugar® uses NginX and Citrix Netscaler load balancers
Firewall Load Balancer • Memcache is used to assure that PHP sessions are persistent across all
application servers
Application Servers
• Linux/Apache/PHP
• Application servers are identical and can be easily replaced or expanded
• Under load application servers will be CPU bound (PHP)
• APC PHP Accelerator for caching
• Webroot (Sugar application) if located on a shared storage volume
(NAS/SAN) over NFS
• NFS caching tuned for reads
• Apache Mod_Security is recommended
Database Servers
• MySQL in master/slave cluster
• Tables recommended to be in InnoDB format
Application Server Cluster • Under load database servers will be memory and disk bound (MySQL)
Storage
• Shared NAS/SAN volume accessed by web server over NFS
• Sugar application (webroot) is on the shared volume
• Sugar performs mostly reads (80% reads on average, dependent on
use case)
• NFS tuning involves attribute caching. access tim, read and write
block size
Network
• GigabitE is highly recommended
• Trunking/bonding for throughput and high availability (with redundant
Storage Device network paths) is recommended
Database Cluster (NAS/SAN) Sugar supports numerous OS and database variations beyond those listed.
Sugar On-Demand performs proactive monitoring and automated self-
notification of the Company’s application as a means to verify that (a) an
https request can be completed; (b) sessions can effectively be estab-
lished and (c) server response time for the non-customized login page
falls at or under 30 seconds.
The acceptance criteria for the SugarCRM performance stress tests dic-
tates that 80% of all server requests on an unmodified instance are
completed by the server in less than 1 second under sustained load for at
least 4 hours at peak level.
8
SugarCRM Technical White Paper
10. Sugar On-demand Technical Overview
Sugar On-Demand Technical Specifications
Data Architecture
Sugar On-Demand Metrics
SugarCRM guarantees customers a 99.50% service availability and uptime.
Historically SugarCRM has always met and exceeded this service guaran-
tee with an historical service uptime of 99.98577%. Customers can always
request a more detailed report from SugarCRM on the service uptime.
Service Uptime
Guaranteed 99.50%
Historical 99.99%
SugarCRM also monitors average web requests and web server and
database server query response time. In 2009, the Sugar On-Demand
handled an average of 64 web requests per second and had a web server
average response time of 0.94 seconds. The average database server
query response time was 0.09 seconds.
Server Requests
Web requests 64/sec
Web server average response time 0.94 sec
Database server average query response time 0.09 sec
The average number of daily transactions performed by all users in 2009
is 308,975.
Finally as of December 1, 2009, the total following number of records are
stored in the Sugar On-Demand cloud infrastructure:
Number of Records (as of December 1, 2009)
All Records 205,929,279
Accounts 3,605,250
Contacts 5,948,380
Leads 4,149,863
Emails 5,944,915
9
SugarCRM Technical White Paper
11. Sugar On-demand Technical Overview
Privacy in the Sugar On-Demand Environment
Sugar On-Demand does not gather customer private information for the
purpose of dissemination or transfer to third parties. Sugar On-Demand
collects information that pertains to customer licensing, system and ser-
vice performance, and monitoring only. Standard Sugar On-Demand
maintenance practices may require access to the customer’s instance to
address support cases, perform functional checks, and to validate
upgrades. Sugar On-Demand allows the customer to opt-out of standard
Sugar On-Demand maintenance practices unless required to address a
customer support case or customer-raised issues. Sugar On-Demand fol-
lows industry best practices to secure any customer data under its control.
The customer has full ownership and access to data that its users submit
to the Sugar On-Demand service and is responsible for the integrity, legal-
ity, quality and intellectual property of that data. The customer is responsible
for all activities conducted under its accounts and is responsible to abide
by local, national, and international laws with regards to these activities.
Security of the Sugar On-Demand Environment
SugarCRM uses multiple levels of protection and security. SugarCRM
applications are hosted at different Tier 1 data center facilities in around
the world. They are protected by some of the most powerful physical
security available, including 24/7 secured access with motion sensors,
video surveillance and security breach alarms. Production areas are
secured by biometric geometry readers and configured with overhead
cable distribution systems, dual AC and DC power distribution raceways
and anonymous individually locked cabinets. SugarCRM security and
infrastructure components include:
Firewall
SugarCRM firewalls provide proactive threat defense that stops attacks
before they spread through the network, controls network activity and
application traffic, and delivers flexible VPN connectivity. High-
performance intrusion prevention and worm mitigation capabilities further
enhance SugarCRM’s firewall security.
Web Application Security Analyzer
SugarCRM application is further tested by a Web Application Security
Scanner to continuously analyze, isolate and resolve such vulnerabili-
ties as Cross Site Scripting (XSS), Cross Site Request Forging (CSRF),
Code Inclusion, Remote Code Execution, PHP vulnerabilities, Session
injection, etc.
Application Security
SugarCRM employs a Multiversion & Separate Database Instance SaaS
deployment model to provide maximal logical and physical protection
and segregation of the on-demand customers’ data. Every customer’s
access to the application is protected with an individual username and
password. Customers can access their data using any Internet browser
from a PC, Mac, Linux or Unix computer. All communications between
the browser and the Sugar On-Demand infrastructure are SSL encrypted
using the HTTPS protocol.
10
SugarCRM Technical White Paper
12. Sugar On-demand Technical Overview
Physical Security
SugarCRM provides around-the clock critical-incident NOC support for
the production environment through its Operations and Support teams.
Additionally, at the data center qualified technicians are on-site 24 hours
a day, 365 days a year to perform routine maintenance and emergency
installation procedures.
Backup and Redundancy
Database Backup
SugarCRM database backups are encrypted and stored in a datacenter on
a different continent for further risk mitigation in conjunction with any Force
Majeure event. SugarCRM automated database backup procedures store
live and off-line copies of customer data, database, and application files on
a daily basis. SugarCRM will also store encrypted backups at a secure off-
site location until the expiration of the customer’s contract.
Customer Access
Customers can request a weekly backup of their SugarCRM data in
relational database format for storage on their own servers. Upon
request, SugarCRM will provide customers with an FTP account to
download their database backup. All object relationships between
accounts, contacts and opportunities as well as all other fields, remain
intact in this database backup.
Redundancy
The entire Sugar On-Demand facilities’ electrical system has built-in
redundancy to guarantee contiguous operation. The overall system is
N+1 redundant, including each component with a parallel electrical sys-
tem. AC power is delivered via distributed redundant UPS systems
backed by batteries and generators. Every production server utilizes
redundant dual-cord power supply fed by diverse sources.
SugarCRM is a committed open-source enterprise and as such is fully
self-reliant on open source components in its production environment.
Any dependencies on third-party providers of software are minimal or
negligible and SugarCRM staff and operators can fully support all opera-
tional tasks.
11
SugarCRM Technical White Paper
13. Sugar On-demand Technical Overview
Sugar On-Demand International Performance
The following is a result from latency testing from different parts of the
world to the Sugar On-Demand cloud. Results are an average and can
change depending on the ISP used and time of day of the testing. Tests
were last performed in December 2009.
North America Average Latency In milliseconds
Austin, TX 47.3 ms
Chicago, IL 54.8 ms
Miami, FL 94.2 ms
New York, NY 87.9 ms
San Francisco, CA 3.3 ms
Vancouver, BC 43.8 ms
EMEA Average Latency In milliseconds
Amsterdam, NL 10.2 ms
Antwerp, BE 12.2 ms
Copenhagen, DK 20.4 ms
Dublin, IRL 15.1 ms
Haifa, IR 75.7 ms
Krakow, PL 43.7 ms
London, UK 0.9 ms
Madrid, SP 27.4 ms
Manchester, UK 8.7 ms
Moscow, RU 61.7 ms
Munich, DE 25.5 ms
Oslo, NO 24.5 ms
Paris, FR 10.1 ms
ASIA, AUSTRALIA Average Latency In milliseconds
Mumbai, IN 137.4 ms
Sydney, AUS 146.8 ms
Tokyo, JP 99.4 ms
12
SugarCRM Technical White Paper
14. Sugar On-demand Technical Overview
Conclusions
The decision to deploy CRM is an important one. The decision whether to
go with a multi-tenant or multi-instance, cloud-friendly SaaS deployment
is even more important. Customers should look for the most flexible
deployment model that provides with the most options as their CRM
implementation matures and increases in complexity. Fortunately,
SugarCRM gives its customers users the low risk, fast deployments that
other SaaS products do not offer. And it gives users more control over
their deployment, with deep customization capabilities. And while most
SaaS vendors do not give options in terms of moving the deployment
between different clouds (vendor, partner or your private on-site cloud)
that is always available with SugarCRM.
13
SugarCRM Technical White Paper