Introduction

  Software as a Service (Saas), also known as cloud-based computing, is changing the way in which web applications works for various services required by the user. Rather than utilizing local resources, these applications are made capable to use the resources where it is deployed. By having a framework like MaxBlox to build SaaS based Apps, a perfectly scalable, secure and more reliable web application can be made and deployed within a few days of time.

  MaxBlox is a complete application development platform on SaaS. In simple terms, it can create tables, pages without the need for coding. The underlying tables and pages for these tables will become automatically available for the users in the system based on the security settings. On top of these already created tables and pages, customizable Reports and Dashboards, Workflow Rules, Logging, Menus, Queries can be created. This effort is so seamless that this drastically reduces the amount of time and cost necessary for any web application to get created and deployed.

  This whitepaper talks about the MaxBlox architecture and how the various features are implemented in such a way that it facilitates better performance and scalability for the application. Various aspects like Hardware, Software and System requirements will be explained in detail in the following topics.

MaxBlox Overview

  MaxBlox is architected for flexibility and ease of use. The entire system is based on a comprehensive Metadata structure. This allows any part of the application to be modified without altering code. This increases the quality of the application being created. Many standard functions that would be coded in applications are treated as objects and stored in databases. Pages for example are dynamically rendered by looking at the object definition in the Metadata.

  MaxBlox is built using standard Microsoft technology, such as VB.NET, MS SQL Server, MS IIS, etc. Hence it is very reliable and does not have unusual technology issues. The support for these products is provided by a large vendor. The application can also be easily extended using these same technologies.                        

  MaxBlox is built as a multi-tenant architecture. The code can be run as a single instance on a server, with individual customer instances residing within a single database on a different server. Alternatively, it is also possible to have multiple code instances that connect to one or more database instances.

  MaxBlox is entirely web-based using HTML as the rendering language. Users can logon from within the fire wall or from outside the company if it is exposed to the internet. All code is shared and centralized. Code components can be added to the application if customization is required.

  The application sign-on module keeps user sign-on information in a separate database and appropriately routes the user access to the right database. Once logged in, the user security compares the access rights for the user against the object and only presents the right menus, pages, etc to the user.

  The application is extendable by means of scripts and variables to do more complex activities.

MaxBlox Architecture

  MaxBlox is based on the Software as a Service (SaaS) model that facilitates better scalability using its inherent cloud based architecture.

  One working definition for SaaS can be “Software deployed as a hosted service and accessed over the Internet." In Simple terms, SaaS applications provide a centralized, network-based access to data with less overhead than is possible when using a locally-installed application. Here, the data and the application that works on the data are placed at different locations communication to each other. They are served to the user as a service as requested. This also helps to share the load and to avoid the usage of local resources usage for application delivery. Let’s see each of the SaaS’ core features separately.

Multi-Tenancy

  Conceptually, this refers to the ability of an application to behave differently based on the underlying data for each tenant who uses the application. Each tenant will be provided with his own data-application share for a unique experience per tenant. Technically, this refers to the way of maintaining the data for each SaaS customer, also known as tenant. SaaS, by default, supports following ways for doing this.     

  It starts from a point where each customer/tenant has a separated database, where the data is kept, to a point where the entire customer’s data is kept in a single database, single schema.

Separate Databases

  Storing tenant data in separate databases is the simplest approach to data isolation.

Shared Database, Separate Schemas

  Another approach involves housing multiple tenants in the same database, with each tenant having its own set of tables that are grouped into a schema created specifically for the tenant.

Shared Database, Shared Schema

  A third approach involves using the same database and the same set of tables to host multiple tenants' data. A given table can include records from multiple tenants stored in any order; a Tenant ID column associates every record with the appropriate tenant.

  Among the above configurations, MaxBlox supports Separate Database as well as the separate schema configurations. All the data maintained for MaxBlox are uniquely identifiable by each row. Fail-safe algorithm like GUID is being used in the row id generation logic for MaxBlox, thus making it unique within 10 million transactions. This, in turn, is used to maintain the relationship between records in different tables making the bond unbreakable even if the data gets modified in whatever way possible.

Scalability

  One of the import aspects of any web app is that it should be able to support as many customers as possible. This means that the application should automatically scale to meet the needs of increasing number of customer base.

  In SaaS model, Scalability is a feature inherited from Multi-tenancy. As the application being developed works on its own part of the data, the application can support any number of clients at any given instant. The only limitation that comes immediately in to the picture is the web server’s capability to handle the requests and the database storage capacity. These limitations can be easily overcome by having multiple database instances and increasing the web server’s support for handling web requests.

Meta-data

  In simple words, Meta-data is the data about the data, a key MaxBlox technology, which makes it possible to create applications just with collections of meta-data. Here, all the information that can be used to customize the application as well as the objects defined in the system is maintained as meta-data. One of the advantages of this model is that, by using simple point-and-click configuration, it becomes possible to create sophisticated applications without code. As a result, meta-data lets users unfamiliar with programming actually create applications, while it speeds development for experienced programmers.

  Significantly, the use of metadata also creates an implicit boundary between an application and the platform, which is essential for the multi-tenant model. As applications are customized and extended, new versions of the application can be rolled out without affecting the end user— all applications and integrations continue to run without modification and the deployment process never delays the release of new functionality.

Security

  Various security aspects of the MaxBlox application from different perspectives are covered in the sections below.

Database Security:

  An important benefit of a SaaS application is that it is inherently able to connect to the relevant tenant and other tenants are automatically disconnected in a single session. Once MaxBlox makes a connection to a single tenant after the login process, key aspects of that particular database is carried over to the connection details level, thereby automatically avoiding the chance of overlapping connection.

  Apart from this, the database server itself is protected by IP filters that allow connections only from the servers that run the applications and services. This is in turn controlled by configuring the security to the port level. All other connections to the database server from any other servers will be rejected automatically and instantly. All the database connections are also logged to enable tracking and auditing in case of any unusual activity.

User Login:

  As any other standard web application, in MaxBlox, the User login is facilitated through HTTP POST calls carried over secure HTTPS channel. The MaxBlox portal login pages are protected with security standards that can reject Cross Site scripting (XSS) attacks and SQL injection possibilities.

  An advantage of having MaxBlox running over SaaS architecture is that, the login related databases are maintained in separate servers and individual security tuning can be done at this server and database level. These databases are usually made to run on separate auditing frequency and at a different level of security scrutiny.

Role level Security:

  Typically, access to resources and business functions in a SaaS application is managed by using roles that map to specific job functions within an organization. Each role is given one or more permission that enables users assigned to the role to perform actions in accordance with any relevant business rules.

  Roles are managed within the application itself; they can contain individual user accounts. Individual user accounts can be assigned several different roles as required.

  Depending on the roles to which a user is assigned, he or she is granted one or more permissions to perform specific operations or actions. These actions typically map directly to important business functions, or to the management of the application itself. For example, a purchasing application might include permissions for creating, submitting, approving, and rejecting purchase orders; an application for mortgage brokers might include permissions for checking a borrower's credit and granting a loan; and so forth. A single permission can be assigned to one or several roles, as necessary; each user will be granted the union of the permissions assigned to all roles to which the user belongs.

Functional Security

  The menus, pages and the mode of the pages inside MaxBlox portal goes through an addition security configuration that enables the compensation administrator to control what users will view once they are inside the application. These aspects of the pages can be typically vary the page’s visibility to the other extend whether the page can be edited by the user or just viewing it. More and more aspects of the pages as well as the records and being included in the security module to facilitate better data and UI control.

Row owner security

  Every record in the system is owned by the user who creates the record. The ownership of a record can be transferred to another user, if the administrator has provided the ability to do so. This security structure implies that the system knows who created, who modified and who owns each record in the system.

  On top of this structure a comprehensive business unit related security configuration is setup, so that the administrator can decide the record visibility at each record level. The configurations facilitate security at Unit level, Units and Subunits level and at the self-level, where a Unit can be anything that represents the security structure in an organization. For example, their security structure might be based on Territory and for others it might be the User’s role itself.

AD Integration

  Business owners will have the peace of mind that all entry points to applications and data are kept at one single location within a secure AD Directory of the windows with the company's user policy, password-policy in mind. This helps user policies should be dictated by the business owners not by the software vendors.

  The AD Integration feature enables users to log in to the MaxBlox using their user-account credentials from the Active Directory service provider, based on their Active Directory group membership.

  1. SIngle      Sign-On

  Single sign-on (SSO) is mechanism whereby a single action of user authentication and authorization can permit a user to access all other application where he has access permission, without the need to enter multiple passwords. Single sign-on reduces human error, a major component of systems failure and is therefore highly desirable.

  MaxBlox is integrated with Salesforce.com and has the ability to view the screens from Salesforce.com. Customer would only require to login to his Salesforce.com account and need not login separately into MaxBlox. Salesforce.com identity is passed to the MaxBlox and the login handler in MaxBlox authenticates the user and allow the access to the application.

MaxBlox Mobile

  The cloud architecture facilitated easy development and adaptability to technological changes and support for newer devices like mobiles and tablets. MaxBlox is now having the prototype applications ready for mobile and tablets and it will be available to the customers soon. Here are some screenshots of the mobile prototype.

MaxBlox Mobile Architecture

  MaxBlox DB Server is the same component that works behind the MaxBlox Client and MaxBlox Web portal serving the data. In additional to that, there is an API and Mobile server deployment that serves the mobile pages to the various devices. In some of the scenarios, the API server and Mobile App server will be multiple servers and can be of different configurations.

API Server requirements

Category

Options

Server Operating Systems

Windows 2008 R2 Server

Web Server (Optional)

IIS Version 6.0 and higher

API Language

C#, .Net Framework Version 2.0

Mobile Framework

jQuery Mobile


MaxBlox Integration Architecture

  All the integration features in MaxBlox are powered by data integration software, QXchange by CellarStone. The main advantage of using this data layer is that as and when a new Data source is supported in QXchange, it becomes inherently available to MaxBlox to get supported without significant architectural changes.

  QXchange communicates to each and every data sources using a modular component names Data access Plug-in. Once of the data access plug-in is MaxBlox itself, which facilitates data transfer between any QXchange supported data source and MaxBlox.

Messaging Implementation in Calculation process

  MaxBlox incorporates an architecture involving messaging to use the power of other servers to run processes for large volumes. This architecture is designed in such a way that the process work load can be distributed across multiple servers as per the dynamic needs of an organization. This facilitates easy scalability and optimized performance in generating the results for large demands.

MaxBlox Messaging Architecture where queue handlers run multiple calc processes

Queue Manager

  As soon as a request for calculation process is received, the Queue manager will split the jobs based on the number of queue handler and the number of payees in an organization. The internal algorithm is intelligent enough to know the busy handlers and will balance the load across the handlers equally. Once the sequence of jobs is determined for a handler, the manager will send the jobs as messages to the respective Queue handlers.

Queue handler

  Queue handlers are the recipients waiting for the messages from the Queue Manager. Once the message is received, Queue Handler will invoke the calculation process for a batch, as conveyed through the message. The statistical information for each of this batch process will get updated in the database as it happens. Once the job is done, the message is removed from the queue.

Batch Processing in Queue handlers

  The queue Handlers are inherently able to invoke multiple jobs in several threads. This in turn is decided by the settings configured in the system. For example, if a handler receives a job queue for 1000 users, based on the configuration setting, the queue handler will execute the calculation process of 100 users in multiple threads and will start executing each and every other payee in the queue, as and when a thread calculation completes. This feature allows MaxBlox to intelligently decide and invoke multiple calculation process and in effective utilization of the hardware resources available.

MaxBlox Environments

MaxBlox is deployable in one of the following ways.

  • On-Premise Installation
  • Hosted Environment – VPS – Multiple Databases
  • Hosted Environment – VPS – Single Database
  • Hosted Environment – Multi-tenant Environment

On-Premise Installation

  This is the method in which the MaxBlox client will be installed in your local premises. The MaxBlox customer will be responsible for the maintenance and upgrades in this approach. The database maintenance and backup process also has to execute on the premises by the customers it. Different user groups may have access to separate apps in a multi-tenant environment.

Hosted Environment VPS Multiple Databases

  In this method, a secure server will be allotted to multiple customers and the security of the access can be customized to a certain level. The numbers of databases in a server is decided based on the performance, similarities in the account setup and the data to be handled. Upgrades, maintenance and backups will be maintained by the vendor itself.

Hosted Environment VPS Single Database

  This is similar to the above hosted setup, except the fact that the server is provided to one single customer and the security can be controlled to a maximum extend. This is recommended for those who has the high volume of data and that needs more processing power dedicated to the organization.

  Here are few of the typical Hardware configurations that we deploy for our MaxBlox variants.

Configuration 1

Operating System

Windows Server 2008R2 Standard 64-bit

Processor

Intel(R) Xeon(R) CPU E31220 @ 3.10 GHZ 3.10 GHZ

RAM      

12 GB

Hard-disk space

1,000 GB (2 x 1,000 SATA) RAID Software RAID 1

Configuration 2

Operating System

Windows Server 2008R2 Standard 64-bit

Processor

Intel(R) Xeon(R) CPU E5506 @ 2.13 GHZ

RAM      

8 GB

Hard-disk space

1,000 GB Simple

Configuration 3

Operating System

Windows Server 2008R2 Standard 64-bit

Processor

Quad-Core AMD Opteron(tm) Processor 1352

RAM      

4 GB DDR3 ECC

Hard-disk space

750 GB SCSI Disk Device

Hosted Environment Multi-tenant Environment

In this method, each account uses one or more applications within a multi-tenant hosted environment.

Conclusion

  MaxBlox is a powerful, scalable and flexible application platform software. MaxBlox’s architecture is designed to accommodate complex applications with minimal effort. It is highly customizable with minimal administrational changes.