Many discussions with our customers have revolved around what the best way would be to sell our AWS EC2 cloud backup and DR management solution. Would it be best to sell it as a Software-as-a-Service (SaaS) solution, where we manage everything in the environment, or as an instance image (AMI) in the AWS Marketplace, where users install the software themselves? Ultimately, we decided to sell the software as an image.
A good portion of cloud management software today is sold as SaaS solutions. You go to a website, subscribe, fill in your credentials, and manage the solution from the vendor’s site. The SaaS method has gained a lot of popularity from the vendors’ side, due to their level of control over operations, however, it may not be the best solution for users and consumers.
Alternatively, the AWS Marketplace has provided a sort of safe haven for consumers in search of more control over their applications and higher levels of security. For companies, in particular, being listed in the AWS Marketplace can significantly boost exposure and trust for potential customers, essentially serving as a notable marketing channel.
In this post, we will discuss the pros and cons of SaaS and AWS Marketplace hosted solutions for both vendors and users who provide or consume cloud management tools.
The SaaS Option
As mentioned above, there are many known advantages to selling an online service via SaaS, the main one being vendors’ complete control over the environment, including performing system updates and making changes. On top of that, a big advantage for SaaS vendors is complete knowledge regarding their customers’ activities (i.e. usage, log-in frequency, how the software is used, etc…), which provides vendors with the business intelligence and information needed to successfully continue development and experiment with various software changes.
From the SaaS users’ perspective, the main advantage is the minimal responsibility required regarding system operations. Users do not have to deal with taking care of anything in terms of features such as security, monitoring, and backup. It is the vendors’ job to care for all of the users’ needs.
Vendors must ensure that they can handle their application operations, including issues such as scalability and availability. Additionally, carrying the cost of free tier models and trial users can become burdensome. More times than not, a substantial portion of management software companies service free users, which is why it is imperative to keep in mind that every free user has an accompanying cost. The software is free for the user, not for the vendor.
From the SaaS users’ perspective, the underlying question is, do you know what is actually happening behind the scenes? Are you sure the software is secure enough when you provide your AWS credentials? Keep the following three points in mind when it comes to security concerns:
- Security – The more information users provide, the higher risks they take in terms of security. It is impossible to truly know how well protected user credentials are once they are in vendors’ hands. Take the sad story of Codespaces, for example, where users lost all of their data due to the fact that their AWS credentials were compromised. This demonstrates what a lack of good security management by an application vendor can cause.
- Integration – A problem arises if your applications need to communicate with SaaS APIs. Most of the instances in the cloud are located in protected networks, virtual private clouds (VPC), and subnets, which are not widely accessible from the outside, if at all. For that matter, applications, or services inside the IT environment, need to interact with SaaS applications (i.e. backup software needs to connect to users’ databases).
- Upgrades – While upgrades are easy for vendors, in the SaaS environment, if a user does not want an upgrade, in most cases they do not have much of a choice. It takes time to learn the ins and outs of software solutions, so even the slightest changes, adding a feature here, or removing one there, can be a real nuisance for users. Additionally, upgrades can present bugs in the system, which generally tend to happen at the most crucial of moments. If users have control over their software, they can decide to upgrade during quiet times when there are minimal risks for complications.
The AWS Marketplace Option
The AWS Marketplace is an IT and B2B oriented space that provides software solutions for users. Having a service listed in the Marketplace says a lot about the quality of the service, which benefits both the vendors and users.
Below are a few advantages and disadvantages for software vendors and consumers that choose to make use of the AWS marketplace:
- Cost – Leveraging the fact that their customers take part in service operations, AWS Marketplace vendors can provide their services at a lower cost than SaaS vendors
- Trust – Customers trust vendors that are listed in the marketplace. Every service’s internal security is tested by AWS before being listed in the marketplace, which ensures that users have passwords. As a result, all vendors must make sure there are no back doors open or static passwords which could raise suspicion. If AWS trusts you, you’re doing something right.
- Billing – AWS Marketplace vendors do not manage their own billing, rather they have AWS Marketplace do the billing for them. As a result of the vendors not having to build and maintain their own billing infrastructure, they save time and money.
- Ease of Use – It is much easier for customers to apply the listed software images to their applications by simply clicking on a button and paying for the service as a part of their AWS bill.
- Security – This option removes the significant risks associated with SaaS, such as providing sensitive information to vendors. In addition, users have better control over the situation. They can decide who has access with a security group, close it down if necessary, manage their operations inside the VPC, and be much more strict. The fact that potential customers can simply click and begin using a service within the known AWS environment provides a sense of security and trust.
In order for customers to run software from an AWS Marketplace image, they need to own instances. This means that they have to deploy, configure and monitor within the environment to ensure that it is constantly running.
From the application vendor’s perspective, customers need to run the service on their own instances, which includes some hosting and operation costs on their end. For example, in order to back up an instance used to run a marketplace solution, an additional instance is needed. If your application is well built, you have the option of using multi-tenancy to become more flexible.
AWS Marketplace Wins? The CPM Example
Install N2W’s CPM
N2Ws’ Cloud Protection Manager (CPM) is available in the AWS Marketplace as an AMI. The image software is installed into users environments, then they pay for the CPM subscription, accompanying instances, and storage.
Users can currently subscribe to the CPM service via AWS Marketplace. There is virtually no risk involved seeing as you can stop a product or service at any time with the click of a button. Purchasing products in the AWS Marketplace is as easy as selecting the desired product, agreeing to the terms of license and cost, then simply launching an instance from the image. You can only launch an instance once you are subscribed to the product. In order to launch the image, you need to decide the instance at hand’s location, availability zone, and region. Afterwards, it can be connected by means of a browser and configured with the four-stage wizard. Users are simply required to put in their credentials, create a root user, and let the CPM configure itself. Once done with the wizard, everything can be handled from a web UI: you connect to the instance using a web browser, log-in with the registered credentials, and manage everything from the web UI. Similar to that of a SaaS solution, nothing has to be installed by the end client.
N2Ws’ software is basically compiled into an AWS AMI then configured and connected to a customer’s internal services or application database. Once it’s done, however, everything can be packed into a new AMI image, and the back-end work is completed. The software can be purchased without notifying N2Ws. Comparatively, with SaaS, users have to provide information about their AWS environment, as well as payment method, and go through a configuration process. In terms of backup, N2Ws is equipped with a special backup policy for the CPM server, itself, and monitoring can be performed with any specific tools in the AWS environment. All in all, utilizing N2Ws provides many advantages and is commensurate with SaaS.
Due to the extremely strict rules and guidelines associated with how enterprise-grade companies use their credentials, we, at N2Ws, find that it is unlikely that they would use a SaaS solution for the type of cloud backup and recovery services we provide. Securely backing up sensitive data requires strict security policies. The minimum permissions needed for credentials, aside from seeing all of the environment, include utilizing snapshots (creating and deleting). The hackers that infiltrated the CodeSpaces environment back in June, not only got a hold of valuable information, they also deleted all of the company’s EBS snapshots. While it is possible to have credentials that don’t kill or launch an instance, sometimes these permissions are needed for data recovery.
There are many pros associated with SaaS solutions, however, in today’s B2B technology world, it seems like SaaS is not necessarily the preferable option. If you are deploying an open source project that has commercial support, you have much more control as a user. If you are working with the right in-house team that focuses on maintaining the environment, your option might even be better than SaaS. With all of these considerations in mind, we still believe that there is room to grow, and plan on further developing our own offering to provide a SaaS edition that will ease our customers’ operations.