A software solutions provider in health care sector wanted to develop an information management system which could be provided as on-premise installation as well as on SaaS model. The system had to be easily customizable with the capability of adding modules in a plug-and-play manner as well as set access to features for each end customer. While the client had conceptualized the system quite well they lacked the technical skills, or a technology partner, to convert the concept into a robust architecture and a functioning system.
The system to be build had these objectives:
- Deploy on premise as well as provide on SaaS model as required by end customer
- Allow turning modules on or off based on subscription
- Customize modules for particular customers based on their specific needs
- Capability to add custom modules so that they can be seamlessly integrated
- Create a central database of master data that can be shared across modules and customers
- Capability to integrate with external systems
Architecting and designing this system was challenging because of these considerations
- Design system administration so that it is simple enough for on-premise installation yet can handle requirements of a SaaS model
- Share data and control across modules which are built independently
- Create an authorization system which can allow for different sets of security needs for each customer
- Multi-tenant behavior needed
- Provide data isolation so that one customers data does not “cross talk” with others
- Management and maintenance for SaaS model
The solution designed for this application had a master module common to all customers which handled security and subscription information. From this module system administrators can create multiple “tenants” or the software to provide a virtually separate and independent environment called “org” for each customer. The modules subscribed by customer could be added to these orgs separately for each customer. Separate customized or completely new code bases could be easily deployed at system level and added to org level by system administrators. Predefined configuration scripts were created to generate this configuration quickly and easily for on-premise installations.
The system was designed on Service Oriented Architecture (SOA) to enable sharing or information between independent modules. A service broker was created which worked as a mediator between these independent components so they did not have to be aware of each other. This was specifically needed to make the system plug-and-play so as to allow adding of any number of custom components as and when needed.
The authorization system was designed with multiple layers. Access Control Lists (ACLs) could be created for allowing access to features. Users and user groups can be assigned to these ACLs with applicable permission of each user or user group. The ACLs can then be assigned to a feature to which authorization rules have to be set. This way same ACLs can be assigned to multiple features making administration of permission very quick and manageable.
The system was built on Microsoft technologies and third party libraries.
- ASP.NET 4.0 with C#
- Windows Communication Foundation (WCF)
- SQL Server 2012
- Telerik controls