Questions[saas](server)

I have a cloud-based (Amazon AWS, Rackspace, whatever) multi-tenant SaaS application, and I need to support HTTPS communications for multiple unrelated tenant domains.

As an illustrative example, let's say our SaaS is available at:

https://foo.com

Tenants can access their tenant-specific UI and service endpoints via:

https://tenantA.foo.com
https://tenantB.foo.com
...

This is easy to support today with one wildcard SSL certificate.

However, with our SaaS, our tenants may wish to expose our UI (but branded for them) directly to their own users.

This causes a problem: let's say John Smith is an existing customer of tenantA (and has no knowledge of foo.com). If John Smith is directed to https://tenantA.foo.com, they could easily become confused (e.g. 'who the heck is foo.com? Why am I here? Am I being hacked? Aahhh!').

To avoid this problem, our tenants would set up a subdomain like:

https://foo.tenantA.com

This avoids a lot of end-user confusion: tenantA's users can see a URL they recognize as owned by tenantA and will more readily use the app. But tenantA wants us to host everything about the app, which means foo.com's infrastructure needs to serve the SSL connection.

To that end, we want to support the following:

1. A tenant uploads to us an SSL cert+key for foo.tenantA.com.
2. We take that SSL cert and dynamically install it into a highly available Load Balancing cluster (2 or more LB nodes) that load balances requests to our SaaS application web endpoints.
3. The tenant updates their DNS to have foo.tenantA.com be a CNAME redirect to tenantA.foo.com.

This way our Load Balancer pool will serve/terminate all HTTPS communications to foo.tenantA.com and all requests are load balanced to our SaaS web server cluster.

This means SSL certs should be able to be added and removed from the LB pool at runtime. Changes cannot interrupt the ability to service existing or new HTTPS requests.

Also, as we'll deploy on virtualized hardware (e.g. EC2) with Linux, we don't have access to the hardware/data center. This must be a software-based solution that can run in Linux. It must also be highly-available (2 or more LB 'nodes').

Does anyone know of a concrete solution? For example, can Nginx, HAProxy or Squid (or anything else) be set up to support this? Is there a 'recipe' or existing solution that is documented and suitable?

P.S. Amazon's Elastic Load Balancer (at the time of writing) cannot pragmatically satisfy this need - it would require an Amazon ELB for each tenant domain. Since every ELB needs to 'ping' the web servers, if you had 500 tenants, you'd have 500 ELBs pinging the SaaS web service endpoints - a non-negligible negative performance hit.

What online backup tool allows you to:

A) Back up Windows, Linux and optionally Mac desktops and servers to the cloud
B) Do so by first backing up to a central server or appliance
C) Allow restoring from that appliance when possible and if not go to the cloud

For now the best option I have seen is i365 by seagate with an appliance between the local computers and the cloud. I know Microsoft also has an i365 plugin for DPM, as well as an Iron Mountain plugin.

However, I feel that there must be a simpler way to do this. Can any of the "simpler" solutions like Jungle Disk or anything else going to s3, Mozy, Carbonite, Crashplan, etc do this? Thank you

I have looked at similar questions such as this and this, but the answers seem to focus on how to set up virtual hosting. I'm not an expert on it, but I'm more worried about what to do after I have that working. Here's my example:

Let's say I'm a SaaS provider of a service foo. I host at fooservice.com. For each user, they get their own subdomain bob.fooservice.com. I'm pretty sure I can get that part covered. There is lots of documentation on it. Let's also assume that Bob wants the service to appear as a subdomain of his site awesomebob.com. He wants it to be foo.awesomebob.com. I know that what Bob has to do is add a CNAME record from foo.awesomebob.com -> bob.fooservice.com. My question is what do I have to do to make sure that all works on my fooservice server.

1. Do I have to do anything special to make sure that the address bar stays foo.awesomebob.com?
2. How can I make sure that only the CNAME foo.awesomebob.com is able to do the domain mapping? On sites like shopify and wordpress, they make you input the domain that is being used for the mapping through an admin panel. What is going on behind the scenes here?
3. From what I've researched, this would be impossible to do with a single IP address and still have SSL support. Is that correct?

we have some issues with a client-server based application and we would like to better understand client-server communication without going to the software company that sold the application. At least we would like to perform the analysis in parallel.

Can you suggest to me a dummy proof application that we can easily get and install to analyze client-server traffic?

Many thanks!

I was just thinking about how the platform choice effects costs in a SaaS type business.

If you were to choose between Linux and Windows, cost really seems to add up.

Please tell me if I am looking at things correctly.

Licenses wise, if you go with Windows, you will end up paying:

• USD$1K for a Windows 2008 Server license
• USD$10K for an SQL Server standard license.

Now for argument's sake let's say a single server can handle 1,000 users.

That would mean, you have a $11 cost per user for a year. Or you could break it out into maybe 2-3 years until you have to upgrade. So $3-4 /month cost per user.

On the Linux side, if you go with Java/PHP and MySQL, you have $0 license cost overhead.

It seems like this is a very simplistic way of looking at things, am I missing anything?

(Ignoring the productivity side of things, because that is developer specific.)