Beefy Boxes and Bandwidth Generously Provided by pair Networks
No such thing as a small change

Offering a locally hosted solution?

by ghenry (Vicar)
on Jan 15, 2008 at 16:51 UTC ( #662504=perlquestion: print w/replies, xml ) Need Help??

ghenry has asked for the wisdom of the Perl Monks concerning the following question:

Dear Monks,

We currently look after (and wrote) the Flexi Time Manager web application, using Catalyst, Dojo and PostgreSQL.

Our client has mentioned the possibilities of their customers asking for a locally installed version, i.e. the corporate types.

I was thinking of a Xen/VMWare Image style deployment of the server version, or something light that links back to the main site.

What have others done is this situation?


Walking the road to enlightenment... I found a penguin and a camel on the way.....
Fancy a Just ask!!!

Replies are listed 'Best First'.
Re: Offering a locally hosted solution?
by bastard (Hermit) on Jan 16, 2008 at 21:06 UTC

    I've been pondering these questions in anticipation of some stuff i'm working on. Some corporations prefer to have the stuff in-house for a few reasons. These come up alot:
    1. Security - they may feel unconfortable having their data outside the company. it may even be policy
    2. Network outages - if its internal, your site or their network connection going down won't affect the in-house application (unless you use the light frontend that goes back to your servers)

    Thoughts to consider:
    1. How much control do you want to give them in terms of access to the source code and the ability to break things even if well meaning. Will they need to sign an NDA?
    2. How is the application maintained? Do you have a tunnel into their environment to fix things? (will they consider this a security risk?)
    3. How are updates applied? Onsite cdrom/flash drive? Downloads (like IPCop), automatically downloaded and installed? How do you deal with a failed update.
    4. What happens when they want to connect some other system to your database to pull the timesheet data?
    5. Security. What liability is involved if the appliance is the mechanism for the breach. And would the appliance provide a method for securiy breach (see #2 and #3).
    6. Legality - if you have gpl code, you're ok when its a service, when leasing hardware/software youre approaching a greyer area the RMS wanted to kill with GPLv3 (it didn't make it into the final cut)
    7. If your model is based on usage, how do you guarantee you're sending back the appropriate data and a firewall isn't getting in the way.

    I'm personally leaning towards the leased appliance model. You "lease" a box with the software installed on it. Providing in that fee is an "update" subscription service, where the software will poll the update server and pull the encrypted & signed updates down. Perhaps with a web interface for the company admin to decide whne to apply the updates. Of course the leasing is noticably more expensive that the web version (for the updates and support).

    Applications that do some of that I was talking about:
    1. IPCop - downloadable signed updates
    2. Tivo - ideal model in my mind (at least for the hardware end result)
    3. Google search appliance (to they offer the google office apps as an appliance yet?)
    4. Vigilant Minds security appliance - (was originally nessus with a rockin web interface)
    5. and SugarCRM i think also have appliance versions as well.

    You want the corporate types to think of the box you provide like a Tivo, not like software they purchased. In the latter you end up with the companies wanting you (or themselves) to make customizations to the app. Enough of those and you become a development shop and not a service provider.

    Now all that said, the Xen/Vmware image idea might work well. I've dabbled with using a single Xen image on a piece of hardware just to cope with the fact that hardware continually improves and unless you're buying in bulk from Taiwan you're guaranteed to not hav ethe same platform to install on year after year. It will also offer greater flexibility for larger companies who have migrated to a Vmware setup. The downside is that if they stop paying, they can effectively keep the Vmware image and get into it whereas an appliance can be reasonably locked down to make it less likely. (Downloads are something people put little weight WRT to stealing.)

    How does this relate to perl? There are dozens of modules out on cpan that can help with accomplishing the task of remote updates, package signing, etc...


      Thanks for this fantastic answer dratsab. Plenty to think about for when/if a customer asks.

      I'll update this thread when we have more info so others can learn about the techniques we eventually used.

      Walking the road to enlightenment... I found a penguin and a camel on the way.....
      Fancy a Just ask!!!
Re: Offering a locally hosted solution?
by Argel (Prior) on Jan 18, 2008 at 22:00 UTC
    One thing you want to really be careful about is if they have access to the code then they will likely start making changes to it. What invariably happens then is that you will never be able to get them to upgrade to a newer version. With that in mind, I like bastard's suggestion of selling them an appliance (in Re: Offering a locally hosted solution?).
Re: Offering a locally hosted solution?
by aquarium (Curate) on Jan 15, 2008 at 21:24 UTC
    Please elaborate on what this has to do with perl....otherwise you're in the wrong forum.
    the hardest line to type correctly is: stty erase ^H
      I disagree. The deployment, care and feeding of complex Perl applications is absolutely relevant to this forum.


      The web app is all in Perl and I want the local solution to be too. So I'm asking the best way others have done this.

      Walking the road to enlightenment... I found a penguin and a camel on the way.....
      Fancy a Just ask!!!
      if your database is static, then most image/rpm/etc style deployments can work. however, if the database is modified by customers, then db structure upgrades typically cannot be handled by imaging mechanisms...not without some automated startup scripting that is.
      the hardest line to type correctly is: stty erase ^H

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://662504]
Approved by Corion
Front-paged by Corion
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others contemplating the Monastery: (8)
As of 2020-05-26 18:13 GMT
Find Nodes?
    Voting Booth?
    If programming languages were movie genres, Perl would be:

    Results (150 votes). Check out past polls.