What is an application service providers ASPs and what are its implementations?

Poor adoption and diffusion of ASP

Supported by much hype surrounding the ASP business model, it was interesting to observe the rapid decline in the fortunes of numerous ASPs by mid-2001. Despite spending vast amounts of money on advertising and marketing, SMBs (the target customer market) remained unconvinced about the value of using ASPs, especially as procuring commodity applications (e-mail) on a price per seat/per month basis offered them few business benefits (Ekanayaka et al., 2002). But using ASPs for more complex software applications hosting exposed the customer to additional risks such as data security infringement and theft (Currie, 2003a). The first phase of the ASP market was therefore characterized by flawed and failed e-Business models (Hagel, 2002), with few paying customers, resulting in the demise of numerous ASPs. One by one, ASPs went out of business. Cable & Wireless a-Services™, a subsidiary of the parent firm which began by offering Microsoft Office/Exchange™ products and services on a hosted delivery model closed in November 2001. Similarly, Aristasoft, a Silicon Valley-based ASP, serving the high-technology equipment manufacturing sector closed. Pandesic, e-Carisma, Futurelink, also went out of business. USinternetworking, considered to be one of the major ASPs, went into Chapter 11 in the USA. All these firms shared the same problem of failing to build a sufficient customer base to generate enough revenues for a sustainable business.

Our research study identified five key performance areas (KPAs) which business value could be created for the customer (Currie, 2003). They are: delivery and enablement, management and operations, integration, client/vendor relationships and business transformation. Whilst it is outside the scope of the present chapter to discuss the findings of this study, the key reasons behind the poor adoption and diffusion of the ASP model are as follows. First, few ASPs clearly understood the customer requirements of their targeted product/service and/or sector. Many ASPs adopted the position that customers would pay for a hosted software application given their need for 24 × 7 delivery and enablement. This was clearly misguided. Findings suggest that few customers were concerned about the anytime, anyplace, anywhere (the Martini) approach to software delivery and access. Rather, customers were more concerned about their data security and integrity. Trusting their data to a third party was not a simple matter, particularly a start-up firm with few customer reference sites. Second, few ASPs offered mission-critical software applications. Most offered simple collaboration tools (i.e. e-mail and office suites). Potential customers could not see any additional business value in paying for a hosted office suite, particularly when the leading ISV charged extra for this service even where the customer was already using the suppliers’ products! Indeed, the one-to-many model simply became same-for-all, with no discernable benefits. Third, ASPs found that collaboration tools were not sufficient to generate revenues, unless they could scale the application to adequate numbers (i.e. thousands of paying customers). Few managed to achieve this. To the extent that some ASPs managed to offer simple collaboration tools to customers who did not wish to manage this particular technology in-house, the revenue streams flowing from this service were poor. But more customers meant more staff for the ASP, and more staff increased costs. Coupled with this, it was not easy for ASPs to convince potential customers about the advantages of ASP. Whilst the IT industry could easily engage in a dialogue among itself about the intricacies of the ASP solution, the average small, non-IT firm was often confused about e-Business offerings, and few had even heard of the term ASP. In fact, one SMB IT manager believed that the ASP acronym stood for ‘Active Server Pages!’.

As ASPs continued to go out of business, service provider firms that survived the fallout re-positioned themselves within the technology sector. To some extent, ASP became synonymous with dot.com failure. As a result, ‘ASPs’ re-labelled themselves using terms like: managed service providers, application infrastructure providers and Web service providers.3 The proliferation of ASPs by the end of the 1990s was clearly unsustainable. Too many ASPs in an immature industry dictated that only a few, with convincing business models, having achieved first mover advantage, would survive. But like most industries, increasing maturity leads to consolidation, with only a few market leaders (Marks and Werrell, 2003).

Recognizing the need to add value to the customer, the second phase of the ASP market must address important issues from resolving data security problems to offering integrated and interoperable e-Business solutions. Web services are one of the latest developments from the technology sector claiming to offer a new paradigm for connecting business processes independent of their underlying implementation. Unlike the first phase of the ASP market, Web services are designed to extend the life of legacy systems. They represent a new approach to the perennial problem of integrating disparate applications within or between organizations. The next section introduces the concept of Web services, in the context of their potential to provide the ‘missing link’ in the drive to create on-demand e-Business models.

6.5.6.2 ASP services

The ASP can fulfil different roles each of them offering different business models. Mostly, an ASP will offer several of activities mentioned here and make its money from a combination of the business models presented here [18]. The ASP could be a software vendors itself, the marketplace owner or an independent provider.

The ASP may own and maintain the software (component) and charge licence fees to the users. The charges can be base on various license models depending on his relation to the customer. The customer can hold a permanent licence for unlimited access (maybe for a limited time) to the software as the standard model. More flexible approaches such as pay-per-time, pay-per-use combined with a monthly base fee or software bundling are more advanced options.

The ASP may host the software (i.e. execute it on his machines) and provide access via the Internet or a private network for the customer. Additionally, the ASP takes care of maintaining hardware, software, and other services, e.g. doing backups. Depending on the security and availability, the ASP can guarantee the customer has to pay a monthly fee.

The ASP may host and/or own data-related services such as the component directory mentioned above or any other kind of online database. Access to such a service may be charged on a transaction base or as by monthly fee. A variant of this model would be data push services where the ASP automatically provides data to the customer without letting the client explicitly ask for it (e.g. stock quotes). Charging models are similar to the latter case.

If the ASP has programming competency it can also offer customisation and integration services. This means that it is responsible for writing software that connects the ASP’s server site application with the ones running locally in the clients network.

As the ASP is able collect user data it can use this information to make money by selling it (e.g. by using data mining techniques, see below)

2.5.2 Hosted by the vendor

In the vendor-hosted model, all of the hardware belongs to the vendor and is at their facility. Your users connect to the vendor’s servers to run the application. Depending on your contract with the vendor, you might have dedicated servers or you might have a virtual server hosted by a shared physical server. Unless you represent a very, very large installation, then you probably won’t have servers dedicated to you.

There are several different terms for applications that are hosted by the vendor. One such term is ASP—Application Service Provider. Another is SaaS—Software as a Service. Another term is “software on demand.” As with much of the IT industry, the specifics of vendor-hosted applications are in a constant state of flux. Specific definitions for ASP and SaaS are provided in the following sections.

6.4.5.2 Clients – Fat and Thin

Most new web-based engineering applications adopt architectures that range from thin clients to fat ones. A client is simply an application located on a local PC that uses a separate server for a variety of functions. Thin clients rely on a server to carry out the bulk of the data processing, whilst fat clients have the local PC doing the majority of the processing. There are advantages to each architecture depending on the application area.

The following sections outline some application areas that use various forms of clients for interactivity.

Hazard and risk assessment

In the area of risk assessment for land-use planning, web-based risk management tools are available for local government authorities to make impact assessments of hazardous scenarios via shortcut or detailed model estimates. Decision support facilities are also available. Such a system is seen in Figure 5 [9]. These are purely web-based server side applications with dynamic generation of web pages to the client.

Figure 5. Web-based risk assessment

Other applications include web-based expert systems for workplace hazards identification and assessment such as the e-Compliance Assistance Tools from OSHA [10].

RISK ASSOCIATED WITH AN ASP SOLUTION

There are real risks associated with an ASP solution as well as perceived risks that may or may not be valid. Of course, if they are valid in the mind of the end user decision-maker, they are valid. The greatest real risk is that the ASP or their third party computer goes down or an Internet line is not available. This can truly disrupt maintenance operations. However, the same risk exists with an in-house installed system, where the computer or client-server can go down and communications can be lost. It is possible that the ASP will react to this situation faster than in-house IT personnel because they have many end users and more at stake.

There are several perceived risks, foremost of which is the security. People may feel that their data is not secure, because it is on a database somewhere other than their own computer. This is simply not true. An ASP will take many more precautions with data security than most internal IT departments. The ASP will have a firewall protecting their clients' data from any unauthorized access. They will use various protection techniques such as secure passwords and numerical security tokens with constantly changing numerical passwords. With current Internet security technology, it may be safe to state that the data is more secure on the ASP host computer than it is on the client computer.

Uptime or reliability is also a risk. Most ASP suppliers will guarantee a service level agreement of between 95% and 99% availability. There are planned times when the system will not be available; in this situation, all end users will be notified in advance. System downtime is necessary for data backup, program enhancements, and upgrades and other system maintenance activities. Downtime can also be attributed to telephone line interruptions. To minimize this possibility, it is recommended that, within the plant or facility, an “always on,” high speed Internet connection such as DSL or T1 lines be used.

Data backup and loss of control are two additional perceived risks. ASP data centers are contractually obligated to perform and maintain multiple backups of all data. These backups are performed automatically on a predefined schedule. It is possible that the ASP provides more reliable backup service than many in-house IT groups. Loss of control is a little harder to define and protect against. This is particularly true with large organizations that have a sufficient IT staff to maintain an in-house installed system. In this case IT staff may lose control of the system, but not control of the use of the system, which may be perceived as a greater risk. To counteract this, the contract signed with the ASP should specify how much control the user has and how this control is performed. All issues of a control nature are resolved through the ASP customer support group.

VIII.B. Software and Application

A new choice is becoming available with regard to software applications. ASPs are third-party entities that manage and distribute software-based services and solutions to customers across a wide area network from a central data center. In essence, ASPs are a way for companies to outsource some or almost all aspects of their information technology needs. Software solutions may also be obtained from e-commerce consulting companies, who can also provide intangible services such as consulting, product installation and maintenance. The rapid adoption of Internet technology has opened a whole new competitive environment that enables even the smallest companies to compete effectively against larger competitors. In addition, the Internet has opened new avenues for reaching trading partners of all sizes cost effectively and with minimal or no integration efforts. All of these achievements can be simply reached by deploying offtheshelf software developed by some innovated companies dedicated in the e-commerce territory.

E-commerce software solutions such as transactions management; purchasing management; catalog management; logistics management; warehouse management; customer relationship management; Web hosting; collaboration management between buyers, suppliers, and carriers; etc. all can be acquired directly via e-commerce solution providers and adopted into existing computing environment with relatively few modifications and integration problems.

Conclusion

Cloud services and everything to do with them have become a hot set of buzzwords. There is still, however, a lot of misunderstanding over what they are and what they can offer. Primarily, cloud services are those that are offered in a way that they can be easily accessed from anywhere using standard protocols. These services are extensions on the hosting model that has been around for years and are really natural extensions on ideas that have been around since the 1960s. We have long tried to find ways to use computing resources more economically including time-sharing services going back to the 1960s on mainframes.

The feasibility of virtual systems really came with the ability to have a large amount of memory and disk space as well as multiple processors. The introduction of 64-bit processors brought in the ability to have more than 4G of physical memory which provides a platform to host multiple virtual servers without significant impact to their performance since memory can be more or less dedicated to each virtual machine meaning less swapping of physical memory for virtual memory. All of these factors made it cost effective to be able to partition a single system into multiple virtual systems, allowing customers to create their own server that they could then manage and use as they please.

Once this door was open, all of the other possibilities came flying through. ASPs could better segment their offerings to protect their customers and offer SaaS. Other companies began to see how complex solutions could be handled in the cloud and began to offer easier solutions like word processing and spreadsheets. Of course, the fact that all of this is potentially more cost effective than hosting systems and applications in-house hasn’t hurt at all. There are a number of advantages to going with a cloud-based solution. This isn’t to say that everything is sweetness and light. There are downsides and risks to moving to a cloud-based model as well but we’ll begin talking about some of the risks and how to better mitigate them over the next few chapters.

Case Study 2.1

The first case study will be my own because it’s indicative of many common needs but it’s not a very complicated scenario so it’s a good place to start. I have a small consulting business, in addition to the various other things I do. Like most businesses, I have a need for e-mail, a Web server for presence. Additionally, a calendaring service where I can store all of my appointments and access them from any device I am using, whether it’s one of two laptops I use, my tablet, or my phone. They all use different software and operating systems so I need something that’s standards based.

Additionally, having a way to store data at a remote server so I can access it anywhere from any devices as necessary as well as share with people I need to. As an example, when I finish a chapter in this book and transmit it to my publisher, adding the document to all of the figures for the chapter can make it too large to easily send by way of e-mail, not to mention taking up a lot of space in my e-mail account. Because of that, I sometimes need to upload the collection of files for each chapter and put it somewhere that I can give my editor access to it.

Just to recap, I had the following needs:

E-mail with enough storage that I could use IMAP and keep my messages on the server rather than local.

Web server to have a presence for my business.

Calendaring with the ability to store appointments with the service provider and gain access to them from any of my devices.

Remote, sharable storage.

Web conferencing is a nice to have.

Previously, I had been using a Web hosting provider that offered me e-mail, but I kept bumping up against the storage limit for each mailbox because I receive a lot of e-mail and often send messages with attachments and those attachments add up pretty quickly and take up a lot of space. I was making use of Google for calendaring, but I couldn’t send invites from my own e-mail address. I was also using Web conferencing from a free Web conferencing vendor because it was easy and reliable, and I didn’t have enough of a regular need for it to sign up for a service. All of these solutions together were more or less working, but they didn’t send a solid message to those I was working with that I had my complete act together. As a result, I needed to move to one platform for everything.

I ended up choosing Microsoft Office 365. In addition to resolving all of my needs as outlined above, they provided me with far more storage than I currently have need for as well as the Web conferencing that was a nice to have. Additionally, I get a number of licenses for all of their Office software products. In the end, I pay a little more per year for the service than I was with all of the services cobbled together, but I get a single place to host all of my communications needs and they provide a very functional interface for me to manage my site, including the Web server and e-mail addresses. Figure 2.5 shows the wizard they use to walk people through creating a Web site for their business. The service I am using is targeted at small- to medium-sized businesses, though they also have plans and pricing for larger businesses as well. The one feature that would be nice to have and it’s strange that it’s offered to enterprise customers but not the smaller business who would likely have more need for it, is hosted voice mail. Again, I am making use of a central phone number that gets pointed to a couple of lines that can take care of voice mail for me but having it integrated into my e-mail and other communications systems would be far more convenient.

Npcf_BDTPolicyControl_Create service operation

The Npcf_BDTPolicyControl_Create service operation is used by the NEF (on request from an Application Service Provider) to request a background data transfer policy. The NEF provides an ID of the application service provider, the expected data volume per UE, The number of UE and desired time window. It may also indicate a network area where the UEs are located. The PCF responds with a one or more background data transfer policies and a Background Data Transfer Reference ID. The Reference ID can e.g., be used to request updates of the Background data transfer policy.

ASP model of ERP implementation.

“Rent, don't buy” is a new approach in deploying corporate-wide business-critical applications. Application Service Providers (ASPs) are the companies that rent applications-running platforms, mostly those applications that are very complex and hard to implement (ERP, data warehousing, electronic commerce, customer relationship management). Actually, they emerged recently as a result of an effort to make ERP suite an application platform for small and mid size companies.

Traditional approach in implementing ERP packages was based on a single license for this software that could cost thousands of dollars per seat (mainly between $2000 and $4000), but the real expense was in implementing these programs (consulting, process rework, customization, integration, testing). ERP implementation costs should fall in the range of $3 to $10 per dollar spent on the software itself. Unlike ISP (Internet Service Providers) - the companies that provide Internet access and standard Web hosting, ASPs help companies in such a way that they install, implement and manage complex applications on their sites and bill these services usually on monthly basis. They are providing application hosting services mostly by partnering with software vendors and networking companies. Rental fees include software customization, integration with other back-end systems and ongoing maintenance of the apps at fault-tolerant data centers.

ASP model of renting ERP and other business-critical applications represents an example of virtual business, in fact, this is the version of Business specialization-based model of VE. Companies prefering to focus on their business only may decide to outsource running business applications to another company which is specialized in it - application service provider - ASP. Application and data servers are usually located in ASP company, while applications and data are accessed on remote basis. The main prerequisite for this model of VE is a high-speed and reliable communications backbone.

Introduction

E-mail is the essential killer application of the Internet. Although Web-based commerce, business to business (B2B) transactions, and Application Service Providers (ASPs) have become the latest trends, each of these technologies is dependent upon the e-mail client/server relationship. E-mail has become the “telephone” of Internet-based economy; without e-mail, a business today is as stranded as a business of 50 years ago that lost its telephone connection. Consider that 52 percent of Fortune 500 companies have standardized to Microsoft's Exchange Server for its business solutions (see http://serverwatch.internet.com/reviews/mail-exchange2000_1.html). Increasingly, e-mail has become the preferred means of conducting business transactions. For example, the United States Congress has passed the Electronic Signatures in Global and National Commerce Act. Effective October 2000, e-mail signatures will have the same weight as pen-and-paper signatures, which will enable businesses to close multi-billion dollar deals with properly authenticated e-mail messages. Considering these two facts alone, you can see that e-mail has become critical in the global economy. Unfortunately, now that businesses have become reliant upon e-mail servers, it is possible for e-mail software to become killer applications in an entirely different sense—if they're down, they can kill your business.

There is no clear process defined to help systems administrators, management, and end-users secure their e-mail. This is not to say that no solutions exist; there are many (perhaps even too many) in the market-place—thus, the need for this book. In this introductory chapter, you will learn how e-mail servers work, and about the scope of vulnerabilities and attacks common to e-mail clients and servers. This chapter also provides a summary of the content of the book. First, you will get a brief overview of how e-mail works, and then learn about historical and recent attacks. Although some of these attacks, such as the Robert Morris Internet Worm and the Melissa virus, happened some time ago, much can still be learned from them. Chief among the lessons to learn is that systems administrators need to address system bugs introduced by software manufacturers. The second lesson is that both systems administrators and end-users need to become more aware of the default settings on their clients and servers. This chapter will also discuss the nature of viruses, Trojan horses, worms, and illicit servers.

This book is designed to provide real-world solutions to real-world problems. You will learn how to secure both client and server software from known attacks, and how to take a proactive stance against possible new attacks. From learning about encrypting e-mail messages with Pretty Good Privacy (PGP) to using anti-virus and personal firewall software, to actually securing your operating system from attack, this book is designed to provide a comprehensive solution. Before you learn more about how to scan e-mail attachments and encrypt transmissions, you should first learn about some of the basics.