How does one achieve five 9’s (99.999%) uptime or better in today’s crazy IT world?  Easy.  Have backups for your backups and have at least two of everything.

Okay, so maybe it’s easier said than done and perhaps that is an egregious oversimplification. The bottom line, however, is basically that’s how AssurX has achieved not five 9’s but a perfect 100% uptime for CATSWeb OnDemand systems for two years running.

We have multiple redundancies in all our critical infrastructure systems: at least two of everything.  We have everything from multiple pipes to the Internet to multiple fire suppression systems.  There are multiples of all server types; web servers, application servers, database servers, backup servers. There are multiples of all components of the servers; multiple drives in RAID arrays, multiple network cards, multiple power supplies, multiple CPUs.   There are redundant monitoring systems, monitoring internally and externally the availability of CATSWeb and we are notified immediately when something is wrong.  Fortunately (knock on wood), we’ve yet to experience this scenario outside of testing.

Our data center is the same way.  There are redundant heating and cooling systems, redundant fire suppression systems, redundant UPS systems, redundant generators and everything is in “hot standby” mode, meaning if one fails, the other takes over without missing a beat.   The network employs at least three major telecom providers for separate and redundant backbones to the Internet.

To someone unfamiliar with the true meaning of “mission critical”, all this sounds like overkill. Doesn’t having two (or more) of everything make life more difficult?  Simple answer is, yes, life is more complicated with two of everything.  There are the requirements of extra space, extra maintenance, extra power consumption, extra time for install/management/decommission of software packages and extra man hours spent working on all these redundant systems.  Does it make financial sense?  Absolutely!  Just the same as one has homeowner’s insurance, car insurance, health insurance or life insurance, what redundancy means to an IT department is data and connectivity insurance.  For hosted systems like CATSWeb OnDemand, it means happy customers who always get to their data, day or night.  For IT guys like me it means peaceful, easy sleep and less hair loss.

At the end of the day, the simple fact is that AssurX has achieved something truly difficult in the IT world; 100% uptime, two years running.  This is something major players, like Yahoo, eBay, Google, Amazon and many others cannot claim.  We are proud of our commitment to hosting CATSWeb for our customers and will continue to implement new and better ways to achieve and maintain the best possible uptime numbers and availability as we forge ahead.

In the IT world, there is ever that security pendulum that either seems to move toward ease of use or toward restrictive control.  Users typically tend towards the “ease of use” end of the spectrum because who wants to remember yet another password?  And who wants to install complicated VPN software or jump through extra authentication hoops? Conversely, IT folks (like me) tend to believe in restrictive control, in complicated passwords as possible, extra authentication hoops and logging everything that happens over an established connection.

With the advent of SaaS (Software as a Service), security becomes all the more critical in terms of both the user of the service and the administrator of the environment providing that service.  The beautiful thing about SaaS offerings like CATSWeb is that they are completely web based through HTML.  This makes life much easier for all parties.  From the user side, CATSWeb requires no special VPN software, nothing downloaded to the client computer and no local certificate store to verify a user’s identity  only  a web address and a password.  From the IT standpoint, all machines involved in providing CATSWeb SaaS are completely locked down to two ports of traffic; an IT dream come true.  Users will either be coming into a hosted CATSWeb environment via HTTP (port 80) or HTTPS (port 443). For securing a server to the world, only having to deal with two ports is about as simple a scenario as exists in the IT industry.

Because CATSWeb traffic is only on two ports, our servers are locked down completely, with those two ports being monitored constantly through the firewall, protected by live scanning anti-virus solutions and safeguarded by managed IDS (Intrusion Detection) systems.  Add to that all web traffic is logged from start to finish and you’ve got as bulletproof a server system as can be found.  And then we get to CATSWeb itself.

Within CATSWeb, AssurX has included additional security tools to ensure that your data is safe.  First, each customer company has their own unique, individual database not shared by anyone else. If a customer chooses to require SSL for accessing their CATSWeb database, this ensures that all traffic to and from that database is encrypted.  System access is automatically logged for easy review, including the IP address from where the traffic originated.

The rest we leave up to users.   I guess that’s where CATSWeb SaaS becomes a two-pendulum system. The “server security pendulum” we’ve chosen to swing as far toward restrictive control as possible.  The “user access pendulum” we leave to the users of CATSWeb.  An administrator in a CATSWeb system can set their own requirements for passwords for their users, establish their own session parameters such as session length and inactivity timeouts and much, much more.  This will allow any given SaaS CATSWeb system to have security anywhere along the user access pendulum, from easy to restrictive, based on what your requirements are.

And so it is with Information Technology.  No one knows for sure what it was originally called but it seems to have origins defined by its first name…or was its name defined by the origins?  In the mid-90’s, when it was more an idea than a practice, we called it simply “hosted software”. Many dismissed it as “future-talk” and speculation, thinking few would actually ever pay to “rent” software over the Internet. But those of us in the industry thought it was brilliant.  A “win-win”, if you will.  Software companies able to make continuous streams of income and consumer companies able to cut back IT costs and never have to worry about upgrades, hardware and the other nightmares of running a mission critical application.

In the late 90’s, it became known as ASP or “Application Service Provider” and the media had caught wind of something new.  To date, this was the most popular term coined and was the most widely used. There were over 20,000 mentions of ASP in the press in the year 2000. When we began offering CATSWeb OnDemand in 2000, we considered it an ASP offering and some of the internal (behind the scenes) components are still branded with the ASP nomenclature.  As ourselves users of ASP’s poster child Salesforce, we thought the model had great potential and it helped us tremendously when our IT department was in its adolescence.

Coined shortly after ASP around the early 2000’s, some in the industry heard the term SaaS or “Software as a Service”. By 2003 or so this term began to build popularity and momentum as the new buzzword for hosted software. In 2005 SaaS overtook ASP as the acronym of choice and in 2007 there was a peak of over 10,000 press mentions of SaaS.  The industry by-and-large still refers to hosted applications as SaaS. We consider CATSWeb OnDemand a SaaS application and refer to it as such currently.

Now there is a new buzzword on the horizon that is rapidly gaining popularity and serves to define the newest generation of hosted applications: “cloud-computing” or simply “cloud”.  Cloud is basically the same business model, the same pros and cons and the same major players, like Salesforce and WebEx among many others. Same old idea, shiny new name.  And if history is any indication, we’ll see “cloud” gain in popularity until it peaks and another new term is coined to define this industry niche.

I guess the bottom line in all of this is that AssurX has a strong, time-tested, customer-proven hosted offering in our CATSWeb OnDemand product.  And frankly, we don’t care whether it’s referred to as “hosted software”, ASP, SaaS, cloud computing or the next new thing, whatever that may be.  We still intend to offer our software for customer use over the Internet for as long as people want to use it that way.  We will always strive to better our offerings, our uptime, our security and our reputation in this hosted model and be frontrunners in providing the best features and reliability with the best dollar for dollar value in the industry.

“Hosted software by any other name, would still accomplish the same”.

In the IT world, there is ever that security pendulum that either seems to move toward ease of use or toward restrictive control.  Users typically tend towards the “ease of use” end of the spectrum because who wants to remember yet another password?  And who wants to install complicated VPN software or jump through extra authentication hoops? Conversely, IT folks (like me) tend to believe in restrictive control, in complicated passwords as possible, extra authentication hoops and logging everything that happens over an established connection.

With the advent of SaaS (Software as a Service), security becomes all the more critical in terms of both the user of the service and the administrator of the environment providing that service.  The beautiful thing about SaaS offerings like CATSWeb is that they are completely web based through HTML.  This makes life much easier for all parties.  From the user side, CATSWeb requires no special VPN software, nothing downloaded to the client computer and no local certificate store to verify a user’s identity ­ only  a web address and a password.  From the IT standpoint, all machines involved in providing CATSWeb SaaS are completely locked down to two ports of traffic; an IT dream come true.  Users will either be coming into a hosted CATSWeb environment via HTTP (port 80) or HTTPS (port 443). For securing a server to the world, only having to deal with two ports is about as simple a scenario as exists in the IT industry.

Because CATSWeb traffic is only on two ports, our servers are locked down completely, with those two ports being monitored constantly through the firewall, protected by live scanning anti-virus solutions and safeguarded by managed IDS (Intrusion Detection) systems.  Add to that all web traffic is logged from start to finish and you’ve got as bulletproof a server system as can be found.  And then we get to CATSWeb itself.

Within CATSWeb, AssurX has included additional security tools to ensure that your data is safe.  First, each customer company has their own unique, individual database not shared by anyone else. If a customer chooses to require SSL for accessing their CATSWeb database, this ensures that all traffic to and from that database is encrypted.  System access is automatically logged for easy review, including the IP address from where the traffic originated.

The rest we leave up to users.   I guess that’s where CATSWeb SaaS becomes a two-pendulum system. The “server security pendulum” we’ve chosen to swing as far toward restrictive control as possible.  The “user access pendulum” we leave to the users of CATSWeb.  An administrator in a CATSWeb system can set their own requirements for passwords for their users, establish their own session parameters such as session length and inactivity timeouts and much, much more.  This will allow any given SaaS CATSWeb system to have security anywhere along the user access pendulum, from easy to restrictive, based on what your requirements are.