Factors That Will Shape and Influence Your SaaS Design and Architecture

- ctepl

Understanding the factors that influence your SaaS Design and Architecture

The Software-as-a-Service (SaaS) delivery model has been garnering a lot of attention lately, thanks to the flexibility, scalability, security, cost-efficiency, and platform-agnostic support it brings to the table in diverse and challenging environments.

This blog gives you an empirical analysis of the factors that will influence and impact your SaaS design and architecture in the preliminary stages of its development and the long haul, irrespective of the stack of services it supports.

Your SaaS Architecture design must embrace these key factors.

Tenant Isolation

Single-tenant or multi-tenant isolation offers many advantages when it comes to data and code portability, usage-based scalability, infrastructure components, and customized database & application management.

  • Multiple DB instances ensure the isolation of user-profiles, data, and computing resources while they share the web and services layers.
  • Tenant isolation with silos features separately deployed functions for each tenant
  • Tenant isolation with policies features tenant role-based functions deployment.
  • Tenant token isolation happens based on tokens acquired during runtime.

At the application level, a single URL is used by end-users to access an application, while automatic inference is made to individual tenants with the username, thus avoiding name clashes.

At the database level, the tenant ID is defined for a table by the SaaS provider. The tenant can access the relevant database with only the data, security features, and resources relevant to the tenant ID.

At the infrastructure level, only the hardware, files, programs, sessions, utility functions, and other computing resources/activities relevant to the tenant are mapped to the tenant account.


  • Prevents cross-tenant access
  • Secures customer IP against unauthorized access
  • Ensures adherence to compliance standards for data, end-users, sessions, and process flows


Here are some of the security considerations for your SaaS architecture design.

Infrastructure Security (Systems, Hosts, and Network)

Implement controlled infrastructure access mechanisms and rules at different checkpoints.

  • Security Groups
  • Role-based access to infra resources
  • Audit Command Language
  • Access & Policy Servers – Firewalls, Network Admission control services
  • VPN
  • Private Subnets
  • Secure protocols
  • Infrastructure Hardening

Application Security

This is achieved by the ideal implementation of authorization and authentication check tools, identity brokers, and identity providers (AWS Cognito).

Database Security

Implement role-based access management, data segregation, and encryption.

Information Security

Ensure that only the relevant information is accessible to end-users, and information flow is encrypted.

Features for Information at Rest

  • Disk encryption
  • Field-level encryption for data at rest
  • Programmatic deletion of customer’s data after the lapse of the data retention period (Data deletion policy)

Features for Information in Transit

  • HTTPS connections
  • Web Service Calls and IPS
  • Secured servers (transit data storage)
  • IAM
  • Time synchronization using central NTP


Auto-scaling uses load balancers to address issues with load distribution, server responsiveness, unexpected data influx, storage underutilization or overutilization, and continued availability.

Predictive scaling helps automatically scale the compute capacity in advance for traffic changes using ML technology.

Automatic scaling automatically increases the size of your Auto Scaling group when the demand goes up and vice versa. As the capacity changes, the EC2 instances being added or removed get registered or deregistered with the load balancer.

The AWS Elastic Load Balancer automatically distributes incoming application traffic across multiple targets like AWS EC2 instances, containers, IP addresses, and provider functions based on availability zones.

RDS Storage Auto Scaling automatically scales storage capacity in alignment to growing database workloads, with zero downtime or unutilized resources.

Application Monitoring

This service helps track tenant application performance, developer access to resources and authentication to services, system availability, and performance. Application performance monitoring using services like Cloudwatch, RDS DB Insights, cross-tenant event tracking, application logs, and data audit trail using services like AWS CloudWatch, and logs monitoring with AWS elastic search and Kibana leverage the application monitoring process.

Infrastructure Availability

The clients can gauge the availability of resources for better infrastructure utilization by the users logged in.

Access Monitoring

Monitoring using logs can capture multiple login attempts, unusual activity patterns, and data movement to report access-based incidents and implement auto-blocking.


The event history of your SaaS account activity, including actions taken through the Management Console, the SaaS SDKs, command-line tools, etc. monitors infrastructure performance in services like AWS CloudTrail.


DevOps is a de facto standard that ensures innovation, adaptability, visibility, closer collaboration, security, and agility in the CI/CD pipeline for development, testing, staging, production, auditing, reviewing, event logging and managing the entire project cycle seamlessly.

AWS CodePipeline, CodeBuild, and CodeDeploy are DevOps services from Amazon.

Here’s why DevOps is important for your SaaS architecture design.

  • Enables continuous and uninterrupted delivery
  • The scalability of the SaaS applications can be ramped up to unprecedented levels
  • Resiliency can be ingrained into the developmental process itself, thus producing a final product that is customer-ready
  • Offers functional and practical scalability, resilience and uninterrupted delivery
  • Zero planned downtime is achieved by rolling deployments across clusters, availability zones, and regions
  • Software iterations get streamlined, and team collaborations are leveraged


Analytics provide insights to the customers so that data-driven business decisions can drive innovation and scale (AWS Quicksight is an analytics tool).

SaaS analytics can help with the following:

  • Risk estimation for software releases
  • Historical data analysis and data pattern study
  • Application and availability monitoring using HTTP pings
  • Mobile, web browser, and synthetic analytics
  • Network, server, cloud, user-experience, and infrastructure analysis
  • Visualization of network environment dependencies
  • Failover and load-balancing checks
  • Caching & Buffering analysis
  • Response time assessment
  • Define delay periods for automatic failovers
  • Reporting based on MTTR, incident frequency, and other metrics
  • System processes insights (like CPU steal time)
  • Root-cause & impact analysis

Billing Process Automation

Billing in SaaS is done for tiers packaged and priced based on subscriptions (daily, monthly, or annually) and functionality-based package levels (basic, advanced, professional) based on the usage analytics of a tenant that is collected.

Resource utilization to a defined limit and throttling once the limit is reached is an auto-scaling strategy followed by SaaS providers. Some of the most effectuve throttling mechanisms include:

  • Rejecting individual users who have used up their periodic API capacity
  • Suspending, deferring or degrading a functionality for non-essential services
  • Control activity volume using load-leveling

Siloed Partitioning Model

Here the tenant is charged for usage of the isolated infrastructure. The two key billing types include service provider accounts billing and VPC billing.

Pooled Model

Here, each resource type may need a different cost aggregation approach for individual tenant pools. An activity-to-consumption mapping is essential to this model, while event logging for each tenant helps derive a cost equation.


Tenant consumption and activity metrics like bandwidth, storage usage, number of users, etc. are taken into consideration for this model.

Tenant-based Sizing

The infrastructural resources package upgrade or downgrade should be flexible based on tenant sizing needs and approved activity levels. Calculations of compute consumption and analysis of storage costs are essential to determine the sizing and scale.


It is important to note that there is no “one size fits all” implementation for SaaS solutions. The unique needs of customers, vendors, businesses, and markets shape the strategy, tools, frameworks, patterns, practices, technology stack, etc. accounted for in a given environment.

    Let’s Connect

    Thank you for your interest in Cambridge Technology and our services. Please fill out the form below or
    e-mail us at sales@ctepl.com and we will get back to you soon regarding your request.

    I'm not a robot: 55 + = 65