Tag Archives: SaaS apps

Enterprise 2.0 Innovate 2012 Notes: Bringing SaaS Innovation to the Enterprise

I was pleased to attend Enterprise 2.0 Innovate on the West Coast for the first time. It occurred November 12 – 15 in the Santa Clara Convention Center. Here my notes from this year’s Enterprise 2.0 2012 conference in Boston. Here are my notes from the 2012 session: Bringing SaaS Innovation to the Enterprise, led by Elias Dayeh, Director, Business Operations, Axcient, Inc. and Jeff Teddleton, VP of Operations, Axcient, Inc. Here is the session description.

“As we move from Software economy to the App and API economy, IT needs to adapt the way it works. CIO’s must move from being Chief Infrastructure Officers to “Innovation and Intelligence”. Adopt new technologies, don’t fight them, you can embrace the ever-changing technology landscape to provide business value. Walk through how we moved to SaaS applications, removed capital spend, improved collaboration and refocused the IT team on providing business value.”

Jeff began by saying he is responsible for operations at Axcient and covered how they use SaaS both inside and outside with customers. Axcient provides a hybrid cloud platform for disaster recovery and other use cases.  They are both a SaaS vendor and a SaaS customer.  There are four main issues for SaaS: scalability, flexibility, maintenance, and innovation.  They need to be able to replace their architecture as new issues arise.

Elias took over. He is responsible for internal business operations so he spoke as a Saas customer. He needs a system that can scale to their growth. SaaS allows for this. His requirements are always changing and he gets this flexibility from SaaS. He also does not want to have a big deal with maintenance every time they scale up.

He covered some of the SaaS myths. SaaS does not lock you into a solution. However, it is not the case that there is no money up front but it is less money than in the past. SaaS is also enterprise ready. It is secure. SaaS and the cloud is not the same.

He showed their stack, both current and planned. Salesforce is the centerpiece of their architecture and there are multiple tools surrounding it. They use JIRA for issue tracking. Their tools are built around the Salesforce ecosystem.

He covered his build versus buy decision matrix. Factors include: price, feature set, security, implementation, confidence, company visibility, overall UI, cost savings and you can weight them.  The weights will vary with each application.

Next he offered what works: a defined pan, defined architecture, integrations, development road map, Total Cost of Ownership, context, context, context.  Integrations are a huge factor. He needs to integrate all the apps from each business unit.

He then covered things to avoid. Do not move everything to the cloud at once. Do not take short cuts. Do not use apps and platforms that do not integrate easily. Just because apps are SaaS does not mean they are easy to integrate.

His lessons learned are: do your home work, hammer your vendors to get down to issues in his decision matrix. Not everything has to be SaaS. Work with one vendor at a time. Understand the full relationship life cycle. Have an exit strategy to get the data out. He exports his data outside of Salesforce once a week even though they are happy with it. Plan for the worst and hope for the best.

His integration strategy centers on Salesforce since it is the core platform. He asks about this with all new vendors.  He looks at rather it has to touch Salesforce or can data go through another system to get to it.


Enterprise 2.0 Innovate 2012 Notes: Preventing IT Sprawl

I am pleased to attend Enterprise 2.0 Innovate on the West Coast for the first time. It is occurring November 12 – 15 in the Santa Clara Convention Center. Here my notes from this year’s Enterprise 2.0 2012 conference in Boston. Here are my notes from the session: Preventing IT Sprawl, led by Bernard Golden, Vice President, Enterprise Solutions, enStratus. Here is the session description.

“IT can no longer provide all your technology needs like in the past- nor should they- the new enterprise IT is built from components, some on-premise and some Cloud, glued together by IT. What are the strengths and weaknesses of this approach? How do you navigate successfully the challenge of glueing disparate systems together so you end up in best of breed heaven not best of breed hell. How do you prevent more IT sprawl?”

Bernard said that the cloud sprawl can be an opportunity or a challenge. He talked about the disconnect between users and IT. These tow groups have different images of IT. IT sees itself as dedicated and hard working. Business users see IT as the department of “NO.”  There are too many permissions and too much red tape. Systems are hard to use. They do not scale very well. It takes to long to change things. I get too many bills for stuff I do not understand.

So how does cloud computing play into this disconnect? There are a lot of misunderstandings of cloud computing.  However, it does have a lot of benefits. First, the cloud can provide on-demand self-service that solves the manual process, just like buying a book from Amazon. There is broad network access that gets rid of chunky interfaces. There is resource pooling that solves the scalability problem. There is rapid elasticity that solves the change problem. There is measured service that solves opaque costs. You only pay for what you use.  With all these changes, the IT revolution has arrived.  IT democracy has arrived.

IT now must be a service provider. If it does not move this way IT can be bypassed. With all these advantages what can prevent sprawl? This is a challenge for those who provide services. However, is this a straw man for those who do not like IT democratization?  The problem is that if you put in difficult rules to prevent sprawl people will just walk around the rules to get services elsewhere.

So the question for IT is how to enable the freedom while maintaining some control?  There are five things that can be done: enable agility, provide tools, be a best practices resource, implement company-wide cloud governance, and provide transparent economics.  He then discussed each of these five in more detail.

First, enable agility.  You have to provide self-service. People will not put up with any heavy-handed approval process.  They will go elsewhere. You also need to integrate key application requirements. You need to capture policy within automations (legal, procurement, HR, etc.) so users do not have to deal with them. Only exceptions should trigger manual processes.

Second, provide tools. There needs to be a services catalog. It should reflect tested environments and guide develop behavior. There also needs to be configuration management with pre-configured recipes and commonly used software stacks. There also needs to be cloud management with access controls, scaling, and elasticity. This management needs to apply to any cloud environment.

Third, be a best practice resource. Provide guidance to establish value. You can also get alignment with the directions you want with these practices. Avoid having business users going in the wrong direction out of frustration. Provide education to users. Offer online resources, as well as internal expertise. Attach resources to project teams. Build an internal knowledgebase and make it accessible. All of these things promote consistency.

Fourth, implement company-wide governance. Communicate the rules and then make sure they are enforced. Implement rules within automated tools. Have policy within workflow to avoid having to say “no.” Make sure everyone uses the same tools. Reduce exception handling by defining processes and time boxing them. Know who to blame and recognize alternatives to speed responses.

Fifth, offer transparent economics. Move to charge-backs. It provides signals to guide behavior and aligns cost to value.  Develop true activity based costing (ABC) on a granular basis. You will be benchmarked against direct cloud use. People will look at what Amazon charges for the same service. Be sure to understand your true cost of service or you will get hosed. Provide objective feedback. Give deployment options and their cots. Support user choices and be prepared to support additional costs.

This is all useful advice.

Enterprise 2.0 Innovate 2012 Notes: Living the Hybrid Enterprise

I am pleased to attend Enterprise 2.0 Innovate on the West Coast for the first time. It is occurring November 12 – 15 in Santa Clara Convention Center. Here my notes from this year’s Enterprise 2.0 2012 conference in Boston. Here are my notes from the workshop: Living the Hybrid Enterprise: How to Plan for, Implement, and Manage a Mixed On-Demand and On-Premise Enterprise, led by Josh Greenbaum, Principal, Enterprise Applications Consulting. Here is the workshop description.

“The end of software never happened, but the end of the pure on-premise enterprise is upon us. More and more companies are looking to create a hybrid enterprise that combines the best of on-premise and on-demand software and services. This workshop will help companies identify the right mix of people, process, technology, software and services to help them get started with building and living in a hybrid enterprise.

Defining the Hybrid Enterprise: tales from the front line. The first part of the workshop will showcase examples of hybrid enterprises and discuss the benefits and challenges of a hybrid strategy. Included will be real world examples of how companies mix and match their on-demand and on-premise software and services to meet their business objectives.

 The role of new and old technology in the hybrid enterprise.

This second part of the workshop provided guidance on how companies can evaluate the role of existing and new technologies, software, and services in the hybrid enterprise. This included guidance on how to manage the hybrid opportunity for existing suite and best of breed software as well new and emerging technologies in mobility, analytics, and other key areas.

The hybrid enterprise and the human component. Creating a hybrid enterprise isn’t just a technology decision, it also requires new thinking and processes about how to deploy human resources – both internal and external – in new and different ways. This final part of the workshop will help companies understand the challenges and opportunities that are part of the human element of the hybrid enterprise.”

Josh began open the session that will be a three-part event with panels. First, living in the hybrid enterprise, then implementing the hybrid enterprise, and finally the human factors issues in dealing with the hybrid enterprise. The hybrid enterprise has been a continuous evolution. The cloud started over a dozen years ago.  On-premise and on-demand were kept separate.  We have come a long way in our thinking. However, there are still multiple silos of disconnected functionality. There needs to be a hybrid world with connectivity and integration.

The hybridization of IT is also creating a more hybrid workspace.  There is more accessibility to people and content that is location independent. This will be a PowerPoint free session and I like this approach. However, I may have some name spellings wrong with the absence of PowerPoint and did not get everyone’s name.

Charlene Woo from Varian offered her company as a case example first. Charlene’s company started in the 1940s as one of the first companies in the Silicon Valley and it does medical technologies and is growing. They are a big SAP shop so much technology is on-premise. They recently expanded into talent management solutions. The business wanted the cloud solution and picked SucessFactors. Then SuccessFactors was bought by SAP.  So now they need to support a hybrid solution.

They already had some cloud solutions such as their learning management system but the talent management was the biggest so far.  They have recently gone live with several SuccessFactors modules that are cloud based.  The entre company is using both could and hybrid.  The cloud apps are actually more widespread than the on-premise apps because of the reach of their content. The SuccessFactors system and the learning management system are used by all employees, and even some business partners.

Their mission critical apps such as finance and sales are still on-premise. Their cloud-based talent management apps are fed with employee data from the employee data from the on-premise SAP system. Right now this is a one-way data flow.  They want to move to a more two-way flow.  The impact of moving to the cloud solution has more of an impact on IT than on end users. This is a cultural change for IT. The IT people were used to supporting SAP, and now they were giving up some of the support to the cloud vendor.

There is now a change management concern and insecurity on the part of many IT people. What will happen next?  At the same time, if IT does not meet the business needs, the business will not partner with internal IT and get their own solution. IT needs to adopt new skills and play a different role. They cannot dictate the technology any more.  IT cannot insist on on-premise anymore. There is also a need for new skills. They did implement SuccessFactors with internal staff.

Now HR plays a stronger role in supporting the cloud application rather than IT. HR needed to come up with the resources for this.  This requirement needs to be planned for. They have moved from a recipient of services to a provider. HR is enjoying the freedom of choice that this responsibility brings. However, this additional requirement for resources did not sink in until the system went live.  IT needs to play a leadership role in letting the business anticipate these new requirements.

Working with a cloud vendor is different than working with internal IT. The outside vendor may not know the company culture and goals. They also have different agendas. This requires good oversight of the vendor. IT can play a role here. Need to have a three way partnership of internal IT, internal business unit, and external vendor. IT can add value here.

Next, a three-part panel covered more of the details on hybrid solutions. There

was someone from Box (Dan O’Leary). He works with clients on custom solutions. The next person works for e2open (David Hale) that provides software that support large clients with supply chain solutions like IBM and Boeing. The third person works for Cognizant (Gareth Patterson). He focuses on the strategy of cloud.

Josh asked the panel how to get the cloud connected within the enterprise. What are some of the issues for enterprise versus consumer solutions? The Box guy said the product is easy to launch so the technology is not the hard part. It is more issues like governance that take time. Also how does Box fit within the enterprise stack?

The e2open guy said there service is on-demand and it serves mission critical tasks. So if it goes down, they hear about it quickly.  Single sign on is one key for them, as well as security. Also, how does their service integrate with other enterprise apps?

The Cognizant guy mentioned that many cloud apps have up to 80 integration points. This is a complex task. These integration points can be a major challenge. Do not underestimate this task. Also, you need oversight so large hosting bills do not get run up without an awareness.

The Box guy said their goal is to be the enterprise content layer. That drives their cloud strategy. Each organization needs to keep their main strategy in mind when dealing with the cloud.

The e2open guy tried to explain the cloud to his son and his wife mentioned time-sharing from 40 years ago. This stuff is not new. Users should not have to care where a service is located. The panel agreed that there are hybrid aspects to most situations.  This reminds me of how Fats Domino said that rock and roll was just a new marketing strategy for rhythm and blues. This is the case for many technology “changes” and yet, at the same time, there are some new aspects, new audiences, and some new contexts just as there was with rock and roll.

The Box guy said one important issue is how to classify data and content as what needs to be secure. This is especially an issue with the type of unstructured data that Box supports.  Their clients need to do this. When new employees come to Box, the first thing they get is a two-hour security briefing.  They also let their clients know about the risks within the cloud.  The e2open guy that they specify that certain types of data should not be sent to then to put in the cloud. The Box guy said that one of their main use cases is to replace Drop Box when there has been a security leak.

The Box guy said there is a Cloud Security Alliance that has certification criteria. It’s mission statement is to “To promote the use of best practices for providing security assurance within Cloud Computing, and provide education on the uses of Cloud Computing to help secure all other forms of computing.”

The Cognizant guy said that in his company no one monitors his Drop Box and his Box usage is monitored.  Josh said there is only so much you can do for security and people can go around safe guards if they want to do this.  The Box guy talked the balance of ease of use and security. First, he said do not compare to perfect but to alternatives. Box allows clients to control access. Personally, he has access to forty systems with single sign on but he also has three-factor security.

After the break, the Paul Brody, CTO of Social Communication Company (Sococo), demoed a team collaboration space that provides for ongoing virtual connection.  Sococo Teamspace. We can see all of his colleagues on the right and their status. You can see a map of their company in a virtual space and see where everyone is located.  There are individual offices and conference rooms.

Everyone has an avatar and it tells you about the state of the person. For example, if you put on your headset that means you are available for audio.  You can see when he is talking and how far the voice goes. He can close his door to let everyone knows they have to knock on his door to hear what he is saying. He brought someone into his office for a conversation just by tapping on his avatar.

With the virtual office you can see what everyone is doing all day long. If the door is open you can drop in on conversations. If the door is closed you have to knock.  The virtual office does not have to map to the actual physical office so you have freedom to design the virtual environment anyway you want. There can be private spaces that others cannot see.  It also works on the iPhone and they are working on other mobile devices.

You can share things on a screen in a virtual conference room. They can also integrate apps like Salesforce and Box.  Everyone in the room can see the screen and the content it portrays. This sharing can occur in an office or a conference room. The virtual space can be designed to reflect work flow with different rooms have names for steps in the workflow. Video can be portrayed, including the other people in the conversation.

Next, Tony Bryne from the Real Story Group and Gareth Patterson joined the Sococo guy to form a panel. Tony said the key issue is less the visualization of the environment but rather embedding the right communication services in the app.  United communications needs to be aligned to tasks. Tony liked the simplicity of the visualization in the Sococo app as that degree of realism might distract in the enterprise environment.

The Sococo guy said that communication services needs to be a layer that underlies all apps. I would agree. All communication tools are derivative of the telephone. They are transactional and you do not see context. We need new metaphors that is why they created their visualization.

Gareth said that there has been a shift in building a company toward pulling together services and starting quickly.  There is trend toward to good enough sooner rather than perfect that takes along time. Traditional IT wanted perfect which got in the way of possible.

The Sococo guy said that every new customer wants a pilot for 30 – 60 days. They can set up a pilot in a few minutes and they can quickly modify it.  So you can fail fast and refine what you need.

Josh said that the word culture keeps coming up. Tony said that we need to humanize the digital workplace. As software tools were developed it was often assumed that people were robots. This is why people go offline often. We need to make people more effective in their jobs rather than try to change their behavior.

Gareth said we need to redo corporate IT. People there are often bored because there are too many obstacles. Josh wondered if IT will shrink or shift. People do not say they do not need IT any more. Josh gave the example of the replacement of Wang word processors with PCs. Some people thought there would be no more secretaries. Actually some roles and skills simply shifted but headcount did not go down.

I was involved in a study of the office of the future for a pharma company that was moving its home office around the time this shift occurred. They were planning their resource requirements for the new location. The company did change and went from a one to one manager to secretary model to a dramatic reduction in the number of secretaries as they moved to a one secretary to many managers model. I am not sure this applies to IT but I do want to offer a counter to the analogy. I wonder how much the cloud and the rise of business self-service will affect corporate IT headcount. Maybe they will get jobs in the business units supporting self-service.

It was a useful panel that raised a lot of issues to consider.

Enterprise 2.0 Innovate 2012 Notes: The Right Way to Select Emerging Technologies for the Enterprise – Part One

I am pleased to attend Enterprise 2.0 Innovate on the West Coast for the first time. It is occurring November 12 – 15 in the Santa Clara Convention Center. Here my notes from this year’s Enterprise 2.0 2012 conference in Boston. Here are my notes from the workshop: The Right Way to Select Emerging Technologies for the Enterprise led by Tony Byrne, President Real Story Group. Here is the description.

“The accelerating pace of enterprise technology change offers unprecedented opportunities – along with major stress — for business and IT leaders alike.  Business units looking to exploit new opportunities presented by emerging technologies has given rise to “Shadow IT” and the broad proliferation of tools and suppliers in the enterprise.  Obvious gains in short-term agility have been accompanied by longer-term architectural and sustainability challenges. Designed for enterprise architects, IT planners, and tech-savvy business leaders, this workshop will help you get out in front of emerging technologies.  It will offer you tools to pro-actively identify which technologies will bring the most business value in your specific environment, as well as the savvy to avoid common pitfalls. The workshop will examine the challenge and benefits of emerging technologies in particular technology segments where business and IT interests overlap – and sometimes come into conflict.”

Prior to the session Tony and I were talking about tools used to support SharePoint. I had seen a survey that reported that the top three tools to support social in SharePoint were Yammer at 19%, Newgator at 10%, and Jive at 4%. Tony mentioned that there are three ways to supplement SharePoint in the social space. You can extend it by building your own. You can supplement it through tools like Newsgator, and you can complement it with tools like Yammer and Jive. I found this distinction very useful.

Tony said he is going to offer a means to select technologies for the enterprise. This is the mission of Real Story Group. They only work with customers of vendors and not the vendors themselves, giving them more independence.  There are four traditional approaches to selecting software that often do not work. First, love at first sight. Second, horse race approach – who is leading in the magic quadrant. Third, my cousin Vinne approach – my friend uses it so it must be good. Fourth is happiness is a strong set of requirements. So you create a big checklist.

The best way is to embed your selection within you own unique requirements. You need to get out in front of emerging business needs.  You need to identify common areas where business units are self-procuring to find common solutions. You also need to understand the business use cases.

He began with a discussion of the transition from the intranet to the digital workplace. The consumerization of IT relates to this.  People come to work not excited about their tools but focused on their tasks. The digital workplace goes way beyond traditional intranets to offer many more capabilities that focus on getting work tasks done.

There are two ways to look at this. There is the traditional enterprise architecture approach. The second way is the user experience approach or “glass backwards.”  This bottom up view is increasingly more important.  You need to do both. The bottom up approach often leads to self-procurement if the enterprise IT services do not meet their needs. Activity streams that are emerged in the work process can be very useful like Salesforce Chatter for Salesforce users. However, this can led to siloed activities.

Next Tony covered platforms vs. products. Consumerization of IT means that apps need to be simpler and more agile. There are a whole range of offerings that vary from comprehensive platforms to simple individual products. Microsoft published some data that for every dollar spent on SharePoint, 6 – 9 dollars were spent on services, making SharePoint a platform, not a product. Platforms are more costly but also more comprehensive. With enough time and money you can get SharePoint to do almost anything. This opens up a lot of business for the system integrators. With products, tools work right away.

Tony passed out a very useful product map using the subway system metaphor. You can download it from the Real Story site for free. He said that ROI justifications are growing each year. There are four main categories, revenue creation, increased productivity, reduce costs, increased culture. Software companies now tend to do better on only one or two.

He offered eleven standard use cases for social technologies.  No one is doing all of them nor is any vendor capable of supporting all of them. Two main groups of use cases are collaborate (work jointly) and network (connect outside a specific goal).  This is more of a continuum than a distinction. He offered some examples. The first was a Q&A app designed to help employees find answers to their questions. The second was ideation and innovation support. Next, was project-oriented collaboration. There are also knowledge management, external collaboration, communities, expertise location, enterprise networking, socializing legacy processes, and enterprise conversation.  These uses cases seem to be a better way to evaluate tools that features like blogs, wikis, etc. This is true especially, if you pick the use cases that are important to your organization.

Entitlements are another important issue. Who is allowed to do what? Groups and roles are often as important as individuals in these access. This is important for scaling in a large enterprise.

He showed social as a separate tab in an enterprise stack. This is too isolated. Social should be a service and not a space. I agree. Social should be a layer and not a module. Activity streams that range over all apps can serve this purpose.  Several vendors are attempting to do this but more progress needs to be made. A key question is how these apps work in a mobile environment. The integration needs to carry over to mobile and it often does not.  The big vendors want to own the whole stack but this will be hard to do.

There are four buckets: platforms, suites, layers, and specialists. In the platforms Microsoft is good at collaboration, IBM on communities and expertise location, and Oracle on socializing legacy processes. Since the big guys do not cover all use cases, there is a rise of specialists to cover the soft spots. IBM is also trying to embed Connections capabilities in some of their other enterprise apps.

Tony next covered versions of the cloud: IaaS, PaaS, SaaS, and managed hosting.  Tony mentioned that most apps are not built for the cloud. For example, Microsoft SharePoint was not built this way originally.  So there is a hybrid model as to what gets shared and what does not.  Microsoft decided to move their own stuff to the cloud. It got very complex with many custom apps to get to the hybrid model. It cost as much as they saved. A big issue is the fact that most transitions are not in a green field environment so there is much old stuff to overcome.  If you do have a green field, like some small businesses, it is easier. For very large enterprises, it gets more complex.

Now there are also cloud file sharing vendors like Drop Box, Google Apps, and Box. Some companies turn off these capabilities on enterprise systems to deny access. In these cases, people go home and use them on their own devices outside enterprise security because they are easier to use than tools like SharePoint. IT cannot stop this. This raises a lot of security issues.  Individuals have access but the enterprise cannot get access unless it signs an enterprise agreement with the vendor. It is important for IT to get in front of this issue so the right tool gets selected with an enterprise view and not just what happens bottom up. The use cases are a good way to start. Box and Accellion cover a lot of them.  Box is cloud only. Accellion offers cloud, hybrid, and on-premise.

Next we took a break and there is enough to read in one post so I will continue this soon in a second post.

The riddle is solved! Plugins 3 Framework for Atlassian On-Premise AND OnDemand

Just received a googlegroup mail that is too good to not share, from Don Brown, Atlassian’s engineer extraordinaire, and in his current incarnation, Atlassian’s “remote app”, eh hem, PLUGINS 3 Framework Design Architect!

He and his team (including Bob, Sam, Yon) finally solved the riddle – the riddle of:

providing a single application development AND deployment framework for both on-premise and OnDemand instantiations of Atlassian’s platforms (i.e., Confluence, JIRA, etc.).

It was a riddle that rattled long and hard in recent months, and really since the release of Atlassian OnDemand (and months before … over a year ago!).

The answer: Introducing Atlassian Plugins 3 Framework!

While I could summarize, sometimes emails are left best in the perfect state that they came in as.

This is one of them.

—-Original Message—–

From: atlassian-remoteapps-dev@googlegroups.com [mailto:atlassian-remoteapps-dev@googlegroups.com] On Behalf Of Don Brown
Sent: Monday, August 20, 2012 3:21 PM
To: atlassian-remoteapps-dev@googlegroups.com; atlassian-remoteapps-interest@googlegroups.com
Subject: Remote Apps is now Plugins 3

Over the next few months, the Remote Apps project will be transforming into Plugins 3, which is intended to be a complete replacement for Plugins 2.  The scope of Plugins 3 has expanded past just remotely hosted applications, and now brings its permissions and (now optional) sandboxing capabilities to in-process plugins as well.  We expect to deliver the first developer preview of this technology at AtlasCamp 2012 in September [1].

The backstory here is after our Summit 2012 presentation, we’ve been having a bunch of internal discussions as well as discussions with partners and existing plugin vendors about the capabilities and future of Remote Apps, and two limitations quickly stood out:

  1. Remote Apps isn’t on-premise friendly
  2. The sandboxing was too restrictive for many (most?) existing plugins

The first limitation was really the showstopper – if we encourage plugin vendors to write Remote Apps that can only work for OnDemand, 85% of our current customer base, the on-premise installations, won’t benefit, and worse, it could mean fewer and fewer plugins as developers won’t want to maintain two code bases.  The technical problem with Remote Apps and on-premise is that, since all the code is running on a remote server, it requires the on-premise Atlassian product to be addressable from that remote server, which almost always means the on-premise instance must be open to the Internet.  The only ways to get around this – some sort of reverse HTTP firewall-poking agent or locally installed Remote Apps – are not where we want to go.

Hardest riddle a cat ever had – Rubix!

The second problem of sandboxing is because Remote Apps was an all-or-nothing proposition.  Your app had to exist fully in the UI sandboxes we had in place (IFrames or strict HTML sanitization).  What we wanted instead was to expand the permission system to include permissions that would allow any plugin, in-process or remote, to be written, and therefore, ensure 100% of existing version 2 plugins could migrate.

The solution we decided upon is Plugins 3.  With Plugins 3, you can write a single binary (jar file) and deploy that plugin locally (in-process as you do now) or remotely in a standalone container running on a platform like Heroku.  Within the plugin descriptor itself, there will be information on where the plugin is hosted remotely if that installation method is chosen.  Therefore, the developer experience is like this:

  1. Write a version 3 plugin
  2. Deploy to Heroku (or where ever) to support OnDemand instances using the provided standalone container
  3. Register in the Marketplace as supporting remote and local installations

When an OnDemand administrator clicks ‘Install’, they will have the plugin installed as a remote descriptor pointing at your remotely hosted instance.  When an on-premise administrator clicks ‘Install’, the plugin jar will download and run in-process like before.  In both cases, the same plugin jar that was registered in the Marketplace is used.

Foundational to Plugins 3 is the concept of permissions, where a plugin is required to declare what APIs, code execution privileges, or sandbox breaking capabilities it needs. In addition to the existing Remote Apps permissions, Plugins 3 includes additional ones like ‘execute_java’, ‘use_private_apis’, and ‘generate_any_html’. This provides Atlassian the ability to define which permissions are available to side-loaded plugins in OnDemand, which need curation in the Marketplace, and which are only available for on-premise installations.

In all cases, the OnDemand or on-premise administrator will have to view and explicitly approve the permissions before the installation can take place.  This also means Plugins 3 will be able to support every current version 2 plugin with the quick migration step of adding permission declarations to the plugin descriptor.

However, if the migrated plugin is to be able to be executed by the container, significant effort, if not a complete rewrite, will likely be necessary.

In a nutshell, here is what has changed:

  • New permissions element in plugin-info in atlassian-plugin.xml
  • New plugin module descriptors for each Remote App extension point
  • Ability to use atlassian-plugin.xml instead of a Remote App descriptor, though the Remote App descriptor format is still supported
  • New container for running a version 3 Plugin outside the product
  • “Kits” that allow you to write your plugin in any JVM language you like.  Java, JavaScript, CoffeeScript supported out of the box.
  • Set of services that are implemented in container and local versions

In the next few days, we will be merging this work, currently in the ‘p3’ branch, into master.  I will also soon be publishing a Plugins 3 Tech Spec with a lot more detail than I’ve given here.  I’m excited about this new direction as it will bring the benefits of Remote Apps to all plugins for both OnDemand and on-premise.  Our goals are to make plugins secure, easy to write, and OnDemand-friendly, and the future looks bright.

Comments and feedback welcome!


[1] http://www.atlassian.com/company/about/events/atlascamp/2012


Congrats Don and team.. let’s bring it on! 

Thank you for your persistence to the problem — AppFusions can’t wait to get our integrations and applications into the plugin 3 framework — one by one, and more into OnDemand.

The journey continues, for the long haul!

See you at AtlasCamp!


Post by Ellen Feaheny, CEO of AppFusions.