Skip to the content

How we migrated an off-the-shelf product to cloud SaaS

Content Right

We worked over an 18 month period to take an on-premises asset and resources management product into the Cloud.

We often hear a lot of conversation within the market on how to take a legacy application into the cloud and there are always weird and wonderful things that are suggested.

There is no tried and tested way to accomplish this but with the right planning and execution this is possible. Over an 18 month period we did this very task. We took an old school ASP.NET Web Forms application and created a fully fledged n-tier micro-services based architecture where we re-used almost 70% of the current code base.

Cloud computing or head in the cloud?

We had to quickly make a decision on how much of the current code base we wanted to retain. This was an easy thing to do as we had had previous exposure to the product through product teams as well as through documentation. We understood the b basic requirements of the application and set about converting business logic into a forward facing well formed WebAPI. Some of the application was written in WCF and some of it was written in ASMX web services and it was these service orientated technologies that we had to change to allow a cloud based CORS enabled API.

We also had to make changes to the overall design patterns and bring the logic of the application more in line with standard S.O.L.I.D principles. This included

  • Refactoring of the application entry points to be single-unit-of-work.
    • By using dependency injection with EF.
    • Moving away from server session state technologies.
  • Strongly separate service behaviour from business logic.
  • Use industry standard technologies to do the majority of the leg work for the application to work.

Some of the things we had to bear in mind as any migration to the cloud is a technical process.

  1. Security.
    1. Network ports as well as services and SSL.
    2. Application security specifically around DDOS, OWSAP and cross site scripting.
  2. CORS policy - as making questions across domains needs to be authorised and authenticated.
  3. Microservice multi-tenancy or in-proc multi-tenancy only.
    1. Microservices usually require the total separation of data and services from each individual logical component. But this is not always required. Under standard n-tier architecture; you can separate data as far down as you want or as little as you want if this is or isn't the scalability bottle neck within your application


Today, a web-based application has many technical issues from security constrains, infrastructure topologies and software framework limitations that it must overcome to provide the end user with a good experience. Changes in people’s usage patterns have resulted in a fragmentation of the platforms used to access services; whether it is from a Windows PC, a Mac or an app on a mobile device. So controlling the experience that end users received has become much harder. In software engineering practices, N-tier data applications are data applications that are separated into multiple tiers. Service orientated n-tier applications separate processing into discrete tiers that are distributed between the client and the server. When you develop applications that access data, you should have a clear separation between the various tiers that make up the application. Web API is one of these new technologies which enforce a strict SOA based schema which guarantees that disparate devices and app entry points all have access to a standard set of well-formed basic services. 

A service-oriented architecture (SOA) is an architectural pattern in computer software design in which application components provide services to other components via a communications protocol, typically over a network. The principles of service-orientation are independent of any vendor, product or technology. 

Web API is the great framework for exposing your data and service to heterogeneous devices. Moreover Web API is open source an ideal platform for building RESTful services over the .NET Framework. Unlike WCF Rest service, it use the full features of HTTP (like URIs, request/response headers, caching, versioning, various content formats) and you don't need to define any extra config settings for different devices unlike WCF Rest service. This makes it especially powerful mechanism to utilize within our product range and allows us to source and use industry standard technologies to provide our cutting edge LHUB API.

This will basically mean that the product could be running natively on desktop, mobile or web and will all talk to the same set of publically accessible but highly scalable and secured services. 

The actual cloud - Microsoft, Amazon or Google

There are several elastic computing data centres around the world from Microsoft, Amazon and Google. For this particular client we chose to go with Microsoft as they provide the most disruptive cloud database platform on the market (SQL Azure).There are some basics that need to be defined first. 

IaaS delivers the three basic resources of a computer: processing, storage, and network I/O resources. Azure and Amazon Web Services are the best-known IaaS public cloud offering, as well as the Rackspace Cloud offering which we currently use to due to their expert technical support service. 

As a company that provides advice and consultancy services for SaaS providers, we understand the importance of digital transformation. It is not just about customer acquisition but also transforming internal processes and leveraging the power of data. These are ultimately the engines that drive organizational performance; and we can make those changed to improve the efficiency of the company as well as make more money and better informed decisions.

Initially designed for small companies, Software-as-a-Service (SaaS) has gradually extended to become of the backbone of many big companies in the U.K. Due to its wide use, SaaS has become an established delivery model based on a full OPEX financial model. However, software providers are not always matching the buzz around SaaS with obvious benefits. This is one area that we need to invest in, as a company that actually provides these type of services, we do not actually use anything like these services ourselves internally and this needs to change. This document will hopefully outline some of the changes that we can make as well as the type of SaaS and PaaS services we can employ to make our organization more efficient and stream lined.

With shorter time-to-market, clear ergonomic value and the evolutivity of SaaS being now a reality. The benefit of low costs coupled with a reversible and easy SaaS integration with Legacy systems is still something which will greatly benefit us as a company

Beyond the usual promises, there are 2 additional major advantages: SaaS is a profitable opportunity to ensure process alignment in companies and to equip small subsidiaries of large companies such as Capita, with an off-self solution solutions for certain things such as firewalls and IDS.

Having a clear and defined SaaS strategy, retaining control and diligently evaluating all of the outcomes possible are the key success factors in ensuring a great Software-as-a-Service journey for our customers.

We have historically used IOMART, and more recently we have invested time and money into creating a platform that runs on Rackspace and Azure, but the use of a mixed hybrid platform has allowed costs to sky rocket and for us to somewhat fall into a technology tie in which fundamentally needs to be undone so we can begin building truly platform agnostic scalable applications.

 As a company, we should be investing in technologies which are cutting edge and also value for money. We should really be taking a look at reducing overheads and possibly looking at Amazon EC2 as well As Google to support some of our services.

Some of the benefits of all the providers and IaaS offerings is that, it removes the requirement for having a dedicated infrastructure function, and instead allows it to be absorbed into a DevOps function. 

In addition to this simpler function configuration, IaaS enables us to: 

  • Reuse existing technology, code, and skills, and minimize lock-in. It does this by making it relatively easy to move IT resources on to and away from an IaaS infrastructure.
  • Have a good level of configuration control over the infrastructure resources they use such as CPU type, memory amount, and disk configuration, and the software they run on top of these resources within the constraints of what we need

As IaaS users,  we are responsible for the creation, deployment, and management of the virtual machines (VMs) and/or applications that use IaaS resources, and for defining and configuring the resources required by their VMs/applications, as well as for adding more resources if required. There is a range of management services available to cater for a range of enterprise requirements for ‘hands-on’ versus ‘hands-off’ operations. However, consumers do not manage the infrastructure that underpins IaaS resources. This is the responsibility of an IaaS provider (such as Rackspace or Azure). The Azure offering is far more automated than Rackspace and Amazon EC2, with several APIs which will allow us to tie in, monitor and control the infrastructure. There is also 3rd party tools such as AzureWatch with act as an intermediary monitoring and configurator for an Azure based SaaS (like ours) 

Costs, resources and expansion casts a shadow over the whole cloud computing marketspace, so it’s no surprise that competitors are forced into specialization and differentiation of their offerings so they can compete with ISV’s requirement for low prices and massive resources. Rackspace tries to differentiate itself by its excellent support and customer service, dubbed ‘Fanatical Support’, in addition to hosting everything on OpenStack - the open source hosting and technology stack. Windows Azure is obviously attractive to the large Windows segment. Windows-centric developers and IT environments will take great comfort in using a cloud environment that is also part of the Microsoft family. That said, Microsoft has worked hard to ensure Azure isn’t stuck with a for-Windows-only tag by also hosting and offering full support for other operating systems. 

Azure has become the benchmark by which every other IaaS offering is measured, and their VMs and portfolio of services such as Search as a Service and VMless web layer provide a seamless deployment scenario for us a company. The fact it’s also ties into all our current systems means it really is the better offering price wise and feature wise then Rackspace, and we will have to see if we can organically migrate as much of our services to it. 

IaaS providers define their pricing strategy against Amazon and Azure as they provide the best offering. 

A wide ecosystem is expanding around it, with companies like ours, for example, keen to: 

• add value on top of it. 

• use it as a new software delivery channel

• build a business on top of it. Most cloud strategies have an initial focus on cost reduction or improved cost efficiencies

Microsoft Azure has the most experience in protecting a cloud infrastructure, but we must also protect our cloud services and resource groups with a custom stateless security implementation. A multilayered approach to security provides the best defense. A perimeter network security zone protects internal network resources from an untrusted network. A perimeter network refers to the edges or parts of the network that sit between the Internet and the protected enterprise IT infrastructure.

The following diagram shows various layers of security Azure provides to customers. These layers are both native in the Azure platform itself and customer-defined features:

Azure DDoS helps protect against large-scale attacks against Azure and is native to the platform, and the first point of entry into our platform. The next layer is our public endpoints which will be hosted from the LHUB API, which are used to determine which traffic can pass through the cloud service to the virtual network. Native Azure virtual network isolation ensures complete isolation from all other networks, and that traffic only flows through our configured paths and methods. These paths and methods are the next layer, where NSGs, UDR, and network virtual appliances can be used to create security boundaries to protect our application deployments in our protected network.

The fact that these security features are mostly native to the platform (such as firewall, loud balancing, scaling and IDS), means that it is no longer a premium cost placed on top of core infrastructure purchases which will save us money.

As a company, cloud computing and elastic computing has become a central part of our RAD (rapid application development) process as it allows us to write, deploy and test code in the fastest possible way without having to worry about IT acquisition to service a purpose. The Azure elastic model also allows us to use services and compute resources for short bursts without any hang-ups on cost as it is metered service

With the majority of our budget IT budgets dedicated to infrastructure acquisition and management, IaaS could represent a significant source of savings. Elastic computing reduces not only the cost and pain, but also the risk, of using IT assets. This is certainly the case for IaaS, with its pay-as-you-go approach to pricing and licensing, than for SaaS (software as a service), which favors the less flexible subscription approach. IaaS has a usage-based approach with no long-term commitment and the ability to scale usage up or down on demand. We are also not penalized for our level of usage changes, which allows users to do away with capacity planning. (However, this will require internal controls to ensure that we do not go overboard.)

If you want to move to the cloud with your software then talk to the guys at monkeyscantcode. They know their stuff.

Infrastructure Engineer, FTSE 250 company

Want to talk cloud migration or have a project?


The 'First name' field is required
The 'Last name' field is required
Please enter a valid Email address
Light window Image
Tech Agnosticism

The team know their stuff. We went from an on-prem application to SaaS within 18 months. They get tech and us.

Managing Director - FTSE250 Company





0808 143 0699

Contact us to talk tech

If you want to talk agile, tech or want to sound off then contact us on 0800 689 1376