Category Archives: Cloud

Building a Cloud Native Platform for CitySprint’s On the Dot Delivery Service

Picture a scenario where you are analyzing the results of a marketing survey which shows that a high percentage of consumers prefer same day shipping, online tracking of their orders, choice of shipping options, and deliveries within a specific time slot. Then you find out that retailers already fulfill around 65% of these needs, but there is a gap in the market, a gap that you can fill by offering a novel service. This is precisely what UK-based logistics and delivery service provider, CitySprint did when they developed the On the dot delivery service, which allows shoppers to receive their orders during a one hour time slot of their choice without extra costs.

“We wanted to positively disrupt the time slot delivery space. In doing so, we wanted to build an API ecosystem that sparks interaction, open new channels and reach new streams of revenue,” says Eduard Lazar, Senior Solutions Consultant at LastMileLink Technologies (a CitySprint Innovation Lab). At the heart of of this project was generating value for users and driving innovation, “On the dot is all about convenience for consumers, be it as a fulfillment method or in terms of collection and delivery time slots. We also wanted to simplify integration and create a developer community through our API ecosystem,” he adds.

Defining the key challenges was one of the first steps before introducing On the dot to consumers. To begin with, CitySprint had to move their data centers to the cloud in order to become a cloud native platform. They also had to create open RESTful APIs, enable identity federation, foster innovation so that it can result in a community of developers who will think up new marketable ideas and simplify integration. Selecting open source software is one of main tenets at CitySprint, and as such, they set about developing an open source platform made of WSO2’s API management, integration and identity and access management capabilities, using a DevOps approach. Meanwhile, the architecture was developed using Apache’s Tomcat and Cassandra, and WSO2Carbon used for continuous deployment.

By placing API management at its core, CitySprint has been able to achieve the required functionality and formed their innovation community (an interesting anecdote on the latter, a TechSprint event was organized where high profile companies sent teams of developers to CitySprint to build innovative products within 24 hours. Results have been quite amazing with an added bonus of introducing CitySprint to new leads).

From a business perspective, implementing this project was primarily underpinned by issues of costs, in addition to those of speed, integration, lifecycle, and skillset. When CitySprint introduced more complexity into the system, this also meant they potentially introduced a time lag. Yet, can this platform control costs through simplification and reuse? Is there a way to save time by simplifying integration? Is the skillset future proof? Can they model the whole lifecycle?

The result – On the dot – answers all the above with a yes. On the dot cloud native platform has empowered CitySprint to enter the market with an adaptable platform, which allows developers to self-sign and begin using the APIs, it is integrated as there are multiple systems working together, they have also connected data and devices, integrated platforms with those of their partners, and connected the user experiences of both customers and partners. Following their successes in the UK, plans are underway to make On the dot a global phenomenon and CitySprint is certain they can achieve this with the right technology.

If you need more details on how CitySprint made On the dot, watch their presentation.

Learn more about WSO2’s API management, integration and identity and access management capabilities.

State of Arizona: Introducing a Statewide Private PaaS to Improve Efficiencies and Trim Costs

Government institutions across the globe are using cloud-based technologies to add value to citizens and improve their functionality. The State of Arizona is no different, having built the Arizona Enterprise Services Platform (AESP) to reduce costs, improve efficiencies and foster sustainability in the long term. With over 32,000 state employees, 170 business units, over 1,400 IT professionals, and over 100 data centers/server rooms, a transformation of this scale was challenging. Yet, Prasad Putta, the director of enterprise technology services at the Arizona Strategic Enterprise Technology (ASET) office in the State of Arizona who oversees this project, saw an opportunity for improvement and seized it.

ASET is responsible for IT strategy, enterprise capabilities, policies/procedures, and managing high-risk, high-funded projects. AESP was rolled out as an answer to several questions: “How do we not start projects from scratch, stop re-inventing the wheel all the time, and have better data sharing practices? What can we do about redundant solutions throughout the enterprise, ease up license cost payments and solve security issues?” asks Prasad. With these in mind, Prasad and his team had a clear set of objectives they wanted to achieve. At the top of the priority list were cost reduction and sustainability as being a public institution, accountability was a key consideration. Other objectives included the enforcement of standards, revenue generation from data and services, a profitable mechanism for data sharing, allowing better data discoverability, risk reduction, and ease of development/maintenance from a developer’s perspective.

To address these requirements, ASET turned to the public cloud and decided to implement AESP as a private PaaS. The team at ASET was not looking to replace all the applications, rather prefered custom applications across the state agencies. They were also looking to expose data through APIs for private consumption, make the collaboration environment API-centric across the state, shorten their development cycle and ensure all the data is private to the state to mitigate any security and compliance risks. ASET was also looking at economies of scale as not all of the hundreds of applications were fully utilized at one given time. Their existing architecture was entirely hosted on AWS, but for the revamped architecture, AWS was limited to the infrastructure while the rest was built by using WSO2’s integration and identity and access management capabilities.

Introducing AESP brought with it another set of challenges. With agencies working independently, they had to be convinced to opt-in for this platform. Additionally, round-the-clock support was needed along with the right pricing model. Fortunately, AESP found the successful strategies and has several applications in the pipeline now. “Size the menu right” is one of Prasad’s analogies for success, i.e. to reduce the scope of applications to the most sought after ones. Initially, his team spent 30% to 40% of their time maintaining the sheer volume of applications, which is now handled by WSO2’s Managed Cloud. Several issues, such as the pricing model, are still work in progress, but buoyed by the successes, Prasad foresees a busy future.

For more information, watch Prasad’s full presentation at WSO2Con USA 2017.

Find out more about how you can use WSO2’s integration and identity and access management capabilities to improve your organization’s operational efficiency.

Turning a Software Product Company Into a Cloud Company

From 2011 to 2015 Software as a Service (SaaS) adoption in enterprises grew fivefold from 13% to 74%. The trend still continues with public cloud services worldwide growing by 18% in 2017. With this growth, the pressure to become a cloud company in order to remain competitive is increasing.

We at WSO2 have already gone through the transition and in this blog I would like to share a few experiences and give you some pointers on becoming a cloud company. This will help you to go from being an on-premise business to adopting a cloud and as-a-service model. First, let’s explore why you need to make the move. Being a cloud company brings many benefits for both you and your customers.

Here are some of the customer benefits that we identified:

  • Customers don’t have to pay a lot of money upfront, so the cost of entry becomes low.
  • With the pay-as-you-go model customers don’t invest a lot of money unnecessarily.
  • Everything is already set up by the vendors so customers can go-to-market faster.
  • Customers don’t need to maintain infrastructure and can now outsource their operations including uptime, upgrades, and security.
  • Most cloud vendors care about having APIs and integration points so customers can typically integrate their system with other solutions.
  • Customers can easily scale up or down as required.
  • Web user interfaces are mainly used so they can work from anywhere.
  • Since these are shared deployments customers have an entire community around them that will help find bugs and fixes before they even notice them.

Also, there are quite a few vendor benefits that you can reap:

  • Its cost-effective delivery model lets you address new markets with lower expenses.
  • By enabling a self-service model for your customers you can cater to lower levels of the market as well as to larger geographies.
  • You receive faster feedback on your products because customers will notice any faults and let you know immediately.
  • There is less shelfware because people start using your products much faster and the chances of them buying a license and not using the product at all are low.
  • Because of this you gain recurring revenue and adopting a subscription model rather than a booking model allows you to predict next month’s revenue much better.

Now that you know why you should become a cloud company, ask yourself how this would affect your organization. Moving to an as-a-service model affects every single part of your organization including research and development, operations, security, sales, presales, support, and finance among others.

Research and Development (R&D)

In the waterfall model teams typically work on one big release every year or so and follow that up with a wave of upgrades for enterprise customers. The iterative cloud-first model is much faster. For example, if a product manager identifies a new market segment your team will be able to easily get the new features out in weeks or even days. The feedback they receive will also be faster since people will start using the features as soon as it’s released. This can be a very gratifying experience for developers but if something doesn’t work, they can’t make excuses and blame the customer for not configuring it correctly.

This also impacts testing, upgrading, and troubleshooting. Testing is key. There is lower tolerance if something is not working because it affects everyone using it, not just the client who happens to deploy it first. You need to pay a lot more attention to automated tests, acceptance tests, staging environments and more. Since it’s a shared deployment, teams get access to shared files, environments and servers that allow you to troubleshoot and fix issues faster.

You need to make sure your products are ready for the cloud before you launch them. They need to be able to scale for growing numbers of customers. When I first joined the company, the products were able to run in multi-tenant mode, but when we scaled for thousands of customers we started having issues which we needed to fix.

Usability is another aspect that customers have high expectations for. Cloud users expect a seamless experience that makes it easy for them to understand, configure and use the products themselves.

Designed by Freepik


In typical software companies, the extent of operations includes an internal information services team that maintains emails, WiFi, etc. Apart from this they provide a team that goes to customer sites, when the need is required, to help them deploy and fix things.

When you become a cloud business, operations become a key factor. You need to have a team that is dedicated to updating, installing and monitoring your services to make sure they are up and running all the time. Your need to hire or grow a team with a different mentality from traditional development. Pick some engineers who may be in development but have the ops way of thinking. On one hand, it’s very gratifying to know that the systems are up and running and the customers are happy because of you. On the other hand, it’s very different from normal development work where you just write the code and people use it. It’s also a 24/7 role because we now live in an era of globalization where either your customers or your customer’s customers have clients all over the world.

Cloud also increases the visibility of failures. Your customers will quickly notice if something is wrong so you need to introduce new processes for security, postmortems, shifts, and rotation models and implement an alerting system that lets your customers know if something is broken. Monitoring is also key so that you get early warnings and end up preventing a fire rather than putting it out.

Designed by Freepik


That’s why you need transparency. When we first launched our cloud we were not very transparent. When things went wrong, we worked on fixing them but a lot of the times customers would be confused as to whether it’s something they’re doing wrong or if it’s something wrong with the service. We have implemented an uptime dashboard so that all our paying customers can check whether the services are up or down. We have also implemented a notification system that sends an email alert to customers when there is an outage and again when the problem is fixed. They also receive postmortem reports for further insight. When our formal SLAs with uptime guarantees are not met we give our customers credit.

The most important thing is to communicate. Cloud is a services business so you need to be very transparent and let your customers know what’s happening. They need to trust in you and your service, understand how the system works and know exactly what they are getting from it.


Culturally in most industries today, cloud and SaaS is accepted. But security is a key factor for a lot of customers when choosing a cloud vendor. There are compliance factors that need to be in place. For example, if you have payments in the cloud then PCI compliance is a must. You need to conduct audits, have an internal security team and use external security services. You need to use encryption where ever you can.

In general, make sure you document all your procedures. Document the way you work with your software, run the server, etc. We ourselves have a fairly long security processes document that we share with all our customers, which validates to them that we treat security as an extremely important factor.



Currently, you have an existing sales team and existing products that you sell. When cloud comes into the picture, it will have an impact on your sales. You need to consider a few factors with regards to this:

  • Decide whether to let your team sell both the enterprise and cloud products or the enterprise product first and then the cloud as a service.
  • Decide on what the pricing levels should be if your service needs to address lower tiers of the market.
  • Figure out how to protect your larger enterprise sales from being cannibalized.
  • Make sure you offset the old revenue with your new revenue.
  • Give a clear message to your current and future customers to decrease the confusion caused by introducing these new services.
  • Distinguish between the customers who can take advantage of self-service and those who will need more help.

At WSO2, we try to align our pricing for cloud so that even people with lower budgets can use it. Our sales team actively promotes our cloud services to those customers that fit the model best. We get a smaller revenue from these customers but at the same time, we don’t spend as much time and effort to enroll them and customize their solution because of the self-service feature. It’s a win-win because our account managers can focus more on our bigger customers who need more assistance.

Designed by Freepik


You will have to experiment with pricing. We’ve been doing the same. There are three main pricing model: freemium, trial and commercial. Some vendors will offer their solutions for free at certain tiers. In our case, we have a free trial because we found that optimal for the nature of our solutions. Overall, try to make the pricing predictable and easy to understand for your customers. Charge in terms that make sense to your customer rather than based on the resources you spend, but also do your math and make sure you don’t lose money.

Presales and services

How do you go about hand-holding? Is it okay for customers to work in a self-service mode and understand how to use everything on their own, or do they still need help with customizations? You need to be able to distinguish between smaller issues that customers can deal with on their own and bigger projects like customization.

Then, you need to figure out how to serve customers across geographies. What can you automate and what requires human presence? For example, you can embed some tutorials and run automated nurturing campaigns during the trial period so that they can easily understand how to use the service efficiently. You also need to have a way for your customers to request for help, either through a ticket-based model where customer ask for help as and when they need it or on a project-based model where for example, you work with them to create a proof-of-concept.


You need to create a support model that works for you. Will you give a certain amount of community support through user forums? Would you prefer ticket-based support? Will the product team handle support or will you have a dedicated team? These are the questions you’ll need to ask yourself. At WSO2 we have a rotation model for support. The engineers who actually work on the products work in the support team on rotation, so they know exactly what the customers want, what issues they might be facing and how to quickly solve them.

Designed by Freepik


Typically for enterprise software, finances are calculated from a bookings perspective. You record it as soon as you get the deal. Cloud follows a subscription model with recurring revenue. With bookings, you can’t really predict the actual amount of revenue you will get. Looking at your monthly recurring revenue (MRR) is a good way of predicting next month’s revenue and how much you are growing.

Average revenue per customer (ARPC) is another important factor to consider. When you grow that figure, it means that you are getting more money from the richer customers, so you can spend more money to attract new customers.

The churn rate is also very important. The lower your churn rate (meaning the customers are happy and stay with you longer) and higher the average revenue per customer – the higher your lifetime value (LTV) from a customer is. If your LTV is higher than your customer acquisition cost (CAC), then you can spend more money on acquiring customers and make more money from them.

Becoming a cloud company has a cultural impact throughout your organization. The factors we talked about previously are all departments and teams in your company. They need to change the way they think and do their work. You can either go into this by creating smaller teams that follow the new model and work beside those that follow the older model and incrementally shifting to an as-a-service model or with a big bang where all your teams are transitioned to the new model at once. I would recommend you to start with some projects and dedicated teams, show their success and expand the team. This way you don’t disrupt any of the existing products and teams but coexist during this transition.

I hope this blog has helped you understand what it takes to moe to the new cloud and as-a-service model. For more information you can watch my webinar on this topic. Good luck!

What Does WSO2 Identity Cloud Bring To The Table?

One of the things we spoke about at WSO2Con this year was the expansion of our  WSO2 public Cloud offerings. One of those offerings is WSO2 Identity Cloud, which provides the Identity and Access Management (IAM) solution from our well-known WSO2 Identity Server with the ease of use of a cloud service.

Our Initial offering is focused on providing Single Sign-On (SSO) solutions for organizations. Almost all organizations use different applications, either developed in-house or hosted applications like Salesforce and Concur. Having a centralized authentication system with SSO for all the applications increases the efficiency of maintaining systems, centralize monitoring and company security, while also making users’ lives easier.

What are the features offered by WSO2 Identity Cloud?

  • Single Sign-On support with authentication standards – SAML-2.0, OpenID Connect, and WS-Federation.
  • Admin portal provided for organization administrators to log in and configure security for applications. Pre-defined templates of security configurations are available by default for most popular SaaS apps. This list includes Salesforce, Concur, Zuora, GotoMeeting, Netsuite, AWS.
  • On-premise-user-store agent. Organizations can connect local LDAPs with Identity Cloud (without sharing LDAP credentials with Identity Cloud) and let users in the LDAP to access applications with SSO.
  • Identity Gateway.  Act as a simple application proxy that intercepts application requests and applies security checks.
  • User portal. Provides a central location for the users of an organization to log in and discover applications, while applications can be accessed with single sign-on.

Why you should go for a Cloud solution?

If you have following concerns, then a cloud solution is the best fit for you.

  • Facilitating infrastructure – you don’t have to spend money on additional infrastructure with the Cloud solution.
  • System maintenance difficulties – If you do an on-premise deployment, then there should be a dedicated team allocated to ensure the availability of the system and troubleshoot issues; with the Cloud solution, the  WSO2 Cloud team will take care of such things.
  • Timelines – Identity Cloud is tested, stable solution. This will cut down the deployment finalizing and testing times that you should spend on an on-premise deployment.

With all of this comes cost savings, especially because there’s no cost involved for infrastructure or maintenance with the cloud solution.

You can register for WSO2 Identity Cloud and try out for free – and give us your feedback on or

Cloudy with a Chance of Big Data?

Today we kick off our first ever virtual hackathon!

Hackathon_logoIn celebration of our 10th year anniversary this year the 24-hour virtual hackathon, starting at 6 p.m. Pacific Time, will have ten teams from around the world build a scalable solution that processes up to 4 billion real-time events within a short period of time, all in the cloud.

100 Amazon EC2 instances, 2000 Docker containers, 10 Kubernetes clusters using 70 Kubernetes nodes, 4 billion events, 24 Gigs of data, and no, we are not done with the numbers yet. The most successful team to survive this mammoth challenge and produce an applicable solution walks away with $5000.

After all, this is WSO2’s first ever virtual hackathon, and what is a big data challenge without some big numbers?

The teams consist of an architect and developer located in various countries including the US, Brazil, Netherlands, South Africa, Colombia, India and Sri Lanka. The week leading to the hackathon offered competitors resources in the form of webinars on the WSO2 Analytics platform, conducted by WSO2 experts.

All successful teams will get an Amazon Echo each and passes to WSO2Con US 2015, scheduled to be held in San Francisco this November. The most successful team will not only receive the prize money but also a chance to present their solution at WSO2Con.


This is the fourth in a series of WSO2 Hackathons, focusing on specific areas of expertise in the industry. This challenge is focused heavily on analytics and data science, and how an uncountable number of connected devices and applications are generating massive amounts of data in today’s rapidly advancing connected world.

“Increasingly, enterprises are adopting data analytics platforms that are highly scalable and compatible with cloud technologies”, said Lakmal Warusawithana, WSO2 director of cloud architecture and vice president of Apache Stratos, who is leading the Hackathon. “This hackathon provides us a chance to showcase WSO2’s solutions for big data analytics, scaling to millions of events, running either on-premises or in the cloud, supporting high-volumes of mobile and device data across smart homes, and similar ecosystems. Our team is looking forward to hosting this hackathon, and witnessing the outcome.”

For more details on the challenge and the teams see

You can also follow #WSO2Hackathon for live updates

Lets talk business agility for your next generation enterprise

We are happy to announce that WSO2 is a Prime Time Sponsor at GigaOm Structure 2013, taking place in San Francisco next month.  The 2-day conference explores how real-time business needs are shaping IT architectures. gigaom-logo

I will be there to present a workshop on Achieving business agility with cloud APIs, cloud-aware apps, and cloud DevOps PaaS. You can also meet the team and get a preview of  new developments in our cloud PaaS and DevOps offerings, at the WSO2 booth.

Recently I’ve been talking a lot about business agility. With today’s “Now Generation”, business stakeholders, who drive revenue growth and customer retention, desire to rapidly seize opportunity and market share.  They often view IT timeframes and capabilities as a poor match for today’s fast business-pace. My webinar last week with David Linthicum addressed some of these concerns. We talked about

  • A path towards agile IT through the use of new approaches and emerging technology
  • New concepts around DevOps improvement
  • The use of emerging PaaS technology
  • Agility best practices that will guide you to success

If you missed out, the slides and recording are avaialble here:

If you are in the area, I would be more than happy to talk about how we can help, at Structure 2013.

– Chris Haddad is VP of Technology Evangelism at WSO2. He blogs at

WSO2 Joins Cloud Security Alliance

Cloud Security Alliance LogoAfter watching the good work of the Cloud Security Alliance (CSA) for more than a year, WSO2 has joined as a Corporate Member.

As you know, WSO2 offers the very first completely open source Platform as a Service (PaaS). Taking our Carbon-based middleware platform to the next level, WSO2 Stratos offers the most complete, enterprise-grade, open PaaS, with support for more core services than any other available PaaS today. Unlike many cloud platforms, WSO2 Stratos, the software behind the WSO2 StratosLive Java PaaS, is available as a fully supported product that can be installed and run on-premise.

WSO2 Stratos provides the core cloud services and essential building blocks, for example federated identity and single sign-on, data-as-a-service and messaging-as-a-service and more, required for developing SaaS and cloud applications.

Building a cloud PaaS is actually quite a challenge, but no pain, no gain!

We took up the first challenge of getting our Carbon stack running on OSGi runtime, not an easy task and one that some vendors were unable to complete, but one that we found necessary to build cloud nativity deeply into the platform, and to enable incremental upgrades and addition of the platform as a live entity.

Security represents one of the biggest challenges we faced making Stratos a reality.  We had to rebuild the foundations of the system to focus on tenant isolation, data security, restricted operations, tenant-based user stores, standards-based security models, integration with other *aaS models among other concerns. Stratos today supports many of the most popular open standards related to security and identity management including SAML2, OpenID, OAuth, XACML and WS-Security.

KuppingerCole European Identity Award 2011A few months back we received some recognition of this work, as a recipient of KuppingerCole’s European Identity Award 2011 for the Cloud Provider Offerings category.  The award recognizes WSO2 specifically for WSO2 Stratos Identity, citing the multi-tenant open source cloud service for its OpenID and XACML support and its innovative features, including the ability to migrate from on-premise to a full cloud service (and back).

Stratos has come a long way, with customers now adopting the platform, and we welcome the opportunity to both share our experiences with other cloud providers and be part of the conversation in moving cloud security forward.

The CSA is a not-for-profit organization with a mission to promote the use of best practices for providing security assurance within Cloud Computing, and to provide education on the uses of Cloud Computing to help secure all other forms of computing.

Among many of our community, questions about whether to move to cloud or not, whether to move to a private or public cloud and so forth mostly revolve around security concerns.  We are looking to helping address those concerns, and contributing to the standards and guidelines promoted by the CSA to educate users about ensuring the future of cloud is secure.

Prabath Siriwardena, Architect & Senior Manager – Carbon Platform & Security

Boston forecast: Cloudy with a chance of insight

I’ll be speaking at the Wall Street Technology Association event in Boston October 27th titled “Cloud Computing in Financial Services.”  I’m presenting an interesting idea that we’ve seen emerging among our WSO2 Stratos adopters.  Here’s the abstract:

Beyond exposing APIs: Exposing your data and services through a Vertical PaaS

“Adopters of cloud platforms expect scalability, high utilization rates, better analytics for their internal applications, and conversion of capex expenses to opex. In addition to these we are seeing a demand where adopters are seeking more – cloud offerings not just providing an API to their services but a complete ‘Vertical PaaS’ including third-party application hosting with direct access to the core data and services of the organization. Offering a development and hosting platform deeply integrated with their data and services rather than a simple Web API increases the potential for monetization and wider application of their service assets. This talk introduces the concepts and motivations behind this idea and provides a few customer data points that may be early indicators of an emerging trend.”

Hope to see you there!

Jonathan Marsh, VP Business Development and Product Design
Jonathan’s blog: