Anil's Blog

SaaS Bundling and On Premise Sales

Anil Vaitla's photo
Anil Vaitla
·

2 min read

You can build a SaaS app with a lot of boilerplate already completed for you. Consider using Firebase/Auth0 for your auth, Amazon SQS/Google PubSub for task queuing, Hasura for GraphQL apis, and so on. Focusing on your speciality is much more achievable with best in class partners who specialize deeply in their discipline.

Now consider your customer says they want to run your SaaS on premise for compliance reasons. This becomes challenging since you need them to have an account with all these sub processors and compliance needs to be extended to each of them.

I'm curious if bundling too many third party SaaS (which has tons of advantages), has caused difficulties in rolling out on premise in customer clouds. Maybe at the right price point buying a high compliance / on premise agreement with sub processors is reasonable.

I've seen vendors go the on premise route which required entire environment bring up in AWS / GCP and it's quite opaque for customers to manage when things go wrong (and support has a hard time getting into customer environments to troubleshoot). I'm curious how Replicated works in particular as I've heard good things but never tried them (personally I am skeptical about managed kubernetes deployments). Some vendors also just ask to include an error reporting key so they can help troubleshoot with masked stack traces. Others set up bastion nodes through ngrok. VPC peering is another option I've seen before.

Generally I recommend just using a vanilla postgres, mysql, redis, and google client credentials to get things working most effectively on a customer cloud. Also I'd plan to avoid offering docker-compose files, just a single docker image managed through environment variables with dependencies specified in environment variables. The folks who are running on premise can probably spin up their own databases with high availability either through their RDS or cloud vendor easily vs having everything run in a single EC2 instance.

This may be the case where pursuing SOC2 and high compliance agreements may actually be much more cost effective than retooling an entire stack to run in every different customer environment (vendors like Snowflake and FiveTran have gone this route - the levels of effort to run and operate are simply to high to run in customer cloud).