We are frequently asked whether or not you should choose a hosted deployment for Zimbra. Since we have strategic partners offering Zimbra as a hosted service (or at least we will with our generally-available release), we do endeavor to be unbiased in advising you on the hosted versus on-premises decision.
Dean Jacobs (one of the former WebLogic architects, and now at Salesforce) eloquently makes the case for hosted software over on-premises software http://www.acmqueue.org/modules.php?name=Content&pa=showpage&pid=320. Rather than echo many of his arguments, we suggest that in reality there is a spectrum of deployment options available to you:
• Hosting via hosted- and application-service providers (HSPs & ASPs), generally via generic (a.k.a. shared) hardware and software;
• Off-premises outsourcing –- Hardware and software is dedicated to your business, accessed over the WAN/VPN and administered externally;
• On-premises outsourcing — Your LAN as well as dedicated hardware and software, but outsourced administration;
• Appliances –- On-premises, dedicated hardware, albeit with reduced administration overhead (which can itself be outsourced); and
• On-premises software
Given the broad range of software required by a small and medium-sized business (SMB), by a small and medium-sized enterprise (SME), and by a large enterprise, one size simply does not fit all—even within a company, let alone between companies. Thus far (at least for email/messaging), SMBs have been the mosted interested in pure hosting, while SMEs and enterprises have been more interested in on- and off-premises outsourcing as well as traditional on-premises software. Appliances, interestingly enough, seem to have appeal from larger SMBs all the way up to enterprises.
In order to find the sweet spot for a particular application, here are some of the trade-offs to weigh:
1. Integration with internal applications –- HSPs and ASPs do often provide integration points for other (generally on-premises) applications to securely access (consume) services and data (such as the web service bindings available for Salesforce). However, choosing to host applications that must consume services and data from other enterprise applications can be more challenging (see customization). The latter is often more of an issue for solutions like Zimbra, that support easy linking to your enterprise applications (ERP, CRM, and so on). While this can be done securely for applications that export web services, integration of applications deployed across multiple sights inherently entails additional overhead (e.g., in configuration, security, and performance).
2. Customization of applications –- Hosting’s (as well as an appliance’s) sweet spot is when you can use the application “as is”—that is, without any customization of the business logic to your specific workflows and without integration with other in-house applications. While some HSPs and ASPs are attempting to support the hosting of custom applications, the reality is that this business is inherently more one of an outsourced service offering rather than generic hosting. This is because your provider must understand your customizations in order to manage them, as well as to figure out how to merge them into future releases. Customization for horizontal platform offerings like Zimbra is often less of an issue than for more vertical business applications.
3. Performance — Hosted and application service providers amortize hardware and network investments across multiple companies (indeed, this is one of their selling points). Such sharing can allow faster hardware to be shared across users, but it can equally lead to contention for those shared resources. Moreover, hosted services are located across the WAN, and hence inherently face additional latency.
4. Protection from WAN outages – Hosted- and application-service providers can often do an even better job of providing uptime for their application or service, since it is their core expertise. At the same time, however, such deployments are inherently more vulnerable to WAN connectivity problems. For on-premises email, temporary WAN problems are often masked from the end-user (since they are using the WAN asynchronously).
5. Security –- Like performance, security cuts both ways. VPNs/SSL and careful hardening can ensure greater data privacy even for hosted deployments. On the other hand, with an HSP/ASP your companies data is being hosted outside of your firewall and outside of your direct control.
6. Archiving and compliance –- With the emergence of retention policies and new regulations like Sarbanes Oxley, there are inherent questions about whether external providers are prepared to honor your precise policy requirements. On the other hand, if your policies are close to industry norms, an external provider may well be able to do it more efficiently than you can do in-house.
Any that we missed?
From our perspective at Zimbra, the key is to strive to architect Zimbra in a sufficiently balanced way that it supports this spectrum of deployment models—meaning that we need to get multi-tenancy, delegated administration, intra-server security, etc. right for hosting, as well as the easy install and compatibility with existing infrastructure for on-premises deployments. The good news is the vast majority of the Zimbra Community’s work (and hence the Zimbra codebase) is focused on improving both the enduser’s and system administrator’s experience, and hence relevant to all Zimbra users.