Lately, I have been doing some advising for a friend of mine on a new technology business. They are in the early stages of building out a new SaaS offering and they are planning out their technology infrastructure. The discussions that we have been having would be all to familiar to those of us who sold through the “bubble years”. How big do you plan your infrastructure?
The enthusiastic ones talk about the thousands upon thousands of possible customers and millions of visitors per day (at least that part is different from the bubble…back then it was millions of customers and 100’s of Millions of visitors…at least I was fortunate enough to work with a couple of the companies who actually did that type of volume). The cautious ones talk about minimizing the number of moving parts and not make it too complicated. The pragmatic ones (I consider myself part of this group) try to strike a balance between the two.
During the bubble you needed to spend literally millions on infrastructure to run an Internet company. Today, open source packages enable you to do this for close to nothing. You can build out a very robust, flexible, and scalable infrastructure based on open source (can you say Google?). But the question still exist, how much do you need and at what point.
The specific question comes down to a single source for user information (most specifically their authentication) for the customers and visitors to the web based service. One thought is to implement an LDAP system right away for future grown and flexibility. Another thought is to just build it into the web site.
For the record, I’m part of the LDAP camp. I think it will provide the flexibility of a single source of truth for users right now and is standard enough that most open source packages can hook into it for authentication. The plan includes adding multiple services that are either free or for charge, and a users set of services could belong to both groups. The thought of trying to synchronize user authentication information between multiple systems across each service just adds too much complexity.
If anyone has any opinions to share on this topic, I look forward to hearing them. How are others out there implementing their infrastructure for similar situations?