Is the SharePoint 2013 App Model Ready for the Enterprise?
Since the introduction of the app model for SharePoint 2013 and SharePoint Online (Office 365) development was announced last year, much has been written on the topic of full-trust solutions versus apps (see Andrew Connell’s post and this one from Richard DiZerega). While the larger debate of how new applications should be written for SharePoint going forward is valid and worthy of much more attention that it has been given from non-marketing sources, one of the facets of the discussion that hasn’t received much attention is the basic validity of the app model in the enterprise. If an organization is currently considering SharePoint 2013, either online or on-premise, it is important to understand the current capabilities of the model Microsoft is promoting as the future development direction for SharePoint solutions and its present limitations before deciding upon which approach to adopt.
The app marketplace concept is one that has proven to be popular and effective for consumer-focused applications. Small, lightweight applications that sell for a nominal fee to thousands of individual consumers are a great fit for a delivery model designed to accommodate mobile devices. Trouble is, enterprise applications are an entirely different breed – they are rarely small or lightweight, are priced in the thousands of dollars, are typically provided on a site-wide or per-seat license basis, are purchased through a structured acquisition process, and often have a significant learning curve. In other words, they just don’t "fit" into a "store".
Take the licensing issue as a prime example. Currently, in order to purchase an app, the customer must authorize it not only on a site-collection by site-collection basis but on a user by user basis as well. There is no ability to assign licenses to any kind of group or set of unnamed users – they have to be assigned to individual named users in each site collection. Think of an enterprise with dozens of web applications, hundreds of site collections and tens of thousands of users – there is no way that the current licensing model will ever be accepted in this scenario. Site admins are simply not going to go through the pain and suffering to make this happen even with automation tools like PowerShell to help out. What happens when a user leaves the company? How does the license get reassigned? And what about archived site collections – how do all those licenses get moved? It’s an administrative nightmare and not one that enterprise customers are willing to accept, especially when all the other enterprise application vendors (including Microsoft themselves) are more than happy to provide a license key and volume licenses for "real" software products.
Then there is the payment issue. Assuming the licensing hurdle is overcome (which has about as much chance of happening as the Dallas Cowboys ever making it back to the Super Bowl), how does a vendor listing a product that sells for, say, $150 per user, deliver it via the marketplace? How does a customer with ten thousand users buy that? Just slap down their credit card? Hardly. Worse, what if it’s $150 per user per month? There’s no model for recurring transactions much less those that sell for umpteen thousands of dollars. That kind of spend requires a purchase order – but who does that go to? Microsoft? The vendor? How are the taxes paid across state or – dare I even say it – international borders? Vendors can’t even see who their customer is in the woefully inadequate seller dashboard – how do legal and tax departments deal with a complete lack of customer info? Does Microsoft want to become the go between in that scenario? Not very likely.
It is also common for enterprise apps to have a lot of dependencies and integration points with other applications. The current deployment model provides only for authorization related to permissions. What about configuration parameters for an app that needs to connect to various resources both inside and outside of SharePoint? Most vendors deal with those issues by providing an installer or setup application but the app model doesn’t provide any such capabilities. SharePoint has the capability to store configuration data on a farm, web application, site collection or site basis but apps don’t have access to any of those repositories. They don’t even allow for provisioning of dynamically named artifacts at runtime – the developer must force the user to accept their object names for things like lists and libraries or calls the app makes into the SharePoint site will fail. That’s ridiculous – especially in multi-lingual scenarios.
In the cloud, deploying apps is a relatively easy process, as it should be – after all, that is the scenario apps were designed for in the first place. Select an app, authorize it, and off you go. But on-premise app deployment is an entirely different matter. By adopting OAuth as the mechanism for app authorization (made even worse by the absolutely horrible 2.0 implementation of the protocol), Microsoft made it entirely too difficult for apps to be deployed inside the corporate firewall. The need to establish server to server trusts (also known as "High Trust Apps" – see my deployment walkthrough here and related posts here and here) and bind them to individual web applications causes too much friction. Getting an app to run in production is a multi-step process involving SSL, certificates, metadata endpoints, token issuers, identities, realms, and a host of other variables. Why would any developer go through that much trouble when they can simply write a full-trust solution and get access to everything the server object model has to offer?
This leads directly into another major area of concern – the limitations of the client object model. It’s all well and good to hype up the app model as the way forward but until it has feature parity with the server object model all that marketing hype is just that – hype. Pretty comparison charts showcasing all the things the client OM can do aren’t very helpful when they only focus on the Foundation-level workloads. The truth is that even within this very narrow set of features the client OM only provides access to a portion of the currently available server methods. And it gets worse – what about enterprise content management (ECM)? Publishing and web content management (WCM)? Business intelligence (BI)? Workflow? Taxonomy and metadata? You know – all those killer Enterprise features that make SharePoint the biggest, baddest collaboration platform on the planet? The client OM has very limited capabilities in these areas and getting there will take years of development just to reproduce what we already have in the server OM – talk about running in place and not moving the ball forward. Until an app can do what even the simplest web part or application page can do it’s not really an app – it’s just an add-on.
Furthermore, the isolation model for apps is confusing, fractured and ill-suited to its task. The concept of app webs as a pseudo site collection that inherits permissions from the host web and attempts to hide or obfuscate basic SharePoint functionality is laughable at best. Users deploy apps to SharePoint sites – they expect those apps to work in the context of that site. Trying to explain to them that, no, in fact the app doesn’t really live on that site but some other site they can’t navigate to is an exercise in amateur improvisational comedy. Nobody wants to hear such nonsense – if an app deploys a list or page they want that artifact to be on the site where they clicked on the tile in the first place not some weird location that doesn’t even have basic navigational elements. And the gyrations that developers have to go through in order to deploy artifacts where users expect and need them to be completely undermines the whole concept of the app model making SharePoint development easier. Those unfamiliar with the SharePoint platform will either give up in frustration or lose so much productivity trying to figure it out that they’ll end up regretting ever haven been thrown into the SharePoint mess.
And that, unfortunately, is exactly where we are today. The app model in its present incarnation doesn’t make customizing, extending or enhancing the platform any easier on customers, developers or vendors. It just adds more confusion, with a heap of half-baked features and ill-designed integration points. That’s not to say the model is wrong or misguided but rather that the implementation falls well short of what is needed to gain widespread adoption in the same way the on-premise development model has. At least in the full-trust solution scenario we now have enough experience to provide best practices and proven strategies for limiting the negative impact of a nearly complete customization framework – apps, much like sandbox solutions before them, are being promoted as a viable alternative but currently have too many restrictions and limitations to come anywhere close.
It is tempting to brush aside these concerns with misdirected arguments that are all about Office 365/SharePoint online and the whole cloud initiative. The discussion here is about adoption of the model in the enterprise and the truth is that SharePoint always has been, and will continue to be, an enterprise application. While small businesses can certainly benefit from the deep and rich feature set that SharePoint brings to the table it is the enterprise customers who have made it into a standalone multi-billion dollar business. And much of the sticking power of the platform has come from the efforts of third-party vendors whose products enhance and extend the platform. In order for the app model to gain any traction it must facilitate the ISV ecosystem or enterprise customers will ignore it at best and abandon it altogether at worst.
Expanding the context of the argument into the area of overall strategy, a cloud-based solution to the collaboration problems of small to medium sized businesses is an important market initiative and Microsoft is quite right to try and exploit a market they have all but ignored for the past few years. But doing so at the expense of enterprise customers, whose spending far outweighs that of smaller customers, is a recipe for disaster. The powers that be should remember that low-cost solutions which are easy to buy are also easy to abandon – all it takes is one major outage or security breach for flocks of customers to switch to another vendor. That’s difficult if not impossible to do with large enterprise customers – they will invest in a platform for the long term and stick by a vendor until it becomes infeasible to do so. If some portion of those customers are willing to accept a limited-feature version of the application that runs in the cloud then that’s fine but the vendor had better find a way to keep them happy – otherwise the cloud gives them an easy out that they never had before if they become dissatisfied.
A tightly integrated enterprise app story would be a great way to achieve large customer loyalty. Even if they could switch to someone else for core collaboration features the amount of effort invested in app customizations would keep them from jumping ship the first time the winds blow in an unfavorable direction. And if the model can truly be made portable between the cloud and on-premise implementations it would be a real game-changer, allowing enterprise customers to choose which deployment model they want without having to worry about extensibility limitations. At some point the powers that be are going to have to wake up and realize that many large customers are never going to go all in on the public cloud – they may let cloud vendors have bits and pieces of certain non-essential functions but the risk is far too great to allow valuable company data outside of a controlled computing environment. And a hosted solution like Office 365 dedicated isn’t going to suit their needs either so long as the vendor continues to impose unrealistic restrictions.
[As an aside, it is amusing how many times the IT industry has gone through this same cycle of central versus distributed resource ownership, each time acting as if the latest swing in one direction or the other is the way everything will be done in the future. A note of caution to those who can’t remember that far back – mainframes were the "cloud" to terminal "clients" way back in the 60’s and 70’s. Nothing has changed much – racks of 1U servers look an awful lot like those big IBM boxes of yesteryear, with thousands of "clients" all connecting over a "web" of discreet endpoints. Everything old is new again – indeed.]
The SharePoint app model could have promise within the enterprise but only with significant changes. The capability, deployment, delivery and licensing issues all have to be resolved before customers with real money to spend will come to the table. I believe it can be done but only by focusing on the core framework and not running in circles around the edges looking for the next shiny object to get the fickle consumer’s attention. Take a step back, build it right, and SharePoint can continue to occupy center stage in the collaboration space, regardless of whether it’s on premise, online, or both. Failure to do so by simply extending the status quo with incremental improvements will likely lead to disaster. There’s too much money at stake – it won’t take long before another vendor steps in to do what the current vendor is unwilling or unable to do. And then we’ll all be talking about the old days when that SharePoint thing was cool…way back when.
UPDATE: For clarification, this post is not intended as a slam on the app model, SharePoint 2013, Office 365 or the cloud in general. I’ve been shouting from the rooftops about the app model for over a year and have helped many organizations create a roadmap for development on it. There is no question that this represents a new direction for Microsoft in general and SharePoint in particular and that there are a lot of opportunities for improvement. What I have noticed is that most of the conversation in the community around the model in general has been from a consumer or seller point of view and driven primarily by marketing. My intention is to bring the discussion around the the bread and butter of the SharePoint market – enterprise customers. Adoption of the model by this customer segment is crucial and attention must be given to their needs as opposed to the small business customer or casual consumer. I am hoping that by taking a stand on behalf of a specific customer segment that more attention will be given to this not only in the greater SharePoint community but within Microsoft itself.
SmartTrack Operational Intelligence for SharePoint