Enabling Mobile Mapping
Application Service Provision
The ASP Industry Consortium, the leading international organization on the Application
Service Provision model, defines an ASP in this manner: “An ASP deploys, hosts and
manages access to a packaged application to multiple parties from a centrally managed
facility. The applications are delivered over networks on a subscription basis.” The
ASP model can assume many different forms, ranging from simple to complex. One
well-known example of an ASP is MSN Hotmail, an application that is fast, effective,
easy to learn and operate and free of charge.
The concept of remote access to applications and information is not new. Many senior
professionals remember using the industry’s origins in mainframe corporate networks
and “time-sharing” systems that allowed optimal use of scarce, expensive, shared
computing resources. The primary difference between these business models is that an
ASP can deliver solutions to a wider range of consumers over a much more cost-effective,
public “network” – the Internet.
Spatial ASP
The ASP model can be applied to the GIS industry quite effectively. The development
of web-based technologies from leading GIS vendors as well as the maturation of third-party,
thin-client computing platforms such as MetaFrameXP & NFuse from Citrix and
Tarantella Enterprise 3: ASP Edition make the spatial ASP a feasible solution. These
technologies, combined with growing broadband communications capacity, enable
delivery of robust solutions to a variety of industries.
There already are examples of successfully deployed spatial ASP solutions in the
consumer market, notably MapQuest.com, National Geographic’s MapMachine and
Expedia.com. While these applications are not true GIS platforms, they do provide
spatial information and are delivered via the public domain Internet. Equally important,
they point the way to successful adoption of the ASP business model for GIS users.
Several firms in the US are using traditional GIS client/server and desktop applications
in a thin-client computing configuration to deploy customized solutions to geographically
dispersed offices and field engineers. This enables delivery to a distributed workforce
with centrally controlled software maintenance. Each time the GIS application is
changed, update and redeployment is faster and less expensive. Moreover, IT .
managers are able to ensure license compliance from a single location. Spatial data
are maintained using standard data validation routines to prevent conflicting or
“unauthorized” versions from being unintentionally posted to the master data set.
Evaluating an ASP Solution
There are many issues to consider when evaluating an ASP strategy. It is important to
consider these issues when deciding whether to implement an internal ASP architecture
or contract with an external vendor to deliver ASP solutions.
Service Level Agreements
The Service Level Agreement (SLA) is the basic contract between the consumer
(business or individual) and the spatial ASP. This contract addresses typical contract
issues as well as issues that are unique to ASPs. It is necessary to understand that,
unless the ASP operates their own hosting center, they will have corresponding SLAs
with their data center hosting partners and communications providers. The terms and
conditions of those SLAs will be passed on to the end-consumer.
Several features are recommended in any SLA between a consumer and a spatial ASP.
Perhaps the most important is the guaranteed network availability metric. This often is
referred to as “up-time” and can range from 98% to 99.999% availability. While “Five
9’s” (99.999% up-time) theoretically is possible, in practice this figure is defined more
conservatively in most SLAs. It is important to recognize that this guarantee only refers
to network availability, not to the availability of a particular application, because the
spatial ASP has no control over the reliability of third-party applications they are hosting
and delivering. Despite best efforts, application “bugs” persist and will arise, often at the
most inconvenient times, even in a spatial ASP.
Another unique feature in the SLA is the frequency, period and metrics for measuring
the network "up time." Also included is a clearly stated, concise “credit policy” for
situations in which the network does go down (and it will go down). The consumer
should know how and when a credit will be given, and how to resolve disputes.
While it is not the intention of the spatial ASP to create a crisis situation, the prudent
consumer should confirm that the SLA contains appropriate language to address loss of
ownership of any data, intellectual property or specialized applications in the event that
the spatial ASP, or any related partner organization, ceases to conduct business or
otherwise ends the relationship with the consumer. This is an often-overlooked aspect
of the SLA. To minimize such risks, the consumer should demand financial reporting
and conduct due diligence on the spatial ASP before executing an agreement.
Other aspects of the SLA that should be explicit are the details concerning technical
support and customer service provisions, upgrades of applications, networks and
hardware, training, integration and customization services. Some ASPs include these
services in the solution offering, while others provide them at additional cost. We advise
consumers to consider these points during the evaluation and comparison of SLAs.
Quality of Service
With respect to data integrity, loss and consistency, the SLA should contain specific
details on how the spatial ASP will provide and ensure Quality of Service (QoS) for the
contracted solution. This is a significant issue, especially for those spatial ASPs that
intend to deliver their products and applications over the public domain Internet. The
foundation for QoS is being able to minimize the delay in IP packet delivery, minimize
variations in IP packet delays and provide capacity with consistent data throughput.
QoS becomes a mission-critical aspect in a spatial ASP, especially in an environment
that is “always-on” and that provides real-time, focused spatial data. High QoS should
be evident to the user by the virtual transparency of the data transmission network. In
other words, a spatial ASP that has acceptable QoS should be able to deliver, in a
consistent manner, the same or better service as the consumer would get if the
application and data were in a local computing environment.
Security
The issue of security receives considerable attention and rightfully so considering the
stream of well-publicized security breaches in recent months. While important, security
issues should not have a paralyzing effect on selection of a spatial ASP. The reason is
that there are several strategies to preserve both physical security and network security.
Of course, those strategies need to be implemented correctly to be effective.
Physical security for the data center hosting facility is relatively straightforward and very
sophisticated. Preventive measures may include continuous video surveillance
cameras and guard patrols, electronic security system including fire, smoke and water
detection, motion detection and compartmented authorization and access locks for
internal and external doors. Independent power supplies and a rigorous maintenance
regime also are necessary to ensure continuity of service.
Network security, while very sophisticated, continues to evolve and adapt as technology
continues to develop and be compromised. A combination of hardware and software
security measures should be employed at various points of entry to the system. Several
hardware encryption devices can be deployed at the network firewall. Standard SSL
128-bit encryption protocols provide sufficient bit-stream security for transmitting data
from the spatial ASP to the appropriate consumers. Such devices, combined with a
virtual private network and a robust authentication and authorization scheme, provide
ASP data center hosting facilities with more security than a customer’s LAN.
This security is focused on ensuring that only those authorized to gain access to data
and/or applications are specifically allowed to do so, and then only those areas that
have been determined by the customer organization. This security regime is not unlike
most corporate WAN/LAN architectures, for example – a clerical employee may not
have access privileges to the corporate accounting and salary information but can still
gain access to email and other intranet information pertinent to his or her particular job.
