Architecture of the NetSuite system is the one area that is both more difficult to talk about than other areas of the system, and yet at the same time somewhat simpler to talk about than other areas. The reason for the difficulty is that, for the most part NetSuite does not publish information about how their internal systems work, but it is this lack of information that then leads to the simplicity of the discussion since there isn’t nearly as much to talk about. The information in this article is based on what NetSuite does publish, what can be gleamed using standard tools, and the authors own knowledge of how systems and databases work. The architecture of the system, from the customers stand point, is pretty simple. The software is delivered to you as a service and there is very little infrastructure you need to worry about having, however there are still a few things you do need and I will cover those below.
Infrastructure Requirements: Since the software is delivered via the Internet you will need a reliable internet connection with sufficient bandwidth to handle the additional load of using the NetSuite software over it. In general, most NetSuite pages tend to be on the smaller end of the spectrum when it comes to their data size, and this makes sense when you think about the fact that NetSuite is typically not graphically intense. There are some exceptions to this however, such as when you are looking at a large list of records, with many populated columns in the system, for example when you have changed your defaults to show 1000 rows of data at a time in a list view. In general, my own experience has shown that you should plan on having about 5Mbps of bandwidth for every 20 people who will be using NetSuite concurrently. Of course, this amount all depends on what they are doing in the system, and more bandwidth never hurts. Also since NetSuite is 100% dependent on an Internet connection, I would recommend using a firewall or router for your business that can use two different connections, such as a DSL and a Cable Modem. In fact, using connections of this sort you can generally get a connection that is every bit as reliable as a carrier grade connection (e.g. T3 or Fiber), but that costs far less and is functionally faster as the inbound bandwidth will be quite large. Your internal network, which routes your data to and from the Internet to your local computers, will also need to be reliable, but these days most business networks tend to be very reliable anyway, and this includes high quality wireless.
Client Software Requirements: While it would be great to believe that all data will live in NetSuite, and will never have to be taken to an external program for manipulation, the truth is at some point or other you probably will need to export data to an external system for manipulation. This is most commonly done either via a CSV (Comma Separated Values) file, which can be opened up in spreadsheet software including Microsoft’s Excel, or much less commonly by exporting directly to the Microsoft Excel format. For this reason, you will want to have a good piece of spreadsheet software (such as Excel or Open Office) or some other software you can use to manipulate CSV files; for spreadsheet software almost any software made in the last ten years will work. If you have ever printed from the web you may have noticed that the printed result tends to vary based on the browser and computer you are using. While this is generally not a problem when dealing with most web documents, it can be a major pain when you are printing invoices or checks. To eliminate this problem NetSuite generates most print documents by first creating a PDF to be printed, then printing that PDF. For this reason, you will need to have a copy of Adobe Reader on your system, which you can freely download from the Adobe website.
NetSuite’s Systems: Now let’s take a moment and talk about how NetSuite’s systems are setup. While you generally will not need to worry about this it can still be nice to know. Also keep in mind that some of this comes simply from my personal experience with NetSuite and knowledge about systems in general.
Physical Datacenters: NetSuite currently has two different datacenters where their equipment is housed that runs the NetSuite software. One datacenter (their original one) is located in California and another one built for redundancy is located in Massachusetts. My understanding is that the first datacenter was at one time located at their headquarters but this has now changed and that their second datacenter is actually a shared or colocated space. While this space is shared with several other entities the access to NetSuite’s section of the datacenter is strictly limited; though it is worth noting that access to the entire datacenter is also limited. NetSuite is actively building a third datacenter in Europe both to help alleviate congestion and latency issues when using their software in that part of the world, as well as to provide European businesses with better piece of mind about where their data resides. Between the two datacenters in the United States, NetSuite runs synchronization processes which ensure that even if one of the two goes offline the other can takeover processing almost immediately.
Datacenters and Data Protection: The likelihood of one of NetSuite’s datacenters going offline is slim. Like most datacenters they begin with redundant systems such as power from multiple substations, backed by generators and uninterruptable power supplies (or battery backup). They employ multiple internet connections using multiple physical and logical paths to ensure that internet connectivity, or rather lack thereof, does not prevent the systems from working. As previously mentioned, access control to the datacenter is also strictly limited for both security and reliability purposes. To round it out precautions are also taken on the hardware itself, meaning that servers and network equipment have multiple power supplies, disks, etc., and that the hardware operates in such a way that there are redundant pieces of network and server equipment. As would be expected NetSuite also performs both onsite and offsite backups, on a routine basis that is daily or better. NetSuite does publish more detailed information about the redundancy and security controls offered at both datacenter locations, which can be reviewed here (http://www.netsuite.com/portal/common/pdf/ds-datacenter-fact-sheet.pdf).
Servers and Network Equipment: NetSuite does not really provide a lot of detail on the number and types of servers they run, nor do they provide this information about their network equipment, firewalls, and other software and hardware. Some of this information can be gathered via other sources, and when combined with the data NetSuite does provide the picture that emerges is thus. The servers in each of the datacenters include webservers, application servers and database servers, among others. Their web front end, runs on Apache web server, which is the most common webserver in the world, and while NetSuite’s website is largely http, their application is entirely https meaning that all of the data that is transferred to you via the web browser is encrypted in transit. Their database, which is where all of your data will live, runs Oracle database software, as do many of their application servers which provide services for Oracle.
Database: With any ERP system, including NetSuite, the database is the heart or brains of where the data lives, and as mentioned above the database that NetSuite has chosen is Oracle. Oracle is one of the most popular database systems in the world for enterprise computing, such as what is done on the NetSuite platform. However, from your standpoint you will never really interact directly with the database itself. Whether you use the user interface, write code for the system, use the ODBC connector, or use the provided web services, the lowest level of interaction with the database will be through API’s (Application Program Interfaces) that access the tables or more likely views. While this might seem limiting if you are knowledgeable in this area and wish to perform quick and dirty customizations, this is actually a very good thing in a shared system. Because everything must go through code that enforces certain logic, as well as the database which enforces logic of its own as well as referential integrity, the chances of you causing irreparable damage to your own or someone else’s database has been eliminated.
Public Data: NetSuite spends a good amount of money to setup and maintain its systems infrastructure, though they do not really disclose exactly how much money and time they spend on it. Since NetSuite is a public company, some of this information can be deduced by reading through their Annual and Quarterly 10-K and 10-Q SEC filings, but there is limited detail in these reports. Because of the vast amount of data NetSuite has in its databases and the large number of customers it has in various lines of business, it does spend a lot of money and time securing that data. This is evident in the fact that the system is used by customers who must maintain HIPAA compliancy, Sarbanes Oxley compliancy, as well as the many customers who perform credit card transactions in the system, meaning they must maintain PCI compliancy as well. The systems at NetSuite are regularly audited, and in most cases would be considered to be more secure than comparable on premise systems NetSuite’s customers would otherwise run.
The truth is though, that while there is a lot that has been, and is being done to secure the backend of a system such as NetSuite, in addition to making sure that the system is reliable and readily available, a lot of what is done on a regular basis is not easily visible. This is all a pretty high-level view though as providing much more than this would be mostly speculative.
Hopefully this article provided a good overview of the system architecture of NetSuite. Feel free to leave a comment below and let us know what you think. This article is just one part of the What is NetSuite series available on this website.