Moving From Individual Install To Single Shared Site ("Cloud")


I developed a small web based invoicing system a few months ago for my own use. A few of my clients asked me what system i was using and how they could get it etc... so i packaged it up and sold it to a few clients, and now it's getting to a stage where every client wants it.

Here is a quick video of the software if you are curious -

In order to scale the software, i need to change the approach. Instead of having to install it on every client's web server, which involves obtaining their FTP access etc... i am planning on building the following approach:

01 - build a new dedicated website
02 - clients sign up via the website and pay $5 a month
03 - clients sign into their dashboard via the website and manage their invoices from there
04 - client's customers are directed to the same site where they complete their payment (no sign in required for the customer)

The main downside of this approach, in comparison to the individual install, is that the individual install allows the client to redirect their customer to their own site / url... so i will probably offer the individual install as an option on the website too.

Getting To The Point
From a high level view, i don't think the migration / approach will be too challenging. I'll need to create a new 'accounts' table and all other database tables will stay the same, with an 'account_id' added to each of them.

All processes will then need to associate and query the 'account_id' too.

Can you offer any advice as to what other areas / points i need to consider. Thanks in advance for your help.
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Bernard S.CTOCommented:
Security will be your main concern.
1 - Be doubly sure that none of your clients, not of their client, can access any data from others

2 - Be VERY careful with all the "money data" you store

3 - Will your system resist to deliberate attacks?

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Ray PaseurCommented:
Are you planning on receiving payments via the web site?  If so, are you up-to-date on PCI compliance?  If you're not conversant in the details of PCI, you might want to get your lawyer and banker together to discuss the requirements.
oo7mlAuthor Commented:
Thanks guys,

Yes the website will process payments, BUT all on Stripe's side so they handle the PCI compliance side of things.

The site will have SSL (stripe requirement), however no payment details will be saved or processed on the site
Become a CompTIA Certified Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

Concerning the downside you mention; Why is it important that your client direct their customer to the client's website? Is it an advertising thing? Usability?
oo7mlAuthor Commented:
Hi, if you receive an email from a client and you click a link to pay them... i think it would feel more integral if you were brought to the client's website as opposed to a 3rd party website?
Ok yeah, I see what you mean. I was thinking of subdomains or subfolders or even just variables to display the client's logo and contact info, etc. Redirection to payment gateways seem pretty common. I think most users don't pay attention to the URL anyways.
oo7mlAuthor Commented:
Ok cool, thanks for the reply.
We are doing something similar since I sell merchant accounts and I do no charge for the e-commerce gateway.  It's more for recurring billing since the gateway stores the numbers and the system does the recurring part, (usually the gateway does the recurring billing but this way, the system is updated if a decline happens). But when you start doing that, adding a sub-folder / sub-domain, you are now in the hosting business.  

So if the site goes down, or if there is a problem, they are going to call you.  

True, if you use your own and your own folders, then you only have to deal with one SSL cert. But if the client gets it installed and takes the credit cards, they will need an SSL cert.  It is sort of a catch 22.  I was in the hosting business for awhile, and I don't want to do that again.  We partnered with a company to host it.  It adds a little more to the contract, but it takes us out of the loop for the hosting part.
oo7mlAuthor Commented:
Yeah, we are using a very reputable hosting company, and running the new system on a high powered VPS.

I'll send on the link when it's complete, thanks again.
OK, that's good.  I had talked to about 20 different ones, and ended up going with one that gave a Vet discount and was a partner of ours (we have about 50 web hosting partners so it was tough, but the one that was being ran by a Veteran and giving us a discount synched it
oo7mlAuthor Commented:
Thank you.
Bernard S.CTOCommented:
B-) glad we could help, thx for the grade and points.

Since there is money involved, remember to be paranoid!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.