Windows Azure Helps Small Partner Score Huge Deal

How one small Microsoft partner in the U.K. leveraged the Windows Azure cloud service to win a huge contract against consortiums of IT giants -- enabling a more robust solution at a lower cost than traditional IT approaches could promise.

At first blush, the contract sounds like a regulatory and compliance nightmare. But Solidsoft CEO Garth Pickup calls it "a breakthrough project."

The project is to develop and manage a complex pharmaceutical verification system to help combat the rising tide of counterfeit medicines being sold in Europe. The system must connect to over 3 million pharmaceutical manufacturers and upward of 150,000 pharmacies across the continent. It must be able to verify the transaction of 10 billion medicines each year and serve as a reliable checkpoint between potentially dangerous, falsified medical products and 500 million Europeans. Its development and operation must pass muster with the highly regulated pharmaceutical industry.

Such a contract would've been a big win for a vendor of any size, but for a relatively small firm such as Solidsoft, a custom application-development consultancy based in Basingstoke, England, it was a coup.

"It's quite an extraordinary outcome, one that I didn't think would be possible," Pickup said during a panel discussion with partner executives at July's Microsoft Worldwide Partner Conference (WPC). "In fact, five years ago, it wouldn't have been possible. All the way through, there was a lot of pinching going on. 'Can we really be the guys who are selected?'"

"The key thing, the takeaway, is that there is virtually nothing you now can't do by standing on top of [the Windows Azure platform] because so much is provided for you."

Garth Pickup, CEO, Solidsoft

In April of this year, Pickup's company won a five-year contract with the European Federation of Pharmaceutical Industries and Associations (EFPIA) to implement and operate the European Medicines Verification System (EMVS). Solidsoft's winning proposal entailed running the entire system on top of the Microsoft Windows Azure cloud platform.

The EMVS deal garnered Solidsoft the 2013 Microsoft Partner of the Year award for Cloud Solutions, its third partner award from Microsoft. (In both 2006 and 2011, the company won Partner of the Year for Application Integration.) It also solidified the company's reputation as an overachieving underdog, of sorts.

In an interview with Redmond Channel Partner magazine in late July, Pickup said that while Solidsoft has never really grown past 50 or so permanent staff members, it nevertheless has an impressive string of high-profile projects under its belt, including solutions for the 2012 Olympic Games, British clothing retail chain Marks & Spencer, and the U.K. Department of Work and Pensions.

"We've been able to punch above our weight in terms of awards and the accolades that we've received," Pickup says.

But with each of those large projects, Solidsoft worked through a prime contractor, typically a major global systems integrator (SI). With the EMVS deal, Solidsoft was on its own.

Going Azure
Solidsoft touts itself as a 100 percent Microsoft-focused shop. The company started roughly 20 years ago as a small group of Microsoft certified application developers, and then later turned its focus to building integration solutions using Microsoft BizTalk Server. The driver for the change in strategy was differentiation, according to Pickup.

"Pure-play custom app dev on the Windows environment in client-server land was becoming a commodity. Everybody was getting it and could do it, so all the expertise that we had was rapidly becoming widespread. So we took up with BizTalk Server and decided to make it our own," he says. "BizTalk was really good for us. We did some very large projects and some little trophy wins.

"But BizTalk itself was almost like the unloved bastard child of Redmond. Its supporters love it, and we're some of those. But after a time, that particular problem child went out of favor in Redmond. One of the things about it is it's a sticky product. Once it's introduced to a customer, it tends to stay," Pickup says. "Once you've taken the choice to make the investment in doing integration work and having a middleware platform, then actually undoing that is quite a difficult thing to do."

BizTalk also tends to suffer from being regarded as a niche product, he says.

"We were sort of being tarred with that same brush as a one-trick pony -- which we were quite happy to be, for a while," Pickup concedes. "But since that pony wasn't growing and the market for it wasn't particularly buoyant, we felt we needed to move on."

Enter Windows Azure. When Microsoft first launched the cloud platform in early 2010, the Solidsoft team was interested, but wary of making it the go-to offering for its customers. Their initial impression was that Windows Azure was suited mostly for cloud-scale solutions, projects with massively elastic requirements. The hesitation did not last long.

"We've been completely can do anything with it, probably faster, cheaper, better," Pickup says. "You're able to provide solutions which are much easier to deploy, much easier to run [and] could be offered out in a completely different business model from the traditional way that we used to do things. I think it's given us a great deal of flexibility."

When it came time to prepare the bid for the EMVS project, Pickup had no qualms about staking the whole system on Windows Azure.

The Pitch
The EFPIA designed the EMVS in response to a 2011 directive from the European Union (EU) calling for a more effective framework to detect and prevent the sale of counterfeit medicines. The EMVS essentially serves as the back-end of a system for validating packs of medicines at their point of sale; each pack bears a unique 2-D matrix code that can be scanned and verified against information stored in a central "European hub."

Pickup describes the whole thing as "a complicated legal framework." The EFPIA, which awarded Solidsoft the contract, describes it this way:

"The European Hub will be connected to a series of national data repositories, which serve as verification platforms, and can be used by pharmacies and other registered parties to check a product's authenticity. The system will be harmonised and interoperable between the various countries and will allow for the reconciliation of products traded between EU member states... as well as for multi-country pack management through the European Hub. Additionally, it will also offer those countries who do not want to set up their own national system the opportunity to join an existing product verification infrastructure (national Blueprint System Template)."

Solidsoft submitted its bid in 2012, alongside 20 other, larger vendors; without naming names, Pickup says the bidders consisted of "the who's who of the industry globally." Solidsoft was the only vendor that proposed a 100 percent cloud-based solution. (The optional "national blueprint system" is also being designed by Solidsoft as a Windows Azure-based product.)

"I looked at this and I thought, 'If I run this on Azure, all my operations are taken care of -- I just have to run the application across the top,'" Pickup says. "This is all about connectivity and middleware, and almost lights-out operations. We know how to build and develop and implement and support those systems -- been doing it for years."

Solidsoft was also the only bidder that was not in consortia; not even Microsoft was signed on as a full-fledged coalition member with Solidsoft.

"The Microsoft guys were very interested in staying close to us on the bid...[but] there were some very interesting clauses in the NDA [non-disclosure agreement] that Microsoft didn't find it very easy to comply with. And so they were unable to sign the NDA and participate as a full-fledged coalition member. [Solidsoft] went into this with no coalition members -- we went into it on our own and [Microsoft] were down as suppliers," Pickup explains. "It was simply Solidsoft -- 50 guys in Basingstoke."

Solidsoft invested about a half-million pounds in the bid, according to Pickup -- a not-insignificant amount for the company. The proposal ended up being over 600 pages long. The company built a prototype and asked Microsoft to look over some of its design plans.

"They were very helpful in that regard, and gave us the confidence that what we were doing was going to work properly like we believed it would," Pickup says. Still, he and his team thought their odds of winning the contract were long. Pickup considered it a vanity bid, "where you just do it because you can and not because you should, or could even, win."

Microsoft had its doubts, too, all the way to the point when Solidsoft was selected as one of only three vendors to present their proposals at an industry gathering in Brussels.

"Microsoft had been telling me, 'You have no chance of winning, Garth. You're going to have to go and buddy up with a big supplier, a big SI, to front it for you,'" Pickup says. "And I said, 'I just can't see where they're going to add value here. I think we can do all of this ourselves. I think it changes the model. I'm telling you, I think this is a really amazing new breakthrough in the way the business works.'

"And we got selected to the final three. At this stage, Microsoft said, 'My God, it looks like they're prepared to buy from you.'"

Solidsoft's presentation consisted of a demo of its application, instead of the expected case study. In front of a multinational audience of roughly 30 industry executives ("It was like NATO -- everybody had earphones and their own monitor and so forth"), Pickup and his team scanned a marked package of medicine using a scanner attached to a Windows 8 PC, and then waited for a remote database to return the package information.

The database was located 500 miles away in Microsoft's Windows Azure datacenter in Ireland. At the time of the demo, it stored information on roughly 60 million products. The team had configured it to show the database being accessed by 20,000 other PCs and making 200,000 calls a second.

The information was retrieved in a scant 0.4 seconds. "Point-three-nine-nine of that time is spent getting out of [the] firewall from the PC," Pickup says. "A tiny little proportion is spent in getting across the Internet and then coming back, so actually, most of it is breaking out of the internal case."

That presentation was enough to push Solidsoft's bid into the final two. After another five months of negotiations in late 2012, the EFPIA officially awarded Solidsoft the contract.

The Takeaway
Live trials of the EMVS are expected to begin later this year. The final details may still be subject to change by the EU, though the central data hub will very likely survive as the main conduit between manufacturers, distributors and participating governments, according to Pickup.

"We were very pleased to have won [the contract]. It was an enormous effort. The key thing, the takeaway, is that there is virtually nothing you now can't do by standing on top of [the Windows Azure platform] because so much is provided for you," Pickup says.

For Pickup and his company, Windows Azure is a game-changer in the way it broadens the kinds of business services it can offer, and the levels of risk the company's able to take on for its customers.

"For the larger deals, like this one...we're able to do that because so much of it is handled by the Azure stack and services that we're getting from Microsoft. So we can just concentrate on that specific operation, the applicational operations across the top, and support that," he said during the WPC panel. "Financially, [Windows Azure] has opened up a whole bunch of new outcomes that we can go for, gives us new opportunities to take risks. And where we can take risks, we can charge a premium from that. When we take risk away from the customer, they like that."

There are other points to be made with Solidsoft's EMVS win. One of them is that the old saw about cloud computing being unsuited to industries that deal with sensitive data is just that. Pickup calls this "a complete fallacy...about the perceived risks of cloud."

"Is having your data in a public cloud any more risky than having your own datacenters exposed to the Internet?" he says. "Microsoft would argue -- and I would agree with them -- that they have some of the most sophisticated threat-management tools and intrusion management stuff on the planet. They have implemented them with the skill and the commitment which only the very, very largest organizations in the world would even come close to getting. ... Our view is that the cloud solution is by far and away a more secure option than trying to do it yourself."

Additionally, he notes that the pharmaceutical industry -- being an extremely risk-averse and highly regulated one -- requires extensive process-validation from its contractors.

"What it means is that every step of the construction of this software has to go through a quality-approval process," Pickup says. "In fact, the construction of evidence of our almost as big as the construction of the software itself."