In the Cloud terminology, the word multi-tenancy is one of most misunderstood in the industry. Different people have their own interpretation about multi-tenancy. In a simple model, it could refer to several tenants accessing a software application together such that the software itself has single running instance deployed, which means that application resources are shared among all these tenants. However, that’s not true always in Cloud Computing environments.
Majority of people agree that isolation is a key characteristics of multi-tenancy. However, isolation is primarily required due to security compliance and resource usage based billing reasons.
But, the isolation can be realized at various levels. For example:
- Infrastructure as a Service (IaaS): Based on unique tenant identifier, the user access is granted to its private data centre environment (e.g. dedicated hosting). It is extremely secure however it is most expensive option since the resources are fully dedicated. The Cloud Service Provider has to build fully isolated environment (e.g. data center, racks) to ensure correct billing based on quantum of resources deployed. Nowadays, the Virtual Private Cloud (VPC) is becoming more popular that implements secure isolation in a Virtualized Data Centre (VDC) using virtual private networking techniques. VPC is relatively cheaper.
- Platform as a Service (PaaS): Based on unique tenant identifier, the user access is granted to private instance of given platform (e.g. database engine, message queues, workflow engine, business process manager). Certainly, it offers economic isolation and security, but highly skilled people are required for deployment. The Cloud Service Provider applies deployment automation tools to ensure that a private environment (e.g. compute, network, storage, cluster) is created automatically for the tenant. IP address pool, Firewall, Load Balancer, Virtual Machines, VPN, Data Stores, etc are dedicated for the tenant in that environment therefore it is also quiet expensive option.
- Software as a Service (SaaS): Based on unique tenant identifier, application could implement access control for the end users such that application could route requests correctly and only specific tenant alone has access to his data or application logic. It is least expensive method in terms of enabling multi-tenancy since little software change is required in your existing application source code or configuration. However, it has lot of difficulties in terms of maintainability of software. It has runtime cost due to indirection at the software level therefore the software becomes slower in terms of runtime performance. Traditionally, Application Service Providers (ASP) utilized this model for multi-tenancy.
Nowadays, multi-tenancy enablement tools and technologies are available from vendors, such as: Corent, Apprenda, TechCello, etc. Such systems are applied in Private Cloud maintained by Cloud Service Providers.
Consider N-tier application as an example, you can enable multi-tenancy by isolating the following at the following level:
- Data Tier: If you create independent database instance or cluster for each tenant. The business logic tier could select which database to use based on tenant identifier attributes.
- Business Logic Tier: If you create independent application server instance or cluster for each tenant. The presentation tier could select which application server to use based on tenant identifier attributes.
- Presentation Tier:If you create independent web server instance or cluster for each tenant. The firewall could select which web server to use based on tenant identifier attributes.
- Load Balancer Tier: If you create independent data centre environment for each tenant. The client could select which data centre to use based on tenant identifier attributes (e.g. ID, geography). The Content Delivery Network (CDN) might choose suitable data centre.
So, which multi-tenancy strategy do you want to select for your enterprise application?