Monday, May 7, 2012

Cloud Multi-tenancy – An Introduction for Beginners

The term Multi-tenancy has gotten significant attention after the rise of cloud computing in the global market. Most of the time, the term is misused when describing cloud computing. I imagine it is as confusing as the term cloud computing was a year back! A few of us may relate multi-tenancy with a database or application architecture, while others think it has something to do with virtualization. Both views are correct, depending on the context.

Currently I am leading a team of developers about to start working on an educational institute management application for a group of institutes. Should we proceed with the tried and tested path of single-tenant application, or use the unknown, and less travelled but more challenging, multi-tenant SaaS? The development team was more enthusiastic to get the application architected as a multi-tenant SaaS.

But how could we design the application (and the database) so that a single instance of it (and the database) could be shared by all the member institutes? This led us to brainstorm the idea of multi-tenancy. And I must confess designing a multi-tenant application is definitely not child’s play, especially if you are designing it on a traditional platform (ASP.NET, SQL Server etc). It may be a bit easier to architect a multi-tenant SaaS on a cloud PaaS.

What is Multi-tenancy?

Think of tenants as customers (clients) of a service. Before we discuss more about tenants let us understand the following:

SaaS can have two broad categories [MSDN, Microsoft, check reference# 2]:

1. Line-of-Business (LOB) services like CRM and Project management solutions are meant for enterprise customers. A few examples are:

2. Consumer-oriented services are meant for the general public and may be offered free of cost. Examples are:

  • Dropbox (Now they are also offering Dropbox for teams: enterprise version)
  • Microsoft Skydrive
  • Gmail, Google Apps (Free), Google Analytics.

The point to note here is that a line-of-business (LOB) service customer can have multiple users whereas in consumer-oriented services each customer is a single user. This why line-of-business SaaS is relatively difficult to architect compared to consumer SaaS.

I found a plain English simple definition of multi-tenancy, reproduced below for your reference from Database.com Getting Started Series White Paper [check reference# 3]:

Multitenancy is fundamental technology that clouds use to share IT resources cost-efficiently and securely. Just like in an apartment building, where many tenants cost-efficiently share the common infrastructure of the building but have walls and doors that give them privacy from other tenants, a cloud uses multitenancy technology to share IT resources securely among multiple applications and tenants (businesses, organizations, etc.) that use the cloud. Some clouds use virtualization-based architectures to isolate tenants, others use custom software architectures to get the job done.

Why is Multi-tenancy so Confusing?

Like cloud computing, the definition and implementation of multi-tenancy differs based on the underlying service model (IaaS, PaaS, SaaS). Describing multi-tenancy without mentioning the service model might confuse the not so tech savvy customer. A SaaS provider will talk about single-instance multi-tenant database / application architecture while an IaaS provider will talk about virtualization based architecture for implementing multi-tenancy. So, it should be understood based on the context of the service model.

Is Multi-Tenancy an Essential Characteristic of Cloud Computing Service?

Although a bit controversial, it is now widely accepted in technology circles that multi-tenancy is an essential characteristic of Cloud Computing. NIST recognizes Resource Sharing (achieved using multi-tenancy) as one of the five essential characteristics of Cloud Computing. A few authorities (like csaguide.v3.0.pdf: Security Guidance for Critical Areas of Focus in Cloud Computing V3.0) identify multi-tenancy as an important element in the cloud computing, rather than an essential characteristic.

In the year 2010 I posed the above question to a select group of Cloud Computing Pioneers. Their answers are still relevant today: Each one of them agreed that multi-tenancy is indeed an essential characteristic in delivering cloud services. The highlights of their responses are summarized below:

Quote

Name

Multi-tenancy is about sharing of set of infrastructure resources be it hardware or software across multiple clients to cross leverage utilization and hence drive cost efficiencies.

Suresh Sambandam - Founder & CEO of OranScape, a PaaS

And that's the only way for a vendor to provide it at an affordable price-point.

Narasimhan (Kishore) Mandyam - CEO of PK4, [Impel CRM SaaS]

If you want to be a viable cloud vendor selling products (see my InformationWeek post, you have no choice – your product must be multitenant in order to survive in the cloud world.

Alok Misra - Cofounder & Principal at Navatar Group, a global Cloud service provider.

Without multi-tenancy you are like a web development service company managing multiple codebases and servers for each client - which is a huge headache!

Sahil Parikh - Founder & CEO of Synage Software  [DeskAway SaaS]

Eliminating the need to maintain individual instances (code bases, infrastructure, etc.) for customers equates to frequent upgrades and easier maintenance.

Sunny Ghosh - Director Wolf Frameworks, a browser based On Demand PaaS.

Because of the shared platform they can offer better pricing to customers and in return customers give up some flexibility.

Jamal Mazhar is Founder and CEO of Kaavo.

You can read the detailed discussion here: Is Multi-Tenancy an Essential Characteristic of Cloud Computing Service?

Multi-tenancy Implementation Based on Service Models

Infrastructure as a Service (IaaS)Tenants on a multi-tenant application share infrastructure resources like servers and storage devices. Here multi-tenancy is achieved using Virtual Machines (VMs).

  • What are Virtual Machines (VMs)?

Popek and Goldberg define VM as an efficient, isolated duplicate of a real machine [Reference# 4]. In simple words: your application will be executed on a virtual computer (also known as an instance). You have your choice of virtual computer, meaning that you can select a configuration of CPU, memory and storage that is optimal for your application.

Optional Info: In IaaS different VMs share hardware via hypervisor. Wikipedia defines a hypervisor as “a virtual machine manager (VMM) . . . one of many hardware virtualization techniques allowing multiple operating systems, termed guests, to run concurrently on a host computer.”

The following diagram [Image Credit NIST: Reference# 1] depicts a simplified illustration of multi-tenant implementation in IaaS. The image shows a cloud provider that has a number of virtual machines (VMs) available that it can allocate to clients; block A shows vm4, vm5, ………… , vmn. Block A shows 2 clients – A and B. Client A can access and use vm1 and vm2. Client B can access vm3. Block B shows entry of a new client C who has access to vm4, vm5 and vm6.

Cloud-Multi-tenancy-IaaS

Figure 1

Optional Info: On March 28, 2011; Amazon launched dedicated instances within Amazon Virtual Private Cloud (Amazon VPC). Setting the tenancy of a VPC to dedicated when the VPC is created will ensure that all instances launched in the VPC will run on single-tenant hardware. You can read an interesting discussion by cloud/technology experts here:

Amazon EC2 Dedicated Instances and Cloud Definition

Platform as a Service (PaaS) Here different processes may share an operating system and networking services. A SaaSBlog article defines this as [Source]:

PaaS multi-tenancy means that, like a Heroku or a CloudBees, the platform can isolate code from different apps/vendors on the same OS instance (usually by commingling processes and databases on OS instances). This removes the need to allocate a whole VM per application stack component, improving efficiency.

Optional Info: What is a Process in computing? If you are Windows user press Alt/Ctrl/Delete > Windows Task manager > Process Tab. Here, under Image Name tab, you can view the name of the program (exe) you are currently running on your computer. For example: chrome.exe, iexplore.exe, dropbox.exe, winword.exe etc.

The following diagram [Image Credit NIST: Reference# 1] is a simplified illustration of a multi-tenant PaaS. The PaaS provider has an inventory of applications, namely A, B, C, D. Here a tenant can be a developer, or a customer (C1 in the image). As shown in the following image: the developer is creating applications and the customer is consuming them B→exr1 and B→exr2. In brief, multiple developers and customers are sharing the resources provided by PaaS. PaaS can also use the services of an IaaS.

Multi-tenant-PaaS-Cloud-Computing

Figure 3

Software as a Service (SaaS) – Here multi-tenancy is marked by a single application instance (i.e. code base) and single database instance for supporting multiple customers. Customers are sharing the same code base and the data is stored on the same set of tables distinguished by TenantID. Stated simply: the separation of data is logical and not physical.

In a database table records can be saved in the following format [Image credit: Microsoft. Reference# 2]:

clip_image004[9]

Figure 4

Yes, a unique TenantID will distinguish between the records of different customers. In reality it’s not as simple as we are assuming here, because, if it’s a line-of-business (i.e. enterprise) application we again need to distinguish between the records of multiple users of the same customer. Also, the presentation layer (User Interface) needs to be provided with settings/configuration options which can offer unique user experience to each customer.

The following simplified illustration depicts how three customers C1, C2 and C3 are sharing a single application on a single database [Image Credit NIST: Reference# 1]

Cloud-Multi-tenancy-SaaS

Figure 5

A Microsoft document on multi-tenant SaaS architecture proposes SaaS architecture which is more mature than the model described above, also known as SaaS at maturity level iv. Check the following diagram [Image Credit: Reference# 2] borrowed from an MSDN Microsoft article.

clip_image007[9]

Figure 6

The above image shows the most matured multi-tenant SaaS model. This is somewhat similar to the hybrid of Figure 1 and Figure 5. In simple words – a multi-tenant SaaS architecture making use of virtualization based multi-tenant IaaS. The cloud provider hosts multiple clients on a load-balanced farm of identical instances, with each customer's data kept separate.

What is the benefit of this model over the previous one? MSDN Microsoft article (Reference# 4) explains:

This model is highly scalable because the number of servers and instances on the back end can be increased or decreased as necessary to match demand, without requiring additional re-architecting of the application. Also, changes or fixes can be rolled out to thousands of tenants as easily as a single tenant.

Multi-tenancy Risk

In a multi-tenant SaaS architecture a single application and database instance is shared with multiple customers. This simply means that the same database and same set of tables are used to store the records of multiple customers as shown in figure 2. It’s very rare but it may happen that a flaw in the software while querying the data can lead your adversary (who may be a customer of the same service) to access your record.

At the IaaS level Virtual Machines (VMs) can be attacked by other VMs residing on the same physical host.

Although these risks are minimized using robust access policies and strong encryption, you must educate yourself about the security measures in place for a multi-tenant SaaS.

As a Customer do you really need to care if the SaaS is really multi-tenant?

Yes. Though multi-tenancy is cloud vendor’s responsibility you must care to know a little about how it is implemented in the service you are going to use. Everything’s fine until the number of customers your provider is supporting increases. Once the number grows, it becomes very difficult to manage upgrades on a per customer basis. Later, it may increase the price of the service because the provider may need to engage more resources to maintain multiple versions of code and database per customer.

References

  1. NIST [Special Publication 800-146]
  2.  MSDN Article
  3. Database.com
  4. Wikipedia