If you could be sure of anything, it is that the future of cloud is not clouded with any mystery: Today, every organization is trying to leverage cloud capabilities to ensure increased efficiency and business resilience.
Gartner has predicted that through 2022, the cloud services industry will grow exponentially, and the market size and growth of the cloud services industry will be nearly three times the growth of overall IT services.
In this blog, we will focus on multi-tenancy and on the factors to be considered when designing a typical multi-tenant SaaS application.
Multi-tenancy on AWS
In the growing ecosystem of Software as a Service or SaaS-based applications, multi-tenancy is a challenge that requires using the strategy and power of a shared environment to create a solution that solves multiple customer requirements, thus achieving economies of scale.
The primary question around multi-tenancy is about how best one can implement it. How should we architect a multi-tenant application which can use shared resources, to ensure that it is secure and state-independent? Well, the answer to this depends on the use case.
Things can get complex when an application needs to serve multiple B2B or B2C customers called “tenants” of the application. For example, a typical SaaS application might need to have location-specific dealers (businesses) that tend to their end-customers and the organization. To suit the architecture design, this will require a multi-tenant system for dealers which provides:
- maximum resource usage
- optimum efficiency
- reduced costs
- simplified configuration, onboarding, and maintenance
The dealers would instead handle customer data through their multi-tenancy accounts in the application.
Architecting a typical multi-tenant SaaS application
Let us look at some of the requirements for a typical multi-tenant SaaS application. Apart from the core functional components of a SaaS solution, to future-proof an application creating supporting components will allow us to scale the application over time.
Compute isolation – Tenants within a business may have varying requirements for computing resources, depending on the size of their business operations. For a smaller tenant, compute isolation with lower resource usage, and for a larger tenant compute isolation with higher resource usage needs to be considered to drive down costs that are ultimately handed off to the customer via the tenants.
Networking isolation – Another consideration is to provide isolation among tenants at the network level. This ensures the compliance of physical and logical security, and access parameters. A tenant would never be amenable to have its access and data shared with any other tenant(s). In such a case, AWS VPC-based isolation would be the best implementation option.
Data isolation – The foremost requirement is that data for a single tenant should be isolated and not visible to or accessible by another tenant in the group.
Storage & backup capabilities – Database and object storage are the main requirements for tenants. AWS provides the ability to separate object data in buckets by using S3 and database storage in RDS through different mechanisms for schema design. For backups of block storage as well as databases, AWS provides AMI creation, snapshots as the means for tenant data backup.
Security and IAM – Multi-tenancy invariably requires user identity management and authentication to be maintainable and configurable, per tenant. To do so, we can use AWS Services like IAM (Identity and Access Management), Federated Identities, SSO (Single sign-on), OpenID, Federated Identity Integration, and Amazon Cognito.
Besides this, there is also a need to secure the tenant data and ensure that the necessary protocols and mechanisms are in place. This helps to:
- keep data privacy and protection at the network/storage layer
- encrypt data at rest or in transit
- manage and rotate keys and certificates
- manage application-level security constructs
AWS provides some tools that can help address some of these considerations, such as AWS CloudHSM, AWS CloudTrail, VPC, WAF, Amazon Inspector, and CloudWatch.
Application performance – High availability, reliability, and scalability are the demands of a multi-tenant architecture, as such applications tend to be multi-regional, require internal isolation of both static and dynamic data. This includes security, shared compute resources and combined account analytics, billing, reporting for the organization as a whole. AWS provides its compute group to meet these demands with services such as AWS EC2, AWS Lambda, autoscaling groups, as well as for containerization in AWS ECS, ECR, and EKS.
Tenant customization - Multi-tenant solutions are designed to be highly configurable so that businesses can have their own set of configurations for each tenant in the system. For example, this can allow customizations from a UI/UX perspective and system settings or configuration data. Providing the ability to a tenant to define the styling of their applications is also important to localize the services in a particular country or region.
Cross-cutting concerns – Multi-tenancy is a common concern in any SaaS application as it affects almost all layers of a typical application. Centralized yet tenant-aware logging and monitoring, service discovery, dynamic instance creation, endpoint registration, and load balancing are some of the primary impact areas for such an application.
Analytics – Shared analytics across tenant accounts, customers and internal employees is a crucial requirement for reporting and forecasting. AWS provides several tools to tackle this area, such as Amazon Kinesis and Dynamo DB streams.
Forecasting – One of the hardest considerations is about forecasting the load so that enough servers could be spawned as fast as possible to handle the load. This requires careful planning and analysis of usage, trends, news, and business decisions to ensure it is handled properly.
Financials – Billing requires an account-wise implementation and a consolidated subscription model to be aware of each tenant’s usage and at the organization level.
Bottom line
However, these topics are just the tip of the iceberg, and there will be many more things that need to be considered in a modern multi-tenant SaaS-based implementation. To make life simpler, there are some design patterns that can help in implementing such considerations. In the next part of this blog series, we will be discussing the architectural design patterns for multi-tenancy on AWS. Stay tuned!