Is Google drive a good example for multi-tenant application? - multi-tenant

By definition (Wikipedia) - A tenant is a group of users who share a common access with specific privileges to the software instance and the term "software multi-tenancy" refers to a software architecture in which a single instance of software runs on a server and serves multiple tenants. It also states that with a multi-tenant architecture, a software application is designed to provide every tenant a dedicated share of the instance - including its data, configuration, user management, tenant individual functionality and non-functional properties.
From the definition, I understand that multi-tenancy says more from an architecture perspective and in case of Google drive, the internal architecture may not be known. However from a user/usage view, can we call Google drive or similar cloud applications as perfect examples for multi-tenancy since these are able to serve multiple customers and even allows us to share data among users securely? If so, will it be correct in saying that any software or application with a single instance allowing multiple users and gives data isolation, called as multi-tenant applications (from a user perspective)?
Note - I have already gone through the following post which states the difference between multi-user and multi-tenancy, however most of the cloud application share same database and servers and so can we call them multi-tenant? - http://multi-tenancy.blogspot.com/2009/07/what-does-this-mean-part-i.html

Multi-user example:
userX#domain1.com uses Google Drive
userY#domain1.com uses Google Drive
Multi-tenant example:
userX#domain1.com uses Google Drive
userY#domain2.com uses Google Drive
A multi-user system need not necessarily mean it's a multi-tenant system.
As you mentioned, we may not know the internal architecture of Google Drive, but from a user's view, it can be considered as a multi-tenant application as users from multiple domains/business entities/companies (i.e., userX#company1.com and userY#company2.com) access the same application using Google's enterprise solutions. Each of those domains/companies can be considered as tenants of Google Drive.

Google Drive is an excellent example of a multi-tenant application when several users have access to one cloud drive and can have access to this drive. For example, to perform some kind of teamwork. In this case, each user of Google Drive will be a tenant. The work with Google Drive's documents has a similar logic. Few users that have access to documents can jointly use them.

Related

Google Service Account - Multiple Servers

I'm using a Google Service Account to push MySQL backups from our webserver to Google Drive using a Google API PHP client script setup as a cron job.
I now want to run the same script across multiple webservers, I'm not sure how to correctly configure the service account for this, should I?
Use the same service account and service account key/credentials across all servers?
OR Use the same service account, but add a service account key/credentials for each server?
OR Setup a separate service account for each server?
Your requirements/needs/whatever may vary, but this generally it won't wont matter how you do it.
Single project
Create a project on Google developer console, and create a single service account key file and share it across the servers.
Is the same as.
Creating a project on google developer console and creating three separate service account credentials with different key files.
You will be bound by the same quota limits because all are under the same project.
Three separate projects.
Now if you created three different projects and create a single service account credential for each of the different servers. Then you would see a difference as they are different projects so should be bound by different quota limits.
quota
The Google drive default quota is so high anyway i'm not sure that it really matters what you do.
Security
Even security wise if you have a different file and you were hacked on one server you would't gain or loose anything by the other servers not having the same or different key files.

Google API with multi-tenancy application

I have a single web application that's used by multiple customers that have their respective URLs.
We're in the process of integrating google accounts via Google API with OAuth2.
Right now we have a single project/application registered that's used by all systems.
The problem is if same account is connected on multiple systems, token is overwritten since there is a single project. Same thing if account is disconnected from system A and it's also connected on system B, system B stops working because Google API project/application is the same.
I'm wondering if there is a workaround to have multiple tokens/connections per account with a single application, or the only way to accomplish that is having one project per system and I'll need to programmatically create a project and setup everything accordingly when a new system is built.

Is Multi-Tenancy the correct approach where there is interactivity

I'm working on a project that is set up as multi-tenant, separate users, data stores, etc. However, as I look further into different scenarios, I see things that may not mix well with multi-tenancy, or at least as I understand it.
Tenants can be hierarchal
Company A
West Region
East Region
Company B
Campus A
Campus B
Company C
Tenants can provide resources to another resource
Company A creates a resource
Company A shares it with Company B with specified permissions
Company C shares a resource with Company B
Company B can now use resources provided by Company A and C
I'm not tied to multi-tenancy, but I want to make sure that whatever pattern I choose, I am following the best practices of the pattern.
Is hierarchal multi-tenancy defined well enough to actually attempt? I don't see much online about it, except for a proposed Open Stack project and a research paper in only 2014. I could potentially use hierarchal users instead, but there are, of course, other benefits to tenants.
Now given that I want tenants to be able to share resources, in any direction, maybe I don't need hierarchal tenants. Maybe a need a normal flat multi-tenant pattern with just an added layer of sharing. One tenant would share to another tenant or maybe a user in another tenant.
In the latter, each user seems like they become their own tenant, with their own data. It seems like it is more and more like a social network. in Facebook, I can share things to others, they can share things to me, there is no direct hierarchy, but brands will make pages that reflect the idea of a hierarchy, without actually having one. For instance, Microsoft has Microsoft, but also Xbox, Xbox Support 1, Xbox Support 7, Windows, Bing, etc.
So I've started here with a multi-tenant architecture in front of me and now I'm thing a business grade "social network" is what I really need.
Do either of those tracks make sense? Any thing you would have me change or consider?
In cloud computing, multi-tenancy (MT) is commonly accompanied by tenant isolation. If we take the Wikipedia definition, MT is independent of sharing.
In an MT architecture, one instance of a software serves multiple tenants (or groups of users). This is in contrast to multi-instance software in which multiple instances of a software serves multiple tenants.
The main benefit of the MT architecture is of cost - software updates can be done on the single instance to benefit all of the tenants. MT software provides a common base of functionality for tenants, but commonly have interfaces that allow each tenant to customize branding & workflows.
Your project looks to be MT with sharing capability. Let's assume each Company wants to be able to share access to some resources. The architecture then should have sufficient flexibility for the tenant to be able to control access to resources. The underlying frameworks should be fast, secure, and reliable, and auditable.
Since your focus is on sharing flexibility, it's important that the architecture supports letting tenants define access to resources the way you and they want - tenant to tenant, or tenant to some user.
In my opinion, I would consider starting with a "default-deny" architecture - one that doesn't share anything by default, and allow the tenants to setup rules for access to resources.
Short version: Multi-tenancy is generally independent of interactivity.

Azure, Sync Framework and Access Control Service: Are there obvious shortcomings or problems in using this technologies together?

I have a desktop application which uses flat files (some xml and small pictures) as data. I want this data to be available on other PCs which have the desktop application installed and usable by a smartphone client (WP7 at the moment) as well.
The user should have it very easy to synchronize this data. He should be able to use accounts he already possesses (Live-Login, Googlemail, Facebook,...).
I thought about using Azure Blob Storage to save the data in Azure, the Sync Framework to perform the actual synchronization and the Access Control Service to handle authentication.
I have not used any of this technologies before so any advice would be great but I'm searching foremost for errors or shortcomings in this strategy I don't see yet. Is this approach viable at all?
Windows Azure is basically a virtualized datacentre. It is elaborate and complicated and is pitched at corporations who don't want to own their server infrastructure or hardware.
If I understand correctly, what you want is a cloud fileserver, not a whole LAN. Windows SkyDrive fulfils this requirement nicely and offers 25GB of storage per member with no charge for membership.
About Hotmail and Windows Live People often confuse Hotmail and
Windows Live, because when you set up a Hotmail account it uses
Windows Live for authentication and therefore you end up with a
Windows Live account and all the associated facilities, including
SkyDrive. However, it is entirely possible to set up a Windows Live
account using any email address as the username.
If you do this, it is important to be aware that the Windows Live
password associated with a given email address is completely
independent of the password required by the mail server that hosts
mail for the account. This can cause a great deal of user confusion.
For Hotmail (or any other mail server that uses Windows Live for
authentication) they are guaranteed to be the same password.
There is no official Microsoft framework support for SkyDrive. There is an open source project called SkyDriveApiClient, but it only works with the full .NET framework. I tried porting it but the author was a bit of an architecture astronaut, and it is absolutely riddled with [Serializable] which is not available on WP7x.
The WP7 guys have said that the WP7 framework will probably include support for SkyDrive but not in Mango (WP7.1) and given that Microsoft's typical release cycle is 18 months and Mango has yet to hit the streets, I'd say it will be two years before you can count on intrinsic cloud file services for WP7.
Roll-your-own wouldn't be hard, WCF services are dead easy to use from WP7. But that's not really cloud since you have to provide and maintain the server infrastructure yourself. For this reason and given the MS timetable, I have put a great deal of effort into producing my own SkyDrive client for WP7. Core functionality is complete and I am now refactoring, improving robustness and adding performance enhancements like local cacheing of tokens (cookies, essentially). I don't intend to release it; I have a number of apps planned that depend on this functionality and it suits me fine that there is a substantial barrier to competition.
I didn't tell you that to tease you. My point is that I'm so sure SkyDrive is the right answer that I put a lot of work into making it happen.
Cloud file storage is a perfect fit for mobile devices.
Azure is not a good answer for the sort of phone apps individuals want because the data store isn't shared in a way that required indexing or supports high levels of concurrency
I can certainly think of corporate phone apps that would benefit from using SQL Server as storage
Azure can do file services but it represents an ongoing expense. Nobody's going to put up with that when Google and Microsoft both give away web based cloud storage.
I can personally attest that if you're determined, it is possible to use SkyDrive from WP7.
Cloud storage is the only way you're going to get programmatically accessible storage that's shared by your user's mobile device and his computer. One of the things I intend to do that depends on shared storage is write a Silverlight app that lets you prepare map routes with multiple waypoints on a desktop computer and a companion app that uses them on WP7.
The Windows Live team has released what they call support for WP7. They supply a sample project showing you how to instantiate a browser object and load their login pages and manipulate them to log in and use their javascript API to manipulate SkyDrive.
This has one big advantage: browser cookies and cached credentials. The disadvantages are obvious; technical shortcomings notwithstanding the Windows Live team seems to think the only thing people want to do with a phone is tag their photos and fiddle with social media.
I have finished my own libraries. They do not support most of the social media twaddle. I have treated SkyDrive as no more or less than a cloud file system, providing
Authenticate(username, password)
CreateFolder(folderpath[, blocking=false])
Delete(fileOrFolderPath[, blocking=false])
SaveString(filepath, value[, blocking=false])
LoadString(filepath)
I could handle binaries but Convert.ToBase64 makes this unnecessary and strings are convenient for XML. CreateFolder, Delete and SaveString are optionally blocking. LoadString is always blocking because it's a function that returns the loaded string. CreateFolder is recursive so you can create an entire path in one call (eg /folder1/folder2/folder3). Calling CreateFolder on a pre-existing path has no effect, and SaveString uses CreateFolder to ensure the path is valid, making it unnecessary to create a filepath in advance. Authenticate loads the file system (except file content) into memory eliminating server chatter. This is asynchronous and a FileSystemReady event announces when the file system is completely loaded. The model is maintained as you add and remove files and folders.
This was a lot of work and no one reponded to my attempt to make it an open source project so I'm not inclined to give the fruits of my labour away, but provided your plans don't compete with mine I could be persuaded to come to an arrangement.

Google Bigtable is concept of multi-tenant database or not?

I don't know what is true or not. Can you advise me?
Wikipedia defines multitenancy as:
Multitenancy refers to a principle in software architecture where a single instance of the software runs on a software-as-a-service (SaaS) vendor's servers, serving multiple client organizations (tenants).
So, the question becomes does google run an single instance of bigtable, or an individual one for each client on their app servers? To be honest there's no real way of knowing. A single instance scenario could isolate clients so it appears as if they have their own individual version running, conversely you couldn't tell if you have your own individual server running either - google hasn't released enough information either way.
It's unlikely that every google apps customer gets their own instance to connect to, but unless google makes a statement either way, it's all just guesswork.

Resources