I am reading the Auth0 'getting started' tutorial at this link: https://auth0.com/docs/getting-started/the-basics
It says the following:
"Once you create your account you will be asked to create a tenant. In Auth0, a tenant is a logical isolation unit . The term is borrowed from software multitenancy and it refers to an architecture where a single instance of the software serves multiple tenants. No tenant can access the instance of another tenant, even though the software might be running on the same machine (hence the logical isolation)."
What I don't understand here is that it says "a single instance of the software serves multiple tenants" followed by "No tenant can access the instance of another tenant". So does each tenant have its own instance (implied by the second quote) or do multiple tenants share an instance (implied by the first quote)?
Also, my understanding of instances and tenants is that an instance is "a copy of the software with its own database", and a tenant corresponds to an account. So if each tenant has their own instance, does each user's account have its own database?
From what I understand each tenant exists in its own container. This helps to guarantee isolation. This would probably be what is meant by logical isolation unit.
Related
I started reading microservices architecture and got confused with one below point.
Each service should have a separate database.
Does each service mean a single web(rest) api having its own database?
For example if I take motor insurance claim operation as a business scenario where I modelled business domain services in 3 part Insurance claim services , partner (automobile service providers) services and customer services.
Insurance claim settlement operation in claim api will require other information like incident , survey done by an inspector, policy detail , documents etc.
Now I can create 5 web(rest) api in Insurance claim services and will store its data in common db and other services like partner and customer service will have their own web apis and db
What is correct ?
All web api (claimAPI, PolicyAPI, IncidentAPI, SurveyAPI and DocumentAPI) in claim insurance services should have their own db or they can keep data in single data base ?
Thanks.
To follow microservice best practice, it is correct that they should each have their own database and be exposed solely by APIs. This is because every service in your architecture should be independent and de-coupled from other services. If 2+ services share a database, then there may arise problems in operation or upgrade.
One big issue with a shared database is each service would need to trust that another service doesn't modify it's information. But since they all have access to the same database, one of the others could in fact modify the underlying data and make things unstable or insecure.
Further, with 2+ services relying on a shared database, then you're forced to use the exact same database/version with all. You lose the freedom to independently use MySQL for one and MongoDB for another. Even if the same tool is used for all, when you do maintenance or migration on one you're forced to do it for the rest. All this adds up to some coupled services that make them harder to maintain and scale.
you can have common database for all microservices, it is one of the microservices patterns:
https://microservices.io/patterns/data/shared-database.html
https://docs.aws.amazon.com/prescriptive-guidance/latest/modernization-data-persistence/shared-database.html
check those links to see advantages and disadvantages of this approach.
By definition (Wikipedia) - A tenant is a group of users who share a common access with specific privileges to the software instance and the term "software multi-tenancy" refers to a software architecture in which a single instance of software runs on a server and serves multiple tenants. It also states that with a multi-tenant architecture, a software application is designed to provide every tenant a dedicated share of the instance - including its data, configuration, user management, tenant individual functionality and non-functional properties.
From the definition, I understand that multi-tenancy says more from an architecture perspective and in case of Google drive, the internal architecture may not be known. However from a user/usage view, can we call Google drive or similar cloud applications as perfect examples for multi-tenancy since these are able to serve multiple customers and even allows us to share data among users securely? If so, will it be correct in saying that any software or application with a single instance allowing multiple users and gives data isolation, called as multi-tenant applications (from a user perspective)?
Note - I have already gone through the following post which states the difference between multi-user and multi-tenancy, however most of the cloud application share same database and servers and so can we call them multi-tenant? - http://multi-tenancy.blogspot.com/2009/07/what-does-this-mean-part-i.html
Multi-user example:
userX#domain1.com uses Google Drive
userY#domain1.com uses Google Drive
Multi-tenant example:
userX#domain1.com uses Google Drive
userY#domain2.com uses Google Drive
A multi-user system need not necessarily mean it's a multi-tenant system.
As you mentioned, we may not know the internal architecture of Google Drive, but from a user's view, it can be considered as a multi-tenant application as users from multiple domains/business entities/companies (i.e., userX#company1.com and userY#company2.com) access the same application using Google's enterprise solutions. Each of those domains/companies can be considered as tenants of Google Drive.
Google Drive is an excellent example of a multi-tenant application when several users have access to one cloud drive and can have access to this drive. For example, to perform some kind of teamwork. In this case, each user of Google Drive will be a tenant. The work with Google Drive's documents has a similar logic. Few users that have access to documents can jointly use them.
we have a big distributed and multitenant system with all sorts of accounts :
- admin and backoffice users account
- customer account
- cashier account (tenant : there is one or many more cashier for each client tenant)
All this account are sharing more or less the same lifecycle (account created, grant on some ressources, deny account, password reminder...)
But they are not used in all applications of the system : some account would be used on specific or just two application for example.
Furthermore our system should have the possibility to have a bridge with a CMS for the customer management, or the backoffice users account could be authorized one day against a ldap...
So the question : we are searching for the best way to model our right and authorization service(s).
One idea is to create one service in order to manage all types of accounts of any kind : that is a SOA way to modularize our system
And one idea is to create different services : perhaps much more a micro-service oriented way of thinking...
What are your opinion ? I am searching some advices and feedback on this two different approach or perhaps an alternative that we habve not thought about...
If you are looking for any open-source solution for your problem, you can have a look into keyclaok.
Keycloak also got place in Thoughtworks Technology RADAR.
It is very promising solution and has LDAP, Multi Tenancy support also. checkout keycloak features.
There is paid solution like ForgeRock is also avaible.
Coming to feedback which you have asked about SOA or microservice way of implementation here (You will get different feedback/advice on this)
It will be better if you have a service to take care of access and authorization management and other to look into user details. If you meant that having different services for different account then note that Having one service for taking care account is still considered as Microservice approach as there is one dedicated service to perform single set of tasks.
You can have User-Service for user information management and a authService to handle access and authorization of users. check.
We are upgrading a single-tenant application to a multi-tenant (separate DB for each client) SaaS application. My responsibility is to design the tenant provisioning part. I am thinking of the following steps.
While our admin will install our software, one DB should always be get created.Argument for this step is that Admin will install the software only when at least a tenant comes up. So, creation of a single db as part of installation of our software should make sense.
The common meta data will be stored in a common place. We are thinking of using ZooKeepar to store the common meta data.
Each tenant will be given a subdomain. For example www..samplaTenent.com . This tenant_id will be extracted from the URL in each request and will be used to identify the particular tenant and respective DB.
If more tenants need to be provisioned, the admin will create a new DB instance through user interface.
Technology used:
Java 6
Struts Framework
MS SQL
Now, I would like to get expert opinion about the proposed solutions. Is there any other way by which we can build a robust, secure and scale-able SaaS application?
Thanks.
IMHO, I would suggest that you should have a sibgle code base that can handle the multi-tenancy aspects be it configuration of db, settings per tenant etc.. I am not aware of the code base that you have now. Hence, you can make the provisioning part as follows,
You provision a new tenant by getting all the prerequisite info. You can generate the URL for this tenant automatically or allow the tenant to choose one in the latter a validation has to be made for the URL and the tenant combination.
On this step completion, you can have some scripts at the server that clones a master code base and rolls out a new tenant specific db. So things are automated.
The next step will be to store the tenant db and the app details in your common or shared db so that when a tenant logs in, you can redirect him to his URL. The db details will be required if you want to handle all of the tenant and his user authentication from the main app.
The main perceived advantage of having a single code base is that the customization and configuration can be in one place with ease of code maintenance and bug fixing or enhancing. Though this may not work for all scenarios, this is what I feel more suitable option on the long run.
Please share your thoughts or post additional queries that you may have on multi-tenancy.
Note: I edited this question because I try to ask more as a question not as an opinion.
Our application is a multi tenant application being developed using Java, JBoss, and MySQL on Linux.
if application is multi-tenancy should we launch 1 instance per customer or or should we launch 1 instance for all customers ?
When and why we should launch new instance while we have one already?
Thanks
Best Regards
This is not a great question for here since the questions are likely to be a bit too opinionated. But I will give you some thoughts about what you wrote.
Having one customer confined to one instance gives you no failover. If the instance fails, the application is down until you can restart or relaunch the instance.
You should probably think about building clusters than can host several customers, 2-4 instances each, with failover and load balancing. (Maybe also use Multi-AZ RDS to host mysql)
Customer specific configuration needs to get out of JBoss and into your application somehow, I dont know the details of the platform so I cannot provide specifics.
Whether to launch one instance per customer or not is purely based on the solution you want to provide, the requirement, the load and the multi tenant strategy you decide to use. There is no fixed answer.
If all the tenants load can be sustained by one instance and you are not worried about per tenant resource usage then one instance is just enough. Of Course, you will plan for high availability.
Here are a few answers i provided for other users questions regarding db design and scalability for a saas setup. I hope it helps.
Databse architecture (single db vs client specific db) for Building Enterprise Web (RIA) application on cloud
Explanation of Tenant Load Balancer in SaaS maturity model level 4
Architecture for SaaS based online portal