SlideShare a Scribd company logo

(ARC340) Multi-Tenant Application Deployment Models

Amazon Web Services
Amazon Web Services

Shared pools of resources? Microservices in containers? Isolated application stacks? You have many architectural models and AWS services to consider when you deploy applications on AWS. This session focuses on several common models and helps you choose the right path or paths to fit your application needs. Architects and operations managers should consider this session to help them choose the optimal path for their application deployment needs for their current and future architectures. This session covers services such as Amazon Elastic Compute Cloud (Amazon EC2), EC2 Container Services, AWS Lambda, and AWS CodeDeploy.

Technology
1 of 28
Download to read offline
© 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Matt Tavis, AWS Principal Solutions Architect October 2015 ARC340 Multi-Tenant Application Deployment Models
What to Expect from the Session  Key challenges of multi-tenant architectures  Common deployment models for multi-tenant architectures  Common strategies for addressing challenges in each model What Not to Expect  Multi-account, multi-VPC strategies  Detailed IAM security strategies
Key Challenges in Multi-Tenant Architectures  Request routing and handling  Change management  Data security and isolation  Deployment patterns
Pattern 1: The Retro  Deploy an entire application stack per tenant  Isolation at the AWS resource level (e.g., EC2 instance, ELB, RDS instance, …)  When to consider:  Black box applications – packaged software, legacy apps…  Snowflakes configurations – every install is different…  Low-effort but with cloud-scale  Challenges:  Cost efficiency, resource management (aka “urban sprawl”)  This is *not* modern cloud architecture
The Retro: Architecture Example Auto Scaling Auto Scaling Auto Scaling Auto Scaling Auto Scaling Auto Scaling ELB ELB ELB EC2 EC2 EC2 EC2 EC2 EC2 RDS RDS RDS
Pattern 2: The Bridge  Hybrid model to bridge from Retro to modern  Leverage “containerization” to drive greater efficiency  Drive request context throughout architecture  When to consider:  See the Retro – same reasons plus…  Transitioning to SOA/μServices – enabling re-factoring  Blending monolithic components into a modern architecture  Challenges:  Multiple change management approaches  Refactoring to a shared services model
Legacy Refactored Migrating Service 2 The Bridge: Architecture Example Auto Scaling Auto Scaling DataServicesLayer Service 1 ELB ELB ELB ELB EC2 EC2 EC2 ECS ECS RDS DynamoDB S3
Pattern 3: The Pool  All resources are shared across all tenants  Any service can handle any request from any tenant  Pure services models embracing “share nothing” architecture  When to consider:  Always – usually new app development  SOA/μServices and Service Ownership is embraced  Challenges:  Factoring out request context, state, and data locality  Evolving state through deployment
The Pool: Architectural Example Auto Scaling Service 1 Service 2 Service 3 ELB ECS RDS DynamoDB DynamoDB EC2 ECS Elastic Beanstalk ELB ELB ELB
Pattern 4: The Serverless  Event-driven model for service interactions  No (or few) managed server instances  Leverages AWS managed scalable services  When to consider:  IoT, batch/event processing, mobile apps – new architectures  Async-oriented interaction models  Challenges:  Transient nature of processing and debugging  Monitoring state of fully transient system
The Serverless: Architectural Example Amazon SWF ELB ELB DynamoDB Lambda LambdaAmazon Kinesis API Gateway
Addressing Challenges in Each Pattern
Request Routing and Processing Challenges  Routing the request or processing any request  Sufficient context at every layer to properly process  Scaling the environment consistent with volume
The Retro: Architecture Example Auto Scaling Auto Scaling Auto Scaling Auto Scaling ELB ELB EC2 EC2 EC2 EC2 RDS RDS
Legacy Refactored Migrating Service 2 The Bridge: Architecture Example Auto Scaling Auto Scaling DataServicesLayer Service 1 ELB ELB ELB ELB EC2 EC2 EC2 ECS ECS RDS DynamoDB S3
Request Routing and Processing - Comparison  Unique endpoints per tenant stack  Dedicated resources  Dedicated data stores  Dedicated endpoints if needed  Request context flows through  Shared resources where refactored  Try containers  Shared endpoints for all  Complete context flows through  Data stores wrapped by services  Complete context in the event (metadata)  Tenant IDs are 1st class construct  Use Tenant IDs for auth and auth Retro Bridge Pool Serverless
Change Management  Rolling out new versions  Running multiple versions side by side  Handling massive fleet deployment
The Retro: Architecture Example ELB Auto Scaling Auto Scaling EC2 EC2 Auto Scaling Auto Scaling EC2 EC2 RDS
The Pool: Architectural Example Auto Scaling Service 1 Service 2 Service 3 ELB ECS RDS DynamoDB DynamoDB EC2 ECS Elastic Beanstalk ELB ELB ELB CodeDeploy
Change Management  Each stack stands alone   vNext cutover or true blue/green  Application repo & infra code repo  Adopt ALM solution for future  Treat each service individually  Flexibility for dedicated endpoints  Rolling deploy for shared services – handle rollback  Data location services for data migrations  Treat each service individuaily  Rolling deploy for all services – handle rollback  Data sources always hidden behind service layer  Leverage API Gateway deploy  Embed versioning into API Gateway call  Update Lambda function directly or “cutover” through API Gateway resource mappings Retro Bridge Pool Serverless
Data Security and Isolation  Ensuring rights and permissions at every tier  Protecting data from insecure access  Isolating data between tenants
The Retro: Architecture Example Auto Scaling Auto Scaling Auto Scaling Auto Scaling ELB ELB EC2 EC2 EC2 EC2 RDS RDS KMS
Legacy Refactored Migrating Service 2 The Bridge: Architecture Example Auto Scaling Auto Scaling DataServicesLayer Service 1 ELB ELB ELB ELB EC2 EC2 EC2 ECS ECS RDS DynamoDB S3 KMS
Data Security and Isolation  Unique resources end to end  IAM roles for resource access  Consider unique encryption keys per tenant with KMS  Embed data access authorization in shared layers  Leverage tenant identity in context for access and encryption  Use unique encryption keys per tenant via KMS  Embed data access authorization in shared layers  Leverage tenant identity in context for access and encryption  Use unique encryption keys per tenant via KMS  Secure API Gateway with IAM  Embed data access authorization into Lambda functions  Leverage tenant identity for access and encryption  Use unique encryption keys per tenant via KMS Retro Bridge Pool Serverless
TL;DL – Too Long; Didn’t Listen Legacy Arch? Go Retro Dive into Pool Event- based Model? Bliss with Serverless Refactor to Bridge Fight inertia! Crack the code Learn to share Embrace the Cloud Share and share alike Learn to let go Yes No No Yes Go SOA & μServices Share nothing Think async Qui(e)t SSH Leverage what you have Measure what you do
Thank you!
Remember to complete your evaluations!
Related Sessions  ARC201 - Microservices Architecture for Digital Platforms with AWS Lambda, Amazon CloudFront and Amazon DynamoDB  DVO401 - Deep Dive into Blue/Green Deployments on AWS  ARC309 - From Monolithic to Microservices: Evolving Architecture Patterns in the Cloud

Recommended

KubeCon EU 2016: Creating an Advanced Load Balancing Solution for Kubernetes ...
KubeCon EU 2016: Creating an Advanced Load Balancing Solution for Kubernetes ...KubeCon EU 2016: Creating an Advanced Load Balancing Solution for Kubernetes ...
KubeCon EU 2016: Creating an Advanced Load Balancing Solution for Kubernetes ...KubeAcademy
 
Oracle 12c Multitenant architecture
Oracle 12c Multitenant architectureOracle 12c Multitenant architecture
Oracle 12c Multitenant architecturenaderattia
 
Introducing Wordpress Multitenancy
Introducing Wordpress MultitenancyIntroducing Wordpress Multitenancy
Introducing Wordpress MultitenancySalesforce Engineering
 
Open Architecture for Developing Multitenant Software-as-a-Service Applications
Open Architecture for Developing Multitenant Software-as-a-Service ApplicationsOpen Architecture for Developing Multitenant Software-as-a-Service Applications
Open Architecture for Developing Multitenant Software-as-a-Service ApplicationsJavier Mijail Espadas Pech
 
KubeCon EU 2016: Multi-Tenant Kubernetes
KubeCon EU 2016: Multi-Tenant KubernetesKubeCon EU 2016: Multi-Tenant Kubernetes
KubeCon EU 2016: Multi-Tenant KubernetesKubeAcademy
 
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 

Recommended

KubeCon EU 2016: Creating an Advanced Load Balancing Solution for Kubernetes ...
KubeCon EU 2016: Creating an Advanced Load Balancing Solution for Kubernetes ...KubeCon EU 2016: Creating an Advanced Load Balancing Solution for Kubernetes ...
KubeCon EU 2016: Creating an Advanced Load Balancing Solution for Kubernetes ...KubeAcademy
 
Oracle 12c Multitenant architecture
Oracle 12c Multitenant architectureOracle 12c Multitenant architecture
Oracle 12c Multitenant architecturenaderattia
 
Introducing Wordpress Multitenancy
Introducing Wordpress MultitenancyIntroducing Wordpress Multitenancy
Introducing Wordpress MultitenancySalesforce Engineering
 
Open Architecture for Developing Multitenant Software-as-a-Service Applications
Open Architecture for Developing Multitenant Software-as-a-Service ApplicationsOpen Architecture for Developing Multitenant Software-as-a-Service Applications
Open Architecture for Developing Multitenant Software-as-a-Service ApplicationsJavier Mijail Espadas Pech
 
KubeCon EU 2016: Multi-Tenant Kubernetes
KubeCon EU 2016: Multi-Tenant KubernetesKubeCon EU 2016: Multi-Tenant Kubernetes
KubeCon EU 2016: Multi-Tenant KubernetesKubeAcademy
 
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...
Come costruire servizi di Forecasting sfruttando algoritmi di ML e deep learn...Amazon Web Services
 
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Big Data per le Startup: come creare applicazioni Big Data in modalità Server...
Big Data per le Startup: come creare applicazioni Big Data in modalità Server...Amazon Web Services
 
Esegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateEsegui pod serverless con Amazon EKS e AWS Fargate
Esegui pod serverless con Amazon EKS e AWS FargateAmazon Web Services
 
Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a serviceAmazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWSAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising EssentialsAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 
Come costruire un'architettura Serverless nel Cloud AWS
Come costruire un'architettura Serverless nel Cloud AWSCome costruire un'architettura Serverless nel Cloud AWS
Come costruire un'architettura Serverless nel Cloud AWSAmazon Web Services
 
AWS Serverless per startup: come innovare senza preoccuparsi dei server
AWS Serverless per startup: come innovare senza preoccuparsi dei serverAWS Serverless per startup: come innovare senza preoccuparsi dei server
AWS Serverless per startup: come innovare senza preoccuparsi dei serverAmazon Web Services
 
Crea dashboard interattive con Amazon QuickSight
Crea dashboard interattive con Amazon QuickSightCrea dashboard interattive con Amazon QuickSight
Crea dashboard interattive con Amazon QuickSightAmazon Web Services
 
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...BookNet Canada
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesManik S Magar
 

More Related Content

More from Amazon Web Services

Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSAmazon Web Services
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Amazon Web Services
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Amazon Web Services
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...Amazon Web Services
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsAmazon Web Services
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareAmazon Web Services
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSAmazon Web Services
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAmazon Web Services
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareAmazon Web Services
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWSAmazon Web Services
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckAmazon Web Services
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without serversAmazon Web Services
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...Amazon Web Services
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceAmazon Web Services
 
Come costruire un'architettura Serverless nel Cloud AWS
Come costruire un'architettura Serverless nel Cloud AWSCome costruire un'architettura Serverless nel Cloud AWS
Come costruire un'architettura Serverless nel Cloud AWSAmazon Web Services
 
AWS Serverless per startup: come innovare senza preoccuparsi dei server
AWS Serverless per startup: come innovare senza preoccuparsi dei serverAWS Serverless per startup: come innovare senza preoccuparsi dei server
AWS Serverless per startup: come innovare senza preoccuparsi dei serverAmazon Web Services
 
Crea dashboard interattive con Amazon QuickSight
Crea dashboard interattive con Amazon QuickSightCrea dashboard interattive con Amazon QuickSight
Crea dashboard interattive con Amazon QuickSightAmazon Web Services
 

More from Amazon Web Services (20)

Costruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWSCostruire Applicazioni Moderne con AWS
Costruire Applicazioni Moderne con AWS
 
Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot Come spendere fino al 90% in meno con i container e le istanze spot
Come spendere fino al 90% in meno con i container e le istanze spot
 
Open banking as a service
Open banking as a serviceOpen banking as a service
Open banking as a service
 
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
Rendi unica l’offerta della tua startup sul mercato con i servizi Machine Lea...
 
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...OpsWorks Configuration Management: automatizza la gestione e i deployment del...
OpsWorks Configuration Management: automatizza la gestione e i deployment del...
 
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows WorkloadsMicrosoft Active Directory su AWS per supportare i tuoi Windows Workloads
Microsoft Active Directory su AWS per supportare i tuoi Windows Workloads
 
Computer Vision con AWS
Computer Vision con AWSComputer Vision con AWS
Computer Vision con AWS
 
Database Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatareDatabase Oracle e VMware Cloud on AWS i miti da sfatare
Database Oracle e VMware Cloud on AWS i miti da sfatare
 
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJSCrea la tua prima serverless ledger-based app con QLDB e NodeJS
Crea la tua prima serverless ledger-based app con QLDB e NodeJS
 
API moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e webAPI moderne real-time per applicazioni mobili e web
API moderne real-time per applicazioni mobili e web
 
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatareDatabase Oracle e VMware Cloud™ on AWS: i miti da sfatare
Database Oracle e VMware Cloud™ on AWS: i miti da sfatare
 
Tools for building your MVP on AWS
Tools for building your MVP on AWSTools for building your MVP on AWS
Tools for building your MVP on AWS
 
How to Build a Winning Pitch Deck
How to Build a Winning Pitch DeckHow to Build a Winning Pitch Deck
How to Build a Winning Pitch Deck
 
Building a web application without servers
Building a web application without serversBuilding a web application without servers
Building a web application without servers
 
Fundraising Essentials
Fundraising EssentialsFundraising Essentials
Fundraising Essentials
 
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
AWS_HK_StartupDay_Building Interactive websites while automating for efficien...
 
Introduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container ServiceIntroduzione a Amazon Elastic Container Service
Introduzione a Amazon Elastic Container Service
 
Come costruire un'architettura Serverless nel Cloud AWS
Come costruire un'architettura Serverless nel Cloud AWSCome costruire un'architettura Serverless nel Cloud AWS
Come costruire un'architettura Serverless nel Cloud AWS
 
AWS Serverless per startup: come innovare senza preoccuparsi dei server
AWS Serverless per startup: come innovare senza preoccuparsi dei serverAWS Serverless per startup: come innovare senza preoccuparsi dei server
AWS Serverless per startup: come innovare senza preoccuparsi dei server
 
Crea dashboard interattive con Amazon QuickSight
Crea dashboard interattive con Amazon QuickSightCrea dashboard interattive con Amazon QuickSight
Crea dashboard interattive con Amazon QuickSight
 

Recently uploaded

Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...BookNet Canada
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesManik S Magar
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Karmanjay Verma
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfIngrid Airi González
 
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sectoritnewsafrica
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...itnewsafrica
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessWSO2
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkPixlogix Infotech
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Kaya Weers
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...panagenda
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integrationmarketing932765
 
Infrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsInfrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsYoss Cohen
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality AssuranceInflectra
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
Landscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfLandscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfAarwolf Industries LLC
 

Recently uploaded (20)

Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
Transcript: New from BookNet Canada for 2024: BNC SalesData and LibraryData -...
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#Microservices, Docker deploy and Microservices source code in C#
Microservices, Docker deploy and Microservices source code in C#
 
Generative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdfGenerative Artificial Intelligence: How generative AI works.pdf
Generative Artificial Intelligence: How generative AI works.pdf
 
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
4. Cobus Valentine- Cybersecurity Threats and Solutions for the Public Sector
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
Accelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with PlatformlessAccelerating Enterprise Software Engineering with Platformless
Accelerating Enterprise Software Engineering with Platformless
 
React Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App FrameworkReact Native vs Ionic - The Best Mobile App Framework
React Native vs Ionic - The Best Mobile App Framework
 
Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)Design pattern talk by Kaya Weers - 2024 (v2)
Design pattern talk by Kaya Weers - 2024 (v2)
 
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
Why device, WIFI, and ISP insights are crucial to supporting remote Microsoft...
 
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data IntegrationBridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
Bridging Between CAD & GIS: 6 Ways to Automate Your Data Integration
 
Infrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platformsInfrared simulation and processing on Nvidia platforms
Infrared simulation and processing on Nvidia platforms
 
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance[Webinar] SpiraTest - Setting New Standards in Quality Assurance
[Webinar] SpiraTest - Setting New Standards in Quality Assurance
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
Landscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdfLandscape Catalogue 2024 Australia-1.pdf
Landscape Catalogue 2024 Australia-1.pdf
 

(ARC340) Multi-Tenant Application Deployment Models

  • 1. © 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved. Matt Tavis, AWS Principal Solutions Architect October 2015 ARC340 Multi-Tenant Application Deployment Models
  • 2. What to Expect from the Session  Key challenges of multi-tenant architectures  Common deployment models for multi-tenant architectures  Common strategies for addressing challenges in each model What Not to Expect  Multi-account, multi-VPC strategies  Detailed IAM security strategies
  • 3. Key Challenges in Multi-Tenant Architectures  Request routing and handling  Change management  Data security and isolation  Deployment patterns
  • 4. Pattern 1: The Retro  Deploy an entire application stack per tenant  Isolation at the AWS resource level (e.g., EC2 instance, ELB, RDS instance, …)  When to consider:  Black box applications – packaged software, legacy apps…  Snowflakes configurations – every install is different…  Low-effort but with cloud-scale  Challenges:  Cost efficiency, resource management (aka “urban sprawl”)  This is *not* modern cloud architecture
  • 5. The Retro: Architecture Example Auto Scaling Auto Scaling Auto Scaling Auto Scaling Auto Scaling Auto Scaling ELB ELB ELB EC2 EC2 EC2 EC2 EC2 EC2 RDS RDS RDS
  • 6. Pattern 2: The Bridge  Hybrid model to bridge from Retro to modern  Leverage “containerization” to drive greater efficiency  Drive request context throughout architecture  When to consider:  See the Retro – same reasons plus…  Transitioning to SOA/μServices – enabling re-factoring  Blending monolithic components into a modern architecture  Challenges:  Multiple change management approaches  Refactoring to a shared services model
  • 7. Legacy Refactored Migrating Service 2 The Bridge: Architecture Example Auto Scaling Auto Scaling DataServicesLayer Service 1 ELB ELB ELB ELB EC2 EC2 EC2 ECS ECS RDS DynamoDB S3
  • 8. Pattern 3: The Pool  All resources are shared across all tenants  Any service can handle any request from any tenant  Pure services models embracing “share nothing” architecture  When to consider:  Always – usually new app development  SOA/μServices and Service Ownership is embraced  Challenges:  Factoring out request context, state, and data locality  Evolving state through deployment
  • 9. The Pool: Architectural Example Auto Scaling Service 1 Service 2 Service 3 ELB ECS RDS DynamoDB DynamoDB EC2 ECS Elastic Beanstalk ELB ELB ELB
  • 10. Pattern 4: The Serverless  Event-driven model for service interactions  No (or few) managed server instances  Leverages AWS managed scalable services  When to consider:  IoT, batch/event processing, mobile apps – new architectures  Async-oriented interaction models  Challenges:  Transient nature of processing and debugging  Monitoring state of fully transient system
  • 11. The Serverless: Architectural Example Amazon SWF ELB ELB DynamoDB Lambda LambdaAmazon Kinesis API Gateway
  • 13. Request Routing and Processing Challenges  Routing the request or processing any request  Sufficient context at every layer to properly process  Scaling the environment consistent with volume
  • 14. The Retro: Architecture Example Auto Scaling Auto Scaling Auto Scaling Auto Scaling ELB ELB EC2 EC2 EC2 EC2 RDS RDS
  • 15. Legacy Refactored Migrating Service 2 The Bridge: Architecture Example Auto Scaling Auto Scaling DataServicesLayer Service 1 ELB ELB ELB ELB EC2 EC2 EC2 ECS ECS RDS DynamoDB S3
  • 16. Request Routing and Processing - Comparison  Unique endpoints per tenant stack  Dedicated resources  Dedicated data stores  Dedicated endpoints if needed  Request context flows through  Shared resources where refactored  Try containers  Shared endpoints for all  Complete context flows through  Data stores wrapped by services  Complete context in the event (metadata)  Tenant IDs are 1st class construct  Use Tenant IDs for auth and auth Retro Bridge Pool Serverless
  • 17. Change Management  Rolling out new versions  Running multiple versions side by side  Handling massive fleet deployment
  • 18. The Retro: Architecture Example ELB Auto Scaling Auto Scaling EC2 EC2 Auto Scaling Auto Scaling EC2 EC2 RDS
  • 19. The Pool: Architectural Example Auto Scaling Service 1 Service 2 Service 3 ELB ECS RDS DynamoDB DynamoDB EC2 ECS Elastic Beanstalk ELB ELB ELB CodeDeploy
  • 20. Change Management  Each stack stands alone   vNext cutover or true blue/green  Application repo & infra code repo  Adopt ALM solution for future  Treat each service individually  Flexibility for dedicated endpoints  Rolling deploy for shared services – handle rollback  Data location services for data migrations  Treat each service individuaily  Rolling deploy for all services – handle rollback  Data sources always hidden behind service layer  Leverage API Gateway deploy  Embed versioning into API Gateway call  Update Lambda function directly or “cutover” through API Gateway resource mappings Retro Bridge Pool Serverless
  • 21. Data Security and Isolation  Ensuring rights and permissions at every tier  Protecting data from insecure access  Isolating data between tenants
  • 22. The Retro: Architecture Example Auto Scaling Auto Scaling Auto Scaling Auto Scaling ELB ELB EC2 EC2 EC2 EC2 RDS RDS KMS
  • 23. Legacy Refactored Migrating Service 2 The Bridge: Architecture Example Auto Scaling Auto Scaling DataServicesLayer Service 1 ELB ELB ELB ELB EC2 EC2 EC2 ECS ECS RDS DynamoDB S3 KMS
  • 24. Data Security and Isolation  Unique resources end to end  IAM roles for resource access  Consider unique encryption keys per tenant with KMS  Embed data access authorization in shared layers  Leverage tenant identity in context for access and encryption  Use unique encryption keys per tenant via KMS  Embed data access authorization in shared layers  Leverage tenant identity in context for access and encryption  Use unique encryption keys per tenant via KMS  Secure API Gateway with IAM  Embed data access authorization into Lambda functions  Leverage tenant identity for access and encryption  Use unique encryption keys per tenant via KMS Retro Bridge Pool Serverless
  • 25. TL;DL – Too Long; Didn’t Listen Legacy Arch? Go Retro Dive into Pool Event- based Model? Bliss with Serverless Refactor to Bridge Fight inertia! Crack the code Learn to share Embrace the Cloud Share and share alike Learn to let go Yes No No Yes Go SOA & μServices Share nothing Think async Qui(e)t SSH Leverage what you have Measure what you do
  • 28. Related Sessions  ARC201 - Microservices Architecture for Digital Platforms with AWS Lambda, Amazon CloudFront and Amazon DynamoDB  DVO401 - Deep Dive into Blue/Green Deployments on AWS  ARC309 - From Monolithic to Microservices: Evolving Architecture Patterns in the Cloud