Your SlideShare is downloading. ×
A Multi-tenant Architecture for Business Process Executions
Upcoming SlideShare
Loading in...5

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

A Multi-tenant Architecture for Business Process Executions


Published on

Cloud computing, as a concept, promises cost savings to end-users by letting them outsource their non-critical business functions to a third party in pay-as-you-go style. However, to enable economic …

Cloud computing, as a concept, promises cost savings to end-users by letting them outsource their non-critical business functions to a third party in pay-as-you-go style. However, to enable economic pay-as-you-go services, we need Cloud middleware that maximizes sharing and support near zero costs for unused applications. Multi-tenancy, which let multiple tenants (user) to share a single application instance securely, is a key enabler for building such a middleware. On the other hand, Business processes capture Business logic of organizations in an abstract and reusable manner, and hence play a key role in most organizations. This paper presents the design and architecture of a Multi-tenant Workflow engine while discussing in detail potential use cases of such architecture. Primary contributions of this paper are motivating workflow multi-tenancy, and the design and implementation of multi-tenant workflow engine that enables multiple tenants to run their workflows securely within the same workflow engine instance without modifications to the workflows.

Published in: Technology, Business

1 Comment
  • One of the main advantages of an ideal multi tenant application is the operational benefit. Because all application code is in one place, it is much easier to maintain, update and backup the application and its data. Check out Wolf Frameworks for an ideal multitenant platform @
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

No notes for slide


  • 1. A Multi-tenant Architecture for Business Process Executions
    MilindaPathirage, Srinath Perera, Indika Kumara, SanjivaWeerawarana
    WSO2 Inc.
  • 2. Cloud Computing
    • Ability to buy computations power, storage, or execution services as an Utility, on demand.
    • 3. For more details read “A View of Cloud Computing, Communications of the ACM, 2010”
  • Cloud Computing (contd.)
    Best way to explain it is by comparing it to Electricity
    Idea is we run data centers or shared servers instead of running individual servers, and share the resources.
    Optimize large scale operations and archive economics of scale.
    Since the pool is big, one can ask for resources when needed and release when not needed.
    No need for capacity planning, start small and grow as needed.
    Outsource running machines and maintenance enabling specialization.
    photo by LoopZilla on Flickr,, Licensed under CC
  • 4. Cloud Offerings
  • 5. Why PaaS?
    IaaS only provides limited saving to someone who needs to outsource their IT functions
    SaaS is great when they can be used
    They are usually very specific (e.g. email, CRM ..)
    If they match, then great, but if they are not, not much choice for the user.
    PaaS stays in the middle ground
    Framework to host your apps
    Hopefully you can move your apps as it is (well not the case with Azure or App Engine, but it is possible).
  • 6. Supporting SOA in PaaS
    SOA is a primary technology in the Enterprise
    Many users already have SOA artifacts
    Moving them to the Cloud without need for changing will be a great advantage
    We want to see Cloud as yet another deployment model
    Write and test applications locally
    Even deploy it locally if needed
    When you need it, you can deploy the same artifacts in the cloud.
    Multi-tenancy plays a major role. Which brings us to our Topic.
    photo by MikkoTarvainenon Flickr,, Licensed under CC
  • 7. What is Multi-tenancy ?
    • Many Parties share the same set of resources, while giving each an his own space
  • Why Multi-tenancy?
    Increased sharing
    Cloud shares resources across a large pool of users.
    Now sharing happens in the application level as oppose to sharing at OS level for multiple processes and sharing at HW level with VMs.
    Provide pay for what you use
    Often there will be many accounts in a PaaS or a SaaS, but only a fraction of them will be in use.
    We cannot allocate runtime resource per account (disk may be ok, as it is cheap). For example, we cannot run a VM per account.
    By sharing the same server with many users, Multi-tenancy provides much reduced runtime cost per server.
    photo by Ben Gray on Flickr,, Licensed under CC
  • 8. Multi-tenancy vs. Virtual Machines
    Multi-tenancy provides much fine grained sharing by many applications sharing the same server.
    Say there are 100k accounts, but 10k active users at a time. VM based model needs 100k VMs, which means there is a cost incurred per account.
    With Multi-tenancy one server can handle many accounts, and by mixing and matching heavy and light users, Multi-tenancy can operate with much less number of servers.
    photo by hans s on Flickr,
  • 9. Our Earlier Works on Multi-tenancy
    We provide a SOA PaaS offering called Stratos. Some of the features
    Web Service Hosting as a Service
    Web Application Hosting as a Service
    Message Mediation Execution as a Service (ESB)
    Governance as a Service
    Earlier publications on the topic
    A. Azeez and S. Perera et al., WSO2 Stratos: An Industrial Stack to Support Cloud Computing, IT: Methods and Applications of Informatics and Information Technology Journal, the special Issue on Cloud Computing, 2011.
    AfkhamAzeez, Srinath Perera, DimuthuGamage, Ruwan Linton, PrabathSiriwardana, DimuthuLeelaratne, SanjivaWeerawarana, Paul Fremantle, "Multi-Tenant SOA Middleware for Cloud Computing" 3rd International Conference on Cloud Computing, Florida, 2010
  • 10. Today’s Topic: Workflow Hosting as a Service
    Key part of the SOA puzzle
    Workflows provide interoperable means of composing services together.
    Still workflow technology is mostly limited to large scale organizations
    Enable users to deploy the same workflows that they run on local machines in the Cloud without any changes and supporting the monitoring and other features in the same way.
    Supporting Multi-tenancy
    photo by Michael Coté on Flickr,, Licensed under CC
  • 11. Motivating Usecases
  • 12. E-Science Gateways
    Scientific workflows has been identified as enabling technology for E-Science.
    Idea is to let scientists visually compose workflows and run them.
    There are many gateways that do this.
    However, the cost of running gateways for different domains has been high. Workflow hosting service together with Service and Web application hosting service will enable multiple science gateways to share the same infrastructure thus reducing the maintenance cost and resource sharing .
    photo by Image Editor on Flickr,, Licensed under CC
  • 13. SMBs (Small and Medium size Business)
    Most SMBs can not afforded to run their own workflow technologies.
    This stops them from goes to the next level.
    Workflow, Service and Web hosting services can enable multiple SMBs to share the same infrastructure.
    This will lower the bar of workflow use, and enable SMBs to move to the next level.
    photo by Olaf on Flickr, Licensed under CC
  • 14. Goals of Multi-tenancy
    Sharing – maximize the resource sharing across multiple tenants.
    Isolation – hide the fact other other are also in the same server.
    Execution – enforce security. Make sure one tenant can’t call other tenants executable logic.
    Data – make sure one tenant can’t see other data
    Performance - make sure performance is not affected by existence of other tenants.
    Server is distributed and it can handle larger load by adding more nodes.
    photo by John TrainoronFlickr, Licensed under CC
  • 15. Related works
    Mitezner [5] and Shi et al.[6] introduced application templates where the system lets users customize a template workflow.
    Mitezneret al. introduced a tenant context to hold execution data and isolate executions. We also use a similar concept.
    Cai, Wang, and Zhou [8] have used tenant context to support multi-tenancy in Web Applications.
    Anstett et al. [9] discuss challenges of bring BPEL processes to cloud.
    Need changes to BPEL engine
    Configuration data isolation
    Avoid giving access to DBs
    Securing the Data in the communication
  • 16. BPS Multi-tenancy Architecture
  • 17. Achieving Service Execution Isolation
    • All executions are based on Axis2 (ODE also runs on Axis2)
    • 18. Axis2 have stateless executions and keep all state in a Context.
    • 19. So if we create different context for each tenant, they are isolated.
    • 20. See Azeez et al. “Multi-Tenant SOA Middleware for Cloud Computing” for details
  • BPS Multi-tenancy Architecture
  • 21. BPS Multi-tenancy Architecture (Contd.)
    Extends Apache ODE
    Has a single tenant Apache ODE Engine as the core and added Multi-tenancy by adding a Multi-tenant process store and adding isolation at the message reception.
    Parts of the architecture
    A Process store per tenant, which only allows calls from that tenant
    Parent process store that provides a single process store view across all tenant stores (to Apache ODE).
  • 22. BPS Multi-tenancy Architecture (Contd.)
    When a workflow is deployed by T1, it is stored in T1’s process store. Also, a service is created for the workflow and deployed within T1’s space.
    When a workflow received a message, the service that receives the message perform access control and then injects it to ODE with tenant ID as a correlation property.
    A implicit correlation rule together with other correlation rules routes the messages to a workflow instance.
    When workflow instance access the process store, it is routed to the T1’s tenant process store.
  • 23. Isolation
    Data isolation is provided by the process store per tenant, which stores data in the multi-tenant registry.
    Execution isolation is provided by Service isolation which enforces security on any external calls before a message is injected in to the workflow engine. After entry, isolation is provided by data isolation and workflow engine.
    Workflow engine creates a new version when a process is redeployed, and each version is isolated. So multiple users can have workflows with the same name in the workflow engine.
    photo Kevin Rushton by on Flickr,
  • 24. Isolation (Contd.)
    Performance isolation is a challenging issue.
    We currently relay on monitoring and auditing where we can kill CPU hogging processes
    We are exploring the possibility of changing the priority of CPU hogging processes in the work queue.
    photo Fortes by on Flickr,
  • 25. Scaling
    Run multiple BPS nodes in a cluster
    Tenants are partitioned across BPS nodes
    Fronted by a load-balancer which is aware of tenants and processes
  • 26. Performance
    Setup Multi-tenant and non-multi-tenant versions
    Run 200 workflows from each client
    Overhead is minimal
    MT supports only add few additional lookups and checks
    Java Security does not come in to play as we do not run user provided code.
  • 27. How does it make a difference?
    Supporting Workflow Hosting as a Service
    Bringing down the cost of using workflows
    Increasing the sharing in the cloud
    Multi-tenant BPS in private Cloud to support multiple departments for improve resource sharing.
    As a test environment and an education medium
    Super tenant workflows
    Workflow store model (like App Store) to sell workflows.
    Photo by Madhan on Flickr,
  • 28. Conclusion
    We proposed an architecture for supporting Multi-tenant Business Process Engine
    We layered this on top of our earlier works on Service Multi-tenancy and Data Multi-tenancy.
    We discussed data and execution isolation.
    We have realized the architecture on top of WSO2 BPS, which is an extension of Apache ODE
    Multi-tenant business process engine enables end-users to deploy their current BPEL workflows running on their machine without any changes.
    It only introduced a minimal overhead
    It is currently available for free from
  • 29. Questions?