Multi-tenancy: Winning formula for a PaaS


Published on

Published in: Technology, Business
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Multi-tenancy: Winning formula for a PaaS

  1. 1. Multi-tenancy: Winning formula for a PaaS<br />by<br />Srinath Perera, Ph.D. <br />Senior Software Architect <br />WSO2 Inc. <br />
  2. 2. Next 45 Minutes …<br /><ul><li>Brief Introduction to Cloud and PaaS
  3. 3. What and Why Multi-tenancy?
  4. 4. Implementing Multi-tenancy
  5. 5. Data Multi-tenancy
  6. 6. Execution Multi-tenancy
  7. 7. Scaling Up
  8. 8. Conclusion</li></ul>Photo by Bruno Girin on Flickr,, Licensed under CC<br />
  9. 9. Cloud Computing<br /><ul><li>Ability to buy computations power, storage, or execution services as an Utility, on demand.
  10. 10. For more details read “A View of Cloud Computing, Communications of the ACM, 2010”</li></li></ul><li>Cloud Computing (contd.)<br /><ul><li>Best way to explain it is by comparing it to Electricity
  11. 11. Idea is a big pool of servers and share.
  12. 12. Economics of scale through Optimize large scale operations.
  13. 13. Resource Pooling.
  14. 14. No need for capacity planning, start small and grow as needed.
  15. 15. Outsource and enabling specialization. </li></ul>photo by LoopZilla on Flickr,, Licensed under CC<br />
  16. 16. Cloud Offerings<br />
  17. 17. Why PaaS?<br /><ul><li>IaaS only provides limited saving to someone who needs to outsource their IT functions
  18. 18. SaaS is great when they can be used
  19. 19. They are usually very specific (e.g. email, CRM ..)
  20. 20. If they match, then great, but if they are not, not much choice for the user.
  21. 21. PaaS stays in the middle ground
  22. 22. Framework to host your apps
  23. 23. Hopefully you can move your apps as it is (well not the case with Azure or App Engine, but it is possible with WSO2 Stratos !!!). </li></li></ul><li> What is Multi-tenancy ?<br /><ul><li>Many Parties share the same set of resources, while giving each one his own space</li></li></ul><li>Why Multi-tenancy? 1. Increased sharing <br /><ul><li>Cloud shares resources across a large pool of users.
  24. 24. Now sharing happens in the application level as oppose to sharing at OS level for multiple processes and sharing at HW level with VMs.
  25. 25. That can bring greater savings </li></ul>“There is no delight in owning anything unshared.”<br /> Seneca (Roman philosopher, mid-1st century AD)<br />photo by Ben Gray on Flickr,, Licensed under CC<br />
  26. 26. Why Multi-tenancy? 2. Provide “pay for what you use” <br /><ul><li>Often there will be many accounts in a PaaS or a SaaS, but only a fraction of them will be in use.
  27. 27. We cannot allocate runtime resource per account (disk may be ok, as it is cheap). For example, we cannot run a VM per account.
  28. 28. By sharing the same server with many users, Multi-tenancy provides much reduced runtime cost per server. </li></ul>Flexibility<br />
  29. 29. Multi-tenancy vs. Virtual Machines<br /><ul><li>Multi-tenancy provides much fine grained sharing by many applications sharing the same server.
  30. 30. Say there are 100k accounts, but 10k active users at a time. VM based model needs 100k VMs, which means there is a cost incurred per account.
  31. 31. With Multi-tenancy one server can handle many accounts, and by mixing and matching heavy and light users, Multi-tenancy can operate with much less number of servers. </li></ul>photo by hans s on Flickr,<br />
  32. 32. Motivating Usecases<br />
  33. 33. To fulfill Cloud Promise: Implementing PaaS<br /><ul><li>As discussed it is crucial in supporting “Pay as you go” in a Platform as a Service (PaaS)</li></ul>Promise<br /><ul><li>For example (within Stratos)
  34. 34. Web Service Hosting as a Service ,Web Application Hosting as a Service, Message Mediation Execution as a Service (ESB), Governance as a Service, Workflow as a Service </li></li></ul><li>SMBs (Small and Medium size Business) <br />Most SMBs can not afforded to run their own SOA technologies. <br />This stops them from going to the next level. <br />Workflow, Service and Web hosting as a service can enable multiple SMBs to share the same infrastructure. <br />This will lower the bar of SOA/ Middleware use, and enable SMBs to move to the next level. <br />photo by Olaf on Flickr, Licensed under CC<br />
  35. 35. E-Science Gateways<br /><ul><li>Scientific workflows has been identified as enabling technology for E-Science.
  36. 36. Idea is to let scientists visually compose workflows and run them.
  37. 37. There are many gateways that do this. </li></ul>Enable multiple science gateways to share the same infrastructure thus reducing the maintenance cost and resource sharing . <br />Same would work for most e-Gov stuff and for most organizations. <br />photo by Image Editor on Flickr,, Licensed under CC<br />
  38. 38. How Good is this Multi-Tenancy implementation?<br />
  39. 39. Multi-tenancy Maturity Models<br /><ul><li>Model is Defined by Chong et al.
  40. 40. (F. Chong and G. Carraro, “Architecture strategies for catching the long tail,” MSDN Library, Microsoft Corporation, 2006.)
  41. 41. Provide a way to understand Multi-tenant implementations.
  42. 42. Level1: Instance per Client
  43. 43. Level 2: Configurable instance per Client
  44. 44. Level 3: Single instance can serve multiple Clients
  45. 45. Level 4: Scaling up Level 3 by running multiple instances and distributing the load. </li></li></ul><li>Implementing Multi-Tenancy <br />
  46. 46. Goals of Multi-tenancy <br /><ul><li>Sharing – maximize the resource sharing across multiple tenants. </li></ul>Isolation – hide the fact other users are also in the same server. <br />Execution – enforce security. Make sure one tenant can’t call other tenants executable logic. <br />Data – make sure one tenant can’t see other’s data <br />Performance - make sure performance is not affected by existence of other tenants. <br />Scale<br />Server is distributed and it can handle larger load by adding more nodes. <br />photo by John TrainoronFlickr, Licensed under CC<br />
  47. 47. It is about trading off Isolation vs. Sharing <br />As often the case in research, implementing Multi-tenancy is a tradeoff<br /> photo by Todd Anderson on Flickr,, Licensed under CC<br />
  48. 48. WSO2 Carbon Platform<br />
  49. 49. WSO2 Platform Architecture<br /><ul><li>We break multi-tenancy into three parts (Based on Chang et al.).
  50. 50. Execution: Business Processes, Workflows and Mashups
  51. 51. Security: ownership and authorization of both data, as well as executions in the framework
  52. 52. Data : User data and system runtime data</li></li></ul><li>Multi-tenancy Architecture<br />
  53. 53. Achieving Tenant Isolation<br /><ul><li>Each Tenant is given a Security Domain
  54. 54. Each domain may have its own User Store and Permissions, thus have a set of users and permissions enabling users to access resources
  55. 55. Each domain is isolated and do not have access to other domains</li></li></ul><li>Implementing Data Multi-tenancy <br /><ul><li>Separate DB
  56. 56. Separate Schema
  57. 57. Shared Schema</li></li></ul><li>Separate Databases<br /><ul><li>If you have no control over the code, then this is the only solution
  58. 58. Horizontally scalable, but relatively expensive</li></ul>9/13/11<br />Tenant 4<br />Tenant 8<br />Tenant 1<br /><ul><li>Vertical scaling is challenging but solvable
  59. 59. WSO2 Relational Storage Service uses this models to provide users with DBs </li></ul>25<br />
  60. 60. Separate Schema<br /><ul><li>Relatively easy to implement
  61. 61. Some databases have ways to support this directly but many don’t
  62. 62. Failure difficult to handle
  63. 63. Scales reasonably well</li></ul>9/13/11<br />26<br />
  64. 64. Shared Databases, Shared Schema<br /><ul><li>Most efficient storage-wise and scales very well for large number of tenants
  65. 65. Requires all accesses to qualify with tenant
  66. 66. Failure is global
  67. 67. (Stratos uses this approach internally for all provide isolation within WSO2 Registry)</li></ul>9/13/11<br />27<br />
  68. 68. Implementing Execution Isolation<br /><ul><li>All executions are based on Axis2
  69. 69. Axis2 have stateless executions and keep all state in a Context.
  70. 70. So if we create different context for each tenant, they are isolated. </li></li></ul><li>Implementing Execution Isolation (Contd.)<br />
  71. 71. Implementing Execution Isolation (Contd.)<br /><ul><li>We use Java Security to make sure one tenant cannot access or temper with other tenant’s data structures, file system data etc.
  72. 72. Example
  73. 73. Tenant ID value in the context </li></li></ul><li>Performance Isolation<br /><ul><li> Performance isolation is a challenging issue.
  74. 74. We currently relay on monitoring and auditing where we can kill CPU hogging processes
  75. 75. We are exploring the possibility of changing the priority of CPU hogging processes in the work queues (e.g. workflow engine, ESB etc.). </li></ul>photo Fortes by on Flickr,<br />
  76. 76. Scaling Up<br />
  77. 77. Scaling Multi-tenant Middleware <br /><ul><li>So far we talked about building a single Multi-tenant Node (That is Level 3)
  78. 78. To reach Level 4, we have to scale.
  79. 79. To do that
  80. 80. We have to run this with many nodes, and we have to partition.
  81. 81. We have to replicate or partition. But we are talking about 1000s of tenants, likely one tenant can not hold all of them.
  82. 82. So We need to partition
  83. 83. We also need load balancing, and it should know about tenants. </li></li></ul><li>
  84. 84. Overhead of Multi-Tenancy <br />
  85. 85. Service Performance <br />
  86. 86. Workflow Performance <br />Setup Multi-tenant and non-multi-tenant versions <br />Run 200 workflows from each client<br />Overhead is minimal<br />MT supports only add few additional lookups and checks<br />Java Security does not come in to play as we do not run user provided code. <br />
  87. 87. For more details (Publications on the topic)<br /><ul><li>A. Azeez and S. Perera et al., WSO2 Stratos: An Industrial Stack to Support Cloud Computing, IT: Methods and Applications of Informatics and Information Technology Journal, the special Issue on Cloud Computing, 2011.
  88. 88. AfkhamAzeez, Srinath Perera, DimuthuGamage, Ruwan Linton, PrabathSiriwardana, DimuthuLeelaratne, SanjivaWeerawarana, Paul Fremantle, "Multi-Tenant SOA Middleware for Cloud Computing" 3rd International Conference on Cloud Computing, Florida, 2010
  89. 89. MilindaPathirage, Srinath Perera, SanjivaWeerawarana, Indika Kumara, A Multi-tenant Architecture for Business Process Execution, 9th International Conference on Web Services (ICWS), 2011</li></li></ul><li>Conclusion<br /><ul><li>We discussed what is Multi-tenancy and why it is crucial for implementing a PaaS.
  90. 90. We discussed details about implementing it
  91. 91. Isolation (Data, Execution) .. Isolation vs. sharing tradeoff
  92. 92. Four level’s of multi-tenancy
  93. 93. Scaling Design
  94. 94. Lot of open questions yet to be solved. Your thoughts and code both are welcome.
  95. 95. Data Security (Encryption, Delegation etc. ), Tenant Migration , Scaling, Lazy loading …</li></li></ul><li>Questions?<br />
  96. 96. Feedback URL<br /><br />