Multi-tenancy in Private Clouds
 

Multi-tenancy in Private Clouds

on

  • 23,348 views

This presentation introduces the different modes of deployment of applications on a private cloud. Each solution is evaluate in terms of access control, performance and scalability.

This presentation introduces the different modes of deployment of applications on a private cloud. Each solution is evaluate in terms of access control, performance and scalability.

Statistics

Views

Total Views
23,348
Views on SlideShare
23,294
Embed Views
54

Actions

Likes
11
Downloads
342
Comments
4

4 Embeds 54

http://www.slideshare.net 31
http://www.linkedin.com 20
http://a0.twimg.com 2
http://paper.li 1

Accessibility

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Multi-tenancy in Private Clouds Multi-tenancy in Private Clouds Presentation Transcript

  • Patrick Nicolas http://patricknicolas.blogspot.com http://www.slideshare.net/pnicolas https://github.com/prnicolas Nov 7, 2007 Patrick Nicolas (C) Copyright 2007-2013 patricknicolas.blogspot.com
  • Introduction This presentation is an introduction to the different modes of deployment of multitenant application in the cloud, taking into account security, access control, scalability, performance and maintainability. Patrick Nicolas (C) Copyright 2007-2013 patricknicolas.blogspot.com 2
  • Elements of Multi-tenancy There are 3 key elements to consider in deploying a multi-tenant SaaS that defines the degree of isolation in a cloud environment between tenants. • Accesspolicies • Application deployment • Data access and privacy Patrick Nicolas (C) Copyright 2007-2013 patricknicolas.blogspot.com 3
  • Access policies Proxies or web traffic managers are used to control access to cloud resources. Users’ credentials tenant tenant External content Client source Target resources Patrick Nicolas (C) Copyright 2007-2013 patricknicolas.blogspot.com 4
  • Application deployment options They are several options for deploying application servers to support multiple concurrent tenants in a cloud environment • Isolated business logic • Virtualized application servers • Shared virtual servers • Shared application servers Patrick Nicolas (C) Copyright 2007-2013 patricknicolas.blogspot.com 5
  • Isolated Business Logic Each tenant accesses a dedicated physical server running a specific, customized business process (100% isolation) tenant tenant 6
  • Virtualization Each tenant accesses an application server and database running on a dedicated virtual machine. Virtual machines may share the same underlying physical server. tenant tenant Patrick Nicolas (C) Copyright 2007-2013 patricknicolas.blogspot.com 7
  • Shared Virtualization Each tenant accesses a dedicated application server with database running on a shared virtual machine. tenant tenant Patrick Nicolas (C) Copyright 2007-2013 patricknicolas.blogspot.com 8
  • Shared Application Server Several tenants share the same application server running on the same virtualized environment. The execution of the business logic is done through dedicated thread or processed, providing limited isolation tenant tenant Patrick Nicolas (C) Copyright 2007-2013 patricknicolas.blogspot.com 9
  • Data: Deployment vs. Privacy There are 5 configurations for deploying databases multi-tenant environment in a secure and private manner: • Dedicatedhosts • Shared virtualized hosts • Dedicated databaseon shared hosts • Dedicateddatabase instances on shared databases • Shared Schema Patrick Nicolas (C) Copyright 2007-2013 patricknicolas.blogspot.com 10
  • Data on Dedicated Host In this configuration the database resides in a dedicated server, providing tenant with a fully isolated data access tenant tenant Patrick Nicolas (C) Copyright 2007-2013 patricknicolas.blogspot.com 11
  • Data on Virtual Machine The tenant accesses his/her data from separate databases running on a dedicated virtual machine but sharing a host. tenant tenant Patrick Nicolas (C) Copyright 2007-2013 patricknicolas.blogspot.com 12
  • Databases on Shared Virtualization In this configuration the tenants access dedicated databases sharing the same virtual machine, with very limited isolation. tenant tenant Patrick Nicolas (C) Copyright 2007-2013 patricknicolas.blogspot.com 13
  • Shared Databases The tenants manage their data residing on different tables within the same database instance. Although very cost effective for the cloud provider, this solution provides the customer with very limited privacy and isolation tenant tenant Patrick Nicolas (C) Copyright 2007-2013 patricknicolas.blogspot.com 14
  • Strategy A cloud provider has to balance the different objectives, constraints when building a platform with resources shared among tenants: • Regulatory constraints • Data isolation • Maintenance costs • Schema extensibility • Business continuity and recovery • Liability regarding security breaches Patrick Nicolas (C) Copyright 2007-2013 patricknicolas.blogspot.com 15
  • Costs vs. Data Privacy It is obvious that greater application and data isolation increases deployment costs while sharing resources represents risks for data thief and loss Costs Dedicated host Database on virtual machine Database on shared host Shared database Data privacy risks Patrick Nicolas (C) Copyright 2007-2013 patricknicolas.blogspot.com 16
  • Design The key requirements to build a first class, robust multi-tenant SaaS are • Data protection and liability • Scalability and costs • Customization and reusability • High availability Patrick Nicolas (C) Copyright 2007-2013 patricknicolas.blogspot.com 17
  • Mitigating Risks The SaaS architect is responsible for setting up the defense perimeter to protect data from unintentional access or attack, for a configuration with a limited isolation. The toolbox should include • Filteringproxies (OAuth, NAT, Reputation,..) • Access control lists (SAMM, Kerberos, Identity management, …) • Cryptology Patrick Nicolas (C) Copyright 2007-2013 patricknicolas.blogspot.com 18
  • Data Distribution The distribution of data is the most important factor in the scalability of a SaaS application that serve large amount of content. The most common techniques are • Dynamic provisioning • Partitioning • Sharding • Indexing • Caching Patrick Nicolas (C) Copyright 2007-2013 patricknicolas.blogspot.com 19