Successfully reported this slideshow.
Your SlideShare is downloading. ×

Migrating Single-Tenant Applications to Multi-Tenant SaaS (ARC326-R1) - AWS re:Invent 2018

Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Loading in …3
×

Check these out next

8 of 20 Ad

Migrating Single-Tenant Applications to Multi-Tenant SaaS (ARC326-R1) - AWS re:Invent 2018

Download to read offline

The appeal of SaaS has many ISVs interested in the power and value of delivering their solutions in a SaaS model. However, moving a single-tenant application to a multi-tenant environment can be daunting. In this session, we'll look at the obstacles that many ISVs face as they consider the move to a SaaS delivery model. We'll explore a wide range of transformation patterns that cover everything from lift-and-shift of your monolith to an incremental cutover to multi-tenant aware microservices, data, and infrastructure. Along the way, we'll highlight the challenges and technical considerations that shape your solution and allow you to better align your transformed solution with SaaS best practices. This includes looking at all the new architectural elements you'll need to add to your environment to support SaaS (onboarding, identity, billing, metering, analytics, and so on).

The appeal of SaaS has many ISVs interested in the power and value of delivering their solutions in a SaaS model. However, moving a single-tenant application to a multi-tenant environment can be daunting. In this session, we'll look at the obstacles that many ISVs face as they consider the move to a SaaS delivery model. We'll explore a wide range of transformation patterns that cover everything from lift-and-shift of your monolith to an incremental cutover to multi-tenant aware microservices, data, and infrastructure. Along the way, we'll highlight the challenges and technical considerations that shape your solution and allow you to better align your transformed solution with SaaS best practices. This includes looking at all the new architectural elements you'll need to add to your environment to support SaaS (onboarding, identity, billing, metering, analytics, and so on).

Advertisement
Advertisement

More Related Content

Slideshows for you (20)

Similar to Migrating Single-Tenant Applications to Multi-Tenant SaaS (ARC326-R1) - AWS re:Invent 2018 (20)

Advertisement

More from Amazon Web Services (20)

Migrating Single-Tenant Applications to Multi-Tenant SaaS (ARC326-R1) - AWS re:Invent 2018

  1. 1. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Migrating Single-Tenant Applications to Multi-Tenant SaaS Judah Bernstein Partner Solutions Architect AWS Partner Program A R C 3 2 6
  2. 2. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. The Monolith Client Browser • User Interface • Accounting • Products • Orders • Inventory • Shipping • Delivery • Billing App server (Tomcat) Web server (Apache) Database (Oracle) Logging
  3. 3. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Multi-tenant migration strategies New product Develop a Greenfield AWS Cloud-Native Multi- Tenant SaaS Solution with best practices. Layered Migrate incrementally to Multi-Tenancy layer by layer, service by service, or component by component methodically. Optimize Improving an existing solution to obtain the benefits of multi-tenancy while introducing minimal changes to the existing codebase and architecture. Full redesign Big-bang re-write of platform, business logic, and interface to deliver like-new cloud-integrated multi-tenant solution.
  4. 4. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. An incremental journey: Phase 1 Onboard customers • Registration • Auto Sign-up • Provision Tenant • Introduce Tenant Context • Bind Tenant to User • Inject Tenant Context Optimize compute • Distribute AZ’s • Externalize State • Auto-Scaling Groups • Optimize Scaling Policies Identify tenant • Introduce Tenant Logging • Extract Tenant Context • Isolate Tenant Data • Develop Tenant Monitoring • Enhance Tooling Partitioning tenants • Partition Storage, or Database • Partition Library • Connection Pooling • Resolve Tenant Mapping • Pool Compute Meter and bill • Choose Pricing/Billing Model • Instrument Telemetry • Aggregate Consumption • Integrate Billing Provider
  5. 5. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Introducing tenant context User context Tenant context • Tenant ID • Company name • Status • Billing tier SaaS identity • Sub • Email • Name SAML headers
  6. 6. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Tenant isolation motivation Tiering strategy Noisy neighbor Cross tenant access Compliance requirements Legacy architecture Opportunity
  7. 7. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. ContainersCompute Instances Network Storage VPC Subnet AZ A Subnet 1 AZ B Subnet 2 Security group Security group Account Database Tiers Schema Table Serverless Overlay Records Multi-tenant infrastructure design
  8. 8. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Monitoring and logging a multi-tenant app Tenant activityUnified view Tenant activityPod sanity Tech + Bus KPI Tier performance Isolation eventsCustom attributes LoggingMonitoring
  9. 9. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Integrating metering and billing SaaS Billing provider Merchant account Service handles request & meters 2 Creates secure card transaction 5 Authorize transaction and payment 3 Subscription processing logic4 Authorize transaction and payment 6 Customer Customer subscribes to service 1
  10. 10. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Minimally invasive multi-tenancy with tenant context AWS Lambda function Amazon Route 53 Amazon CloudFront Tenant 1 ENT RDS ASGElastic Load Balancing* ASGElastic Load Balancing* Tenant 3 Tenant 2 SMB ServiceMeshServiceMesh Tenant3Tenant2 Amazon EKS Amazon EKS Tenant3 Tenant3 Tenant2 Tenant2 Application Load Balancer
  11. 11. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. An incremental journey: Phase 2 Improve agility • Decompose services • Scale datastores • Select service storage profile (silo/pooled) • Breathe DevOps (CD, IaC, DevSecOps) • Data ownership Optimize security • Isolate every layer • Tie RBAC to AWS Identity and Access Management (IAM) • Federate STS Credentials • Encryption and data masking • Minimize impact Enhance analytics • Enable detailed Metering • Surface detailed analytics • Associate cost per tenant
  12. 12. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Decomposing the monolith into MicroServices Bounded ContextContract Consistency A formal, precise and verifiable interface specification for clients to interact with a service. An approach to define the boundaries of a complex domain into business context. All storage clients see the same data with concurrent updates. Versioning An approach to evolving an API to accommodate for changes, additions, and removals while preserving the client interface. Authorization Verifying and providing the client or user access to resources, features, and/or functionality. Authentication Identification and verification of client or user, generally involves verifying credentials or a token.
  13. 13. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Selecting the tenant service storage profile Multi-source & multi-master Database, schema, table per tenant Read replication & sharding NoSQL, schema-less, & eventual consistency Encryption key per tenant Dependency injection, filters, interceptors, cut points First, second level caching Performance Security Row or policy-based isolation
  14. 14. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Resolving tenant based authorization Trust Access Role-based access control Entity, System, or user which is granted the access. Actions which may be requested on corresponding resources. Federation Variation Multi-tenant access control Managing authorized and unauthorized cross-tenant access. Tenant specific authorization configuration may vary per tenant in a SaaS solution. Trust entity flexibility Access policy generation Cross-account access Tenant specific encryption
  15. 15. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Minimizing the impact of a multi-tenant design Throttling Tiering Blocking Prioritizing Dedicating SecuringIsolating Self-healing
  16. 16. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. A refactored multi-tenant architecture design Amazon CloudFront Application Load Balancer Amazon EKS Amazon EKS Amazon Route 53 Service1 Service2 Amazon API Gateway Lambda Service /service3 Lambda authorizer Lambda Service /service4 Prefix S3 /Tenant1 /Tenant2 /Tenant3 Tag Tenant: 1 Tenant: 2 Tenant: 3 Service1 Service2 Table Amazon DynamoDB Tenant1 Tenant2 Tenant3 Hash Tenant: 1 Tenant: 2 Tenant: 3 Static Website ShardMap Shard1: 1, 2 Shard2: 3 Aurora Postgres V9.5 Row Level Amazon Cognito
  17. 17. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Learn more and next steps • Learn more about SaaS on AWS • https://aws.amazon.com/partners/saas-on-aws/#why • Explore AWS SaaS factory content • https://aws.amazon.com/partners/saas-factory/ • Sign up for the AWS SaaS interest list • http://go.awspartner.com/saas
  18. 18. Thank you! © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Judah Bernstein judahb@amazon.com
  19. 19. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.

×