Data as an Asset, Not a Cost
Your SlideShare is downloading.
×
Check these out next
Recommended
More Related Content
Slideshows for you (20)
Similar to Migrating Single-Tenant Applications to Multi-Tenant SaaS (ARC326-R1) - AWS re:Invent 2018 (20)
More from Amazon Web Services (20)
Migrating Single-Tenant Applications to Multi-Tenant SaaS (ARC326-R1) - AWS re:Invent 2018
- 1. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Migrating Single-Tenant Applications to Multi-Tenant SaaS Judah Bernstein Partner Solutions Architect AWS Partner Program A R C 3 2 6
- 2. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. The Monolith Client Browser • User Interface • Accounting • Products • Orders • Inventory • Shipping • Delivery • Billing App server (Tomcat) Web server (Apache) Database (Oracle) Logging
- 3. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Multi-tenant migration strategies New product Develop a Greenfield AWS Cloud-Native Multi- Tenant SaaS Solution with best practices. Layered Migrate incrementally to Multi-Tenancy layer by layer, service by service, or component by component methodically. Optimize Improving an existing solution to obtain the benefits of multi-tenancy while introducing minimal changes to the existing codebase and architecture. Full redesign Big-bang re-write of platform, business logic, and interface to deliver like-new cloud-integrated multi-tenant solution.
- 4. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. An incremental journey: Phase 1 Onboard customers • Registration • Auto Sign-up • Provision Tenant • Introduce Tenant Context • Bind Tenant to User • Inject Tenant Context Optimize compute • Distribute AZ’s • Externalize State • Auto-Scaling Groups • Optimize Scaling Policies Identify tenant • Introduce Tenant Logging • Extract Tenant Context • Isolate Tenant Data • Develop Tenant Monitoring • Enhance Tooling Partitioning tenants • Partition Storage, or Database • Partition Library • Connection Pooling • Resolve Tenant Mapping • Pool Compute Meter and bill • Choose Pricing/Billing Model • Instrument Telemetry • Aggregate Consumption • Integrate Billing Provider
- 5. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Introducing tenant context User context Tenant context • Tenant ID • Company name • Status • Billing tier SaaS identity • Sub • Email • Name SAML headers
- 6. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Tenant isolation motivation Tiering strategy Noisy neighbor Cross tenant access Compliance requirements Legacy architecture Opportunity
- 7. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. ContainersCompute Instances Network Storage VPC Subnet AZ A Subnet 1 AZ B Subnet 2 Security group Security group Account Database Tiers Schema Table Serverless Overlay Records Multi-tenant infrastructure design
- 8. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Monitoring and logging a multi-tenant app Tenant activityUnified view Tenant activityPod sanity Tech + Bus KPI Tier performance Isolation eventsCustom attributes LoggingMonitoring
- 9. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Integrating metering and billing SaaS Billing provider Merchant account Service handles request & meters 2 Creates secure card transaction 5 Authorize transaction and payment 3 Subscription processing logic4 Authorize transaction and payment 6 Customer Customer subscribes to service 1
- 10. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Minimally invasive multi-tenancy with tenant context AWS Lambda function Amazon Route 53 Amazon CloudFront Tenant 1 ENT RDS ASGElastic Load Balancing* ASGElastic Load Balancing* Tenant 3 Tenant 2 SMB ServiceMeshServiceMesh Tenant3Tenant2 Amazon EKS Amazon EKS Tenant3 Tenant3 Tenant2 Tenant2 Application Load Balancer
- 11. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. An incremental journey: Phase 2 Improve agility • Decompose services • Scale datastores • Select service storage profile (silo/pooled) • Breathe DevOps (CD, IaC, DevSecOps) • Data ownership Optimize security • Isolate every layer • Tie RBAC to AWS Identity and Access Management (IAM) • Federate STS Credentials • Encryption and data masking • Minimize impact Enhance analytics • Enable detailed Metering • Surface detailed analytics • Associate cost per tenant
- 12. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Decomposing the monolith into MicroServices Bounded ContextContract Consistency A formal, precise and verifiable interface specification for clients to interact with a service. An approach to define the boundaries of a complex domain into business context. All storage clients see the same data with concurrent updates. Versioning An approach to evolving an API to accommodate for changes, additions, and removals while preserving the client interface. Authorization Verifying and providing the client or user access to resources, features, and/or functionality. Authentication Identification and verification of client or user, generally involves verifying credentials or a token.
- 13. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Selecting the tenant service storage profile Multi-source & multi-master Database, schema, table per tenant Read replication & sharding NoSQL, schema-less, & eventual consistency Encryption key per tenant Dependency injection, filters, interceptors, cut points First, second level caching Performance Security Row or policy-based isolation
- 14. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Resolving tenant based authorization Trust Access Role-based access control Entity, System, or user which is granted the access. Actions which may be requested on corresponding resources. Federation Variation Multi-tenant access control Managing authorized and unauthorized cross-tenant access. Tenant specific authorization configuration may vary per tenant in a SaaS solution. Trust entity flexibility Access policy generation Cross-account access Tenant specific encryption
- 15. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Minimizing the impact of a multi-tenant design Throttling Tiering Blocking Prioritizing Dedicating SecuringIsolating Self-healing
- 16. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. A refactored multi-tenant architecture design Amazon CloudFront Application Load Balancer Amazon EKS Amazon EKS Amazon Route 53 Service1 Service2 Amazon API Gateway Lambda Service /service3 Lambda authorizer Lambda Service /service4 Prefix S3 /Tenant1 /Tenant2 /Tenant3 Tag Tenant: 1 Tenant: 2 Tenant: 3 Service1 Service2 Table Amazon DynamoDB Tenant1 Tenant2 Tenant3 Hash Tenant: 1 Tenant: 2 Tenant: 3 Static Website ShardMap Shard1: 1, 2 Shard2: 3 Aurora Postgres V9.5 Row Level Amazon Cognito
- 17. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Learn more and next steps • Learn more about SaaS on AWS • https://aws.amazon.com/partners/saas-on-aws/#why • Explore AWS SaaS factory content • https://aws.amazon.com/partners/saas-factory/ • Sign up for the AWS SaaS interest list • http://go.awspartner.com/saas
- 18. Thank you! © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved. Judah Bernstein judahb@amazon.com
- 19. © 2018, Amazon Web Services, Inc. or its affiliates. All rights reserved.
