The slide deck for my session from NDC Oslo 2017 on multitenant software architecture. The code samples for this session is available at: https://github.com/estiller/noisy-neighbors

1. Keeping the
Noisy Neighbors Happy
or
Multitenant Software Architecture
1
Eran Stiller
@eranstiller
Cloud Division Leader
Senior Software Architect
erans@codevalue.net
http://stiller.blog

2. 2

3. The “Old” World
3
Sell a product!

4. The Cloud World
5
Multitenant Software as a Service (SaaS)

5. Reality Hits
6

6. To the Rescue
7

7. Agenda
8
Definitions Architectural
Issues
DevOps
Issues

8. What Is the Best Answer a Software Architect Can Give?
9

9. Disclaimer
This talk will NOT give you the answers
It will give you the questions you should ask
And hopefully answer
10

10. About Eran Stiller
Cloud Division Leader & Co-Founder at CodeValue
Software architect, consultant and instructor
Microsoft Azure MVP
Many years of hands-on experience
Expert in large-scale, server-side, highly-concurrent
systems
Co-Founder of Azure Israel Meetup
11

11. 13
OzCode – Debug Like a WizardQuit debugging, spend more time writing brilliant software
With our Visual Studio extension for C#, follow the road to a bug-free world
oz-code.com | @oz_code
Magic Glance / Figure out complex expressionsLINQ Debugging / Know the flow of your LINQ queries
Reveal / Focus on data that actually matterSearch/ Find that needle in a haystack of data

12. What Is Multitenancy?
14

13. Multitenancy
The term "software multitenancy" refers to a software architecture in
which a single instance of software runs on a server and serves multiple
tenants. A tenant is a group of users who share a common access with
specific privileges to the software instance. With a multitenant
architecture, a software application is designed to provide every tenant
a dedicated share of the instance - including its data, configuration,
user management, tenant individual functionality and non-functional
properties. Multitenancy contrasts with multi-instance architectures,
where separate software instances operate on behalf of different
tenants.
Some commentators regard multitenancy as an important feature
of cloud computing.
15
- Wikipedia

14. Multitenancy
The term "software multitenancy" refers to a software architecture in
which a single instance of software runs on a server and serves multiple
tenants. A tenant is a group of users who share a common access with
specific privileges to the software instance. With a multitenant
architecture, a software application is designed to provide every tenant
a dedicated share of the instance - including its data, configuration,
user management, tenant individual functionality and non-functional
properties. Multitenancy contrasts with multi-instance architectures,
where separate software instances operate on behalf of different
tenants.
Some commentators regard multitenancy as an important feature
of cloud computing.
16
- Wikipedia

15. Multitenancy
The term "software multitenancy" refers to a software architecture in
which a single instance of software runs on a server and serves multiple
tenants. A tenant is a group of users who share a common access with
specific privileges to the software instance. With a multitenant
architecture, a software application is designed to provide every tenant
a dedicated share of the instance - including its data, configuration,
user management, tenant individual functionality and non-functional
properties. Multitenancy contrasts with multi-instance architectures,
where separate software instances operate on behalf of different
tenants.
Some commentators regard multitenancy as an important feature
of cloud computing.
17
- Wikipedia

16. Multitenancy
The term "software multitenancy" refers to a software architecture in
which a single instance of software runs on a server and serves multiple
tenants. A tenant is a group of users who share a common access with
specific privileges to the software instance. With a multitenant
architecture, a software application is designed to provide every tenant
a dedicated share of the instance - including its data, configuration,
user management, tenant individual functionality and non-functional
properties. Multitenancy contrasts with multi-instance architectures,
where separate software instances operate on behalf of different
tenants.
Some commentators regard multitenancy as an important feature
of cloud computing.
18
- Wikipedia

17. Multitenancy
The term "software multitenancy" refers to a software architecture in
which a single instance of software runs on a server and serves multiple
tenants. A tenant is a group of users who share a common access with
specific privileges to the software instance. With a multitenant
architecture, a software application is designed to provide every tenant
a dedicated share of the instance - including its data, configuration,
user management, tenant individual functionality and non-functional
properties. Multitenancy contrasts with multi-instance architectures,
where separate software instances operate on behalf of different
tenants.
Some commentators regard multitenancy as an important feature
of cloud computing.
19
- Wikipedia

18. Who Is the Tenant?
21

19. Who Is the Tenant?
22

20. Who Is the Tenant?
23

21. Who Is the Tenant?
24

22. Who Does the User Belong To?
25

23. Architectural Issues
26

24. Reference Architecture (Monolith)
27
Back-End API
Web SPA Mobile App
Blob
Storage
SQL
Redis
Cache

25. Reference Architecture (Microservices)
28
Reverse
Proxy
Web SPA Mobile App
Blob
Storage
Mongo
Redis
Cache
Message
Service
User Service
Auth Service
Mongo
Redis
Cache

26. Shared vs. Dedicated Resources
29
Shared Dedicated

27. Shared vs. Dedicated Resources
3030
Security & PrivacyCost
Why favor each?

28. Shared vs. Dedicated Resources
3232
Help me decide!

29. Shared vs. Dedicated Resources
Versioning Strategy
3333
Per Tenant Per Region Global

30. Shared vs. Dedicated Resources
3434
StatefulStateless
State Management

31. Shared vs. Dedicated Resources
Database
3535

32. Shared vs. Dedicated Resources
Cache
3636

33. Reference Architecture (Monolith)
37
Back-End API
Web SPA Mobile App
Blob
Storage
SQL
Redis
Cache

34. Per Tenant
Reference Architecture (Monolith)
38
Web SPA Mobile App
Blob
Storage
SQL
Redis Cache
T T
T T
Back-End API

35. Reference Architecture (Microservices)
39
Reverse
Proxy
Web SPA Mobile App
Blob
Storage
Mongo
Redis
Cache
Message
Service
User Service
Auth Service
Mongo
Redis
Cache

36. Per Tenant
Reference Architecture (Microservices)
40
Reverse
Proxy
Web SPA Mobile App
Blob
Storage
Mongo
Redis
Cache
Message
Service
User Service
Auth Service
Mongo
Redis
Cache

37. Shared vs. Dedicated Resources
Why not both Cost & Security on Azure?
41

38. Demo
42

39. Shared vs. Dedicated Resources
43
Shared Dedicated
Let the customer choose – “Premium” tier!

40. Shared vs. Dedicated Resources
Cross tenant operations / data?
4444

41. Onboarding & Provisioning
45
We need a way to onboard new customers

42. Onboarding & Provisioning
var storageManagementClient = new StorageManagementClient(credential)
{ SubscriptionId = subscriptionId };
Console.WriteLine("Creating the storage account...");
return await storageManagementClient.StorageAccounts.CreateAsync(
groupName,
storageName,
new StorageAccountCreateParameters()
{
Sku = new Microsoft.Azure.Management.Storage.Models.Sku()
{ Name = SkuName.StandardLRS},
Kind = Kind.Storage,
Location = location
}
);
46

43. Onboarding & Provisioning
47
We need a way to charge customers

44. Per Tenant
Reference Architecture (Monolith)
48
Web SPA Mobile App
Blob
Storage
SQL
Redis Cache
T T
T T
Back-End API

45. Per Tenant
Reference Architecture (Monolith)
49
Web SPA Mobile App
Blob
Storage
SQL
Redis Cache
T T
T T
Back-End API
Provisioning
Portal
Tenant
Provisioning

46. Per Tenant
Reference Architecture (Microservices)
50
Reverse
Proxy
Web SPA Mobile App
Blob
Storage
Mongo
Redis
Cache
Message
Service
User Service
Auth Service
Mongo
Redis
Cache

47. Per Tenant
Reference Architecture (Microservices)
51
Reverse
Proxy
Web SPA Mobile App
Blob
Storage
Mongo
Redis
Cache
Message
Service
User Service
Auth Service
Mongo
Redis
Cache
Provisioning
Portal
Provisioning
Service

48. Global Reach
52
Regional Tenants Global Tenants
Where are our tenants located?

49. Encryption
54

50. Encryption
private static async Task<TenantInfo> CreateTenantAsync(Guid id)
{
var containerName = $"tenant-{id}";
await CreateBlobContainerAsync(containerName);
var keyName = $"key-{id}";
var keyVaultClient = new KeyVaultClient(GetTokenAsync);
await keyVaultClient.CreateKeyAsync(KeyVaultUrl, keyName,
JsonWebKeyType.Rsa);
return new TenantInfo(id, containerName, keyName);
}
55

51. Encryption
private static async Task<CloudBlockBlob>
UploadBlobAsync(CloudBlobContainer container, IKey rsa)
{
BlobEncryptionPolicy policy = new BlobEncryptionPolicy(rsa, null);
BlobRequestOptions options = new BlobRequestOptions {
EncryptionPolicy = policy };
CloudBlockBlob blob = container.GetBlockBlobReference("MyFile.txt");
using (var stream = File.OpenRead("Data.txt"))
{
await blob.UploadFromStreamAsync(stream, stream.Length, null,
options, null);
}
return blob;
}
56

52. Infrastructure
58

53. Infrastructure
59

54. Infrastructure
Tenant Management Service
One place to secure
One place to access tenant configuration
60

55. Per Tenant
Reference Architecture (Monolith)
61
Web SPA Mobile App
Blob
Storage
SQL
Redis Cache
T T
T T
Back-End API
Provisioning
Portal
Tenant
Provisioning

56. Per Tenant
Reference Architecture (Monolith)
62
Web SPA Mobile App
Blob
Storage
SQL
Redis Cache
Tenant
Data
T T
T T
Provisioning
Portal
Back-End API
Tenant
Management

57. Per Tenant
Reference Architecture (Microservices)
63
Reverse
Proxy
Web SPA Mobile App
Blob
Storage
Mongo
Redis
Cache
Message
Service
User Service
Auth Service
Mongo
Redis
Cache
Provisioning
Portal
Provisioning
Service

58. Per Tenant
Reference Architecture (Microservices)
64
Reverse
Proxy
Web SPA Mobile App
Blob
Storage
Mongo
Redis
Cache
Message
Service
User Service
Auth Service
Mongo
Redis
Cache
Tenant
Management
Tenant
Data
Provisioning
Portal

59. DevOps Issues
65

60. 67
Automate!

61. Monitoring
68

62. Monitoring
69

63. Demo
70

64. Takeaways
71
Carefully define the tenant boundaries
Invest in your architecture
Follow well known architecture patterns – to the extreme
Decide on shared vs. dedicated resources
Don’t forget to handle onboarding, provisioning & billing
Rock solid infrastructure is key
Monitor each and every tenant
Earn a lot of cash!

65. 72

66. Thank You!
73
Eran Stiller
@eranstiller
Cloud Division Leader
Senior Software Architect
erans@codevalue.net
http://stiller.blog