Multi-tenancy in Platform-as-a-Service - Paul Fremantle


Published on

Multi-tenancy (MT) is a key attribute of many cloud systems. In particular it is a strong component of Software-as-a-Service (SaaS). A Platform-as-a-Service (PaaS) that offers multi-tenancy is an important approach for creating SaaS applications. This session will look at ways of implementing MT and how it can be used to create SaaS applications. Implementing multi-tenancy involves a lot of tricky issues - including data isolation, prevention of DoS attacks (either intentional or not), memory control, CPU control, thread management, security issues, provisioning and more. Using the Open Source Stratos project as an example, this session will dig into ways of solving these problems and implementing MT, both within the JVM as well as using lightweight containers in Linux (LXC) to provide isolation. The session is aimed at developers looking to use or implement multi-tenancy, as well as architects who want to understand the trade-offs and runtime characteristics of various MT approaches.

Published in: Technology
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Workflow – bps and brsGovernance and compliance – wso2 registryDevelopment dashboard – BAM, Jaggery
  • Workflow – bps and brsGovernance and compliance – wso2 registryDevelopment dashboard – BAM, Jaggery
  • Multi-tenancy in Platform-as-a-Service - Paul Fremantle

    1. 1. Multi-tenancy inPlatform-as-a-Service Paul FremantleCTO and Co-Founder, WSO2 VP, Apache Synapse @pzfreo
    2. 2. ContentsMulti-tenancy overviewUnderstanding StratosHow does Stratos 1.x approach Multi-tenancyHow does Stratos 2.0 extend thatCartridge modelStatusGetting involvedNext steps
    3. 3. Why Multi-Tenancy?• Resources • Getting the right level of sharing • Long tail• Management • Managing 1000 independent apps is a lot harder than managing 1 app with 1000 tenants• Enabling Software-as-a-Service• Being truly cloudy
    4. 4. ?
    5. 5. Multi-tenancy sharing approachesShared NothingShared HardwareShared DatabaseShared Operating SystemShared Container
    6. 6. Cloud EconomicsPublic Cloud economy is based on the Central Limit TheoremFor dependent workloads the CLT sucks High-sharing Multi-tenancy is the economy of scale for dependent workloads 6
    7. 7. StratosA multi-tenant PaaSAvailable under the Apache License 2.0Running in the cloud (as a service) http://stratoslive.wso2.comAvailable to deploy in Private or Hybrid modelsLocal setup available as well (runs in a single machine)
    8. 8. What is Stratos?A Multi-Tenant Platform-as-a-Service (PaaS) Foundation A software product (downloadable, commercially supported) Deploys onto an Infrastructure-as-a-Service (IaaS) Including Amazon EC2, vmWare, Eucalyptus, OpenStack, Rackspace, etc Creates a secure, multi-tenant, elastic, metered, billed PaaS Supports private, partner, hybrid or public PaaS WSO2 runs it as a public PaaS: http://stratoslive.wso2.comCan enable multiple flavours of PaaS: Application PaaS (aPaaS), Integration PaaS (iPaaS), Data PaaS (dPaaS), etc
    9. 9. Stratos 2.0aPaaSiPaaS Carbon ESB Carbon Other Carbon PHP Any Cartridge AppServer Cartridges Cartridge Pluggable Cartridge Cartridge Message Logging Security Registr Relation Colum File Task Billing Service Service Service y l n Storag Mgmt Service Service Data Storag e ServiceFoundation Service e Service ServicePaaS Stratos Controller Elastic Cloud Artefact Deployment Managemen Load Load Controller/ Distribution Synchronise t Monitor Balancer Autoscaler Service r Console IaaS Infrastructure Cloud (EC2, vmWare, Rackspace, OpenStack, Eucalyptus, etc)
    10. 10. Understanding the Stratos ControllerThe Stratos Controller is a set of components (built as OSGi features) that work together to manage the PaaS Cloud Controller: using jclouds creates/removes VM or LXC instances, based on input from - Load Monitor: takes information on load from multiple sources, including the – Elastic Load Balancer: distributes requests to the correct instances, based on tenant and load balance, including rewriting URLs Artefact Distribution Server: takes complete applications and breaks into per-instance components, which are then loaded into instances by Deployment Synchronizer: checks out the right code for an instance Management Console: allows control of all this by either Web UI or command-line tooling
    11. 11. Multi-tenancy in StratosMulti-tenancy is “built into” the core of Stratos• Tenant sign-up• Tenant aware load-balancing• Identity management for tenants • Sign-in, SAML2 SSO, permissions• Multi-tenant services • Data (MySQL/Cassandra) • Messaging • Logging • Activity Monitoring • etc
    12. 12. Stratos Core ServicesThe Stratos Core Services provide essential capabilities to servers and applications running in Stratos Logging-as-a-Service Data-as-a-Service (MySQL and Cassandra) File-System-as-a-Service (coming in 2.0) Identity-as-a-Service Registry/Repository (for metadata and config) Billing and Metering
    13. 13. Identity Server / ServiceEach tenant is identified by the @tenant-domainEach tenant admin can choose to manage their tenants user store either within the Stratos-internal LDAP store or using an external LDAPBulk importEach tenant user has a OpenId/Infocard as well as SAML2 tokens Single-signon Single-Signoff is also supportedSAML2 is used across the Stratos deployment to ensure a smooth transition (single sign-on) between Stratos services SAML2 is also available as sign-on for webapps, gadgets and other user- deployed content
    14. 14. web.xml – Integrating Identity into WebApps<login-config> <auth-method>BASIC</auth-method> <realm-name>Basic Auth</realm-name></login-config>Automatically ties into Stratos Identity
    15. 15. Identity Service continuedAs well as a full distributed authentication server, Stratos Identity Server also supports distributed Authorization OAuth XACML
    16. 16. SQL Database as a ServiceUsers can log in to the Stratos data page and create a Database and receive a JDBC URL.A Database will be allocated from a MySQL cluster, and they are isolated from other Stratos tenants and it is integrated with WSO2 Security model.
    17. 17. Apache Cassandra as a ServiceUsers can log in to the Web Console (both in Stratos and in WSO2 Data Server) and create Cassandra key spaces.
    18. 18. Logging
    19. 19. MeteringEach services collects Number of service calls Registry bandwidth (upload, download) Total registry space usageSend above to BAMBAM summarizes periodicallySummarized data accessible by Stratos Manager
    20. 20. Stratos BillingScheduled invoice generationAbility to view past invoices and the current(interim) invoiceSecurely pay the invoice via PaypalNotifies the customer via email on received paymentsNotifies the super-admin on customers exceeding the credit limitPresents a summary view to the super-admin
    21. 21. Multi-tenant JavaCarbon servers implement multi-tenancy within the JVMESB, AppServer, BPS, Message Broker, Governance Registry, Data Services, Identity Server, BAM, CEP, RulesHow?Why?Pros and Cons?
    22. 22. How?• Classloader isolation• Java Security Policies and signing • Limit what apps or configs can do• StuckThreadDetection• Ghost Deployment• Billing and Metering
    23. 23. Why?• To support very efficient multi-tenancy for certain workloads• Long tail – free tenants as well as paid for• Enable SaaS builders
    24. 24. Pros and Cons• Pros • Data Isolation is quite effective with Security Policies and class loader isolation • Very small incremental footprint• Cons • Creating new threads is not controlled by the Security Policy (patchable) • Threads can be killed but overall CPU cannot be controlled in the standard JVM • Memory allocation cannot be controlled in a standard JVM
    25. 25. Tenant-aware LB
    26. 26. ELB Config
    27. 27. Private Jet modeAnalogy Economy class no SLA management, only elasticity Business class elasticity plus SLA guarantees Private Jet Guaranteed isolated VMs or machines for a specific tenant Still elastically scaled
    28. 28. Stratos 2.0• Available November 2012• Major enhancement: • Cartridge Model • Java or non-Java (e.g. PHP, Jetty) • Support for running single-tenant or multi-tenant• Tenant aware load balancing
    29. 29. More new stuffSupport for more IaaS providers (vmWare, EC2, OpenStack, CloudStack, Rackspace, etc) via jclouds Supports a single Stratos deployment over multiple IaaS (hybrid cloud)Puppet based deploymentImproved logging modelSmaller minimum footprintImproved autoscaling and ELB
    30. 30. Understanding CartridgesA cartridge is a package of code/configuration that plugs into Stratos to offer a new PaaS Service e.g. Carbon ESB cartridge plugs in to provide a Stratos ESB-as-a-Service PHP Cartridge plugs in to provide PHP-as-a-ServiceA cartridge is a VM image plus config In Stratos 2.0 you need a VM per IaaS e.g. need to create both EC2 and LXC image to use on both IaaSIn future this may improve (e.g. via Puppet?)
    31. 31. Cartridge TenancyA cartridge can operate in two modes: Single tenant Stratos will run and manage a separate instance for each tenant The PHP Cartridge runs this way Multi-tenant Stratos will run multiple instances partitioned so that sets of tenants run on sets of instances Each instance of a Cartridge may run more than one tenant Carbon Cartridges run this way (or single tenant too)
    32. 32. User Roles involved in Cartridge ArchitectureCartridge Creator Understands the cartridge domain (e.g. PHP) plus Cartridge SPI Creates image and configs (including for different IaaS)Cartridge Deployer – Stratos Admin/DevOps Registers cartridge with StratosCartridge Subscriber Tenant Admin Subscribes to the cartridge with Scaling parameters. Other resources such as persistent file system / DBCartridge Users Per-tenant users or developers Access deployed applications Upload applications to the cartridge (optional)
    33. 33. How does a Cartridge work?A cartridge is: A runtime that may (or may not) be optimized to use Stratos Core Services e.g. Logging, Authn/Authz, Billing and Metering, Registry- based Config Plus a simple script to deploy code or artefactsStratos takes care of: Spawning instances, Managing IPs Load-balancing and URL Mapping Autoscaling
    34. 34. How does it work in REAL life?!export STRATOS_ADS_PORT=9448export STRATOS_TENANT_USERNAME=adminexport STRATOS_TENANT_PASSWORD=j2JK23LL$3export STRATOS_TENANT_DOMAIN=fremantle.orgexport STRATOS_KEYSTORE=~/ADS/repository/resources/security/w so2carbon.jks./ -upload -a ./ -c php
    35. 35. Future improvementAt the moment we call ADS, ADS checks into SVNWe are adding direct check-in into SVN / push into Git
    36. 36. LXC SupportLinux Containers (LXC) Lightweight isolated containers Much lower footprint than a JVM An enhanced version of chroot Supports Memory, CPU and disk isolation and managementWe utilize OpenStack as an LXC controllerSince we support multiple IaaS at once we can support both traditional VMs and LXCs
    37. 37. Virtualization models Stratos 2.0 supports all these Pure hardware models (in combination too) Virtual MachineIsolation LXC Shared Process (e.g. Carbon MT) Resource Optimization
    38. 38. WSO2 AppFactoryA cloud-based approach to complete delivery of applications from project creation, development, testing through into production Private, Public, or Partner Cloud deploymentBased on real deployments in productionAvailable late 2012/early 2013 Solution: shipping code with installation and customization services together with strategic consultancySuitable for internal development, partner clouds or public PaaS
    39. 39. Continuous Process Project and Team Management Software Continuous development Deployment workflow Governance Test and Automation Compliance Continuous Development Integration Dashboards Continuous Develop Build Code10/23/2012 Source Issue 41 Control Tracking
    40. 40. Open Source DevOps, Agile, and Cloud Tooling Project and Team Management Software Continuous development App Factory Deployment workflow Governance Test and App Factory Automation Compliance Continuous Development Integration App Factory Dashboards App Factory Continuous Develop Build Code10/23/2012 Source Issue 42 Control Tracking
    41. 41. 10/23/2012 43
    42. 42. 10/23/2012 44
    43. 43. 10/23/2012 45
    44. 44. WSO2 App Factory
    45. 45. Questions?