Multi-tenancy (MT) is a key attribute of many cloud systems. In particular it is a strong component of Software-as-a-Service (SaaS). A Platform-as-a-Service (PaaS) that offers multi-tenancy is an important approach for creating SaaS applications. This session will look at ways of implementing MT and how it can be used to create SaaS applications. Implementing multi-tenancy involves a lot of tricky issues - including data isolation, prevention of DoS attacks (either intentional or not), memory control, CPU control, thread management, security issues, provisioning and more. Using the Open Source Stratos project as an example, this session will dig into ways of solving these problems and implementing MT, both within the JVM as well as using lightweight containers in Linux (LXC) to provide isolation. The session is aimed at developers looking to use or implement multi-tenancy, as well as architects who want to understand the trade-offs and runtime characteristics of various MT approaches.

1. Multi-tenancy in
Platform-as-a-Service
Paul Fremantle
CTO and Co-Founder, WSO2
VP, Apache Synapse
paul@wso2.com
@pzfreo

2. Contents
Multi-tenancy overview
Understanding Stratos
How does Stratos 1.x approach Multi-tenancy
How does Stratos 2.0 extend that
Cartridge model
Status
Getting involved
Next steps

3. Why Multi-Tenancy?
• Resources
• Getting the right level of sharing
• Long tail
• Management
• Managing 1000 independent apps is a lot harder
than managing 1 app with 1000 tenants
• Enabling Software-as-a-Service
• Being truly cloudy

4. ?

5. Multi-tenancy sharing approaches
Shared Nothing
Shared Hardware
Shared Database
Shared Operating System
Shared Container

6. Cloud Economics
Public Cloud economy is based on the Central
Limit Theorem
For dependent workloads the CLT sucks
High-sharing Multi-tenancy is the economy of scale for
dependent workloads
6

7. Stratos
A multi-tenant PaaS
Available under the Apache License 2.0
Running in the cloud (as a service)
http://stratoslive.wso2.com
Available to deploy in Private or Hybrid models
Local setup available as well (runs in a single
machine)

8. What is Stratos?
A Multi-Tenant Platform-as-a-Service (PaaS) Foundation
A software product (downloadable, commercially supported)
http://wso2.com/cloud/stratos
Deploys onto an Infrastructure-as-a-Service (IaaS)
Including Amazon EC2, vmWare, Eucalyptus, OpenStack, Rackspace,
etc
Creates a secure, multi-tenant, elastic, metered, billed PaaS
Supports private, partner, hybrid or public PaaS
WSO2 runs it as a public PaaS: http://stratoslive.wso2.com
Can enable multiple flavours of PaaS:
Application PaaS (aPaaS), Integration PaaS (iPaaS), Data
PaaS (dPaaS), etc

9. Stratos 2.0
aPaaS
iPaaS
Carbon ESB Carbon Other Carbon PHP Any
Cartridge AppServer Cartridges Cartridge Pluggable
Cartridge Cartridge
Message Logging Security Registr Relation Colum File Task Billing
Service Service Service y l n Storag Mgmt Service
Service Data Storag e Service
Foundation
Service e Service
Service
PaaS
Stratos Controller
Elastic Cloud Artefact Deployment Managemen Load
Load Controller/ Distribution Synchronise t Monitor
Balancer Autoscaler Service r Console
IaaS
Infrastructure Cloud (EC2, vmWare, Rackspace, OpenStack, Eucalyptus, etc)

10. Understanding the Stratos
Controller
The Stratos Controller is a set of components (built as OSGi
features) that work together to manage the PaaS
Cloud Controller: using jclouds creates/removes VM or LXC
instances, based on input from -
Load Monitor: takes information on load from multiple sources,
including the –
Elastic Load Balancer: distributes requests to the correct instances,
based on tenant and load balance, including rewriting URLs
Artefact Distribution Server: takes complete applications and
breaks into per-instance components, which are then loaded into
instances by
Deployment Synchronizer: checks out the right code for an
instance
Management Console: allows control of all this by either Web UI or
command-line tooling

11. Multi-tenancy in Stratos
Multi-tenancy is “built into” the core of Stratos
• Tenant sign-up
• Tenant aware load-balancing
• Identity management for tenants
• Sign-in, SAML2 SSO, permissions
• Multi-tenant services
• Data (MySQL/Cassandra)
• Messaging
• Logging
• Activity Monitoring
• etc

12. Stratos Core Services
The Stratos Core Services provide essential
capabilities to servers and applications running
in Stratos
Logging-as-a-Service
Data-as-a-Service (MySQL and Cassandra)
File-System-as-a-Service (coming in 2.0)
Identity-as-a-Service
Registry/Repository (for metadata and config)
Billing and Metering

13. Identity Server / Service
Each tenant is identified by the @tenant-domain
Each tenant admin can choose to manage their tenants user store
either within the Stratos-internal LDAP store or using an external
LDAP
Bulk import
Each tenant user has a OpenId/Infocard as well as SAML2 tokens
Single-signon
Single-Signoff is also supported
SAML2 is used across the Stratos deployment to ensure a smooth
transition (single sign-on) between Stratos services
SAML2 is also available as sign-on for webapps, gadgets and other user-
deployed content

14. web.xml – Integrating Identity into
WebApps
<login-config>
<auth-method>BASIC</auth-method>
<realm-name>Basic Auth</realm-name>
</login-config>
Automatically ties into Stratos Identity

15. Identity Service continued
As well as a full distributed authentication server,
Stratos Identity Server also supports distributed
Authorization
OAuth
XACML

16. SQL Database as a Service
Users can log in to the Stratos data page and create a Database
and receive a JDBC URL.
A Database will be allocated from a MySQL cluster, and they are
isolated from other Stratos tenants and it is integrated with
WSO2 Security model.

17. Apache Cassandra as a Service
Users can log in to the Web Console (both in Stratos and in
WSO2 Data Server) and create Cassandra key spaces.

18. Logging

19. Metering
Each services collects
Number of service calls
Registry bandwidth (upload, download)
Total registry space usage
Send above to BAM
BAM summarizes periodically
Summarized data accessible by Stratos Manager

20. Stratos Billing
Scheduled invoice generation
Ability to view past invoices and the current(interim)
invoice
Securely pay the invoice via Paypal
Notifies the customer via email on received payments
Notifies the super-admin on customers exceeding the
credit limit
Presents a summary view to the super-admin

21. Multi-tenant Java
Carbon servers implement multi-tenancy within
the JVM
ESB, AppServer, BPS, Message Broker,
Governance Registry, Data Services, Identity
Server, BAM, CEP, Rules
How?
Why?
Pros and Cons?

22. How?
• Classloader isolation
• Java Security Policies and signing
• Limit what apps or configs can do
• StuckThreadDetection
• Ghost Deployment
• Billing and Metering

23. Why?
• To support very efficient multi-tenancy for
certain workloads
• Long tail – free tenants as well as paid for
• Enable SaaS builders

24. Pros and Cons
• Pros
• Data Isolation is quite effective with Security
Policies and class loader isolation
• Very small incremental footprint
• Cons
• Creating new threads is not controlled by the
Security Policy (patchable)
• Threads can be killed but overall CPU cannot be
controlled in the standard JVM
• Memory allocation cannot be controlled in a
standard JVM

25. Tenant-aware LB

26. ELB Config

27. Private Jet mode
Analogy
Economy class
no SLA management, only elasticity
Business class
elasticity plus SLA guarantees
Private Jet
Guaranteed isolated VMs or machines for a specific tenant
Still elastically scaled

28. Stratos 2.0
• Available November 2012
• Major enhancement:
• Cartridge Model
• Java or non-Java (e.g. PHP, Jetty)
• Support for running single-tenant or multi-tenant
• Tenant aware load balancing

29. More new stuff
Support for more IaaS providers (vmWare, EC2, OpenStack,
CloudStack, Rackspace, etc) via jclouds
Supports a single Stratos deployment over multiple IaaS (hybrid cloud)
Puppet based deployment
Improved logging model
Smaller minimum footprint
Improved autoscaling and ELB

30. Understanding Cartridges
A cartridge is a package of code/configuration that
plugs into Stratos to offer a new PaaS Service
e.g. Carbon ESB cartridge plugs in to provide a
Stratos ESB-as-a-Service
PHP Cartridge plugs in to provide PHP-as-a-Service
A cartridge is a VM image plus config
In Stratos 2.0 you need a VM per IaaS
e.g. need to create both EC2 and LXC image to use on both
IaaS
In future this may improve (e.g. via Puppet?)

31. Cartridge Tenancy
A cartridge can operate in two modes:
Single tenant
Stratos will run and manage a separate instance for each
tenant
The PHP Cartridge runs this way
Multi-tenant
Stratos will run multiple instances partitioned so that sets of
tenants run on sets of instances
Each instance of a Cartridge may run more than one tenant
Carbon Cartridges run this way (or single tenant too)

32. User Roles involved in Cartridge
Architecture
Cartridge Creator
Understands the cartridge domain (e.g. PHP) plus Cartridge SPI
Creates image and configs (including for different IaaS)
Cartridge Deployer – Stratos Admin/DevOps
Registers cartridge with Stratos
Cartridge Subscriber
Tenant Admin
Subscribes to the cartridge with
Scaling parameters. Other resources such as persistent file system / DB
Cartridge Users
Per-tenant users or developers
Access deployed applications
Upload applications to the cartridge (optional)

33. How does a Cartridge work?
A cartridge is:
A runtime that may (or may not) be optimized to use
Stratos Core Services
e.g. Logging, Authn/Authz, Billing and Metering, Registry-
based Config
Plus a simple script to deploy code or artefacts
Stratos takes care of:
Spawning instances, Managing IPs
Load-balancing and URL Mapping
Autoscaling

35. How does it work in REAL life?!
export STRATOS_ADS_HOST=ads.cloud-test.wso2.com
export STRATOS_ADS_PORT=9448
export STRATOS_TENANT_USERNAME=admin
export STRATOS_TENANT_PASSWORD=j2JK23LL$3
export STRATOS_TENANT_DOMAIN=fremantle.org
export
STRATOS_KEYSTORE=~/ADS/repository/resources/security/w
so2carbon.jks
./stratos-cli.sh -upload -a ./testapp.zip -c php

36. Future improvement
At the moment we call ADS, ADS checks into
SVN
We are adding direct check-in into SVN / push into
Git

38. LXC Support
Linux Containers (LXC)
Lightweight isolated containers
Much lower footprint than a JVM
An enhanced version of chroot
Supports Memory, CPU and disk isolation and management
We utilize OpenStack as an LXC controller
Since we support multiple IaaS at once we can
support both traditional VMs and LXCs

39. Virtualization models
Stratos 2.0 supports all these
Pure hardware models
(in combination too)
Virtual Machine
Isolation
LXC
Shared Process
(e.g. Carbon MT)
Resource Optimization

40. WSO2 AppFactory
A cloud-based approach to complete delivery of
applications from project creation, development,
testing through into production
Private, Public, or Partner Cloud deployment
Based on real deployments in production
Available late 2012/early 2013
Solution: shipping code with installation and customization
services together with strategic consultancy
Suitable for internal development, partner clouds or
public PaaS

41. Continuous Process
Project and
Team
Management Software
Continuous
development
Deployment
workflow
Governance
Test
and
Automation
Compliance
Continuous Development
Integration Dashboards
Continuous Develop
Build Code
10/23/2012 Source Issue 41
Control Tracking

42. Open Source DevOps, Agile, and Cloud Tooling
Project and
Team
Management Software
Continuous
development App Factory
Deployment
workflow
Governance
Test
and App Factory
Automation
Compliance
Continuous Development
Integration App Factory Dashboards App Factory
Continuous Develop
Build Code
10/23/2012 Source Issue 42
Control Tracking

43. 10/23/2012 43

44. 10/23/2012 44

45. 10/23/2012 45

46. WSO2 App Factory

47. Questions?