MARIA AHMEDCT-021

SaaS MULTITENANT DATABASE

ARCHITECTURE

Cloud Computing

Service Models

SaaS Multitenant DB Architecture

Proposed Solutions

Comparison

Recommendations

CLOUD COMPUTING Cloud Computing refers to “Computing over the Internet”

The use of new or existing computing hardware and virtualization technologies to form a shared infrastructure that enables web-based value added services.

End users access cloud-based applications through a web browser or a light-weight desktop or mobile app 

The business software and user's data are stored on servers at a remote location

a way to increase capacity or add capabilities on the fly

CLOUD COMPUTING

CLOUD COMPUTING

CLOUD COMPUTING

CHARACTERSTICS

• Readily available on demandOn-demand self-service

• Service is available via network independent of user end device

Broad network access

• Accomplished through virtualization and multi-tenancy

Resource pooling

• Provisioning/releasing of resourcesRapid elasticity

• Provides “pay-as-you-go” serviceMeasured service

SERVICE MODELSSERVICE MODELS

SERVICE MODELS

INFRASTRUCTURE AS A SERVICE The use of server, storage and virtualization to enable utility like

services for users

Pre-configured hardware is provided via a virtualized interface or hypervisor.

Cloud users install operating-system images and their application software on the cloud infrastructure

Examples: • Amazon EC2• Azure Services Platform• DynDNS• Google Compute Engine• Joyent• LeaseWeb• Rackspace Cloud, etc

SERVICE MODELS

PLATFORM AS A SERVICE Delivers platform including operating system, programming

language execution environment, database, and web server

Provides application hosting, development, testing and deployment environment

Alleviates the need to buy and maintain the underlying hardware, software and hosting facilities

Middle layer between SaaS and IaaS

Examples: • AWS Elastic Beanstalk• Heroku• Force.com, • Google App Engine• OrangeScape, etc

SERVICE MODELS

SOFTWARE AS A SERVICE Delivers applications/services over the web

No upfront investment in servers or software licensing for users

“pay-as-you-go” model

Data and the software application are hosted centrally

Software application can be accessed without need to use additional hardware or software

Examples: • Google Docs• Dropbox• Salesforce.com • Hotmail or Gmail• Microsoft Skydrive• Google Analytics, etc

SaaS MULTITENANT DB ARCHITECTURESaaS MULTENANT DB ARCHITECTURE

MULTITENANCY

A technology that clouds use to share IT resources cost-efficiently and securely among multiple tenants

Software architecture where a single instance of a software application serves multiple customers

Ensures that one tenant operates in isolation from all others

MULTITENANT DB ARCHITECTURES

Separate databases

Shared database, separate schema

Shared database,

shared schema

SaaS MULTENANT DB ARCHITECTURE

SEPARATE DATABASES

Simplest approach to data isolation with data being stored in separate databases

SaaS MULTENANT DB ARCHITECTURE

SHARED DATABASE, SEPARATE SCHEMAS

It involves housing multiple tenants in the same database, with each tenant having its own schema

SaaS MULTENANT DB ARCHITECTURE

SHARED DATABASE, SHARED SCHEMA

It involves using the same database and the same set of tables to host multiple tenants' data

SaaS MULTENANT DB ARCHITECTURE

PROPOSED SOLUTIONS

PROPOSED SOLUTIONSSolution 1

• AN EFFICIENT SCHEMA SHARED APPROACH FOR CLOUD BASED MULTITENANT DATABASE WITH AUTHENTICATION & AUTHORIZATION FRAMEWORK

Solution 2• A NON-INTRUSIVE MULTI-TENANT DATABASE FOR

LARGE SCALE SAAS APPLICATIONS

AN EFFICIENT SCHEMA SHARED APPROACH FOR CLOUD BASED MULTITENANT DATABASE WITH AUTHENTICATION & AUTHORIZATION FRAMEWORK

PROPOSED SOLUTION 1

Multi-tenancy supported architecture

Issues identification with traditional apprach

Data isolation among tenants’ data

Authentication and authorization framework

for security

GOALS

PROPOSED SOLUTION 1

ISSUES WITH UNIVERSAL TABLE LAYOUT

Decision for pre-defined number of columns (for custom fields) Greater number of NULL values lead to wastage of space

Data type of columns

PROPOSED SOLUTION 1

RESOLUTION

Drawbacks

• Size of Extension table is too large which may lead to performance

problems while data fetching from the database

• Increased query processing time for insert, update and delete

operations

PROPOSED SOLUTION 1

PROPOSED APPROACHD

ata

isola

tion

m

od

el Shared

database, shared

schema that supports large

number of tenants

Op

tim

ized

data

base

sch

em

a Modified extension

table for efficient use

of space

Data

secu

rity Kerberos is

used for authentication

and authorization

PROPOSED SOLUTION 1

OPTIMIZED DATABASE SCHEMA• XML objects are used in the

extension table • reduced table size• eliminated primary

table

• XML document is dynamically generated

• XML object contains data of entire row

• Tags in XML object refers to the name of table fields

• Allows multiple table creation for tenants

• Table ids are used to associate extension table data with its respective table

PROPOSED SOLUTION 1

DATA SECURITY

1. CRYPTOGRAPHYFor keys generation and messages cryptography class of .NET platform has been used

2. VIEWS FOR TENANTSCreation of views for tenants to display relevant information or data

PROPOSED SOLUTION 1

DATA SECURITY

3. KERBEROS PROTOCOL

For authentication and authorization

1) Getting the TGT from AS (authentication server)2) Getting the SGT from TGS (ticket granting server)3) Getting access to the server

A table is maintained for user permissions and is used for authorization when user wants to perform some operation

A NON-INTRUSIVE MULTI-TENANT DATABASE FOR LARGE SCALE SAAS APPLICATIONS

PROPOSED SOLUTION 2

Cost effective database sharing model

Gaps identification in traditional databases

Data security among tenants

Database scalability

GOALS

PROPOSED SOLUTION 2

REQUIREMENTS & GAP ANALYSIS OF MULTITENANT DB

Challenges Requirements Gaps

Low Cost

Low hardware, software & human resourcesNo cost-effective sharing and isolation mechanism

Development cost – developer to focus on logicNo logical view to easily access the database

Flexibility

Customization – database should be customizable

Database does not support customization mechanisms

Diverse SLA – contain all concerns about security, encryption, backup techniques, etc.

SLA does not detail about any access control mechanisms

Security Isolation

Security models to prevent access to other tenants’ data; Strict security isolation Hierarchical ACL Hybrid tenant types Free sharing

Database does not support security/control mechanisms

Scalability and Availability

Applications should be scalable to support large number of customers without affecting the existing tenants’ services

Databases does not support mechanisms for scalability, availability and load balancing

PROPOSED SOLUTION 2

PROPOSED MULTITENANT DB ARCHITECTURE

• Separate databases• Shared database, separate schemas• Shared database, shared schema

Data Isolation

• Filter-based pattern in application level• Permission-based pattern in DBMS level

(Row level access control mechanism because of shared schema)

Data Security

• Reserved field pattern is used for custom fields

• Template based approach is used for SLA to fulfill tenant’s requirements

Flexibility

MULTITENANT DB ENABLEMENT TECHNOLOGY

PROPOSED SOLUTION 2

• Architecture leverages (for dynamic request routing)• database clustering• routing mechanisms• load balancing

Large Scale Scalability

• Leverage Data Clustering: improves data retrieval performance

• Caching Mechanism: improves metadata repository access mechanism with low cost

• Load Balancing: improves the tenants’ request serving by effective resources utilization

Performance Optimization

MULTITENANT DB ENABLEMENT TECHNOLOGY

PROPOSED SOLUTION 2

COMPARISONCOMPARISONDATA ISOLATION

 

Solution

1• Supports only “shared schema”• Does not provide full isolation• Needs more powerful security mechanisms

2• Supports all three db models• Supports from full isolated dbs to shared dbs

DATA SECURITY 

Solution

1• Uses Kerberos protocol for authentication and authorization

managing a table for permissions

2

Application level security Filter the request based on the tenant identificationDBMS level securityTable/row level access control mechanism db models

COMPARISONCOMPARISONDATA STORAGE

 

Solution

1• Uses XML based data storage• consumes less space (single row per record)

2• Uses normal extension table approach • consumes more space in comparison with XML based

version

FLEXIBILITY 

Solution

1• Uses XML extended table field pattern that allows for any number of custom fields to be added by the tenant

2• It uses reserved extended table field pattern that pre-

defines a fixed number of table columns

COMPARISONCOMPARISONSCALABILITY

 

Solution

1 • Not supported

2

It supports;• Database clustering• Routing mechanisms• Load balancing

PERFORMANCE OPTIMIZATION 

Solution

1 Optimized performance for insert/update/delete operations

2

Implemented;• Data clustering• Caching mechanism• Tenant based load balancing

RECOMMENDATIONSRECOMMENDATIONS Backup strategies should be implemented to provide

immediate restoration in case of failure.Ex: Full backup, Differential backup, Incremental backup, Continuous backup

Data that needs greater security should be saved in encrypted form so that no one can access the information easily

  Some key generation algorithm should be used for

generating the unique ids used within the tables (TenantID, TableID)

THANK YOU