Tenancy Design PatternsFermin Ordaz (@fermin_ordaz) – Application SecurityDave Chen (@DaveXChen) – Machine

2 PREDIX TRANSFORM

AgendaUnderstanding Multi-tenancy1Multi-tenancy in CF2

4 Multi-tenancy Patterns5 EdgeManager Demo

3 Multi-tenancy Pillars

3 PREDIX TRANSFORM

Picture Here

Understanding Multi-tenancyMotivation•Develop and maintain one application, serve multiple customers.•Sharing storage and computational resources.•Cost reduction (ideally).Implications•Increased complexity, configuration and customization.•Data isolation and access control.•Affects how we expose and consume services.•Authentication, Authorization, User Management, Provisioning, Billing, Metering, Rate limiting, etc.

4 PREDIX TRANSFORM

Multi-tenancy in CF – Org/Space

5 PREDIX TRANSFORM

Provisioning Spectrum

Provisioning in CF•Handled via Service Broker (and Service Implementation)•Create and Bind.•Service Plan and Custom parameters.•Many choices.

6 PREDIX TRANSFORM

Picture Here

Multi-tenancy PillarsData Partition•Who is your tenant ?•Partition Key.•Label your Data.•Targeting partition.

Authentication•Type of credentials•Credentials storage.•Authentication all the time.

Authorization•Owner controls.•Who != What’s allowed•Privileges, scopes, attributes.•Privileges and Data Labels.

Provisioning/Scope•Service Broker/Static•Service discovery•Credentials lookup

7 PREDIX TRANSFORM

Picture Here

Multi-tenancy Patterns - IAuthentication Mechanism•Binding Credentials

Partitioning Scheme•Instance id VS Instance/app id

Provisioning/Scope•Instance in tenant org/space.•Shared in org/space.•Not visible outside.

Authorization Mechanism•Who drives access.•Control per instance, or per App.•No built in privileges.

8 PREDIX TRANSFORM

Multi-tenancy Patterns - I

9 PREDIX TRANSFORM

Picture Here

Multi-tenancy Patterns - IIAuthentication Mechanism•OAuth token from tenant UAA•Store credentials ? No•Clients can get credentials from TMS.

Partitioning Scheme•Instance id VS Instance/client id (OAuth)•Fine grained access via Data labeling

Scope•Instance in tenant org/space.•No binding. Visible from other org/spaces via (TMS)

Authorization Mechanism•OAuth authorities or ACS attributes.•Service instance protection via ZAC.

10 PREDIX TRANSFORM

Multi-tenancy Patterns - II

11 PREDIX TRANSFORM

Multi-tenancy Patterns - III

12 PREDIX TRANSFORM

Picture Here

Building BlocksTMS – Tenancy Management Services•Service instance provisioning.•Service instance registry.•Lookup of Client Credentials.•Tenant Onboard and Subscription.

ZAC – Zone Access Control•ZAC protects your services.•ZAC checks tokens.•ZAC checks token authorities.ACS – Access Control

Services•ACS for API protection (Policies)•ACS for storing subject attributes.•ACS for storing resource attributes.

13 PREDIX TRANSFORM

Picture HereEdgeManager Demo

General Electric reserves the right to make changes in specifications and features, or discontinue the product or service described at any time, without notice or obligation. These materials do not constitute a representation, warranty or documentation regarding the product or service featured. Illustrations are provided for informational purposes, and your configuration may differ. This information does not constitute legal, financial, coding, or regulatory advice in connection with your use of the product or service. Please consult your professional advisors for any such advice. GE, Predix and the GE Monogram are trademarks of General Electric Company. ©2016 General Electric Company – All rights reserved.