Saa s multitenant database architecture
-
Upload
mmubashirkhan -
Category
Education
-
view
4.323 -
download
2
description
Transcript of Saa s multitenant database architecture
MARIA AHMEDCT-021
SaaS MULTITENANT DATABASE
ARCHITECTURE
Cloud Computing
Service Models
SaaS Multitenant DB Architecture
Proposed Solutions
Comparison
Recommendations
CLOUD COMPUTING Cloud Computing refers to “Computing over the Internet”
The use of new or existing computing hardware and virtualization technologies to form a shared infrastructure that enables web-based value added services.
End users access cloud-based applications through a web browser or a light-weight desktop or mobile app
The business software and user's data are stored on servers at a remote location
a way to increase capacity or add capabilities on the fly
CLOUD COMPUTING
CLOUD COMPUTING
CLOUD COMPUTING
CHARACTERSTICS
• Readily available on demandOn-demand self-service
• Service is available via network independent of user end device
Broad network access
• Accomplished through virtualization and multi-tenancy
Resource pooling
• Provisioning/releasing of resourcesRapid elasticity
• Provides “pay-as-you-go” serviceMeasured service
SERVICE MODELSSERVICE MODELS
SERVICE MODELS
INFRASTRUCTURE AS A SERVICE The use of server, storage and virtualization to enable utility like
services for users
Pre-configured hardware is provided via a virtualized interface or hypervisor.
Cloud users install operating-system images and their application software on the cloud infrastructure
Examples: • Amazon EC2• Azure Services Platform• DynDNS• Google Compute Engine• Joyent• LeaseWeb• Rackspace Cloud, etc
SERVICE MODELS
PLATFORM AS A SERVICE Delivers platform including operating system, programming
language execution environment, database, and web server
Provides application hosting, development, testing and deployment environment
Alleviates the need to buy and maintain the underlying hardware, software and hosting facilities
Middle layer between SaaS and IaaS
Examples: • AWS Elastic Beanstalk• Heroku• Force.com, • Google App Engine• OrangeScape, etc
SERVICE MODELS
SOFTWARE AS A SERVICE Delivers applications/services over the web
No upfront investment in servers or software licensing for users
“pay-as-you-go” model
Data and the software application are hosted centrally
Software application can be accessed without need to use additional hardware or software
Examples: • Google Docs• Dropbox• Salesforce.com • Hotmail or Gmail• Microsoft Skydrive• Google Analytics, etc
SaaS MULTITENANT DB ARCHITECTURESaaS MULTENANT DB ARCHITECTURE
MULTITENANCY
A technology that clouds use to share IT resources cost-efficiently and securely among multiple tenants
Software architecture where a single instance of a software application serves multiple customers
Ensures that one tenant operates in isolation from all others
MULTITENANT DB ARCHITECTURES
Separate databases
Shared database, separate schema
Shared database,
shared schema
SaaS MULTENANT DB ARCHITECTURE
SEPARATE DATABASES
Simplest approach to data isolation with data being stored in separate databases
SaaS MULTENANT DB ARCHITECTURE
SHARED DATABASE, SEPARATE SCHEMAS
It involves housing multiple tenants in the same database, with each tenant having its own schema
SaaS MULTENANT DB ARCHITECTURE
SHARED DATABASE, SHARED SCHEMA
It involves using the same database and the same set of tables to host multiple tenants' data
SaaS MULTENANT DB ARCHITECTURE
PROPOSED SOLUTIONS
PROPOSED SOLUTIONSSolution 1
• AN EFFICIENT SCHEMA SHARED APPROACH FOR CLOUD BASED MULTITENANT DATABASE WITH AUTHENTICATION & AUTHORIZATION FRAMEWORK
Solution 2• A NON-INTRUSIVE MULTI-TENANT DATABASE FOR
LARGE SCALE SAAS APPLICATIONS
AN EFFICIENT SCHEMA SHARED APPROACH FOR CLOUD BASED MULTITENANT DATABASE WITH AUTHENTICATION & AUTHORIZATION FRAMEWORK
PROPOSED SOLUTION 1
Multi-tenancy supported architecture
Issues identification with traditional apprach
Data isolation among tenants’ data
Authentication and authorization framework
for security
GOALS
PROPOSED SOLUTION 1
ISSUES WITH UNIVERSAL TABLE LAYOUT
Decision for pre-defined number of columns (for custom fields) Greater number of NULL values lead to wastage of space
Data type of columns
PROPOSED SOLUTION 1
RESOLUTION
Drawbacks
• Size of Extension table is too large which may lead to performance
problems while data fetching from the database
• Increased query processing time for insert, update and delete
operations
PROPOSED SOLUTION 1
PROPOSED APPROACHD
ata
isola
tion
m
od
el Shared
database, shared
schema that supports large
number of tenants
Op
tim
ized
data
base
sch
em
a Modified extension
table for efficient use
of space
Data
secu
rity Kerberos is
used for authentication
and authorization
PROPOSED SOLUTION 1
OPTIMIZED DATABASE SCHEMA• XML objects are used in the
extension table • reduced table size• eliminated primary
table
• XML document is dynamically generated
• XML object contains data of entire row
• Tags in XML object refers to the name of table fields
• Allows multiple table creation for tenants
• Table ids are used to associate extension table data with its respective table
PROPOSED SOLUTION 1
DATA SECURITY
1. CRYPTOGRAPHYFor keys generation and messages cryptography class of .NET platform has been used
2. VIEWS FOR TENANTSCreation of views for tenants to display relevant information or data
PROPOSED SOLUTION 1
DATA SECURITY
3. KERBEROS PROTOCOL
For authentication and authorization
1) Getting the TGT from AS (authentication server)2) Getting the SGT from TGS (ticket granting server)3) Getting access to the server
A table is maintained for user permissions and is used for authorization when user wants to perform some operation
A NON-INTRUSIVE MULTI-TENANT DATABASE FOR LARGE SCALE SAAS APPLICATIONS
PROPOSED SOLUTION 2
Cost effective database sharing model
Gaps identification in traditional databases
Data security among tenants
Database scalability
GOALS
PROPOSED SOLUTION 2
REQUIREMENTS & GAP ANALYSIS OF MULTITENANT DB
Challenges Requirements Gaps
Low Cost
Low hardware, software & human resourcesNo cost-effective sharing and isolation mechanism
Development cost – developer to focus on logicNo logical view to easily access the database
Flexibility
Customization – database should be customizable
Database does not support customization mechanisms
Diverse SLA – contain all concerns about security, encryption, backup techniques, etc.
SLA does not detail about any access control mechanisms
Security Isolation
Security models to prevent access to other tenants’ data; Strict security isolation Hierarchical ACL Hybrid tenant types Free sharing
Database does not support security/control mechanisms
Scalability and Availability
Applications should be scalable to support large number of customers without affecting the existing tenants’ services
Databases does not support mechanisms for scalability, availability and load balancing
PROPOSED SOLUTION 2
PROPOSED MULTITENANT DB ARCHITECTURE
• Separate databases• Shared database, separate schemas• Shared database, shared schema
Data Isolation
• Filter-based pattern in application level• Permission-based pattern in DBMS level
(Row level access control mechanism because of shared schema)
Data Security
• Reserved field pattern is used for custom fields
• Template based approach is used for SLA to fulfill tenant’s requirements
Flexibility
MULTITENANT DB ENABLEMENT TECHNOLOGY
PROPOSED SOLUTION 2
• Architecture leverages (for dynamic request routing)• database clustering• routing mechanisms• load balancing
Large Scale Scalability
• Leverage Data Clustering: improves data retrieval performance
• Caching Mechanism: improves metadata repository access mechanism with low cost
• Load Balancing: improves the tenants’ request serving by effective resources utilization
Performance Optimization
MULTITENANT DB ENABLEMENT TECHNOLOGY
PROPOSED SOLUTION 2
COMPARISONCOMPARISONDATA ISOLATION
Solution
1• Supports only “shared schema”• Does not provide full isolation• Needs more powerful security mechanisms
2• Supports all three db models• Supports from full isolated dbs to shared dbs
DATA SECURITY
Solution
1• Uses Kerberos protocol for authentication and authorization
managing a table for permissions
2
Application level security Filter the request based on the tenant identificationDBMS level securityTable/row level access control mechanism db models
COMPARISONCOMPARISONDATA STORAGE
Solution
1• Uses XML based data storage• consumes less space (single row per record)
2• Uses normal extension table approach • consumes more space in comparison with XML based
version
FLEXIBILITY
Solution
1• Uses XML extended table field pattern that allows for any number of custom fields to be added by the tenant
2• It uses reserved extended table field pattern that pre-
defines a fixed number of table columns
COMPARISONCOMPARISONSCALABILITY
Solution
1 • Not supported
2
It supports;• Database clustering• Routing mechanisms• Load balancing
PERFORMANCE OPTIMIZATION
Solution
1 Optimized performance for insert/update/delete operations
2
Implemented;• Data clustering• Caching mechanism• Tenant based load balancing
RECOMMENDATIONSRECOMMENDATIONS Backup strategies should be implemented to provide
immediate restoration in case of failure.Ex: Full backup, Differential backup, Incremental backup, Continuous backup
Data that needs greater security should be saved in encrypted form so that no one can access the information easily
Some key generation algorithm should be used for
generating the unique ids used within the tables (TenantID, TableID)
THANK YOU