multi tenancy - wining formula for a paas
DESCRIPTION
TRANSCRIPT
![Page 1: Multi tenancy - Wining formula for a PaaS](https://reader033.vdocuments.net/reader033/viewer/2022061121/546ea3edb4af9fa0268b4724/html5/thumbnails/1.jpg)
Multi-tenancy: Winning formula
for a PaaSby
Srinath Perera, Ph.D. Senior Software Architect
WSO2 Inc.
![Page 2: Multi tenancy - Wining formula for a PaaS](https://reader033.vdocuments.net/reader033/viewer/2022061121/546ea3edb4af9fa0268b4724/html5/thumbnails/2.jpg)
Next 45 Minutes …
• Brief Introduction to Cloud and PaaS
• What and Why Multi-tenancy?
• Implementing Multi-tenancy
• Data Multi-tenancy
• Execution Multi-tenancy
• Scaling Up
• ConclusionPhoto by Bruno Girin on Flickr,
http://www.flickr.com/photos/brunogirin/27981693/, Licensed under CC
![Page 3: Multi tenancy - Wining formula for a PaaS](https://reader033.vdocuments.net/reader033/viewer/2022061121/546ea3edb4af9fa0268b4724/html5/thumbnails/3.jpg)
Cloud Computing
Ability to buy computations power, storage, or execution services as an Utility, on demand.
For more details read “A View of Cloud Computing, Communications of the ACM, 2010”
![Page 4: Multi tenancy - Wining formula for a PaaS](https://reader033.vdocuments.net/reader033/viewer/2022061121/546ea3edb4af9fa0268b4724/html5/thumbnails/4.jpg)
Cloud Computing (contd.)
• Best way to explain it is by comparing it to Electricity
• Idea is a big pool of servers and share.
• Economics of scale through Optimize large scale operations.
• Resource Pooling.
• No need for capacity planning, start small and grow as needed.
• Outsource and enabling specialization.
photo by LoopZilla on Flickr, http://www.flickr.com/photos/loopzilla/2328231843/sizes/m/in/photostr
eam/, Licensed under CC
![Page 5: Multi tenancy - Wining formula for a PaaS](https://reader033.vdocuments.net/reader033/viewer/2022061121/546ea3edb4af9fa0268b4724/html5/thumbnails/5.jpg)
Cloud Offerings
![Page 6: Multi tenancy - Wining formula for a PaaS](https://reader033.vdocuments.net/reader033/viewer/2022061121/546ea3edb4af9fa0268b4724/html5/thumbnails/6.jpg)
Why PaaS?
• IaaS only provides limited saving to someone who needs to outsource their IT functions
• SaaS is great when they can be used
• They are usually very specific (e.g. email, CRM ..)
• If they match, then great, but if they are not, not much choice for the user.
• PaaS stays in the middle ground
• Framework to host your apps
• Hopefully you can move your apps as it is (well not the case with Azure or App Engine, but it is possible with WSO2 Stratos !!!).
![Page 7: Multi tenancy - Wining formula for a PaaS](https://reader033.vdocuments.net/reader033/viewer/2022061121/546ea3edb4af9fa0268b4724/html5/thumbnails/7.jpg)
What is Multi-tenancy ?
Many Parties share the same set of resources, while giving each one his own space
![Page 8: Multi tenancy - Wining formula for a PaaS](https://reader033.vdocuments.net/reader033/viewer/2022061121/546ea3edb4af9fa0268b4724/html5/thumbnails/8.jpg)
Why Multi-tenancy? 1. Increased sharing • Cloud shares
resources across a large pool of users.
• Now sharing happens in the application level as oppose to sharing at OS level for multiple processes and sharing at HW level with VMs.
• That can bring greater savings
photo by Ben Gray on Flickr, http://www.flickr.com/photos/ben_grey/4582294721/, Licensed under CC
“There is no delight in owning anything unshared.”
Seneca (Roman philosopher, mid-1st century AD)
![Page 9: Multi tenancy - Wining formula for a PaaS](https://reader033.vdocuments.net/reader033/viewer/2022061121/546ea3edb4af9fa0268b4724/html5/thumbnails/9.jpg)
Why Multi-tenancy? 2. Provide “pay for what you use”
• Often there will be many accounts in a PaaS or a SaaS, but only a fraction of them will be in use.
• We cannot allocate runtime resource per account (disk may be ok, as it is cheap). For example, we cannot run a VM per account.
• By sharing the same server with many users, Multi-tenancy provides much reduced runtime cost per server.
Flexibility
![Page 10: Multi tenancy - Wining formula for a PaaS](https://reader033.vdocuments.net/reader033/viewer/2022061121/546ea3edb4af9fa0268b4724/html5/thumbnails/10.jpg)
Multi-tenancy vs. Virtual Machines• Multi-tenancy provides much
fine grained sharing by many applications sharing the same server.
• Say there are 100k accounts, but 10k active users at a time. VM based model needs 100k VMs, which means there is a cost incurred per account.
photo by hans s on Flickr, http://www.flickr.com/photos/archeon/2359334908/
• With Multi-tenancy one server can handle many accounts, and by mixing and matching heavy and light users, Multi-tenancy can operate with much less number of servers.
![Page 11: Multi tenancy - Wining formula for a PaaS](https://reader033.vdocuments.net/reader033/viewer/2022061121/546ea3edb4af9fa0268b4724/html5/thumbnails/11.jpg)
Motivating Usecases
![Page 12: Multi tenancy - Wining formula for a PaaS](https://reader033.vdocuments.net/reader033/viewer/2022061121/546ea3edb4af9fa0268b4724/html5/thumbnails/12.jpg)
To fulfill Cloud Promise: Implementing PaaS
• As discussed it is crucial in supporting “Pay as you go” in a Platform as a Service (PaaS)
• For example (within Stratos)
• Web Service Hosting as a Service ,Web Application Hosting as a Service, Message Mediation Execution as a Service (ESB), Governance as a Service, Workflow as a Service
Promise
![Page 13: Multi tenancy - Wining formula for a PaaS](https://reader033.vdocuments.net/reader033/viewer/2022061121/546ea3edb4af9fa0268b4724/html5/thumbnails/13.jpg)
SMBs (Small and Medium size Business)
This will lower the bar of SOA/ Middleware use, and enable SMBs to move to the next level.
photo by Olaf on Flickr http://www.flickr.com/photos/okreitz/3073783437/, Licensed under CC
Most SMBs can not afforded to run their own SOA technologies.
This stops them from going to the next level.
Workflow, Service and Web hosting as a service can enable multiple SMBs to share the same infrastructure.
![Page 14: Multi tenancy - Wining formula for a PaaS](https://reader033.vdocuments.net/reader033/viewer/2022061121/546ea3edb4af9fa0268b4724/html5/thumbnails/14.jpg)
E-Science Gateways
• Scientific workflows has been identified as enabling technology for E-Science.
• Idea is to let scientists visually compose workflows and run them.
• There are many gateways that do this.
photo by Image Editor on Flickr, http://www.flickr.com/photos/11304375@N07/2769519295/,
Licensed under CC
Enable multiple science gateways to share the same infrastructure thus reducing the maintenance cost and resource sharing . o Same would work for most e-Gov stuff and for most
organizations.
![Page 15: Multi tenancy - Wining formula for a PaaS](https://reader033.vdocuments.net/reader033/viewer/2022061121/546ea3edb4af9fa0268b4724/html5/thumbnails/15.jpg)
How Good is this Multi-Tenancy
implementation?
![Page 16: Multi tenancy - Wining formula for a PaaS](https://reader033.vdocuments.net/reader033/viewer/2022061121/546ea3edb4af9fa0268b4724/html5/thumbnails/16.jpg)
Multi-tenancy Maturity Models
• Model is Defined by Chong et al. • (F. Chong and G. Carraro, “Architecture strategies for catching the
long tail,” MSDN Library, Microsoft Corporation, 2006.)
• Provide a way to understand Multi-tenant implementations.
• Level1: Instance per Client
• Level 2: Configurable instance per Client
• Level 3: Single instance can serve multiple Clients
• Level 4: Scaling up Level 3 by running multiple instances and distributing the load.
![Page 17: Multi tenancy - Wining formula for a PaaS](https://reader033.vdocuments.net/reader033/viewer/2022061121/546ea3edb4af9fa0268b4724/html5/thumbnails/17.jpg)
Implementing Multi-Tenancy
![Page 18: Multi tenancy - Wining formula for a PaaS](https://reader033.vdocuments.net/reader033/viewer/2022061121/546ea3edb4af9fa0268b4724/html5/thumbnails/18.jpg)
Goals of Multi-tenancy
• Sharing – maximize the resource sharing across multiple tenants.
photo by John Trainoron Flickr http://www.flickr.com/photos/trainor/2902023575/, Licensed under CC
Isolation – hide the fact other users are also in the same server. o Execution – enforce security. Make sure one tenant can’t
call other tenants executable logic. o Data – make sure one tenant can’t see other’s data o Performance - make sure performance is not affected by
existence of other tenants. Scale
o Server is distributed and it can handle larger load by adding more nodes.
![Page 19: Multi tenancy - Wining formula for a PaaS](https://reader033.vdocuments.net/reader033/viewer/2022061121/546ea3edb4af9fa0268b4724/html5/thumbnails/19.jpg)
It is about trading off Isolation vs. Sharing
As often the case in research, implementing Multi-tenancy is a tradeoff
photo by Todd Anderson on Flickr, http://www.flickr.com/photos/toddography/12034661/, Licensed under
CC
![Page 20: Multi tenancy - Wining formula for a PaaS](https://reader033.vdocuments.net/reader033/viewer/2022061121/546ea3edb4af9fa0268b4724/html5/thumbnails/20.jpg)
WSO2 Carbon Platform
![Page 21: Multi tenancy - Wining formula for a PaaS](https://reader033.vdocuments.net/reader033/viewer/2022061121/546ea3edb4af9fa0268b4724/html5/thumbnails/21.jpg)
WSO2 Platform Architecture
We break multi-tenancy into three parts (Based on Chang et al.).
Execution: Business Processes, Workflows and Mashups
Security: ownership and authorization of both data, as well as executions in the framework
Data : User data and system runtime data
![Page 22: Multi tenancy - Wining formula for a PaaS](https://reader033.vdocuments.net/reader033/viewer/2022061121/546ea3edb4af9fa0268b4724/html5/thumbnails/22.jpg)
Multi-tenancy Architecture
![Page 23: Multi tenancy - Wining formula for a PaaS](https://reader033.vdocuments.net/reader033/viewer/2022061121/546ea3edb4af9fa0268b4724/html5/thumbnails/23.jpg)
Achieving Tenant Isolation
Each Tenant is given a Security Domain
Each domain may have its own User Store and Permissions, thus have a set of users and permissions enabling users to access resources
Each domain is isolated and do not have access to other domains
![Page 24: Multi tenancy - Wining formula for a PaaS](https://reader033.vdocuments.net/reader033/viewer/2022061121/546ea3edb4af9fa0268b4724/html5/thumbnails/24.jpg)
Implementing Data Multi-tenancy
• Separate DB
• Separate Schema
• Shared Schema
![Page 25: Multi tenancy - Wining formula for a PaaS](https://reader033.vdocuments.net/reader033/viewer/2022061121/546ea3edb4af9fa0268b4724/html5/thumbnails/25.jpg)
Separate Databases
• If you have no control over the code, then this is the only solution
• Horizontally scalable, but relatively expensive
25
• Vertical scaling is challenging but solvable
• WSO2 Relational Storage Service uses this models to provide users with DBs
Tenant 1 Tenant 4 Tenant 8
![Page 26: Multi tenancy - Wining formula for a PaaS](https://reader033.vdocuments.net/reader033/viewer/2022061121/546ea3edb4af9fa0268b4724/html5/thumbnails/26.jpg)
Separate Schema
• Relatively easy to implement
• Some databases have ways to support this directly but many don’t
• Failure difficult to handle
• Scales reasonably well
26
![Page 27: Multi tenancy - Wining formula for a PaaS](https://reader033.vdocuments.net/reader033/viewer/2022061121/546ea3edb4af9fa0268b4724/html5/thumbnails/27.jpg)
Shared Databases, Shared Schema
• Most efficient storage-wise and scales very well for large number of tenants
• Requires all accesses to qualify with tenant
• Failure is global
• (Stratos uses this approach internally for all provide isolation within WSO2 Registry)
27
![Page 28: Multi tenancy - Wining formula for a PaaS](https://reader033.vdocuments.net/reader033/viewer/2022061121/546ea3edb4af9fa0268b4724/html5/thumbnails/28.jpg)
Implementing Execution Isolation
All executions are based on Axis2
Axis2 have stateless executions and keep all state in a Context.
So if we create different context for each tenant, they are isolated.
![Page 29: Multi tenancy - Wining formula for a PaaS](https://reader033.vdocuments.net/reader033/viewer/2022061121/546ea3edb4af9fa0268b4724/html5/thumbnails/29.jpg)
Implementing Execution Isolation (Contd.)
![Page 30: Multi tenancy - Wining formula for a PaaS](https://reader033.vdocuments.net/reader033/viewer/2022061121/546ea3edb4af9fa0268b4724/html5/thumbnails/30.jpg)
Implementing Execution Isolation (Contd.)
• We use Java Security to make sure one tenant cannot access or temper with other tenant’s data structures, file system data etc.
• Example
• Tenant ID value in the context
![Page 31: Multi tenancy - Wining formula for a PaaS](https://reader033.vdocuments.net/reader033/viewer/2022061121/546ea3edb4af9fa0268b4724/html5/thumbnails/31.jpg)
Performance Isolation
• Performance isolation is a challenging issue.
• We currently relay on monitoring and auditing where we can kill CPU hogging processes
• We are exploring the possibility of changing the priority of CPU hogging processes in the work queues (e.g. workflow engine, ESB etc.).
photo Fortes by on Flickr, http://www.fotopedia.com/items/flickr-3193056200
![Page 32: Multi tenancy - Wining formula for a PaaS](https://reader033.vdocuments.net/reader033/viewer/2022061121/546ea3edb4af9fa0268b4724/html5/thumbnails/32.jpg)
Scaling Up
![Page 33: Multi tenancy - Wining formula for a PaaS](https://reader033.vdocuments.net/reader033/viewer/2022061121/546ea3edb4af9fa0268b4724/html5/thumbnails/33.jpg)
Scaling Multi-tenant Middleware • So far we talked about building a single Multi-
tenant Node (That is Level 3)
• To reach Level 4, we have to scale.
• To do that
• We have to run this with many nodes, and we have to partition.
• We have to replicate or partition. But we are talking about 1000s of tenants, likely one tenant can not hold all of them.
• So We need to partition
• We also need load balancing, and it should know about tenants.
![Page 34: Multi tenancy - Wining formula for a PaaS](https://reader033.vdocuments.net/reader033/viewer/2022061121/546ea3edb4af9fa0268b4724/html5/thumbnails/34.jpg)
![Page 35: Multi tenancy - Wining formula for a PaaS](https://reader033.vdocuments.net/reader033/viewer/2022061121/546ea3edb4af9fa0268b4724/html5/thumbnails/35.jpg)
Overhead of Multi-Tenancy
![Page 36: Multi tenancy - Wining formula for a PaaS](https://reader033.vdocuments.net/reader033/viewer/2022061121/546ea3edb4af9fa0268b4724/html5/thumbnails/36.jpg)
Service Performance
![Page 37: Multi tenancy - Wining formula for a PaaS](https://reader033.vdocuments.net/reader033/viewer/2022061121/546ea3edb4af9fa0268b4724/html5/thumbnails/37.jpg)
Workflow Performance
Setup Multi-tenant and non-multi-tenant versions Run 200 workflows from each client Overhead is minimal
o MT supports only add few additional lookups and checkso Java Security does not come in to play as we do not run
user provided code.
![Page 38: Multi tenancy - Wining formula for a PaaS](https://reader033.vdocuments.net/reader033/viewer/2022061121/546ea3edb4af9fa0268b4724/html5/thumbnails/38.jpg)
For more details (Publications on the topic)• A. Azeez and S. Perera et al., WSO2 Stratos: An
Industrial Stack to Support Cloud Computing, IT: Methods and Applications of Informatics and Information Technology Journal, the special Issue on Cloud Computing, 2011.
• Afkham Azeez, Srinath Perera, Dimuthu Gamage, Ruwan Linton, Prabath Siriwardana, Dimuthu Leelaratne, Sanjiva Weerawarana, Paul Fremantle, "Multi-Tenant SOA Middleware for Cloud Computing" 3rd International Conference on Cloud Computing, Florida, 2010
• Milinda Pathirage, Srinath Perera, Sanjiva Weerawarana, Indika Kumara, A Multi-tenant Architecture for Business Process Execution, 9th International Conference on Web Services (ICWS), 2011
![Page 39: Multi tenancy - Wining formula for a PaaS](https://reader033.vdocuments.net/reader033/viewer/2022061121/546ea3edb4af9fa0268b4724/html5/thumbnails/39.jpg)
Conclusion• We discussed what is Multi-tenancy and why it is
crucial for implementing a PaaS.
• We discussed details about implementing it
• Isolation (Data, Execution) .. Isolation vs. sharing tradeoff
• Four level’s of multi-tenancy
• Scaling Design
• Lot of open questions yet to be solved. Your thoughts and code both are welcome.
• Data Security (Encryption, Delegation etc. ), Tenant Migration , Scaling, Lazy loading …
![Page 40: Multi tenancy - Wining formula for a PaaS](https://reader033.vdocuments.net/reader033/viewer/2022061121/546ea3edb4af9fa0268b4724/html5/thumbnails/40.jpg)
Questions?
![Page 41: Multi tenancy - Wining formula for a PaaS](https://reader033.vdocuments.net/reader033/viewer/2022061121/546ea3edb4af9fa0268b4724/html5/thumbnails/41.jpg)
Feedback URL
https://appserver.stratoslive.wso2.com/t/wso2con2011.com/webapps/feedback-
sample-1.0.0/feedback