There’s A Difference Between Application/OS Multitenancy and Data(base) Multitenancy
There I was in the middle of a half moon yoga pose when the thought hit…
I was on a Telepresence the other day with @jamesurquhart and a couple of other colleagues and we were discussing the notion of Cloud services and multitenancy again.
I brought up a well-known Cloud provider who serves thousands (if not tens of thousands) of unique customers. I argued that based upon what I was told by system architects, the service was never really designed with multitenancy in mind. James argued to the contrary maintaining that he has had numerous discussions with the same architects and was convinced my point was invalid.
This got me thinking as to how, if we were talking to the same architects, we came away with a diametrically opposed understanding.
It should be noted that this vendor does not use server/OS virtualization in their offering and since multitenancy is often (improperly) associated directly with server/OS virtualization, we recognized that this wasn’t our disconnect.
Then it dawned on me (well today, during Yoga.) I was talking about the notion of application multitenancy and James was talking about the database/datastore aspects of multitenancy! The front-end versus the back-end versus the entire stack…
So of course from James’ perspective, the architects definitely built the database, schemas and table structures to support isolated, discrete and “secure” multitenancy.
However from my perspective, the application itself — a single application — isn’t “multitenant” insomuch as it is multi-user. The application provides a common programmatic entry point (however customized in presentation) to a specific dataset to which James was referring.
Aha! Seems simple and somewhat silly, but it never occurred to me that we were just thinking from different ends of the stack; this time I was top-down and James was bottoms-up. Funny as James is the app. guy and I am the Infrastructure bobblehead. Stupid siloed thinking on my part distracted me from what I know is a larger system architecture artifact that is easy to spot if I had only taken the goggles off.
This is important because when we apply Cloud definitions to SaaS providers wherein the required characteristics “require” multitenancy (see my post here,) many if not most SaaS offerings fail to meet the criterion. If we think along the lines of not just qualifying the ‘application’ but expand ‘software’ in SaaS to more broadly include the entire stack including the database, it passes the sniff test.
I have to tell you that this was, despite my own taxonomy diagrams which point out this very fact, a block in my vision which was causing me angst.
So, remember, when we’re talking about SaaS, just because the application front-end may not smell of multitenancy, the underlying platform and database probably will — especially if it’s going to scale to elastic cloud levels.
Silly little lightbulbs go off in the most interesting of times.
/Hoff
If a hacker defeats the single application and makes it communicate with the multi-tenant databases, he/she still defeats the whole system.
Many of the SaaS vendors will need to heavily review their multi-tenant security approach.
Additionally, start thinking about the trusted insider and what they can do when multi-tenancy is not implemented, as well as the principles of segregation of duties and least privilege. A trusted insider can do a lot of damage.
The value proposition of SaaS from the vendor view point is the fact that it is the database that makes multi-tenancy "work". The GUI should be shared, with customization of that application accomplished via the … database. A shared data-driven GUI is the very definition of multi-tenancy.
Slapping an application into a virtual environment doesn't make it multi-tenant. It makes the *operating system* multi-tenant, but not the *application* itself. So I agree with enforcing a difference between OS multi-tenancy and application multi-tenancy, but there is not difference between application multi-tenancy and database mutli-tenancy because the two are integrally tied together. An application is multi-tenant IFF its database is multi-tenant.