Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Saa s multitenant database architecture


Published on

Published in: Education, Technology
  • Login to see the comments

Saa s multitenant database architecture

  1. 1. Cloud ComputingService ModelsSaaS Multitenant DB ArchitectureProposed SolutionsComparisonRecommendations
  2. 2.  Cloud Computing refers to “Computing over the Internet” The use of new or existing computing hardware and virtualizationtechnologies to form a shared infrastructure that enables web-basedvalue added services. End users access cloud-based applications through a web browser ora light-weight desktop or mobile app The business software and users data are stored on servers at aremote location a way to increase capacity or add capabilities on the flyCLOUD COMPUTING
  4. 4. CLOUD COMPUTING• Readily available on demandOn-demand self-service• Service is available via networkindependent of user end deviceBroad networkaccess• Accomplished through virtualization andmulti-tenancyResourcepooling• Provisioning/releasing of resourcesRapid elasticity• Provides “pay-as-you-go” serviceMeasuredservice
  6. 6. SERVICE MODELS The use of server, storage and virtualization to enable utility likeservices for users Pre-configured hardware is provided via a virtualized interface orhypervisor. Cloud users install operating-system images and their applicationsoftware on the cloud infrastructure Examples:• Amazon EC2• Azure Services Platform• DynDNS• Google Compute Engine• Joyent• LeaseWeb• Rackspace Cloud, etc
  7. 7. SERVICE MODELS Delivers platform including operating system, programminglanguage execution environment, database, and web server Provides application hosting, development, testing and deploymentenvironment Alleviates the need to buy and maintain the underlyinghardware, software and hosting facilities Middle layer between SaaS and IaaS Examples:• AWS Elastic Beanstalk• Heroku•,• Google App Engine• OrangeScape, etc
  8. 8. SERVICE MODELS Delivers applications/services over the web No upfront investment in servers or software licensing for users “pay-as-you-go” model Data and the software application are hosted centrally Software application can be accessed without need to useadditional hardware or software Examples:• Google Docs• Dropbox•• Hotmail or Gmail• Microsoft Skydrive• Google Analytics, etc
  9. 9. SaaS MULTENANT DB ARCHITECTUREMULTITENANCY A technology that clouds use to share IT resources cost-efficientlyand securely among multiple tenants Software architecture where a single instance of a softwareapplication serves multiple customers Ensures that one tenant operates in isolation from all others
  10. 10. SeparatedatabasesShareddatabase, separate schemaShareddatabase, sharedschemaSaaS MULTENANT DB ARCHITECTURE
  11. 11. Simplest approach to data isolation with data being stored inseparate databasesSaaS MULTENANT DB ARCHITECTURE
  12. 12. It involves housing multiple tenants in the same database,with each tenant having its own schemaSaaS MULTENANT DB ARCHITECTURE
  13. 13. It involves using the same database and the same set oftables to host multiple tenants dataSaaS MULTENANT DB ARCHITECTURE
  15. 15. PROPOSED SOLUTION 1Multi-tenancy supportedarchitectureIssues identification withtraditional apprachData isolation amongtenants’ dataAuthentication andauthorization frameworkfor securityGOALS
  16. 16. PROPOSED SOLUTION 1 Decision for pre-defined number of columns (for custom fields) Greater number of NULL values lead to wastage of space Data type of columns
  17. 17. PROPOSED SOLUTION 1Drawbacks• Size of Extension table is too large which may lead to performanceproblems while data fetching from the database• Increased query processing time for insert, update and delete operations
  18. 18. PROPOSED SOLUTION 1DataisolationmodelShareddatabase,sharedschema thatsupports largenumber oftenantsOptimizeddatabaseschemaModifiedextensiontable forefficient use ofspaceDatasecurityKerberos isused forauthenticationandauthorization
  19. 19. PROPOSED SOLUTION 1• XML objects are used in theextension table• reduced table size• eliminated primary table• XML document is dynamicallygenerated• XML object contains data ofentire row• Tags in XML object refers to thename of table fields• Allows multiple table creationfor tenants• Table ids are used to associateextension table data with itsrespective table
  20. 20. PROPOSED SOLUTION 11. CRYPTOGRAPHYFor keys generation andmessages cryptographyclass of .NET platform hasbeen used2. VIEWS FOR TENANTSCreation of views fortenants to displayrelevant information ordata
  21. 21. PROPOSED SOLUTION 13. KERBEROS PROTOCOL For authentication and authorization1) Getting the TGT from AS (authentication server)2) Getting the SGT from TGS (ticket granting server)3) Getting access to the server A table is maintained for user permissions and is used forauthorization when user wants to perform some operation
  22. 22. PROPOSED SOLUTION 2Cost effective databasesharing modelGaps identification intraditional databasesData security amongtenantsDatabase scalabilityGOALS
  23. 23. PROPOSED SOLUTION 2Challenges Requirements GapsLow CostLow hardware, software & human resourcesNo cost-effective sharing andisolation mechanismDevelopment cost – developer to focus on logicNo logical view to easily access thedatabaseFlexibilityCustomization – database should be customizable Database does not supportcustomization mechanismsDiverse SLA – contain all concerns about security,encryption, backup techniques, etc.SLA does not detail about anyaccess control mechanismsSecurity IsolationSecurity models to prevent access to othertenants’ data;Strict security isolationHierarchical ACLHybrid tenant typesFree sharingDatabase does not supportsecurity/control mechanismsScalability andAvailabilityApplications should be scalable to support largenumber of customers without affecting the existingtenants’ servicesDatabases does not supportmechanisms for scalability,availability and load balancing
  25. 25. • Separate databases• Shared database, separate schemas• Shared database, shared schemaData Isolation• Filter-based pattern in application level• Permission-based pattern in DBMS level (Rowlevel access control mechanism because ofshared schema)Data Security• Reserved field pattern is used for customfields• Template based approach is used for SLA tofulfill tenant’s requirementsFlexibilityPROPOSED SOLUTION 2
  26. 26. •Architecture leverages (for dynamic request routing)•database clustering•routing mechanisms•load balancingLarge ScaleScalability•Leverage Data Clustering: improves data retrievalperformance•Caching Mechanism: improves metadata repositoryaccess mechanism with low cost•Load Balancing: improves the tenants’ request servingby effective resources utilizationPerformanceOptimizationPROPOSED SOLUTION 2
  27. 27. COMPARISONDATA ISOLATIONSolution1• Supports only “shared schema”• Does not provide full isolation• Needs more powerful security mechanisms2• Supports all three db models• Supports from full isolated dbs to shared dbsDATA SECURITYSolution1• Uses Kerberos protocol for authentication and authorizationmanaging a table for permissions2Application level securityFilter the request based on the tenant identificationDBMS level securityTable/row level access control mechanism db models
  28. 28. COMPARISONDATA STORAGESolution1• Uses XML based data storage• consumes less space (single row per record)2• Uses normal extension table approach• consumes more space in comparison with XML based versionFLEXIBILITYSolution1• Uses XML extended table field pattern that allows for anynumber of custom fields to be added by the tenant2• It uses reserved extended table field pattern that pre-defines afixed number of table columns
  29. 29. COMPARISONSCALABILITYSolution1 • Not supported2It supports;• Database clustering• Routing mechanisms• Load balancingPERFORMANCE OPTIMIZATIONSolution1 Optimized performance for insert/update/delete operations2Implemented;• Data clustering• Caching mechanism• Tenant based load balancing
  30. 30. RECOMMENDATIONS Backup strategies should be implemented to provideimmediate restoration in case of failure.Ex: Full backup, Differential backup, Incrementalbackup, Continuous backup Data that needs greater security should be saved inencrypted form so that no one can access the informationeasily Some key generation algorithm should be used forgenerating the unique ids used within the tables (TenantID,TableID)