3. Cloud Computing refers to “Computing over the Internet”
The use of new or existing computing hardware and virtualization
technologies to form a shared infrastructure that enables web-based
value added services.
End users access cloud-based applications through a web browser or
a light-weight desktop or mobile app
The business software and user's data are stored on servers at a
remote location
a way to increase capacity or add capabilities on the fly
CLOUD COMPUTING
5. CLOUD COMPUTING
• Readily available on demand
On-demand self-
service
• Service is available via network
independent of user end device
Broad network
access
• Accomplished through virtualization and
multi-tenancy
Resource
pooling
• Provisioning/releasing of resourcesRapid elasticity
• Provides “pay-as-you-go” service
Measured
service
7. SERVICE MODELS
The use of server, storage and virtualization to enable utility like
services for users
Pre-configured hardware is provided via a virtualized interface or
hypervisor.
Cloud users install operating-system images and their application
software on the cloud infrastructure
Examples:
• Amazon EC2
• Azure Services Platform
• DynDNS
• Google Compute Engine
• Joyent
• LeaseWeb
• Rackspace Cloud, etc
8. SERVICE MODELS
Delivers platform including operating system, programming
language execution environment, database, and web server
Provides application hosting, development, testing and deployment
environment
Alleviates the need to buy and maintain the underlying
hardware, software and hosting facilities
Middle layer between SaaS and IaaS
Examples:
• AWS Elastic Beanstalk
• Heroku
• Force.com,
• Google App Engine
• OrangeScape, etc
9. SERVICE MODELS
Delivers applications/services over the web
No upfront investment in servers or software licensing for users
“pay-as-you-go” model
Data and the software application are hosted centrally
Software application can be accessed without need to use
additional hardware or software
Examples:
• Google Docs
• Dropbox
• Salesforce.com
• Hotmail or Gmail
• Microsoft Skydrive
• Google Analytics, etc
10. SaaS MULTENANT DB ARCHITECTURE
MULTITENANCY
A technology that clouds use to share IT resources cost-efficiently
and securely among multiple tenants
Software architecture where a single instance of a software
application serves multiple customers
Ensures that one tenant operates in isolation from all others
12. Simplest approach to data isolation with data being stored in
separate databases
SaaS MULTENANT DB ARCHITECTURE
13. It involves housing multiple tenants in the same database,
with each tenant having its own schema
SaaS MULTENANT DB ARCHITECTURE
14. It involves using the same database and the same set of
tables to host multiple tenants' data
SaaS MULTENANT DB ARCHITECTURE
15. PROPOSED SOLUTIONS
Solution 1
• AN EFFICIENT SCHEMA SHARED APPROACH FOR CLOUD BASED
MULTITENANT DATABASE WITH AUTHENTICATION &
AUTHORIZATION FRAMEWORK
Solution 2
• A NON-INTRUSIVE MULTI-TENANT DATABASE FOR LARGE SCALE
SAAS APPLICATIONS
16. PROPOSED SOLUTION 1
Multi-tenancy supported
architecture
Issues identification with
traditional apprach
Data isolation among
tenants’ data
Authentication and
authorization framework
for security
GOALS
17. PROPOSED SOLUTION 1
Decision for pre-defined number of columns (for custom fields)
Greater number of NULL values lead to wastage of space
Data type of columns
18. PROPOSED SOLUTION 1
Drawbacks
• Size of Extension table is too large which may lead to performance
problems while data fetching from the database
• Increased query processing time for insert, update and delete operations
20. PROPOSED SOLUTION 1
• XML objects are used in the
extension table
• reduced table size
• eliminated primary table
• XML document is dynamically
generated
• XML object contains data of
entire row
• Tags in XML object refers to the
name of table fields
• Allows multiple table creation
for tenants
• Table ids are used to associate
extension table data with its
respective table
21. PROPOSED SOLUTION 1
1. CRYPTOGRAPHY
For keys generation and
messages cryptography
class of .NET platform has
been used
2. VIEWS FOR TENANTS
Creation of views for
tenants to display
relevant information or
data
22. PROPOSED SOLUTION 1
3. KERBEROS PROTOCOL
For authentication and authorization
1) Getting the TGT from AS (authentication server)
2) Getting the SGT from TGS (ticket granting server)
3) Getting access to the server
A table is maintained for user permissions and is used for
authorization when user wants to perform some operation
23. PROPOSED SOLUTION 2
Cost effective database
sharing model
Gaps identification in
traditional databases
Data security among
tenants
Database scalability
GOALS
24. PROPOSED SOLUTION 2
Challenges Requirements Gaps
Low Cost
Low hardware, software & human resources
No cost-effective sharing and
isolation mechanism
Development cost – developer to focus on logic
No logical view to easily access the
database
Flexibility
Customization – database should be customizable Database does not support
customization mechanisms
Diverse SLA – contain all concerns about security,
encryption, backup techniques, etc.
SLA does not detail about any
access control mechanisms
Security Isolation
Security models to prevent access to other
tenants’ data;
Strict security isolation
Hierarchical ACL
Hybrid tenant types
Free sharing
Database does not support
security/control mechanisms
Scalability and
Availability
Applications should be scalable to support large
number of customers without affecting the existing
tenants’ services
Databases does not support
mechanisms for scalability,
availability and load balancing
26. • Separate databases
• Shared database, separate schemas
• Shared database, shared schema
Data Isolation
• Filter-based pattern in application level
• Permission-based pattern in DBMS level (Row
level access control mechanism because of
shared schema)
Data Security
• Reserved field pattern is used for custom
fields
• Template based approach is used for SLA to
fulfill tenant’s requirements
Flexibility
PROPOSED SOLUTION 2
27. •Architecture leverages (for dynamic request routing)
•database clustering
•routing mechanisms
•load balancing
Large Scale
Scalability
•Leverage Data Clustering: improves data retrieval
performance
•Caching Mechanism: improves metadata repository
access mechanism with low cost
•Load Balancing: improves the tenants’ request serving
by effective resources utilization
Performance
Optimization
PROPOSED SOLUTION 2
28. COMPARISON
DATA ISOLATION
Solution
1
• Supports only “shared schema”
• Does not provide full isolation
• Needs more powerful security mechanisms
2
• Supports all three db models
• Supports from full isolated dbs to shared dbs
DATA SECURITY
Solution
1
• Uses Kerberos protocol for authentication and authorization
managing a table for permissions
2
Application level security
Filter the request based on the tenant identification
DBMS level security
Table/row level access control mechanism db models
29. COMPARISON
DATA STORAGE
Solution
1
• Uses XML based data storage
• consumes less space (single row per record)
2
• Uses normal extension table approach
• consumes more space in comparison with XML based version
FLEXIBILITY
Solution
1
• Uses XML extended table field pattern that allows for any
number of custom fields to be added by the tenant
2
• It uses reserved extended table field pattern that pre-defines a
fixed number of table columns
30. COMPARISON
SCALABILITY
Solution
1 • Not supported
2
It supports;
• Database clustering
• Routing mechanisms
• Load balancing
PERFORMANCE OPTIMIZATION
Solution
1 Optimized performance for insert/update/delete operations
2
Implemented;
• Data clustering
• Caching mechanism
• Tenant based load balancing
31. RECOMMENDATIONS
Backup strategies should be implemented to provide
immediate restoration in case of failure.
Ex: Full backup, Differential backup, Incremental
backup, Continuous backup
Data that needs greater security should be saved in
encrypted form so that no one can access the information
easily
Some key generation algorithm should be used for
generating the unique ids used within the tables (TenantID,
TableID)