Tenancy in software systems. How to separate data for different users, securely.

6 min read
Outline

for rent

A tenant is a group of users sharing the same view on an application they use. This view includes the data they access, the configuration, the user management, particular functionality and related nonfunctional properties. Usually, the groups are members of different legal entities or organizations. This comes with restrictions (e.g. data security and privacy).

Tenancy refers to the way these groups of users (tenants) share computing resources in a SaaS Environment. There are basically two ways customers or tenants can share resources: through Single or Multi tenancy systems.

TODO: Add graphic.

Single Tenancy: What is it?

TODO: Image

Single tenancy is a type of software architecture in which an application runs on a single server and is used exclusively by one tenant or customer. This means the software and data run on infrastructures dedicated to the customer alone and do not share database resources - Picture having a private jet that only serves you and a few others you’ve allowed.

Single tenancy is most commonly used in enterprise applications, such as customer relationship management (CRM) systems, enterprise resource planning (ERP) systems, and other enterprise applications. These applications require a high degree of control and customization for each user, which single tenancy can provide.

In addition to enterprise applications, single tenancy can also be used in cloud computing. In this case, each user has their own instance of the application, which can be hosted on a cloud platform.

Advantages

Single tenancy comes with a number of advantages, particularly for large businesses requiring private cloud environments and enterprise-grade SaaS services. This is because:

  • Better data Security: one tenant is often contained on a secured, dedicated resources (hardware)
  • Reliable performance: Single-tenancy customers benefit from isolated cloud environments with dedicated databases, applications, memory, and CPU.
  • Customizability: Having control over the entire environment provides you with a unique opportunity to add or customize functionality as needed.

Drawbacks

  • Cost: single tenancy can be more expensive than multi-tenancy. This is because it requires more hardware and software resources to maintain multiple instances of the same application.
  • Setup and Scalability: It can be difficult to set up, update or upgrade single tenant applications, as each user’s instance must be updated separately (this also increases operational cost).
  • Poor Resource utilization: resources often dedicated to single tenants are not utilized to their fullest potential.Reference

TODO: add some examples for ruby on rails in here. Example: each gets their own heroku instance / AWS EC2 instance.

Multi-tenancy

Multi-tenancy is a software architecture in which a single instance of a software application serves multiple customers, or tenants. It is a popular approach for cloud computing, where a single instance of a software application is shared among multiple customers. Each tenant has its own secure, isolated environment, and the application can be customized to meet the needs of each tenant.

The primary advantage of multi-tenancy is cost savings because it allows multiple customers to share the same hardware and software, eliminating the need for additional hardware and software purchases. Furthermore, because the application can be scaled up or down to meet the needs of each tenant, multi-tenancy can improve scalability and reliability.

An example of a multi tenancy system is a web-based teacher management system. As a provider of this software, you sell this system to multiple schools. The schools in this case are the tenants, and within the school there are different users that have access to this system.

Types of Multi-tenancy

Following on from the teacher management system example above, there are two architectures you can use to deploy multi-tenancy: a** **dedicated or a Shared multi-tenant architecture.

Dedicated multi-tenancy

Dedicated multi-tenancy is an architecture in which each tenant (the school) is allocated a separate instance of the application, database, or other components – while sharing a single server. This means that each school has its own dedicated resources and no other tenant can access or interfere with its data. This is made possible by providing each tenant with their own isolated virtual environment in a shared server.

Microsoft Azure andAWS are amongst the largest cloud computing platforms that enable businesses to use a dedicated multi-tenant system to host applications and services.

This type of hosting gives customers more control and customization over their environment, as well as increased scalability. However, because each tenant requires their own instance of the application, it can be more expensive than shared multi-tenancy. So, what is the less expensive method?

Shared Multi-tenancy

Shared multi-tenancy is a type of multi-tenancy in which multiple schools (tenants) share a single instance of an application, each with their own dedicated resources within the instance. This type of multi-tenancy is commonly used by software-as-a-service (SaaS) providers, such as the teacher management system in question, to provide multiple customers with access to the same application without the need for separate instances to be deployed for each customer. CRM platforms, such as Salesforce, also offer users a multi-tenant shared system for managing customer data, sales, and marketing activities.

There are several advantages to shared multi-tenancy. It saves money by eliminating the need for additional hardware and software purchases. It is also more scalable, as the application can be scaled up or down to meet the needs of each tenant.

The main disadvantage of shared multi-tenancy is security. As multiple tenants share the same hardware and software, it can be difficult to ensure that each tenant’s data is secure.

TODO: Image

Image Source: This

Which architecture should you use?

Although multi-tenant systems appear to be the most cost-effective option, they are not suitable for everyone. For example, if you are developing an application for the healthcare industry, you will need to be concerned with patient information security rather than actual cost. In such cases, you have the option of a single tenant or a dedicated multi-tenant system.

If you want to build consumer-facing applications, shared multi-tenant systems appear to be the best option. So, the correct answer is that it depends on your and your client’s needs. You can use this summary checklist to help you make your decision. There is also a good checklist in this Microsoft Azurearticle.

  1. Consider the application’s scalability requirements:
  • Single-tenancy may be better suited for applications with limited scalability needs.
  • Multi-tenancy may be better suited for applications with high scalability needs.
  1. Assess the application’s security needs:
  • Single-tenancy may be better suited for applications with higher security requirements.
  • Multi-tenancy may be better suited for applications with lower security requirements.
  1. Evaluate the application’s performance needs:
  • Single-tenancy may be better suited for applications with high performance requirements.
  • Multi-tenancy may be better suited for applications with lower performance requirements.
  1. Analyze the application’s deployment timeline:
  • Single-tenancy may be better suited for applications with shorter deployment timelines.
  • Multi-tenancy may be better suited for applications with longer deployment timelines.
  1. Analyze the Cost:
  • Consider the cost of developing, maintaining, and scaling a single-tenant architecture vs. a multi-tenant architecture.
  • Consider the cost of additional resources (e.g. servers, storage, etc.) that may be required to support a single-tenant architecture.
  • Consider the cost of additional security measures (e.g. firewalls, encryption, etc.) that may be required to protect a single-tenant architecture.

References:

Available slides

  1. slides

Till Carlos

I'm Till, a senior developer who started a software company. I explain software concepts for people in leading roles.