HCLT Whitepaper: Multi- Tenancy on Private Cloud

1. Multi-Tenancy on Private CloudFebruary 2012

2. Multi-Tenancy on Private Cloud | February 2012 TABLE OF CONTENTS Abstract ............................................................................................. 3 Abbreviations .................................................................................... 4 Market Trends/Challenges ................................................................ 5 Traditional Service Delivery Model ................................................... 6 Limitations of the Traditional Model .................................................. 6 Multi-Tenancy – An Alternate Model ................................................. 7 Why Multi-Tenancy on Cloud? .......................................................... 7 Approaches of Multi-Tenancy ........................................................... 8 Choosing the right approach in Multi-Tenancy ............................... 10 Isolation-Based Multi-Tenancy on Cloud ........................................ 12 Multi-Tenancy on Cloud Using HCL CDMK .................................... 14 Highlights of HCL CDMK................................................................. 15 Conclusion....................................................................................... 17 References ...................................................................................... 18 Author Info ....................................................................................... 19 ©2011 HCL Technologies, Ltd. Reproduction prohibited. This document is protected under copyright by the author. All rights reserved.

3. Multi-Tenancy on Private Cloud | February 2012 Abstract Advances in cloud computing technology and changes in business models create major paradigm shifts in the way software applications are designed, built, and delivered to end users. The concept of multi-tenancy is one of the key and direct derivatives of cloud computing. Multi-tenancy is an architectural model that optimizes resource sharing. The applications will be deployed and delivered from a shared environment while providing sufficient levels of isolation to the tenants and Quality of Service (QoS) throughout the environment. Like any other paradigm shift, a cloud-based delivery (SaaS) model also comes with a new set of technical challenges. This paper provides a technical overview on how to convert an application traditionally hosted on-premise to a multi-tenant environment and deliver through an SaaS model. This paper also covers the challenges and benefits of moving this to a cloud infrastructure. ©2011 HCL Technologies, Ltd. Reproduction prohibited. This document is protected under copyright by the author. All rights reserved.3

4. Multi-Tenancy on Private Cloud | February 2012 Abbreviations Sl. No. Acronyms Full form 1 ACL Access Control List 2 AD Active Directory 3 CDMK Cloud Deployment & Management Kit 4 IdP Identity Provider 5 ISV Independent Software Vendor 6 RBAC Role Based Access Control 7 SaaS Software-as-a-Service 8 SLA Service Level Agreement 9 vCD vCloud Director 10 VDI Virtual Desktop Infrastructure 11 VPN Virtual Private Network ©2011 HCL Technologies, Ltd. Reproduction prohibited. This document is protected under copyright by the author. All rights reserved.4

5. Multi-Tenancy on Private Cloud | February 2012 Market Trends/Challenges The advent of cloud computing boosted a new business model for The traditional method of on- delivering software, which is generally termed SaaS (Software as a premise hosting of Service). ISVs started realizing the necessity of transforming their applications is changing. The traditional on-premise products to the new ―cloud‖ business model. cloud provides an alternative Multi-tenancy is the fundamental design approach that essentially for designing, building and improves the acceptability of SaaS applications. delivering the software to end The idea of multi-tenancy, or many tenants sharing resources, is users. fundamental to cloud computing. Isolation and service assurance ISVs are understanding the are the key elements to be addressed. necessity of transforming their Isolation ensures that the resources of existing tenants remain product delivery to a new untouched, and the integrity of the applications, workloads, and data model of ‘Cloud-Based SaaS.” remain uncompromised when the service provider provisions new tenants. Each tenant may have access to different amounts of network, computing, and storage resources in the shared virtual environment. Tenants see only those resources allocated to them. Service assurance ensures the availability and the consistency of performance, independent of the existence of other tenants. Various VMware products provide basic elements for constructing the secured multi-tenancy environment. But the individual handling of these disjointed products can result in:  Higher ongoing operational costs and reduced ongoing operational efficiency  Increased complexity in service deployment and configuration  Complexity in providing policy-based authorization and access control  Inability to provide network security for server and desktop systems  Inconsistency in management of different levels of infrastructures (server and desktops)  Increase in overall complexity and IT overhead These issues can be addressed by a unified application aware management layer. The HCL Cloud Deployment and Management Kit (CDMK) is designed to fill this gap. CDMK provides an enterprise-class integrated unified interface for managing the entire multi-tenant environment by leveraging the various VMware components at various levels. CDMK provides a centralized infrastructure management by integrating the virtual server, desktops and on-premise stand-alone systems. The unified network interface of CDMK integrates the network provisioning and network security services. ©2011 HCL Technologies, Ltd. Reproduction prohibited. This document is protected under copyright by the author. All rights reserved.5

6. Multi-Tenancy on Private Cloud | February 2012 The focus of this paper is to explain the CDMK approach for Multi-tenancy is the enabling an enterprise to successfully transform the traditional mandatory requirement for service delivery model to an on-demand service delivery model with an SaaS Model. minimal effort through hosting on a VMware-based private cloud. Multi-tenancy can be on This paper will start by explaining the traditional software delivery different levels, like approach, then the cloud-based multi-tenant alternative. infrastructure, database, etc. Throughout this paper, all terms such as organization, customer, The whole virtual tenant and enterprise basically mean one who consumes a service environment is shared from the service provider. between the tenants; infra- level multi-tenancy ensures Traditional Service Delivery Model the tenant isolation in Traditionally, the service is delivered over an on-premise resources (computing, infrastructure which is owned by the enterprise. The service provider memory, storage and sets up the service in the customer infrastructure and provides the network) level. after-sale support. The figure below illustrates this service delivery model. Figure 1 - Traditional Service Delivery This involves two levels of support. One is the service provider admin; the other admin provides on-premise support. The service provider admin provides the tenant level support after the user subscribes to any of their services through the internet or over the phone. The other admin takes care of on-premise level support (usually the enterprise IT admin) of the subscribed service. This delivery model provides better security, as the whole service is installed and run in the customer’s campus. However, it has some limitations which are thrusting this delivery model to become almost obsolete. Limitations of the Traditional Model The traditional model gives more control on the service they deliver, and in turn, secure application and data. However, this has lot of limitations such as: ©2011 HCL Technologies, Ltd. Reproduction prohibited. This document is protected under copyright by the author. All rights reserved.6

7. Multi-Tenancy on Private Cloud | February 2012  Inefficient resource utilization: As the applications are hosted on the customer’s infrastructure, there is no scope for optimizing the utilization based on usage Limitations of of Adoption multi-tenant On-Premises service delivery in the cloud  Operational cost and complexity over the product 1. Inefficient resource delivers benefits such as lifecycle: Applying any changes in the product will be highly utilization elasticity, scalability, high complex, as the installations are distributed across the availability and on-demand 2. High operational cost customer locations. allocation of resources. This 3. Admin tasks overhead for  Wrong Role Play: In this model, the application is managed makes the cloud adoption for customers in the customer’s location. Hence, the customer will be the multi-tenant application a forced to play the role of application and infra admin. more viable and cost-effective 4. Fresh installations and set- Practically, it will be a high overhead for the customers, as solution. every new customer up for that may not be their area of expertise.  Complex customer on-boarding process: Fresh installations and service set-up has to be done for all new customers. Compared to the subscription model, it has a lot of overhead in customer on-boarding. The answer to this limitation is the multi-tenancy. We will explore more about multi-tenancy and related solutions in the rest of this paper. Multi-Tenancy – An Alternate Model The terms multi-tenant and multi-tenancy both have been used to describe application architectures designed to support multiple users or ―tenants‖ for a contractual or subscribed period. Wikipedia defines multi-tenancy refers as a principle in software architecture where a single instance of the software runs on a server, serving multiple client organizations (tenants). Multi-tenancy is contrasted with a multi-instance architecture where separate software instances (or hardware systems) are set up for different client organizations. With a multi-tenant architecture, a software application is designed to virtually partition its data and configuration, and each client organization works with a customized virtual application instance. Why Multi-Tenancy on Cloud? Cloud computing provides the benefits of scalability, elasticity and on-demand allocation of resources, which pushes the multi-tenant architecture to the next level. Service providers benefit with a shorter time to market and less expense. This makes the cloud adoption for the multi-tenant application a more viable and cost- effective solution. Next we’ll look at multi-tenancy approaches which are common in this industry. ©2011 HCL Technologies, Ltd. Reproduction prohibited. This document is protected under copyright by the author. All rights reserved.7

8. Multi-Tenancy on Private Cloud | February 2012 Approaches of Multi-Tenancy Multi-tenancy can be implemented either as a shared or isolated resource including data and infrastructure between tenants. We will Approaches in Multi-Tenancy look at both models in the infrastructure level and further analyze the right approach by exploring the various technical and business 1. Shared infrastructure factors. 2. Isolated infrastructure Shared Infrastructure In this approach, the service provider shares their infrastructure across multiple tenants. Typically, in this approach, tenant data security is achieved on database. Shared multi-tenancy is achieved as illustrated in the figure below. Figure 2 - Shared Multi-Tenancy Infrastructure and application code are generally shared in this approach. It is shared between all the tenants on a server, but each tenant has its own set of data that remains logically isolated from data that belongs to all other tenants. Metadata associates each database with the correct tenant, and database security prevents any tenant from accidentally or maliciously accessing the other tenants’ data. Giving each tenant its own database makes it easier to extend the application’s data model to meet tenants’ individual needs, and restoring a tenant’s data from backups in the event of a failure is a relatively simple procedure. Unfortunately, this approach tends to lead to higher costs for maintaining equipment and backing up tenant data. ©2011 HCL Technologies, Ltd. Reproduction prohibited. This document is protected under copyright by the author. All rights reserved.8

9. Multi-Tenancy on Private Cloud | February 2012 Types of Isolated Isolated Infrastructure Infrastructure Isolation refers to the effective segmentation and isolation of tenants 1. Total isolation and their assets within the multi-tenant environment. The tenants see only those resources allocated to them. Tenant isolation is a 2. Resource level isolation vital requirement for all multi-tenant applications. Based on the 3. Network level isolation security requirement of the tenant/application, CDMK supports an adaptive isolation approach, which can be on three levels.  Total Isolation: Each tenant will be hosted on a separate isolated environment. The computing and storage resources will be tenant-specific. Each tenant will have its own network. This is the highest level of isolation. Figure 3 - Total Isolation  Resource Level Isolation: All the tenants will share the same environment and network, but the computing and storage resources will be tenant-specific. Figure 4 - Resource Level  Network Level Isolation: All the tenants will share the same environment, but the computing and storage resources and network will be tenant-specific. ©2011 HCL Technologies, Ltd. Reproduction prohibited. This document is protected under copyright by the author. All rights reserved.9

10. Multi-Tenancy on Private Cloud | February 2012 Development efforts can be constrained by business and economic factors which can influence the choice of approach. The shared approach can end up saving money over the long run, but it does require a larger initial development effort before it Figure 5 - Network Level can start producing revenue. Though all the above approaches provide more or less similar advantages, it usually depends on the customer’s infrastructure and application requirements. Choosing the right approach in Multi-Tenancy Both the approaches which we discussed above offer their own sets of benefits and tradeoffs. A few considerations below will help us make the appropriate choice. Economic Considerations Service optimized for a shared approach tends to require a larger development effort than service designed using a more isolated approach (because of the relative complexity of developing a shared architecture), resulting in higher initial costs. Because they can support more tenants per server, however, their ongoing operational costs tend to be lower. Development effort is constrained by business and economic factors, which can influence the choice of approach. The shared approach can end up saving money over the long run, but it does require a larger initial development effort before it can start producing revenue. If the enterprise is unable to fund a development effort of the size necessary to build a shared infrastructure application, or if there is a plan to bring the application to market more quickly than a large-scale development effort would allow, then a more isolated approach should be considered. Tenant Consideration The number, nature, and needs of the tenants we expect to serve all affect the architecture decision in different ways. The number of prospective tenants will influence our choice of architecture. The larger tenants will more likely need to consider a shared approach. ©2011 HCL Technologies, Ltd. Reproduction prohibited. This document is protected under copyright by the author. All rights reserved.10

11. Multi-Tenancy on Private Cloud | February 2012 Storage space required by the average tenants data is one of the In an isolated model, customization can be done important factors in the design consideration. If we expect most or with less re-engineering effort all tenants to store large amounts of data, the isolated approach is by independently updating the ideal option to choose. the system kernel, modifying During the design choice, you also need to consider the average the core application, or customizing tenant-specific concurrent usage of end users for the tenants. The larger the components, with virtually no number, the more appropriate is the isolated approach to meet end- risk of affecting other tenants. user requirements. The isolated approach will give the cushion of offering any per-tenant value-added services, such as per-tenant backup and restore capability. Service Customization Multi-tenancy is practical only when it supports customization of services, version management, tenant specific QoS and patch management. Service customization in a shared environment will be entirely metadata driven. This will make the service evolve to use a runtime engine that generates service components from metadata — data about the service itself. This metadata can be service data, the metadata that describes the base functionality of a service, and the metadata that corresponds to each tenant’s data and customizations such as look and feel. Considering all the above points, customization on a shared model will incur more cost and complexity for the service provider. In an isolated model, customization can be done with less re- engineering effort by independently updating the system kernel, modifying the core application, or customizing tenant-specific components, with virtually no risk of affecting other tenants. ©2011 HCL Technologies, Ltd. Reproduction prohibited. This document is protected under copyright by the author. All rights reserved.11

12. Multi-Tenancy on Private Cloud | February 2012 Security Consideration In cloud-based architectures, As the services have to store sensitive tenant data, potential on-premise limitations will be customers will expect high security, and the service level taken care of, as the services agreements (SLAs) have to showcase strong data safety will be hosted on the service guarantees. A common misconception is that only physical isolation provider’s virtual can provide an appropriate level of security. In fact, data stored environment. This ensures using a shared approach can also provide strong data safety, but rapid scalability of the on- requires the use of more sophisticated design patterns. demand resources. Moreover, converting an on-premise Performance Consideration application does not need much re-engineering work. It is obvious that a shared approach is going to share everything in This makes the cloud a good the service provider infrastructure. This means there will be option to consider for on- performance sharing. If we need a service with a better performance demand secured multi- quotient, then the apparent choice is the isolated approach. In an tenancy for an enterprise. isolated approach, we can do all kinds of performance tuning on a per-tenant basis. This paper targets the isolated approach. This doesn’t mean that the shared approach is not suitable. This is purely based on the requirements of the service provider. Isolation-Based Multi-Tenancy on Cloud Cloud-based service hosting and delivery is an alternative approach. As this cloud based approach is getting adopted widely, there are lots of security and operational challenges which are standing as a barrier to wider adoption from the enterprise community. This section covers the benefits of the solution, challenges/issues and CDMK response to these challenges. Solution Overview In cloud-based architectures, on-premise limitations will be taken care of, as the services will be hosted on the service provider’s virtual environment. This ensures rapid scalability of the on-demand resources. Moreover, converting an on-premise application does not need much re-engineering work. This makes the cloud a good option to consider for on-demand secured multi-tenancy for an enterprise. The figure below illustrates the high level solution approach for the multi-tenancy in the cloud. ©2011 HCL Technologies, Ltd. Reproduction prohibited. This document is protected under copyright by the author. All rights reserved.12

13. Multi-Tenancy on Private Cloud | February 2012 Figure 6 - Multi-Tenant Solution The key characteristics of this solution compared to the traditional approach are as follows:  The applications will be hosted on the shared infrastructure of the service provider. Each tenant application will be hosted in an isolated environment.  The applications may use different combinations of servers and desktops. The servers and desktops of each tenant will be protected in the same network boundary.  The tenant applications may need access to some shared services of the service provider. Policy-based access will be provided for all tenant applications to the shared services.  The customers will access their isolated environments through a secured (VPN) channel  As the applications are hosted on the service provider environment, the IT and service administration activities will be managed by the service provider. ©2011 HCL Technologies, Ltd. Reproduction prohibited. This document is protected under copyright by the author. All rights reserved.13

14. Multi-Tenancy on Private Cloud | February 2012 Multi-Tenancy on Cloud Using HCL CDMK HCL’s CDMK provides the comprehensive solution for the multi- HCL CDMK plays the role of tenant enabled cloud. The figure below illustrates how HCL’s CDMK the manager responsible for achieves this on top of VMware infrastructure. provisioning the multiple isolated tenant environments on-demand and management of the whole tenant lifecycle. Figure 7 - HCL CDMK Multi-Tenancy Solution Here, the HCL CDMK plays the role of the manager responsible for provisioning multiple isolated tenant environments on-demand and management of the whole tenant lifecycle. The service provider admin role is limited to push the request to HCL CDMK on-demand; further backend interactions with the vCloud and other VMware infrastructure for the secured deployment of tenant-specific services in the respective isolated environment is the responsibility of the HCL CDMK. The HCL CDMK works with vCloud and VMware View to seamlessly provision the server and the desktop required for the respective tenants. It can handle capacity planning activities such as on- demand scalability of the tenant’s resources, and it is well complemented by the resource managers of HCL CDMK to deliver it on the fly. ©2011 HCL Technologies, Ltd. Reproduction prohibited. This document is protected under copyright by the author. All rights reserved.14

15. Multi-Tenancy on Private Cloud | February 2012 Solution Stack of CDMK 1. Hardware & Hypervisor 2. VMware Stack 3. HCL CDMK Figure 8 - HCL CDMK Solution stack overview The figure above represents the solution stack overview of the HCL CDMK. This has three layers:  Hardware & Hypervisor: This the bare-metal infrastructure layer over. VMware ESX hypervisor is running on each server.  VMware Stack: It has a vCenter which manages the multiple ESX servers. vCloud director provides the cloud features and View manager takes care of the desktop management.  HCL CDMK: This leverages and integrates the VMware infrastructure to achieve the secured multi-tenancy. With this architecture, HCL CDMK is achieving its objective to enable a secured, flexible and rugged multi-tenancy over a cloud infrastructure. In next section, we will discuss the highlights of HCL CDMK. Highlights of HCL CDMK HCL CDMK addresses the limitations of on-premise multi-tenancy. In addition to that, it comes with few highlights such as:  Unified Infrastructure Management Unified management of the virtual infrastructure is one of the key benefits which cloud brings to this approach. Below are the major challenges we may need to focus on.  Server and desktop integration The server is the one hosting the services of the service provider and the desktop is provided as a window to the service accessible ©2011 HCL Technologies, Ltd. Reproduction prohibited. This document is protected under copyright by the author. All rights reserved.15

16. Multi-Tenancy on Private Cloud | February 2012 from the client network (here, by client, we mean the customer of the service provider). The challenge here is to achieve a unified infrastructure management by bringing the server and desktop in the same network boundary, at the same time adhering to each other network’s policies and protocols. Highlights of HCL CDMK 1. Unified infrastructure  Unified provisioning approach management Provisioning of the server and desktop is carried out as a similar 2. Integration with shared task with different configurations. Other information, such as services network, RBAC, etc., also need to be handled during the provisioning, depending on the type of provision (desktop or server). 3. Customization of services per tenant  Agent-based VDI remote management 4. Integration of on-premise The HCL CDMK Agent will be running in each connection server; network that helps us remotely monitor the VDI. The HCL CDMK meets all the challenges above to offer a complete management layer for infrastructure management.  Shared Services Access to shared services/components such as the service provider console, email service, domain controllers, administrative servers, etc., is vital for normal functioning of their services. This is accomplished by running these components on a network which has ACL permission for the tenants.  Customization As we discussed in the Service Customization section, this will offer the tenant customization of services, version management, tenant- specific QoS and patch management. Moreover, it is easy to build a metadata-driven architecture in an isolated model. In addition to that, this model gives us the options to:  Enable service to be flexible enough in allowing changes to business logic  Ability to configure a different workflow for each tenant.  Performance-based customization – Each tenant has their service running over their own customizable virtualized infrastructure.  SLA-based fine tuning per tenant is possible ©2011 HCL Technologies, Ltd. Reproduction prohibited. This document is protected under copyright by the author. All rights reserved.16

17. Multi-Tenancy on Private Cloud | February 2012 HCL CDMK provides the  Integration with On-Premises Network unified management solution As multi-tenancy is achieved between the cloud and the on-premise that will enable software infrastructure, there is a need to adhere to each other’s set of applications to be hosted policies, practices and protocols. The two points below must be seamlessly on a VMware-based addressed: private cloud  Integration with the enterprise IdP: integrating the cloud with the enterprise IdP to validate the user identity in a federated identity system  Secured Connectivity: Establish a secured connectivity between the tenant cloud environment and the enterprise network. A site-to-site VPN tunnel provides the secured connection. Conclusion ISVs have started realizing the necessity of transforming their on- premise, traditionally-hosted approach to the new cloud-based, multi-tenant model. Various VMware products provided the basic virtualization and cloud-based products for creating a robust multi- tenant environment. Due to the complexity and diversity of the applications architectures, there is a need for application aware unified cloud interfaces for enabling the traditional applications to the new on-demand multi-tenant model in a quick timeframe. HCL CDMK provides the unified management that will enable software applications to be hosted seamlessly on the private cloud. ©2011 HCL Technologies, Ltd. Reproduction prohibited. This document is protected under copyright by the author. All rights reserved.17

18. Multi-Tenancy on Private Cloud | February 2012 References 1. Multi-Tenant Data Architecture - Frederick Chong, Gianpaolo Carraro, and Roger Wolter - Microsoft Corporation 2. The Force.com Multitenant Architecture Understanding the Design of Salesforce.com’s Internet Application Development Platform ©2011 HCL Technologies, Ltd. Reproduction prohibited. This document is protected under copyright by the author. All rights reserved.18

19. Multi-Tenancy on Private Cloud | February 2012 Author Info Haroon Rasheed Lead Engineer – ERS-Practice Haroon has over 4.5 years of experience in the IT industry. His areas of interest are cloud computing technologies, virtualization and software development. Ashok R Technical Lead – ERS-Practice Ashok has more than 5 years of experience in product development and expertise in the security domain, especially in key management and cloud computing technologies. Hareendran M Technical Manager – ERS-Practice Hareendran has more than 13 years of experience in product development, and expertise in the security domain, especially in identity federation and access management and cloud computing technologies. ©2011 HCL Technologies, Ltd. Reproduction prohibited. This document is protected under copyright by the author. All rights reserved.19

20. Hello, I’m from HCL’s Engineering and R&D Services. We enabletechnology led organizations to go to market with innovative productsand solutions. We partner with our customers in building world classproducts and creating the associated solution delivery ecosystem tohelp build market leadership. Right now, 14,500+ of us are developingengineering products, solutions and platforms across Aerospace andDefense, Automotive, Consumer Electronics, Industrial Manufacturing,Medical Devices, Networking & Telecom, Office Automation,Semiconductor, and Servers & Storage for our customers.For more details, contact eootb@hcl.comFollow us on Twitter at http://twitter.com/hclers and our blog athttp://ers.hclblogs.com/Visit our website at http://www.hcltech.com/engineering-services/About HCLAbout HCL TechnologiesHCL Technologies is a leading global IT services company, workingwith clients in the areas that impact and redefine the core of theirbusinesses. Since its inception into the global landscape after its IPO in1999, HCL focuses on ―transformational outsourcing,‖ underlined byinnovation and value creation, and offers an integrated portfolio ofservices including software-led IT solutions, remote infrastructuremanagement, engineering and R&D services and BPO. HCL leveragesits extensive global offshore infrastructure and network of offices in 26countries to provide holistic, multi-service delivery in key industryverticals including Financial Services, Manufacturing, ConsumerServices, Public Services and Healthcare. HCL takes pride in itsphilosophy of ―Employees First, Customers Second,‖ which empowersour 77,046 transformers to create a real value for the customers. HCLTechnologies, along with its subsidiaries, had consolidated revenues ofUS$ 3.5 billion (Rs. 16,034 crores), as of 30 June 2011 (on LTM basis).For more information, please visit www.hcltech.comAbout HCL EnterpriseHCL is a $6.2 billion leading global technology and IT enterprisecomprising two companies listed in India - HCL Technologies and HCLInfosystems. Founded in 1976, HCL is one of Indias original IT garagestart-ups. A pioneer of modern computing and a transformationalenterprise, HCL’s diverse range of hardware and software offeringsspan a wide array of focused industry verticals. The HCL team consistsof 90,000 professionals of diverse nationalities, who operate from 31countries including over 500 points of presence in India. For more onHCL, please visit www.hcl.com