This document provides an overview of multi-tenancy and its implementation in a Platform as a Service (PaaS). It discusses how multi-tenancy allows for increased resource sharing and enables the "pay for what you use" model. The document outlines different approaches to implementing multi-tenancy, including data, execution, and performance isolation. It also discusses scaling a multi-tenant system using multiple nodes and load balancing. The goal of multi-tenancy is to maximize sharing while maintaining tenant isolation.

1. Multi-tenancy:
Winning formula for a
PaaS
by
Srinath Perera, Ph.D.
Senior Software Architect
WSO2 Inc.

2. Next 45 Minutes …
• Brief Introduction to
Cloud and PaaS
• What and Why Multi-
tenancy?
• Implementing Multi-
tenancy
• Data Multi-tenancy
• Execution Multi-tenancy
• Scaling Up
• Conclusion
Photo by Bruno Girin on
Flickr, http://www.flickr.com/photos/brunogirin/27981693/, Licensed

3. Cloud Computing
 Ability to buy computations power, storage, or
execution services as an Utility, on demand.
 For more details read “A View of Cloud
Computing, Communications of the ACM, 2010”

4. Cloud Computing (contd.)
• Best way to explain it is by
comparing it to Electricity
• Idea is a big pool of servers and
share.
• Economics of scale through
Optimize large scale operations.
• Resource Pooling.
• No need for capacity
planning, start small and grow as
needed.
• Outsource and enabling
specialization.
photo by LoopZilla on
Flickr, http://www.flickr.com/photos/loopzilla/2328231843/sizes/m/in/ph

5. Cloud Offerings

6. Why PaaS?
• IaaS only provides limited saving to someone who
needs to outsource their IT functions
• SaaS is great when they can be used
• They are usually very specific (e.g. email, CRM ..)
• If they match, then great, but if they are not, not
much choice for the user.
• PaaS stays in the middle ground
• Framework to host your apps
• Hopefully you can move your apps as it is (well not
the case with Azure or App Engine, but it is possible
with WSO2 Stratos !!!).

7. What is Multi-tenancy ?
 Many Parties share the same set of resources, while
giving each one his own space

8. Why Multi-tenancy? 1. Increased sharing
• Cloud shares
resources across a
large pool of users.
• Now sharing happens
in the application
level as oppose to
sharing at OS level for
“There is no delight in
multiple processes owning anything unshared.”
and sharing at HW Seneca (Roman philosopher, mid-1st
level with VMs. century AD)
• That can bring greater
savings
photo by Ben Gray on
Flickr, http://www.flickr.com/photos/ben_grey/4582294721/, Licensed under CC

9. Why Multi-tenancy? 2. Provide “pay for
what you use”
• Often there will be many accounts
in a PaaS or a SaaS, but only a
fraction of them will be in use.
• We cannot allocate runtime
resource per account (disk may be
ok, as it is cheap). For
example, we cannot run a VM per
account.
• By sharing the same server with
many users, Multi-tenancy provides
much reduced runtime cost per
server.

10. Multi-tenancy vs. Virtual Machines
• Multi-tenancy provides much fine
grained sharing by many
applications sharing the same
server.
• Say there are 100k accounts, but
10k active users at a time. VM
based model needs 100k
VMs, which means there is a cost
incurred per account.
• With Multi-tenancy one server can handle many
accounts, and by mixing and matching heavy and light
users, Multi-tenancy can operate with much less number of
servers.
photo by hans s on
Flickr, http://www.flickr.com/photos/archeon/2359334908/

11. Motivating Usecases

12. To fulfill Cloud Promise: Implementing PaaS
• As discussed it is crucial
in supporting “Pay as
you go” in a Platform as
a Service (PaaS)
• For example (within Stratos)
• Web Service Hosting as a Service ,Web Application
Hosting as a Service, Message Mediation Execution as a
Service (ESB), Governance as a Service, Workflow as a
Service

13. SMBs (Small and Medium size Business)
 Most SMBs can not
afforded to run their own
SOA technologies.
 This stops them from
going to the next level.
 Workflow, Service and
Web hosting as a service
can enable multiple SMBs
to share the same
infrastructure.
This will lower the bar of SOA/ Middleware use, and
enable SMBs to move to the next level.
photo by Olaf on Flickr
http://www.flickr.com/photos/okreitz/3073783437/, Licensed under CC

14. E-Science Gateways
• Scientific workflows has
been identified as enabling
technology for E-Science.
• Idea is to let scientists
visually compose workflows
and run them.
• There are many gateways
that do this.
 Enable multiple science gateways to share the same
infrastructure thus reducing the maintenance cost and
resource sharing .
o Same would work for most e-Gov stuff and for most organizations.
photo by Image Editor on
Flickr, http://www.flickr.com/photos/11304375@N07/2769519295/, Li

15. How Good is this
Multi-Tenancy
implementation?

16. Multi-tenancy Maturity Models
• Model is Defined by Chong et al.
• (F. Chong and G. Carraro, “Architecture strategies for catching the long
tail,” MSDN Library, Microsoft Corporation, 2006.)
• Provide a way to understand Multi-tenant
implementations.
• Level1: Instance per Client
• Level 2: Configurable instance per Client
• Level 3: Single instance can serve multiple Clients
• Level 4: Scaling up Level 3 by running multiple
instances and distributing the load.

17. Implementing Multi-
Tenancy

18. Goals of Multi-tenancy
• Sharing – maximize the
resource sharing across
multiple tenants.
 Isolation – hide the fact other users are also in the same
server.
o Execution – enforce security. Make sure one tenant can’t call
other tenants executable logic.
o Data – make sure one tenant can’t see other’s data
o Performance - make sure performance is not affected by
existence of other tenants.
 Scale
o Server is distributed and it can handle larger load by adding more
nodes.
photo by John TrainoronFlickr
http://www.flickr.com/photos/trainor/2902023575/, Licensed under CC

19. It is about trading off Isolation vs. Sharing
As often the case in research, implementing
Multi-tenancy is a tradeoff
photo by Todd Anderson on
Flickr, http://www.flickr.com/photos/toddography/12034661/, Licensed

20. WSO2 Carbon Platform

21. WSO2 Platform Architecture
 We break multi-tenancy into three parts (Based on Chang et
al.).
Execution: Business Processes, Workflows and Mashups
Security: ownership and authorization of both data, as
well as executions in the framework
Data : User data and system runtime data

22. Multi-tenancy Architecture

23. Achieving Tenant Isolation
 Each Tenant is given a Security Domain
 Each domain may have its own User Store and Permissions, thus
have a set of users and permissions enabling users to access
resources
 Each domain is isolated and do not have access to other domains

24. Implementing Data Multi-tenancy
• Separate DB
• Separate Schema
• Shared Schema

25. Separate Databases
• If you have no control
over the code, then
this is the only
solution Tenant 1 Tenant 4 Tenant 8
• Horizontally
scalable, but relatively
expensive
• Vertical scaling is challenging but solvable
• WSO2 Relational Storage Service uses this models
to provide users with DBs
11/29/2011 25

26. Separate Schema
• Relatively easy to
implement
• Some databases have
ways to support this
directly but many
don’t
• Failure difficult to
handle
• Scales reasonably well
11/29/2011 26

27. Shared Databases, Shared Schema
• Most efficient storage-
wise and scales very
well for large number
of tenants
• Requires all accesses
to qualify with tenant
• Failure is global
• (Stratos uses this
approach internally for
all provide isolation
within WSO2 Registry)
11/29/2011 27

28. Implementing Execution Isolation
 All executions are based on Axis2
 Axis2 have stateless executions and keep all state in
a Context.
 So if we create different context for each
tenant, they are isolated.

29. Implementing Execution Isolation (Contd.)

30. Implementing Execution Isolation (Contd.)
• We use Java Security to
make sure one tenant
cannot access or temper
with other tenant’s data
structures, file system
data etc.
• Example
• Tenant ID value in the
context

31. Performance Isolation
• Performance isolation is a challenging issue.
• We currently relay on monitoring and auditing where
we can kill CPU hogging processes
• We are exploring the possibility of changing the
priority of CPU hogging processes in the work queues
(e.g. workflow engine, ESB etc.).
photo Fortes by on Flickr, http://www.fotopedia.com/items/flickr-
3193056200

32. Scaling Up

33. Scaling Multi-tenant Middleware
• So far we talked about building a single Multi-
tenant Node (That is Level 3)
• To reach Level 4, we have to scale.
• To do that
• We have to run this with many nodes, and we have
to partition.
• We have to replicate or partition. But we are talking
about 1000s of tenants, likely one tenant can not
hold all of them.
• So We need to partition
• We also need load balancing, and it should know
about tenants.

35. Overhead of Multi-
Tenancy

36. Service Performance

37. Workflow Performance
 Setup Multi-tenant and non-multi-tenant versions
 Run 200 workflows from each client
 Overhead is minimal
o MT supports only add few additional lookups and checks
o Java Security does not come in to play as we do not run user
provided code.

38. For more details (Publications on the topic)
• A. Azeez and S. Perera et al., WSO2 Stratos: An Industrial
Stack to Support Cloud Computing, IT: Methods and
Applications of Informatics and Information Technology
Journal, the special Issue on Cloud Computing, 2011.
• AfkhamAzeez, Srinath Perera, DimuthuGamage, Ruwan
Linton, PrabathSiriwardana, DimuthuLeelaratne, SanjivaWee
rawarana, Paul Fremantle, "Multi-Tenant SOA Middleware
for Cloud Computing" 3rd International Conference on
Cloud Computing, Florida, 2010
• MilindaPathirage, Srinath
Perera, SanjivaWeerawarana, Indika Kumara, A Multi-
tenant Architecture for Business Process Execution, 9th
International Conference on Web Services (ICWS), 2011

39. Conclusion
• We discussed what is Multi-tenancy and why it is
crucial for implementing a PaaS.
• We discussed details about implementing it
• Isolation (Data, Execution) .. Isolation vs. sharing tradeoff
• Four level’s of multi-tenancy
• Scaling Design
• Lot of open questions yet to be solved. Your thoughts
and code both are welcome.
• Data Security (Encryption, Delegation etc. ), Tenant
Migration , Scaling, Lazy loading …

40. Questions?

41. Feedback URL
https://appserver.stratoslive.wso2.com/t/
wso2con2011.com/webapps/feedback-
sample-1.0.0/feedback