Dealing with co-tenants can be an excruciating experience – whether you are talking about roommates, people in the office, your apartment building or even the communal table at Starbucks. And those are the co-tenants you can see and hear. In the cloud, co-tenants are often invisible but often affect your occupancy even more.
That is why one of the industry buzzwords around cloud computing is tenancy – as in multi-tenant and single-tenant. In the world of cloud computing, tenancy refers to how the cloud platform and underlying infrastructure are shared among different customers that use the same cloud service.
Multi-tenants and single-tenants
A multi-tenant cloud is where all customers share the same cloud platform and infrastructure and their data is commingled. This commingling does not mean that customers can see each other’s data. Access to the multi-tenant environment is strictly controlled and customers only get a view of their commingled data.
But this model does raise security and privacy concerns for many organizations, especially those in regulated markets. Using a real estate analogy, this would be like an apartment building. Mike’s key for apartment 10A does not allow him access to apartment 20F. He only has access to his occupancy.
The benefit of a multi-tenant model for the cloud provider is that it can maintain one shared cloud for all customers. The benefit for customers is that they are always on the latest version of the cloud software – such as when Google(S GOOG) updates Gmail for all users. When it’s time to upgrade the cloud, all customers are upgraded at the same time and share the same experience. If you replace the main water pump in your building, all of your tenants get higher water pressure at the same time. The downside for customers is that they may have customized their use of the cloud and the latest version will cause issues or come at an untimely moment for the business.
A traditional single-tenant cloud is where customers get their own dedicated cloud service and their data is not commingled with any other customers. From the customer’s perspective, they are running their own cloud service and can customize it as they see fit. The biggest benefit for the customer is that their data is completely isolated and they have the ability to customize anything in their use of the cloud service. Keeping with our real estate analogy, this would be kind of like a development of tract homes. Each homeowner can customize their property as long as it falls within the acceptable policies of the homeowner’s association.
This introduces a big potential drawback for the cloud service provider because every customer can be running its own custom version of the cloud platform and the provider needs to develop a scheme where customers think they have their own dedicated infrastructure. Of course, the reality of deploying physical infrastructure for every customer is not a recipe for a scalable cloud service – that business is called server hosting. Imagine going to upgrade the hot water heater for one of your occupants and when you look at the property, the hot water heater is no longer in its standard location in the garage, but instead, it’s mounted on the roof and bolted to the chimney.
Let’s Do Both!
Yet, what if a cloud service could be both a scalable multi-tenant environment and provide the benefits of a traditional single-tenant environment? You’d end up with what we call a multi-instance cloud. Several vendors, IBM(s ibm), HP(s hpq), Salesforce.com(s crm) and, yes, ServiceNow(s now), all have their own take on this problem. If the solution is done right, customers win because they can fully customize their cloud service and avoid commingling data. The cloud service provider wins because it can scale its business effectively without provisioning dedicated platform and infrastructure for each customer.
Designing a multi-instance cloud service on a multi-tenant infrastructure does introduce a new set of problems – from hardware provisioning to scalability to monitoring performance – in an environment where the customer has the ability to completely customize their service to their needs.
The way to achieve this design is to build a multi-tenant cloud infrastructure while maintaining isolation of both the application state and data model for each customer – thus resulting in an efficient and scalable use of the infrastructure and a logical separation model for each customer.
For example, you could have a virtual machine that runs application logic for each customer that utilizes a persistence layer (SQL and/or NoSQL) that is shared on a per-customer basis. At ServiceNow, that is essentially how we run our multi-instance cloud platform. Each customer has a logically separated environment that they can customize exclusively for their business. Customers can have a completely customized database schema. They can develop and execute custom scripts to modify almost any piece of the platform from the user interface all the way through to the data layer. Custom processes and their associated policies can be implemented with business rules and executed through combined workflows. Entire end-to-end applications can be built within the platform.
When we upgrade our cloud platform, customizations stay intact and can be enhanced. We operate a multi-instance infrastructure environment where we have virtual machines from multiple customers sharing common hardware. We classify each of the customer environments into “size points” and run benchmarks on our hardware to understand how many size points can operate on a specific set of hardware. We monitor this environment very closely and use automation to move logical single occupants when size points expand or shrink on the associated hardware. In other words, we use our cloud infrastructure in a scalable and efficient multi-instance manner while allowing our customers to have the customization and data isolation of a traditional single environment.
Cloud infrastructure and cloud platforms should look to combine the use of both multi-tenant and multi-instance models. The multi-tenant model can allow for commingling of cloud infrastructure for all customers, providing all customers with the same benefits when upgraded. The multi-instance model can be used at the application and persistence layers giving each customer data isolation and their own logical piece of the cloud service. Using this combination of techniques, the cloud provider builds a scalable service and the customer gets peace of mind knowing that invisible co-tenants do not have access to their data.
Allan Leinwand is VP and CTO and Tim Yim is senior infrastructure engineer of ServiceNow, an enterprise IT cloud company.
Feature photo courtesy of Shutterstock user Boris Stroujko