![HOW THE SYSTEM IDENTIFIES THE TENANT?
• HTTP URL approach
• Tenant_ID will be identified based on sub-domain parameter in the URL [HTTP host
headers].
• https://companyA.yourproduct.com
• https://companyB. yourproduct.com
• Some customers might ask custom domain than sub-domain.
• Sub domain will give better isolation on cookies and CORS (Cross Origin Resource
Sharing), it makes cross-tenant CSRF & XSS bit harder.
• Query parameters can be used to identify the tenant.
• https://yourproduct.com/companyA
• https://yourproduct.com/companyB
• Authentication approach
• Based on user identity, Tenant_ID will be identified.](https://image.slidesharecdn.com/developingsaasapplicationinazure-170930081409/85/Developing-saas-application-in-azure-9-320.jpg)
![WHAT IS KEY CHARACTERISTICS OF MULTI-TENANCY
• Resource sharing
• High degree of configurability
• Isolation [Security and privacy]](https://image.slidesharecdn.com/developingsaasapplicationinazure-170930081409/85/Developing-saas-application-in-azure-10-320.jpg)
![MULTI-TENANCY & CONFIGURABILITY
• Page appearance and branding customization
• Allow the tenant to upload their own log to do branding
• Allow the tenant to upload tenant specific CSS file to change the style in all the pages.
• Complete page customization example Login page specific to tenant.
• Expose API that can be consumed by custom page’s
• Allow the tenant to upload the custom page into the application.
• Ability to enable & disable functionalities specific to tenant at application level.
• Ability to customize the business process or application flow specific to tenant.
• This can be achieved by using workflow & rule engine.
• Allow the tenant specific identity provider integration
• To get SSO (Single-Sing On) experience across their applications.
• Ability to add custom fields in the schema specific to the tenant
• Location: Tenant would like to access the application near by location [Geo-aware SaaS deployment]](https://image.slidesharecdn.com/developingsaasapplicationinazure-170930081409/85/Developing-saas-application-in-azure-12-320.jpg)
![APPROACHES FOR DATA ISOLATION IN MULTI-TENANCY
1. Storing tenant data in separate databases.
2. Housing multiple tenants in the same database.
• Separate schema for each tenant [separate table]
3. Using same database and same set of tables to host multiple tenants.
• Each row will have tenant_id in the table.
Note: In Azure table, container level access policy can be implemented.](https://image.slidesharecdn.com/developingsaasapplicationinazure-170930081409/85/Developing-saas-application-in-azure-18-320.jpg)
Developing saas application in azure
- 1. DEVELOPING SAAS APPLICATION IN AZURE - PREPARED BY VINOD WILSON – ARCHITECT – CRESTRON ELECTRONICS
- 2. WHAT IS SAAS? • SaaS is a Software licensing and delivery model in which software is licensed on a subscription basis and is centrally hosted. • It is also referred as “on-demand software”.
- 3. HOW SAAS IS DIFFERENT FROM OTHER MODELS? Networking Storage Servers Virtualization OS Middleware Runtime Data Application IaaS Infrastructure as a service Networking Storage Servers Virtualization OS Middleware Runtime Data Application PaaS Platform as a service Networking Storage Servers Virtualization OS Middleware Runtime Data Application SaaS Software as a service Managed By Vendor Managed By Client Legends :
- 4. WHY SAAS? • Lower Cost of entry • Reduced time to benefit & rapid prototyping • Pay as you go • The SaaS vendor is responsible for upgrades, uptime & security • Higher adoption rates • Integration and Scalability • Work anywhere
- 5. IS THERE ANY DISADVANTAGES IN SAAS? • Loss of Control. • Security concerns, since your data is stored in the cloud. • Compliance – Certain countries/industries have regulation relating to where data is stored. • Switching between SaaS vendors is difficult.
- 6. DATA PROTECTION AND PRIVACY
- 7. KEY CHARACTERISTICS OF SAAS • Multi-Tenancy • Provisioning • Configurability • Scalability • Maintainability - Application delivery and upgrades • Integration • Metering and Billing • Monitoring - Application availability • Analytics – User Experience, Performance • Disaster recovery – backup and restore
- 8. WHAT/WHO IS A TENANT? Azure Storage Service CORP A CORP B CORP C CORP D Companies - Tenants STREET & CO LLC NOR COM INC. TOUCHPOINT LOGIC LLC. ARROW AUDIO INC. Corporate customers - Tenants Customer 1 Customer 2 Customer 3 Customer 4 Corp Customers - Tenants
- 9. HOW THE SYSTEM IDENTIFIES THE TENANT? • HTTP URL approach • Tenant_ID will be identified based on sub-domain parameter in the URL [HTTP host headers]. • https://companyA.yourproduct.com • https://companyB. yourproduct.com • Some customers might ask custom domain than sub-domain. • Sub domain will give better isolation on cookies and CORS (Cross Origin Resource Sharing), it makes cross-tenant CSRF & XSS bit harder. • Query parameters can be used to identify the tenant. • https://yourproduct.com/companyA • https://yourproduct.com/companyB • Authentication approach • Based on user identity, Tenant_ID will be identified.
- 10. WHAT IS KEY CHARACTERISTICS OF MULTI-TENANCY • Resource sharing • High degree of configurability • Isolation [Security and privacy]
- 11. MULTI-TENANCY & RESOURCE SHARING
- 12. MULTI-TENANCY & CONFIGURABILITY • Page appearance and branding customization • Allow the tenant to upload their own log to do branding • Allow the tenant to upload tenant specific CSS file to change the style in all the pages. • Complete page customization example Login page specific to tenant. • Expose API that can be consumed by custom page’s • Allow the tenant to upload the custom page into the application. • Ability to enable & disable functionalities specific to tenant at application level. • Ability to customize the business process or application flow specific to tenant. • This can be achieved by using workflow & rule engine. • Allow the tenant specific identity provider integration • To get SSO (Single-Sing On) experience across their applications. • Ability to add custom fields in the schema specific to the tenant • Location: Tenant would like to access the application near by location [Geo-aware SaaS deployment]
- 13. MULTI-TENANCY & IDENTITY PROVIDER INTEGRATION • Tenants use their exiting identity provider • Tenants want to use Third party identity provider like Google / Windows Live account • Application provides its own identity provider, tenants will just use it. Note: All approaches uses claims-based authentication, only difference is source of the original claims
- 14. INTEGRATION WITH TENANTS EXISTING IDENTITY PROVIDER
- 15. INTEGRATION WITH THIRD PARTY IDENTITY PROVIDER
- 16. APPLICATION SPECIFIC IDENTITY PROVIDER
- 17. HOW TO IMPLEMENT THESE APPROACHES IN MVC
- 18. APPROACHES FOR DATA ISOLATION IN MULTI-TENANCY 1. Storing tenant data in separate databases. 2. Housing multiple tenants in the same database. • Separate schema for each tenant [separate table] 3. Using same database and same set of tables to host multiple tenants. • Each row will have tenant_id in the table. Note: In Azure table, container level access policy can be implemented.
- 19. MULTI-TENANCY & PROVISIONING Provisioning refers to the process of on-boarding new tenants to use the SaaS application. • It includes allocation of system resources. • Deployment of application components for this new tenant including new database if any • Granting permissions required to various applications and application features. • Other customization mentioned earlier. • Example, Integrating their authentication provider, configuring logos
- 20. HOW TO IMPLEMENT PROVISIONING • The tool to provision a new tenant should be independent of tenant application itself. Since the same tenant and his configuration can be re-used for future SaaS applications as well. • The tool should have the capability to automate as much of the tasks to provision new tenant. • Example Windows Azure Pack (WAP) to automate the tenant provisioning.
- 21. SAMPLE APPROACH FOR PROVISIONING Tenant Management Application Single Instance Tenant facing SaaS Application Tenant facing SaaS Application Tenant facing SaaS ApplicationSaaS Application2 Multi Instance Tenant facing SaaS Application Tenant facing SaaS Application Tenant facing SaaS ApplicationSaaS Application1 Multi Instance IT/Support team access Tenant Admins access To do configuration/customization on their own anytime, example theme
- 22. DISASTER RECOVERY • Azure services provides the disaster recovery features by native. • Such as Geo-redundant, multi instance, multiple data centre. • Still, may be due to some technical issue (application bug or security issue) the data go wrong/get deleted. In this case the same instance will spread across the datacentres and geo-replications. • To avoid this kind of scenarios, application should take care of taking regular backup of individual tenant data and should have provision to restore the data to specific point based on tenant request.
- 23. MONITORING • Tenant specific applications should be monitored individually rather than entire SaaS application as whole. • Alerts should be raised in the form of Email/SMS based on application availability. Monitoring Tool Example: Fusion Lite SaaS Application Tenant1 App Tenant2 App Health Page of tenant1 Health Page of tenant2 Tenant1 Users Tenant2 Users Parse the content, Response code: 200
- 24. MULTI-TENANCY & BILLING “Pay as you go” – simple to say hard to implement.
- 25. SOME OF THE TOP SAAS APPS
- 26. TOP SAAS VENDORS
- 27. IS SAAS MODEL IS GROWING? By 2019, the cloud software model will account for $1 of every $4.59 spent on software – by IDC
- 28. Thank You.