Tenant Isolation
Multi-tenancy, by its very nature, focuses squarely on placing our customers and their resources into environments where resources may be shared or at least reside side-by-side in common infrastructure environments. This reality means that multi-tenant solutions are often required to apply and implement creative measures to ensure that tenant resources are protected against any potential cross-tenant access.
To better understand the fundamentals of this concept, let’s look at a simple conceptual view of a solution running in our application plane (shown in Figure 2-7).
Figure 2-7. Implementing tenant isolation
Here you’ll see we have the simplest of application planes running a single microservice. For this example, our SaaS solution has chosen to create separate databases for each tenant. At the same time, our microservice is sharing its compute with all tenants. This means that our microservice can be processing requests from tenants 1 and 2 simultaneously.
While the data for our tenants are stored in separate databases, there is nothing in our solution that ensures that tenant 1 can’t access the database of tenant 2. In fact, this would be the case even if our tenants weren’t running in separate, dedicated microservices.
To prevent any access to another tenant’s resources, our application plane must introduce a construct to prevent this cross-tenant access. The mechanisms to implement this will vary wildly based on a number of different considerations. However, the basic concept–which is labeled Tenant Isolation–spans all possible solutions. The idea here is that every application plane must introduce targeted constructs that strictly enforce the isolation of individual tenant resources–even when they may be running in a shared construct.
We’ll dig into this concept in great detail in Chapter 10. It goes without saying that tenant isolation represents one of the most fundamental building blocks of SaaS architecture. As you build out your application plane you’ll need to find the flavor and approach that allows you to enforce isolation at the various levels of your SaaS architecture.