Cloud application services (SaaS) Multi-Tenant

Data Architecture
Shailesh Paliwal
Infosys Technologies Limited
The paper starts with a generic discussion on the cloud application services and security concerns then expands the
concepts with 3 main data management approaches of multi-tenant data management. After that paper describes
reference architecture including standard cloud computing taxonomy for meta-data driven architecture approach and
a conceptual data model to support the architecture. At the end it incorporates a comparison between green field
application verses existing application migration assessment for target Software as a Service (SaaS) environment.

WHAT ARE THE CLOUD APPLICATION (SAAS) SERVICES ?

Now a days the availability of reliable high speed broadband Internet access, service-oriented
architectures (SOAs), and the economic management of dedicated on-premises applications are
driving a transition toward the delivery of Cloud applications Cloud applications or "Software as a Service (SaaS) applications deliver software as a service over the Internet,
eliminating the need to install and run the application on the customer's own computers and simplifying
maintenance and support, and equipped with decomposable applications , managed services , shared hardware /
software /admin resources and Web-based services.
Its a paradigm shift which imposes a new set of technical challenges. Existing application
frameworks are not designed and deployed to handle the SaaS challenges smoothly. This void leads
to new paradigm shift called platform as a service (PaaS) Hosted application platforms are managed environments specifically designed to meet the unique challenges of
building Software as Service applications and deliver them more economically as compared to traditional
standalone deployments.
DATA SECURITY - A MAJOR CONCERN FOR CLOUD APPLICATIONS
Trust, or lack of trust, is the number one factor blocking the adoption of SaaS. SaaS applications
provide customers with centralized, network-based access to data with much less overhead as
compared to using a locally-installed application.
In order to harness the power of SaaS, an enterprise must give up a level of control over its own data
and needs to trust the SaaS vendor to keep their data safe and away from snooping eyes.
To earn this trust, one of the highest priorities for prospective SaaS vendors is to create data
architecture that should be
Robust and secure to satisfy tenants or clients data security needs,

Efficient and cost-effective to administer and maintain.

Highly manageable by implementing multi-tenancy and meta data driven architecture as

fundamental design approach
Some obvious questions that arise are
Why multi-tenancy?

Why meta-data driven architectures are the premier choice for implementing multi-tenancy?

RATIONALE

The multi-tenancy architectural approach can benefit both application providers and users.
Operating just one application instance for multiple Enterprises yields tremendous cost benefits
for the provider as well as the tenants.
Enterprises can customize an application as though they have their private application instance.
The application instance dynamically morphs for any particular tenant need.
Instead of isolated silos of applications a multi-tenant application is one large community hosted
by the provider.
There is much less development and maintenance cost due to just one platform (operating
system, database etc).
Less administrative work and staff is needed for the shared hardware and software environment,
which leads to further cost savings.
Tenants can operate in virtual isolation, by implementing virtualization.
Because of a shared hardware and software stake, it is easy to manage the user access to various
applications and data, which leads to greater collaboration and integration with faster time to
market.
Various sets of user population can provide feedback on application operations e.g query
responses , errors etc, which enables the provider to make improvements in common hardware
and software in order to benefit the entire user community at once.
Some side benefits of multi-tenancy are quality services, user delight, and repeat business.

MULTI-TENANT DATA MANAGEMENT 3 APPROACHES

The degree of isolation for a Software as a Service application can vary significantly depending on
business requirements. There are three main approaches, each of which lies at a different location in
the scale between isolation and sharing. Refer to Figure 1 below.

Figure.1. Multi-tenant Data management 3 Approaches, each of which lies at a different location
in the scale between isolation and sharing
1.
2.
3.

Separate DB : Least preferred as it is very much isolated and expensive

Shared DB Separate Schema : Moderately preferred - it reduces the resource cost but with
a high maintenance cost
Shared DB Shared Schema : Most preferred approach as DB and schema are shared it reduces
the resource and maintenance cost by a large extent

MULTI-TENANT APPLICATIONS CONCEPTS

DEFINITION
In order to achieve cost efficiencies in delivering same applications to various sets of users it is a vital
and obvious choice that an increasing number of applications are Multi-tenant instead of singletenant.
A Multi-tenant application should be able to satisfy the needs of multiple sub-organizations or sections
within the organization (multiple tenants), using the single, shared stake of software and hardware

resources and staff needed to manage (Figure 2).

Figure.2. A Multi-tenant application shares a single stack of resources both hardware and
software to cater multiple tenants (Organizations, sub-organizations , sections etc)
META-DATA-DRIVEN REFERENCE ARCHITECTURE

A traditional static application is not capable of addressing unique challenges of multi-tenancy.

A Multi-tenant application should be dynamic in nature, or polymorphic, to fulfill the specific

expectations of various tenants and their users.

Application components need to be generated at runtime from meta-datai.e. data about the
application itself.

It should be a well-defined meta-data driven architecture (Figure. 3), with a separate component
for
1. Runtime application data
2. Meta-data that describes the base functionality of an application
3. Meta-data that corresponds to each tenant specific data and customizations

It enables the ability to independently update the core system, modify the core application, and
customize tenant-specific components with virtually no risk affecting others.

In SaaS environments its a nightmare to manage a vast, frequently changing set of actual
database structures on behalf of each application and tenant. It is suggested to use virtual
database structures using a set of Meta-data, data, and pivot tables, as illustrated in Figure 4
below.

Figure.3. A virtual database structures using a set of Meta-data, data, and pivot tables
CLOUD COMPUTING TAXONOMY FOR SAAS MODEL
Reference : The open group
The below Figure 4 shows the overall cloud computing taxonomy for SaaS Model. It covers horizontal
layers from Hardware, software, database, and application to the service provider layer and vertically
from service consumer, security, management to service developer layer.

Figure.4. SaaS Model Cloud Computing Taxonomy Reference : The open group
META-DATA-DRIVEN REFERENCE DATA MODEL CONCEPTUAL
As compared to managing a vast frequently changing set of actual database structures on behalf of
each application and tenant, it is advisable to manage virtual database structures using a set of
Meta-data, data, and pivot tables, as illustrated in Figure 5 below.
When tenants create custom application entities (i.e., custom tables), programmatically need to track
of Meta-data concerning the entities, their Attribute, relationships, and other entity definition
characteristics.
A few large database tables store the structured and unstructured data separately for all virtual
tables, and a set of related, specialized pivot tables in order to maintain data that makes the combined
data set fully functional.

Figure.5. Reference conceptual model consists of a set of Meta-data, data, and pivot tables that
allow for functional access to the actual data of virtual tables
GREEN FIELD SAAS IMPLEMENTATION VS EXISTING APPLICATION MIGRATION INTO
SAAS
Green Field SaaS implementation :
A Green Field SaaS implementation is comparatively simple and pretty straight forward as it requires
subscribing a new tenant or organization in SaaS application setup. SaaS Meta data driven reference
data model can support N number of tenants connected to a single SaaS application environment.
Existing application migration into SaaS :
An existing application migration into SaaS environment is not a simple task and requires a
comprehensive assessment for checking the feasibility of existing application migration into SaaS
multitenant application. Following the list of assessment suggested

Application Assessment
Database - Degree of database extensibility in the AS IS application architecture.
GUI - Quality and degree of flexibility in the AS IS user interface.
Reporting - Evaluation of the quality and degree of flexibility in the reporting system.
Workflow - Does the existing application use workflow to enable customers to extend the functionality?
Usability Predictability and ease of use of the existing Application.
Functionality - Size and complexity of the existing Application on S/M/E scale.
Customizable Business Logic Are the customers enabled to add their own business logic in existing
system ?
Table.1. SaaS Multitenant application migration technical Assessment Application
Operational Assessment
Architecture AS IS architecture and gap analysis for migration to SaaS architecture.
Availability Current SLAs for the existing application availability and any steps required to reach SaaS
minimum availability level of 99.9%.
Scalability - Scalability matrices of the existing application. Scalability targets in SaaS version of the
application.
Performance AS IS performance SLAs and matrices (user response times) and the expected performance
SLAs and data centre transaction time in SaaS environment.
Security Assessment of existing application security compliances targeting to the Internet based SaaS
application environment and Gap analysis.
Table.2. SaaS Multitenant application migration technical Assessment - Operational

SUMMARY
This paper emphasizes the following
The Data Architecture of a SaaS application should be robust , secure, efficient , cost-effective and
highly manageable. Multi-tenancy and meta-data driven architecture for SaaS applications is the
way out and able to address these key issues.

By using multi-tenant and meta-data driven architecture Tenants can operate in virtual isolation
and dynamically morph for their particular need.

Operating just one application instance hosted on shared hardware for multiple Enterprises
yields tremendous cost benefits for the provider, less administrative work, less development cost,
greater collaboration and integration with faster time to market. At the end of the day it results in
quality services, user delight, and repeat business.

The design approaches and reference Meta-driven data model for multi-tenant applications
discussed in this paper can assure relative data security and trust while using various
approaches. A shared schema shared database approach is important for the success of the
SaaS application.

In SaaS environments its a nightmare to manage a vast, frequently changing set of actual
database structures on behalf of each application and tenant. It is suggested to use virtual
database structures using a set of Meta-data, data, and pivot tables.

Existing application migration into SaaS as compared to Green Field SaaS implementation
imposes lots of challenges and is not a simple task. It requires a comprehensive assessment for
checking the feasibility of existing application migration into SaaS multi-tenant environments.
This paper also covers the detailed assessment parameters.
DISCLAIMER
The author has taken great care while coming up with the contents of this paper, but any and all
responsibility for any loss, damage or destruction of data or any other property which may arise from
relying on the paper is explicitly disclaimed. The authors are not liable for monetary damages arising
from such loss, damage or destruction.
REFERENCES

MSDN - http://msdn.microsoft.com/
Sales force - http://www.salesforce.com/platform/
The Open Group - http://www.opengroup.org/

AUTHORS PROFILE
Shailesh Paliwal is a Senior Technology Architect at Infosyss Cloud Unit. He has over 15 years of IT
experience articulating the next steps in the evolution of information technology toward strategic
business applications and services that deliver performance coupled with intelligence throughout
organizations. He has specialized expertise in the areas of Data and Information Architecture,
Database Design, Data warehouse design , Data Modeling, Dimension Modeling, NFR Validation,
Workload Modeling, Performance Tuning , Master Data Management and Business Intelligence.
He is a DAMA Certified Data Management Professional and TOGAF certified Enterprise Architect.
He can be contacted at shailesh_paliwal@infosys.com