Professional Documents
Culture Documents
Here are the specific points that we will cover in the ebook in order to modernize your SaaS
Enterprise:
Index
1. What is a Multi tenant Architecture? 3
Multi-tenant Benefits 5
SSL Certificates 26
Final Thoughts 30
Most people think that in the back- This research is intended to showcase
ground, they created a particular environ- an overview of the strategies, challen-
ment for each organization, –application ges and constraints that DevOps and
or codebase–, and believe that slack cus- Software Developers are likely to face
tomers have their own server/app envi- when architecting a SaaS multi-tenant
ronment. If this is you, you might have application.
assumed that they have a repeatable pro-
cess to run thousands of apps across all
their customers. Well, definitely No. And
Visualize the Multi tenant
the real solution is a Multi tenant archi- Architecture on page 14
tecture on AWS for a SaaS application.
There are two concepts that are important for us to understand before starting
Tenant / Organization
Tenant = An organization, client or customer
User = A user inside a tenant.
*A tenant can have multiple, and even, thousands of users. Users Users Users
The next points are what we will explore in a Multi tenant architecture for your SaaS
application, and my contributions will be:
Single-Tenant Multi-Tenant
SaaS application SaaS application
DB
Org1 Org2
Org1 Org2
VS
App App
Org3 Org4
DB DB
Cluster
Docker Docker Docker
Load Balancer
Bear in mind that in this paper, we will discuss two Multi tenant architecture
models, one for the application layer and one for the database layer. Visit this
text in order to extend knowledge around Single Tenant vs Multi Tenant.
Multi-tenant Benefits
The adoption of a Multi tenant architec- extremely complicated. This is unvia-
ture approach will bring extensive valua- ble and time-consuming. With a
ble benefits for your SaaS application. multi tenant SaaS architecture, you
avoid this type of conflict, where
Let’s go through the next contributions: you’ll have one codebase (source of
trust), and a code repository with a
a) A reduction of server Infrastruc- few branches (dev/test/prod). By
ture costs utilizing a Multi tenant following below practices, –with a
architecture strategy. single command (one-click-deploy-
Instead of creating a SaaS environment ment)–, you will quickly perform the
per customer, you include one applica- deployment process in a few seconds.
tion environment for all your customers.
This enables your AWS hosting costs to
c) Cost reductions of develop-
be dramatically reduced from hundreds
ment and time-to-market.
of servers to a single one.
Cost reduction considers a sequence
of decisions to make, such as having a
b) One single source of trust.
single codebase, a SaaS application
Let’s say again you have a customer
environment, a multi-tenant database
using your SaaS, imagine how many code
architecture, a centralized storage,
repositories you would have per custo-
APIs, and following The Twelve-Factor
mer? At least 3-4 branches per customer,
Methodology; all of them will allow
which would be a lot of overhead and
you to reduce development labor
misaligned code releases. Even worse,
costs, time-to-market, and operatio-
visualize the process of deploying your
nal efficiencies.
code to the entire farm of tenants; it is
Note: This data comes from a survey that we performed a few months ago for
Financial Services and SaaS companies.
Ideal languages:
Container
Orchestration Platform Amazon EKS
It is a managed service
This is a complicated and abstract deci-
Amazon EKS that makes Kubernetes on
sion; there are three options in AWS to
AWS easy to manage. Use
manage, orchestrate, and create a
Amazon EKS instead of deploying a
microservice cluster environment.
Kubernetes cluster on an EC2 instan-
ce, set up the Kubernetes networking,
Amazon ECS
and worker nodes. (Recommended
It is the natural Amazon con-
for large SaaS apps and a sophistica-
Amazon Elastic tainer orchestration system
ted DevOps and web development
Container Service
Team). Read about the best practices will be mentioned below about Multi
you should consider for your Kuber- tenant Database. In this case, I would
netes multi tenancy SaaS application go for Amazon RDS with PostgreSQL
with Amazon EKS. or DynamoDB (Mongodb).
AppSync. Hence, when transforming Automation and IaC is that you need
your SaaS application, don’t forget to a mechanism to automate your SaaS
include GraphQL! application for your code deploy-
ments. In the same lines, automate
CDN for your static content. All static integrating this pair of elements is
content, including images, media and vital, in order to cache the entire
HTML, will be hosted on Amazon S3, static content and reduce bandwidth
costs.
Multi-tenancy
The application layer is an architectu-
Pros:
ral design that enables hosting for
Easy-to-build approach.
tenants and is primarily delivered for
Software as a Service applications Minimal configuration.
(SaaS apps). In this first model the
application layer is commonly shared Multi tenant database.
among multiple customers.
Cons:
Waste of AWS resources. within the app-tier, and not just
Not very fault-tolerant per servi- with a specific isolated service.
ce (If the app tier goes down, the Not flexible to maintain.
whole backend is down). Slows time to market.
When deploying your code, you HIPAA and PCI compliance cons-
have to deploy all your services traints.
By 2022, 90% of all new apps will feature microservices architectures that
improve the ability to design, debug, update, and leverage third-party code; 35% of
all production apps will be cloud-native
- Forbes, 2019
Cons:
A decent grade of complexity to Amazon ECS natively lives in the
create the microservices archi- AWS Cloud; you can't port this
tecture and the ECS clustering. service into another cloud provi-
ce from AWS.
AWS Cloud
Cloudfront Distribution
VPC
Application S3 Media
Load Balancer
Private subnet
Private subnet
Pros: Cons:
Same pros as the microservices The classic, a higher learning
architecture with Amazon ECS. curve vs Amazon ECS.
Exceptional in-depth custom A re-architecture of your SaaS
SaaS configuration. application.
Used more by SaaS companies.
Private subnet
A Serverless SaaS architecture ena-
EC2 Worker Node EC2 Worker Node
bles applications to obtain more agili-
Containers Containers
ty, resilience, and fewer development
Namespace Organization 1 Namespace Organization N efforts, a truly NoOps ecosystem.
Serverless is disrupting the IT stack,
Private subnet
split the database into two and add It doesn’t comply with PCI,
Pros: schemas.
everywhere
DynamoDB GraphQL
(a great option for a sin- As described previously,
gle-tenant database with use it in front of any of
Dynamo DB GraphQL
so on. This URL structure will dynami- place in your DNS management
application, and this DNS change will 2 This wildcard subdomain redi-
facilitate the identification, authentica- rects all routes to your Multi-tenant
tion, and authorization of every tenant. architecture (either to the load balan-
However, another workaround is cer, application server or cluster
called path-based per tenant, which is end-point).
Note: An (A) Alias record is when you are utilizing an ALB/ELB (Load Balancer) from AWS.
server. Make sure it is an alias (Serve- Just don’t forget to deal with the certi-
rAlias) and a catch-all wildcard site. You ficates under your tenant subdo-
don’t have to create a subdomain Vir- mains. You would need to add them
tualHost in Nginx per tenant; instead, either in the Cloudfront CDN, Load
VirtualHost for all your tenants. Natu- Note: This solution can be accomplished
rally, the wildcard pattern will match using the Apache web server.
6 Caching system including Redis/- with a team like ClickIT. CI/CD is just
Memcached or its equivalent in the one of the five principles of DevOps
AWS cloud - Amazon ElastiCache. practices, and it is pretty lean for us to
adopt it into your SaaS application.
7 Multi-availability zone set up for
redundancy and availability.
Ready to go?
across tenants and your multiple envi- cated DevOps team and a widely
ronments (dev, test, and prod). You will known tool, go for Jenkins;
all environments and tenants. If you AWS Code pipelines. But if you’re
Terraform strategy?
(Recommended)
Terraform Take in mind the next aspects:
Architect a Multitenant
Let’s talk
SaaS Application on AWS
plexity, and the expertise of your ClickIT is an AWS Select partner with
DevOps team. I strongly recommend multiple AWS Certifications. Every
going for microservices (ECS/EKS), par- engineer on ClickIT loads more than
tially multi-tenant in the app, and data- 10 DevOps projects based on SaaS
base layer. As well, include cloud-native architectures and cloud-native appli-
principles, and finally, adopt the mul- cations including PHP, Laravel, React,
ti-tenant architecture best practices Angular, NodeJS, Python, Go, Ruby,
and considerations described in this and Java. In the DevOps space, we
article. That being said, brainstorm your work with any cloud provider you’re
SaaS architecture firstly by thinking on willing to use (Azure, AWS, Digital
how to gain agility, cost-efficiency, IT Ocean, and Google Cloud), with any
labor costs, and leveraging a Nearshore CI/CD, including Jenkins, CircleCI, bit-
collaboration model (which adds ano- bucket, and more. In regard, Automa-
ther layer of cost-savings). tion with Terraform and CloudForma-
If you ever need a hand on how to archi- tion is our best choice. And even
tect your SaaS application, execute the better, most of our AWS and DevOps
whole AWS/DevOps projects and follow projects are following PCI, HIPAA, and
these principles, or just hire a DevOps SOC2 regulations. If you are a fintech,
engineer to fulfill your DevOps needs, healthcare, or SaaS company, well,
just contact us via our official website at you know these type of requirements
clickittech.com. are a most in your processes.
About Clickit
ClickIT is an experienced Cloud and DevOps Nearshore Solution Provider for 10 years.
Our competencies are Financial Services, Healthcare, MarTech, Ecommerce, Big Data &
Analytics and our Experience comes with startups and mid-large enterprises. We are AWS
and GCP certified partners with an experience of helping more than 200 product and ser-
vice-centric companies based out of the US with their cloud migration and DevOps initia-
tives.