Infrastructure

4 key design considerations for a multi-tenant cloud

Share this post:

Cloud uses multi-tenancy to share IT resources, software and services in a cost efficient and secure way.

Ever wondered what it takes to achieve multi-tenancy in a hybrid cloud? This intrigued me until I was involved in designing multi-tenant cloud solutions. Multi-tenancy is not new. We have been using it in various forms, one common example is public transit.

From an IT perspective, multi-tenancy has two aspects:

Internal: A company treats its departments as different tenants. This demands a logical isolation of applications and infrastructure while sharing the physical infrastructure.

External: A service provider’s environment in which each tenant is a different company. A financial company requires a dedicated infrastructure (physical isolation), while a retail company could share infrastructure with other companies (logical isolation).

It is interesting to understand how this multi-tenancy magic happens behind the scenes and its relevance to cloud design. Factors such as security, reliability, scalability and serviceability play important roles.

Typical expectations of clients of a multi-tenant cloud, whatever their business, are:

  • The experience of a dedicated cloud
  • Secure and isolated
  • Complies with standards and regulations
  • Cost efficient
  • Scalable and manageable

image001

Security and compliance needs are fluid across the different layers. Each layer contributes towards security and compliance needs. Let’s visualize the solution from a bottom-up approach.

Infrastructure

IT infrastructure makes up the bricks and mortar of any cloud. Infrastructure can be either shared physically or logically, based on multi-tenancy and security expectations.

Total isolation of compute can be achieved through dedicated clusters and/or resource pools. Logical isolation is realized at the virtual machine level, using a shared cluster or resource pool.

In the case of multi-tenancy within an organization, logical isolation can be achieved in several ways:

  • Common storage infrastructure with acceptable trust level
  • Separate disk arrays/pools of disks
  • Separation at the logical unit number (LUN) level

Total isolation of a network is realized with an entirely separate, dedicated network for every tenant. Logical isolation occurs at the network level and is achieved by using different virtual local area networks (VLANs) and virtualized network interface controllers (vNICs).

Secure isolation across the tenancy landscape helps meet expected security needs.

Virtualization

Clients expect that the various infrastructure elements are virtualized and managed as a single large entity, while at the the same time isolated based on tenancy.

Hypervisor-based isolation can also address needs with a dedicated or shared hypervisor environment across tenants. Anti-collocation, hypervisor-level firewalls, resource grouping of compute and storage, and VLAN-based isolations are some of the means to accomplish security and compliance needs.

Orchestration and automation

Along with virtualization, orchestration and automation help realize multi-tenancy by  provisioning workloads on tenant specific environments; deploying tenant-specific software, middleware, tooling agents or antivirus programs; hardening workloads; integrating with directory services, and so on.

Often, a standard tooling landscape may be prescribed and used for cloud. However, that is not always how things pan out. At times, the cloud might require integration with a tenant-specific tooling environment. This would introduce custom automation and integration which the provider would have to accommodate.

A multi-tenant cloud must have some means of supporting client-specific business processes, tenant-level identity management services, integration with the necessary tooling for service and system management, and support for various hypervisors.

Defining standard processes and practices for the multi-tenant environment and providing flexibility for customizations may be essential. Grouping tenants based on the nature of their businesses, matching compliance requirements and geographical locations, and supporting tenants with specific needs as stand-alone clients are parts of the way ahead.

Catalogue

With all these expectations met, what does this really mean to the user?  How usable is the multi-tenant cloud?

Each aspect of multi-tenancy must culminate in an intuitive user interface.  The catalogue contents may vary based on tenancy and individual privileges. Multi-tenancy at a catalogue level may warrant integration with different directory services for each tenant, white labeling, integration with broker and management services, and so on.

With all these capabilities for designing multi-tenancy, the buck stops with the solution designers and their capability to continuously innovate and evolve a multi-tenant design based on ever-changing technology. Though these are important aspects based on typical expectations, however, exercise caution when specific expectations from clients must be met.

Find out more about IBM hybrid cloud.

Ashoka Rao contributed to this post.

More stories

Cloud infrastructure supports smart meter energy use in Texas

The consumer benefits of reducing energy consumption include lowering energy bills and positive environmental stewardship. Understanding energy use, however, can be tricky. Texas is a leader in the use of automated metering, including the availability of a portal for consumers to see their energy use and meter information. To do this, a collaborative effort among […]

Continue reading

How to achieve business automation success with process modeling

As organizations strive for excellence in both process and operations, it is very important to use the right tools based on business priorities. But, having the right tools is just one layer to the foundation for business automation success and process excellence. It is equally important to have the right partner. Together, the right tools […]

Continue reading

Overcoming the challenges of hybrid multicloud IT management

Hybrid cloud environments have become the norm among most businesses. In our latest Voice of the Enterprise: Digital Pulse, Budgets and Outlook 2019 survey, we asked 916 IT professionals to describe their overall IT approach and strategy. Among the respondents, we found that 62 percent said they now use a hybrid IT environment with integrated […]

Continue reading