Multitenancy – Still Top of Mind for SaaS Businesses
Thursday, November 18, 2010 15:40 by dChengYou may argue the difference between SaaS and the Cloud — about how one is a technology and the other is market-ese — but one factor you cannot argue about anymore is how multitenancy must be the basis for SaaS business software going forward. In September, Oracle CEO Larry Ellison, at their conference Oracle OpenWorld, had the IT world a-buzz about how multitenancy is not secure.
Says Ellison:
“Multitenancy is a horrible idea. What it means is, everyone’s data is commingled, everyone’s customer list is in a single database. That’s a horrible security model. In the 21st century, the way we support multiple customers is called ‘virtualization.’”
Certainly Ellison is entitled to his belief (or his right to say it), but let’s face it: the more copies of Oracle you have running (virtual or otherwise), the better it is for Oracle.
Software companies should consider stackware a “horrible SaaS business model” — especially in that it negates the business, operational, and economic value of multitenancy: everything from streamlining deployment operations, improving core development, maximizing common resources, and only repeating what you need, not the entire frigging architecture.
You might even argue that having multiple databases could be considered even less secure because now you’ve created many entry points into your systems and no way of knowing when you need to lock down the entire platform. One more thing: data in a multitenant environment is not “commingled.” Tenant walls, if built properly, still require you to have access rights to see data — access rights that, as just mentioned, can be shut down from a central point. No one freaks out in an apartment building about their neighbors commingling their groceries or sheets.
At Softletter’s SaaS University last week, the topic of multitenancy was a lot more constructive. Several sessions touched on it from establishing a basic understanding of how it works to what is really on the minds of SaaS businesses. Mike Ormerod from Progress Software had an excellent overview and it refutes Ellison’s point, identifying several types of multitenancy in which you can have multiple apps, multiple databases, even multiple architectures. Likewise, our own platform refutes Ellison’s point about a single database as you can build essentially instances between infrastructures that act like tenants, and deploy across instantiations.
That’s not to say you absolutely need multitenancy. If you’re building B2C type solutions or specific point solutions, not having MT is not a deal breaker. But for enterprise class solutions where a lot of complexity happens at the configuration level and where your clients are demanding manageable customization, not having multitenancy can increase your operating and licensing costs dramatically.
Steve Jones says:
November 19th, 2010 at 12:50 am
Can you really be absolutely 100% sure that there has never been a single instance when even just one tiny item from one customer’s data has appeared in a query by another customer?
You basically bet your business on that every day, and expect your customers to do the same.
There’s nothing wrong with that, as long as all parties are fully aware of the possibility, however remote, of inter-customer data sharing. Databases, which you rely on, have been known to make mistakes. Doing “select * from table where CustomerID = 1234″ will generally work, but there exists the possibility that this will fail.
Denying that, or pretending that it’d never happen, is the height of hubris, surely?
Oh, and I have no association whatsoever with Larry Ellison or Oracle. I just don’t find the whole multitenancy structure satisfactory.
dCheng says:
November 19th, 2010 at 10:35 am
Steve,
Thanks for the comment. We have never had that type of issue in the seven years the platform has been operational.
The reason is that our data is segmented by tenant. In fact, we had to go to great lengths to enable cross-tenant data sharing, which included building a specific API that you would have to grant users access to a small data set and even then it is more akin to remote access of data, not commingling. It’s fundamentally not possible for tenant data to start “commingling” because of the way the metadata model is designed. It’s like a firewall.
In addition, because users on LongJump don’t have direct access to the database, only through the abstraction of metadata, they can never get to the table level of the database unless they are at the hosting ISV with access to the platform architecture and stack.
Also, in your example, that’s not “commingling.” That’s a programmatic error that someone might make and you still need authenticated access to reach that table in that tenant, which you likely won’t have.
It’s not hubris. It’s more like the law of physics. The only way around it is in your dreams or if you are a deity.
Tweets that mention Cloud-Based Application Platform and PaaS by LongJump » Multitenancy – Still Top of Mind for SaaS Businesses -- Topsy.com says:
November 22nd, 2010 at 10:34 am
[...] This post was mentioned on Twitter by LongJump, SYM2.0. SYM2.0 said: Cloud-Based Application Platform and PaaS by LongJump …: In the 21st century, the way we support multiple cust… http://bit.ly/9tDMDT [...]