Building Multi-Tenant SaaS Architectures

Building Multi-Tenant SaaS Architectures

by Tod Golding
Released April 2024
Publisher(s): O'Reilly Media, Inc.
ISBN: 9781098140649

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Buy on Amazon Buy on ebooks.com
Start your free trial

Book description

Software as a service (SaaS) is on the path to becoming the de facto model for building, delivering, and operating software solutions. Adopting a multi-tenant SaaS model requires builders to take on a broad range of new architecture, implementation, and operational challenges. How data is partitioned, how resources are isolated, how tenants are authenticated, how microservices are built—these are just a few of the many areas that need to be on your radar when you're designing and creating SaaS offerings.

In this book, Tod Golding, a global SaaS technical lead at AWS, provides an end-to-end view of the SaaS architectural landscape, outlining the practical techniques, strategies, and patterns that every architect must navigate as part of building a SaaS environment.

  • Describe, classify, and characterize core SaaS patterns and strategies
  • Identify the key building blocks, trade-offs, and considerations that will shape the design and implementation of your multi-tenant solution
  • Examine essential multi-tenant architecture strategies, including tenant isolation, noisy neighbor, data partitioning, onboarding, identity, and multi-tenant DevOps
  • Explore how multi-tenancy influences the design and implementation of microservices
  • Learn how multi-tenancy shapes the operational footprint of your SaaS environment

Publisher resources

View/Submit Errata

Table of contents

  1. Preface
    1. An Evolving Landscape
    2. Who’s This Book For?
    3. A Foundation—Not a Bible
    4. What’s Not in This Book
    5. Conventions Used in This Book
    6. Using Code Examples
    7. O’Reilly Online Learning
    8. How to Contact Us
    9. Acknowledgments
  2. 1. The SaaS Mindset
    1. Where We Started
    2. The Move to a Unified Model
    3. Redefining Multi-Tenancy
      1. Where Are the Boundaries of SaaS?
      2. The Managed Service Provider Model
    4. At Its Core, SaaS Is a Business Model
    5. Building a Service—Not a Product
    6. Defining SaaS
    7. Conclusion
  3. 2. Multi-Tenant Architecture Fundamentals
    1. Adding Tenancy to Your Architecture
    2. The Two Halves of Every SaaS Architecture
    3. Inside the Control Plane
      1. Onboarding
      2. Identity
      3. Metrics
      4. Billing
      5. Tenant Management
    4. Inside the Application Plane
      1. Tenant Context
      2. Tenant Isolation
      3. Data Partitioning
      4. Tenant Routing
      5. Multi-Tenant Application Deployment
    5. The Gray Area
      1. Tiering
      2. Tenant, Tenant Admin, and System Admin Users
      3. Tenant Provisioning
    6. Integrating the Control and Application Planes
    7. Picking Technologies for Your Planes
    8. Avoiding the Absolutes
    9. Conclusion
  4. 3. Multi-Tenant Deployment Models
    1. What’s a Deployment Model?
    2. Picking a Deployment Model
    3. Introducing the Silo and Pool Models
    4. Full Stack Silo Deployment
      1. Where Full Stack Silo Fits
      2. Full Stack Silo Considerations
      3. Full Stack Silo in Action
      4. Remaining Aligned on a Full Stack Silo Mindset
    5. The Full Stack Pool Model
      1. Full Stack Pool Considerations
      2. A Sample Architecture
    6. A Hybrid Full Stack Deployment Model
    7. The Mixed Mode Deployment Model
    8. The Pod Deployment Model
    9. Conclusion
  5. 4. Onboarding and Identity
    1. Creating a Baseline Environment
      1. Creating Your Baseline Environment
      2. Creating and Managing System Admin Identities
      3. Triggering Onboarding from the Admin Console
      4. Control Plane Provisioning Options
    2. The Onboarding Experience
      1. Onboarding Is Part of Your Service
      2. Self-Service Versus Internal Onboarding
      3. The Fundamental Parts of Onboarding
      4. Tracking and Surfacing Onboarding States
      5. Tier-Based Onboarding
      6. Tracking Onboarded Resources
      7. Handling Onboarding Failures
      8. Testing Your Onboarding Experience
    3. Creating a SaaS Identity
      1. Attaching a Tenant Identity
      2. Populating Custom Claims During Onboarding
      3. Using Custom Claims Judiciously
      4. No Centralized Services for Resolving Tenant Context
      5. Federated SaaS Identity
      6. Tenant Grouping/Mapping Constructs
      7. Sharing User IDs Across Tenants
      8. Tenant Authentication Is Not Tenant Isolation
    4. Conclusion
  6. 5. Tenant Management
    1. Tenant Management Fundamentals
      1. Building a Tenant Management Service
      2. Generating a Tenant Identifier
      3. Storing Infrastructure Configuration
    2. Managing Tenant Configuration
    3. Managing Tenant Lifecycle
      1. Activating and Deactivating a Tenant
      2. Decommissioning a Tenant
      3. Changing Tenant Tiers
    4. Conclusion
  7. 6. Tenant Authentication and Routing
    1. Entering the Front Door
      1. Access via a Tenant Domain
      2. Access via a Single Domain
      3. The Man in the Middle Challenge
    2. The Multi-Tenant Authentication Flow
      1. A Sample Authentication Flow
      2. Federated Authentication
      3. No One-Size-Fits-All Authentication
    3. Routing Authenticated Tenants
    4. Routing with Different Technology Stacks
      1. Serverless Tenant Routing
      2. Container Tenant Routing
    5. Conclusion
  8. 7. Building Multi-Tenant Services
    1. Designing Multi-Tenant Services
      1. Services in Classic Software Environments
      2. Services in Pooled Multi-Tenant Environments
      3. Extending Existing Best Practices
      4. Addressing Noisy Neighbor
      5. Identifying Siloed Services
      6. The Influence of Compute Technologies
      7. The Influence of Storage Considerations
      8. Using Metrics to Analyze Your Design
      9. One Theme, Many Lenses
    2. Inside Multi-Tenant Services
      1. Extracting Tenant Context
      2. Logging and Metrics with Tenant Context
      3. Accessing Data with Tenant Context
      4. Supporting Tenant Isolation
    3. Hiding Away and Centralizing Multi-Tenant Details
    4. Interception Tools and Strategies
      1. Aspects
      2. Sidecars
      3. Middleware
      4. AWS Lambda Layers/Extensions
    5. Conclusion
  9. 8. Data Partitioning
    1. Data Partitioning Fundamentals
      1. Workloads, SLAs, and Experience
      2. Blast Radius
      3. The Influence of Isolation
      4. Management and Operations
      5. The Right Tool for the Job
      6. Defaulting to a Pooled Model
      7. Supporting Multiple Environments
    2. The Rightsizing Challenge
      1. Throughput and Throttling
      2. Serverless Storage
    3. Relational Database Partitioning
      1. Pooled Relational Data Partitioning
      2. Siloed Relational Data Partitioning
    4. NoSQL Data Partitioning
      1. Pooled NoSQL Data Partitioning
      2. Siloed NoSQL Data Partitioning
      3. NoSQL Tuning Options
    5. Object Data Partitioning
      1. Pooled Object Data Partitioning
      2. Siloed Object Data Partitioning
      3. Database Managed Access
    6. OpenSearch Data Partitioning
      1. Pooled OpenSearch Data Partitioning
      2. Siloed OpenSearch Data Partitioning
      3. A Mixed Mode Partitioning Model
    7. Sharding Tenant Data
    8. Data Lifecycle Considerations
    9. Multi-Tenant Data Security
    10. Conclusion
  10. 9. Tenant Isolation
    1. Core Concepts
      1. Categorizing Isolation Models
      2. Application-Enforced Isolation
      3. RBAC, Authorization, and Isolation
      4. Application Isolation Versus Infrastructure Isolation
    2. The Layers of the Isolation Model
    3. Deployment-Time Versus Runtime Isolation
      1. Isolation Through Interception
      2. Scaling Considerations
    4. Real-World Examples
      1. Full Stack Isolation
      2. Resource-Level Isolation
      3. Item-Level Isolation
    5. Managing Isolation Policies
    6. Conclusion
  11. 10. EKS (Kubernetes) SaaS: Architecture Patterns and Strategies
    1. The EKS–SaaS Fit
    2. Deployment Patterns
      1. Pooled Deployment
      2. Siloed Deployments
      3. Mixing Pooled and Siloed Deployments
      4. The Control Plane
    3. Routing Considerations
    4. Onboarding and Deployment Automation
      1. Configuring Onboarding with Helm
      2. Automating with Argo Workflows and Flux
      3. Tenant-Aware Service Deployments
    5. Tenant Isolation
    6. Node Type Selection
    7. Mixing Serverless Compute with EKS
    8. Conclusion
  12. 11. Serverless SaaS: Architecture Patterns and Strategies
    1. The SaaS and Serverless Fit
    2. Deployment Models
      1. Pooled and Siloed Deployments
      2. Mixed Mode Deployments
      3. More Deployment Considerations
      4. Control Plane Deployment
      5. Operations Implications
    3. Routing Strategies
    4. Onboarding and Deployment Automation
    5. Tenant Isolation
      1. Pooled Isolation with Dynamic Injection
      2. Deployment-Time Isolation
      3. Simultaneously Supporting Silo and Pool Isolation
      4. Route-Based Isolation
    6. Concurrency and Noisy Neighbor
    7. Beyond Serverless Compute
    8. Conclusion
  13. 12. Tenant-Aware Operations
    1. The SaaS Operations Mindset
    2. Multi-Tenant Operational Metrics
      1. Tenant Activity Metrics
      2. Agility Metrics
      3. Consumption Metrics
      4. Cost-per-Tenant Metrics
      5. Business Health Metrics
      6. Composite Metrics
      7. Baseline Metrics
      8. Metrics Instrumentation and Aggregation
    3. Building a Tenant-Aware Operations Console
      1. Combining Experience and Technical Metrics
      2. Tenant-Aware Logs
      3. Creating Proactive Strategies
      4. Persona-Specific Dashboards
    4. Multi-Tenant Deployment Automation
      1. Scoping Deployments
      2. Targeted Releases
    5. Conclusion
  14. 13. SaaS Migration Strategies
    1. The Migration Balancing Act
      1. Timing Considerations
      2. What Kind of Fish Are You?
      3. Thinking Beyond Technology Transformation
    2. Migration Patterns
      1. The Foundation
      2. Silo Lift-and-Shift
      3. Layered Migration
      4. Service-by-Service Migration
      5. Comparing Patterns
      6. A Phased Approach
    3. Where You Start Matters
    4. Conclusion
  15. 14. Tiering Strategies
    1. Tiering Patterns
      1. Consumption-Focused Tiering
      2. Value-Focused Tiering
      3. Deployment-Focused Tiering
      4. Free Tiers
      5. Composite Tiering Strategies
      6. Billing and Tiering
      7. Tiering and Product-Led Growth
    2. Implementing Tiering
      1. API Tiering
      2. Compute Tiering
      3. Storage Tiering
      4. Deployment Models and Tiering
      5. Throttling and Tenant Experience
      6. Tier Management
    3. Operations and Tiering
    4. Conclusion
  16. 15. SaaS Anywhere
    1. The Fundamental Concepts
      1. Ownership
      2. Limiting Drift
      3. Multiple Flavors of Remote Environments
      4. Regional Deployments Versus Remote Resources
    2. Architecture Patterns
      1. Remote Data
      2. Remote Application Services
      3. Remote Application Plane
      4. Staying in the Same Cloud
      5. Integration Strategies
    3. Operations Impacts and Considerations
      1. Provisioning and Onboarding
      2. Access to Remote Resources
      3. Scale and Availability
      4. Operational Insights
      5. Deploying Updates
    4. Conclusion
  17. 16. GenAI and Multi-Tenancy
    1. Core Concepts
      1. The Influence of Multi-Tenancy
      2. Creating Custom Tenant AI Experiences
      3. A Broad Range of Possibilities
      4. SaaS and AI/ML
    2. Introducing Tenant Refinements
      1. Supporting Tenant-Level Refinement with RAG
      2. Supporting Tenant Refinement with Fine-Tuning
      3. Combining RAG and Fine-Tuning
    3. Applying General Multi-Tenant Principles
      1. Onboarding
      2. Noisy Neighbor
      3. Tenant Isolation
    4. GenAI Pricing and Tiering Considerations
      1. Developing a Pricing Model
      2. Creating Tiered Tenant Experiences
    5. Conclusion
  18. 17. Guiding Principles
    1. Vision, Strategy, and Structure
      1. Build a Business Model and Strategy
      2. A Clear Focus on Efficiency
      3. Avoiding the Tech-First Trap
      4. Thinking Beyond Cost Savings
      5. Be All-In with SaaS
      6. Adopt a Service-Centric Mindset
      7. Think Beyond Existing Tenant Personas
    2. Core Technical Considerations
      1. No One-Size-Fits-All Model
      2. Protect the Multi-Tenant Principles
      3. Build Your Multi-Tenant Foundation on Day One
      4. Avoid One-Off Customization
      5. Measure Your Multi-Tenant Architecture
      6. Streamline the Developer Experience
    3. Operations Mindset
      1. Thinking Beyond System Health
      2. Introducing Proactive Constructs
      3. Validating Your Multi-Tenant Strategies
      4. You’re Part of the Team
    4. Conclusion
  19. Index
  20. About the Author

Product information

  • Title: Building Multi-Tenant SaaS Architectures
  • Author(s): Tod Golding
  • Release date: April 2024
  • Publisher(s): O'Reilly Media, Inc.
  • ISBN: 9781098140649