Cloud Computing

Service Models
SaaS Multitenant DB Architecture
Proposed Solutions
Comparison
Recommendations
Cloud Computing refers to Computing over the Internet

The use of new or existing computing hardware and virtualization
technologies to form a shared infrastructure that enables web-based
value added services.

End users access cloud-based applications through a web browser or
a light-weight desktop or mobile app

The business software and user's data are stored on servers at a
remote location

a way to increase capacity or add capabilities on the fly
CLOUD COMPUTING
CLOUD COMPUTING
CLOUD COMPUTING
Readily available on demand
On-demand self-
service
Service is available via network
independent of user end device
Broad network
access
Accomplished through virtualization and
multi-tenancy
Resource
pooling
Provisioning/releasing of resources
Rapid elasticity
Provides pay-as-you-go service
Measured
service
SERVICE MODELS
SERVICE MODELS
The use of server, storage and virtualization to enable utility like
services for users

Pre-configured hardware is provided via a virtualized interface or
hypervisor.

Cloud users install operating-system images and their application
software on the cloud infrastructure

Examples:
Amazon EC2
Azure Services Platform
DynDNS
Google Compute Engine
Joyent
LeaseWeb
Rackspace Cloud, etc
SERVICE MODELS
Delivers platform including operating system, programming
language execution environment, database, and web server

Provides application hosting, development, testing and deployment
environment

Alleviates the need to buy and maintain the underlying hardware,
software and hosting facilities

Middle layer between SaaS and IaaS

Examples:
AWS Elastic Beanstalk
Heroku
Force.com,
Google App Engine
OrangeScape, etc
SERVICE MODELS
Delivers applications/services over the web

No upfront investment in servers or software licensing for users

pay-as-you-go model

Data and the software application are hosted centrally

Software application can be accessed without need to use
additional hardware or software

Examples:
Google Docs
Dropbox
Salesforce.com
Hotmail or Gmail
Microsoft Skydrive
Google Analytics, etc
SaaS MULTENANT DB ARCHITECTURE
MULTITENANCY

A technology that clouds use to share IT resources cost-efficiently
and securely among multiple tenants

Software architecture where a single instance of a software
application serves multiple customers

Ensures that one tenant operates in isolation from all others
Separate
databases
Shared
database,
separate
schema
Shared
database,
shared
schema
SaaS MULTENANT DB ARCHITECTURE
Simplest approach to data isolation with data being stored in
separate databases
SaaS MULTENANT DB ARCHITECTURE
It involves housing multiple tenants in the same database,
with each tenant having its own schema
SaaS MULTENANT DB ARCHITECTURE
It involves using the same database and the same set of
tables to host multiple tenants' data
SaaS MULTENANT DB ARCHITECTURE
PROPOSED SOLUTIONS
Solution 1
AN EFFICIENT SCHEMA SHARED APPROACH FOR CLOUD BASED
MULTITENANT DATABASE WITH AUTHENTICATION &
AUTHORIZATION FRAMEWORK
Solution 2
A NON-INTRUSIVE MULTI-TENANT DATABASE FOR LARGE SCALE
SAAS APPLICATIONS
PROPOSED SOLUTION 1
Multi-tenancy supported
architecture
Issues identification with
traditional apprach
Data isolation among
tenants data
Authentication and
authorization framework
for security
GOALS
PROPOSED SOLUTION 1
Decision for pre-defined number of columns (for custom fields)
Greater number of NULL values lead to wastage of space
Data type of columns
PROPOSED SOLUTION 1
Drawbacks
Size of Extension table is too large which may lead to performance
problems while data fetching from the database
Increased query processing time for insert, update and delete operations
PROPOSED SOLUTION 1
D
a
t
a

i
s
o
l
a
t
i
o
n

m
o
d
e
l

Shared
database,
shared
schema that
supports large
number of
tenants
O
p
t
i
m
i
z
e
d

d
a
t
a
b
a
s
e

s
c
h
e
m
a

Modified
extension
table for
efficient use of
space
D
a
t
a

s
e
c
u
r
i
t
y

Kerberos is
used for
authentication
and
authorization
PROPOSED SOLUTION 1
XML objects are used in the
extension table
reduced table size
eliminated primary table

XML document is dynamically
generated

XML object contains data of
entire row

Tags in XML object refers to the
name of table fields

Allows multiple table creation
for tenants

Table ids are used to associate
extension table data with its
respective table

PROPOSED SOLUTION 1
1. CRYPTOGRAPHY
For keys generation and
messages cryptography
class of .NET platform has
been used


2. VIEWS FOR TENANTS
Creation of views for
tenants to display
relevant information or
data

PROPOSED SOLUTION 1
3. KERBEROS PROTOCOL

For authentication and authorization

1) Getting the TGT from AS (authentication server)
2) Getting the SGT from TGS (ticket granting server)
3) Getting access to the server

A table is maintained for user permissions and is used for
authorization when user wants to perform some operation

PROPOSED SOLUTION 2
Cost effective database
sharing model
Gaps identification in
traditional databases
Data security among
tenants
Database scalability
GOALS
PROPOSED SOLUTION 2
Challenges Requirements Gaps
Low Cost
Low hardware, software & human resources
No cost-effective sharing and
isolation mechanism
Development cost developer to focus on logic
No logical view to easily access the
database
Flexibility
Customization database should be customizable

Database does not support
customization mechanisms
Diverse SLA contain all concerns about security,
encryption, backup techniques, etc.
SLA does not detail about any
access control mechanisms
Security Isolation
Security models to prevent access to other
tenants data;
Strict security isolation
Hierarchical ACL
Hybrid tenant types
Free sharing
Database does not support
security/control mechanisms
Scalability and
Availability
Applications should be scalable to support large
number of customers without affecting the existing
tenants services
Databases does not support
mechanisms for scalability,
availability and load balancing
PROPOSED SOLUTION 2
Separate databases
Shared database, separate schemas
Shared database, shared schema
Data Isolation
Filter-based pattern in application level
Permission-based pattern in DBMS level (Row
level access control mechanism because of
shared schema)
Data Security
Reserved field pattern is used for custom
fields
Template based approach is used for SLA to
fulfill tenants requirements
Flexibility
PROPOSED SOLUTION 2
Architecture leverages (for dynamic request routing)
database clustering
routing mechanisms
load balancing
Large Scale
Scalability
Leverage Data Clustering: improves data retrieval
performance
Caching Mechanism: improves metadata repository
access mechanism with low cost
Load Balancing: improves the tenants request serving
by effective resources utilization
Performance
Optimization
PROPOSED SOLUTION 2
COMPARISON
DATA ISOLATION

Solution
1
Supports only shared schema
Does not provide full isolation
Needs more powerful security mechanisms
2
Supports all three db models
Supports from full isolated dbs to shared dbs
DATA SECURITY

Solution
1
Uses Kerberos protocol for authentication and authorization
managing a table for permissions
2
Application level security
Filter the request based on the tenant identification
DBMS level security
Table/row level access control mechanism db models
COMPARISON
DATA STORAGE

Solution
1
Uses XML based data storage
consumes less space (single row per record)
2
Uses normal extension table approach
consumes more space in comparison with XML based version
FLEXIBILITY

Solution
1
Uses XML extended table field pattern that allows for any
number of custom fields to be added by the tenant
2
It uses reserved extended table field pattern that pre-defines a
fixed number of table columns
COMPARISON
SCALABILITY

Solution
1 Not supported
2
It supports;
Database clustering
Routing mechanisms
Load balancing
PERFORMANCE OPTIMIZATION

Solution
1 Optimized performance for insert/update/delete operations
2
Implemented;
Data clustering
Caching mechanism
Tenant based load balancing
RECOMMENDATIONS
Backup strategies should be implemented to provide
immediate restoration in case of failure.
Ex: Full backup, Differential backup, Incremental
backup, Continuous backup

Data that needs greater security should be saved in
encrypted form so that no one can access the information
easily

Some key generation algorithm should be used for
generating the unique ids used within the tables (TenantID,
TableID)