Multitenancy is not just another cloud buzzword. Without the right tools, the problems stemming from multitenant environments can wreak havoc on your organization’s ability to move quickly and meet the demands of the business. If you are facing management issues related to multitenancy, it’s probably time to start evaluating cloud architecture options to help manage all these internal and external customers. The right multitenancy tools can offer your organization cost savings, flexibility, scalability, and security.

 

Your enterprise needs to meet the demands of new workloads, and also to make sure that there’s no impact on existing workloads. As a service provider to external or internal customers, you must ensure that your tenants have secure isolation and consistent levels of service.

 

To understand the complexities of multitenancy, think of the hotel analogy. Multiple people (tenants) stay at the hotel, sharing infrastructure such as plumbing, electricity, heating, amenities, and front-desk support. These tenants have their own living spaces separate from one another and can secure their own belongings. Offering secure cloud storage to multiple customers is similar; each customer expects to have their own secure resources.

 

Multitenant architectures are popular in cloud computing because they enable efficient use of resources while lowering costs through economies of scale. However, there are possible drawbacks in the areas of security, quality of service, and manageability.

 

NetApp® StorageGRID® is software-defined, on-premises object storage built specifically for secure multitenancy. The StorageGRID multitenancy functionality makes it simple to manage tenant data securely from within a single shared storage solution that is easy to manage and scale.

StorageGRID solves the top three challenges of multitenancy

1. Security and privacy: No risk to your customers’ data.

When tenants use a shared infrastructure, the primary concern is, “Will my data be secure and accessible only to me.” Using the hotel analogy, tenants expect secure access to the building facilities as well as to their own room.

 

With StorageGRID, each tenant has their own secure root account and tenant portal. In the tenant portal they can manage users, groups, permissions, and buckets as well leverage external resources (Simple Notification Services, Elasticsearch, and bucket mirroring). See Managing system access for tenant users.

 

StorageGRID can also integrate and synchronize with an identity-management system such as Active Directory (AD) or the Lightweight Directory Access Protocol (LDAP) service.

 

As with any S3 storage, on the bucket level a unique access key and secret key credentials are required. Furthermore, robust S3 functionality allows configurations of group and bucket policies to restrict group access and S3 operations.

 

For every new tenant, the grid administrator can either provide a tenant account and allow self-service of bucket and user creation, or manage the tenant and expose only a bucket endpoint that is specific for the tenant.

2. Quality control: Keep the neighbors happy.

When infrastructure is shared, there is always a concern that a single tenant may overuse system resources. In the hotel analogy, this would be a “noisy neighbor.”

 

StorageGRID addresses this situation by using quality of service features like load balancing and workload monitoring, as well as tenant quotas that can be configured to limit storage usage.

 

Another way to keep tenants in check is with rules and traffic classifiers. The StorageGRID information lifecycle management rules allows administrators to manage data placement of a tenant depending on their service level agreement.

 

StorageGRID 11.4 introduced traffic classifiers, which can implement bandwidth and rate-limiting controls on a per-tenant basis.

 

In combination, these features offer the best approach to prevent a single tenant from being a noisy neighbor and impacting other tenants.

Scalability and management: Don’t get stuck in the trap of bad scaling.

Scaling is important because infrastructure is shared between multiple users. Good scaling benefits everyone. However, it must be nondisruptive and simple to manage.

 

StorageGRID is a scale-out system designed to be highly available and durable without a single point of failure. Expansions are easy to perform and don’t disrupt service. You can add new storage nodes or expansion shelves to StorageGRID to increase capacity and improve performance.

 

As the number of tenants increases, StorageGRID keeps it simple. Tenants can manage themselves via a unique self-sign-in portal. NetApp also provides Ansible playbooks to make tenant configuration automated. See Automating StorageGRID Operations with Ansible.

Jonathan Wong

Jonathan is a Technical Marketing Engineer specializing in NetApp StorageGRID. His experience focuses on pre-sales, implementations, and performance testing. He has provided training to sales teams and partners, as well as co-published many technical reports for StorageGRID. Prior to NetApp, he worked in the network and computer security space and holds a Computer Engineering degree.

Add comment