0. Introduction
A few days ago with friends, when friends say they own the company plans to engage in a saas system to meet business needs access to multiple third-party platforms. After our chat, really itchy intolerable, so it took two days to realize his two saas multi-tenant data isolation system implementation. As the saying goes, "Better Together alone", so I put my "research" to write, let everyone Lehe Lehe.
Before sharing my research, we first look at the definition of the relevant right. If you are familiar with this part of the students, you can skip it.
1. What is the saas system
Baidu Encyclopedia cited above description, "SaaS platform operators saas software platform provider for enterprises to build all .SaaS network infrastructure and software, hardware, operating platform of information required, and is responsible for all the early implementation, maintenance and other late range of services, enterprises need to purchase hardware and software, building a room, recruitment of iT staff, you can use the information system via the Internet .SaaS is a software distribution model, which is designed for application delivery network designed, user-friendly Internet hosting, deployment and access. "
In other words, I just need to be able to connect to the Internet, and pay rent to the platform saas, saas platform I can use the system to provide me with services. The most typical example in this regard is a variety of cloud platforms, such as Ali cloud. Since I use the service through the Internet saas platform, then other people are of course possible. This then creates a multi-tenant issues.
2. What is multi-tenant
Multi-tenant issues, in simple terms, is an architectural design approach, saas system is running on a single server or a group that can provide services to multiple tenants (customers), is designed to allow multiple tenants in the Internet environment under the program using the same set, and ensure data isolation between tenants. From this architecture model, not ugly out, focusing on multi-tenant architecture is the same data multiple tenants under a program of isolation. Since the tenant data is stored centrally, so to achieve data security, it is to see if you can achieve isolation of tenant data, tenant data to prevent inadvertent or malicious access and tampering others.
3. Data isolation scheme
Currently saas multi-tenant data isolation system has three solutions, each tenant shall provide separate databases, separate table space, according to field distinction between tenants, each program has its own applicable. Let's turn to explain these three programs.
3.1 Each tenant database systems to provide independent
Implementation of this solution is that all tenants share the same application, but the application will connect a plurality of backend database system, a database system using a single tenant. This scheme isolation of user data at the highest level, the best security, data between tenants can achieve physical isolation. But the cost is higher.
3.2 Each tenant separate table space
Implementation of this approach is that all the tenants share the same application, the application back-end system connected to only one database, all tenants share the database system, each tenant has a separate table space in the database system.
3.3 tenant id field distinguished by tenants
This scheme is a multi-tenant scenario simplest design approach, i.e., in each table are added for distinguishing a tenant field (e.g., the tenant or tenant id code) to identify each of the data to which the tenant belongs to which the foreign key role much like . When querying each statement should be added to the field as a filter condition, which is characterized by all tenants of the data are all stored in the same table, the isolation of the data is the lowest, entirely through the field to distinguish.
Advantages and disadvantages of the three data isolation scheme 4. Analysis
Isolation scheme |
cost |
Support the number of tenants |
advantage |
insufficient |
| Independent database system | high | less | The highest level of isolation, security best to meet the unique needs of different tenants, the event of failure to restore the data easier | Database requires a separate installation, high maintenance costs and acquisition costs |
| Shared database, a separate table space | in | More | Provides a degree of isolation of logical data, a database system can support multiple tenants | The event of a failure, data recovery is relatively complex |
| Id field is case by tenants | low | Much | Maintenance and purchase the lowest cost, the largest number of tenants per database that can be supported | Isolation lowest level, the lowest security, data backup and recovery are complex and require the table one by one by Backup and Restore |
5. Preparation of solutions for Tyrant
Let's say that in front of three data isolation solution are multiple tenants share an application instance. If you are a local tyrant, very not bad money, that here there is a tenant instance of an application solution, tailored directly to the local tyrant, 24k pure titanium.
This solution is based on load balancing system on the multi-instance, the access request is routed to the tenant of its own tenant system up. This deployment of multi-instance architecture, the code can be customized for each tenant, and the provision of special services. Of course, using this solution provides service tenants, that's certainly not bad money, can afford the high rents of the "big customer" was.
to sum up
Saas core of the problem to be solved is the system of tenant data segregation, we see to solve this problem there are several ways, which requires us to choose between business scenarios based on the actual situation.
The next article, we look at how to implement crud same table data according to different tenants tenant id field (ie CRUD). Spoilers ahead a bit, we will use springboot + mybatis plus data to achieve this isolation scheme.
Reference material
https://www.mingzhe.org/blog/2017/08/01/multiple-tenants-architecture-introduction/