tenant isolation in redis cluster

[Johny]

I'm planning to deploy a redis cluster (~25 nodes) for my enterprise application. Producer apps write data to cache every ~5 seconds into a redis hash keyed by some combination of attributes in input data, downstream consumer apps consume data from the cache every 1 min. Producer will overwrite existing keys while consumer has not consumed they keys yet. The values in cache needs to be transient. I also have multiple tenants (~50) and I want to have some degree of tenant isolation in order to reduce blast radius of an outage caused in the system or by a misbehaving tenant.

I've two questions:

1) For my requirement to keep data for short time in cache, I've 2 options - either 1) consumer app deletes the data after read, or 2) set TTL on cache entries to be ~1 min. What is the performance cost of either approach and which has a lower overhead?

2) For tenant isolation, I'm thinking of maintaining a separate hashmap for each tenant in Redis, then ensuring minimum overlapping between tenant hashes by doing partitioning in producer apps. Is this doable? Are there alternative approaches for tenant isolation in redis? From consumer side, I will allocate specific tenant id hashes to each consumer, again to minimize overlaps.

 

[Steve Lipinski]

What about prefixing (or suffixing) keys with the tenant name, or username.  Then using ACL to prevent cross-tenant access.