Why Multitenancy Matters In The Cloud

[amisra]

There’s a debate in the software industry over whether multitenancy is
a prerequisite for cloud computing. Those considering using cloud apps
might question if they should care about this debate. But they should
care, and here’s why: multitenancy is the most direct path to spending
less and getting more from a cloud application.

I sit firmly in the multitenancy camp. A multitenant architecture is
when customers share an app in the cloud, while a single-tenant cloud
app is similar, if not identical, to the old hosted model. But compare
two subscription-based cloud apps side by side--with the only
difference being that one is multitenant and the other is single-
tenant--and the multitenant option will lower a customer’s costs and
offer significantly more value over time. In fact, the higher the
degree of multitenancy (meaning the more a cloud provider’s
infrastructure and resources are shared), the lower the costs for
customers.

It’s a matter of simple revenue and cost economics of cloud
services....

Read full article at:

http://www.informationweek.com/cloud-computing/blog/archives/2010/02/why_multitenanc.html?catid=cloud-computing

Alok Misra

[Rao Dronamraju]

Alok,

Multi-tenancy is definitely the most disruptive technological and business model of Cloud Computing. But I think it depends on multi-tenancy at what / which leve?...

Multi-tenancy at IaaS level involves lot LESS RISK. Whereas multi-tenancy at SaaS level is LOT MORE RISKY. As we all know, it always a matter of trade-off between RISK and REWARDS.

At IaaS level multi-tenancy, you can deploy a VDC - Virtual Data Center in which the assets are virtually separated and seggregated for each tenent. But at a SaaS level, if multi-tenancy is implemented in one instance of an applicsation, the problem is multiple tenent data will co-exist in the same address space and hence higher probability of breach occuring. You can always create sandboxes and containers but it is not the same from a security perspective of having separate address spaces. For instance, if you have a single DBMS supporting multiple clients applications, even though you can partition the database, you still have multiple application data at the server level exposed. This is a serious security techncal hole that can be breached. Imagine taking a core dump of a such a server and walla, you have the data (hopefully credit card data:-)) of multiple clients  at your disposal.

So I would not suggest multi-tenancy at SaaS level yet. I think security solutions have to catchup for this at SaaS level. At this time it is better to host a DBMS in a VM of its own. But multi-tenancy at IaaS level is fine. I think the technologies and solutions are available for this, the GRC processes have to catchup with CC multi-tenancy.

My 2000000000000000000000000000 Zimbabwean Dollars = 2 Cents!:-)

--

~~~~~

Register Today for Cloud Slam 2010 at official website - http://cloudslam10.com

Posting guidelines: http://groups.google.ca/group/cloud-computing/web/frequently-asked-questions

Follow us on Twitter http://twitter.com/cloudcomp_group or @cloudcomp_group

Post Job/Resume at http://cloudjobs.net

Buy 88 conference sessions and panels on cloud computing on DVD at

http://www.amazon.com/gp/product/B002H07SEC, http://www.amazon.com/gp/product/B002H0IW1U or get instant access to downloadable versions at http://cloudslam09.com/content/registration-5.html

~~~~~

You received this message because you are subscribed to the Google Groups "Cloud Computing" group.

To post to this group, send email to cloud-c...@googlegroups.com

To unsubscribe from this group, send email to cloud-computi...@googlegroups.com

[Malay Das]

Well! 

For me I am not that sure for these reasons -

1. Multi-tenancy apps require high level architecture, planning (time) and development skills, especially without much help from tool kits. Not sure when those will arrive, while we still waiting for automatic parallelization toolkits to exploit multi-core architecture (AFAIK)

2. Hardware cost, when considered cloud is very cheap (compared to effort required to enable sharing)

3. Multi-tenancy restricts the amount of variance possible in a single deployment model (multiple process variances from a single code base). Possible with time consuming and thorough planning (again cost)

4. Application life is short ( possibly 2-3 years) when something better shows up, especially for app vendors when cloud computing is lowering the entry barrier from infrastructure perspective.

So, unless there is clear leadership and market share with visibility for investment recovery over long time, the investment required for multi-tenancy may not be the best strategy. Again it depends. May be check book is a better strategy. Also ASP with cloud (appliance model with tons of automation and normalized functions) is different than earlier.

This is based on some article I read but do not remember the source anymore (apologies)

Malay

[Jan Klincewicz]

I agree from an economic point of view, multi-tenancy offers the best bang for the buck.  I do suspect, though, that there will be instances of "dedicated" hosts / networks, etc. available from off-premise Providers which will fall under the "Cloud" umbrella, albeit at a premium price.

--
~~~~~
Register Today for Cloud Slam 2010 at official website - http://cloudslam10.com
Posting guidelines: http://groups.google.ca/group/cloud-computing/web/frequently-asked-questions
Follow us on Twitter http://twitter.com/cloudcomp_group or @cloudcomp_group
Post Job/Resume at http://cloudjobs.net
Buy 88 conference sessions and panels on cloud computing on DVD at
http://www.amazon.com/gp/product/B002H07SEC, http://www.amazon.com/gp/product/B002H0IW1U or get instant access to downloadable versions at http://cloudslam09.com/content/registration-5.html

~~~~~
You received this message because you are subscribed to the Google Groups "Cloud Computing" group.
To post to this group, send email to cloud-c...@googlegroups.com
To unsubscribe from this group, send email to cloud-computi...@googlegroups.com

--
Cheers,
Jan

[Miha Ahronovitz]

" There's a debate in the software industry over whether multi-tenancy is a
prerequisite for cloud computing"

I have never heard of such a debate, although many people debate anything.
Multi-tenancy is NOT a pre-requisite for cloud computing. Multi-tenancy is
multi-tenancy, full stop.

What is a differentiator for cloud computing is the ability to offer
pay-per-use at the same service level for people paying the same fees. If
you do this from a single and or multi-tenancy provider, if you do this from
your own infrastructure or an IaaS rented infrastructure or payable per-use
IaaS as well, nobody cares.

Miha

-----Original Message-----
From: cloud-c...@googlegroups.com
[mailto:cloud-c...@googlegroups.com] On Behalf Of amisra
Sent: Monday, March 01, 2010 10:35 AM
To: Cloud Computing
Subject: [ Cloud Computing ] Why Multitenancy Matters In The Cloud

Read full article at:

http://www.informationweek.com/cloud-computing/blog/archives/2010/02/why_mul
titenanc.html?catid=cloud-computing

Alok Misra

--
~~~~~
Register Today for Cloud Slam 2010 at official website -
http://cloudslam10.com
Posting guidelines:
http://groups.google.ca/group/cloud-computing/web/frequently-asked-questions
Follow us on Twitter http://twitter.com/cloudcomp_group or @cloudcomp_group
Post Job/Resume at http://cloudjobs.net
Buy 88 conference sessions and panels on cloud computing on DVD at
http://www.amazon.com/gp/product/B002H07SEC,
http://www.amazon.com/gp/product/B002H0IW1U or get instant access to
downloadable versions at http://cloudslam09.com/content/registration-5.html

~~~~~
You received this message because you are subscribed to the Google Groups
"Cloud Computing" group.
To post to this group, send email to cloud-c...@googlegroups.com
To unsubscribe from this group, send email to
cloud-computi...@googlegroups.com

No virus found in this incoming message.
Checked by AVG - www.avg.com
Version: 9.0.733 / Virus Database: 271.1.1/2716 - Release Date: 02/28/10
23:34:00

[Fred van den Bosch]

Interesting discussion. I very much agree that multi-tenancy can yield the
most efficient use of cloud resources and thus lower the costs for the
application users. However, building a multi-tenant app can be significantly
more complex than building a single tenant app, since the application needs
to handle the resource scheduling (very much like an Operating System) and
resource accounting on a per-user level. For smaller vendors or short-lived
applications this can just be too large of an investment to make. There are
tools however that can take much of that burden off the shoulders of the
application developer. We are working with several SaaS/PaaS vendors that
use our Load Manager to do just that.

Fred van den Bosch

[Jayarama Shenoy]

Isn't it a bit ironic that operating systems were largely designed and tested to be multi-tasking, but application developers did not want to 'risk' it by having multiple applications in the same server and we ended up first with server sprawl and then with server virtualization (not the only use, but certainly a big reason for mass adoption).

And now, where apps (& databases) had been developed without any real multi-tenancy in mind - we are considering just that.

If you have a good VM provisioning & deployment system, then what is the huge savings involved in multi-tenancy besides SW licensing costs (and if even the multi-tenanted app is going to run on a VM itself too, because there are other good reasons to do so)?

Granted  there are overheads in spinning up many VMs (and the attendant OS footprints in memory & storage).

---

Hotmail: Trusted email with Microsoft’s powerful SPAM protection. Sign up now.

[sandip]

Cloud implementations may not necessarily be multitentant at all
levels of the infrastructure and for all apps. Additional level of
clarification...Cloud implementations may not necessarily use
virtualization too...it could be a combination of dedicated/virtual
infrastructure

Most of the consumer apps are multitentant...same app, same db, same
infrastructure

For real multi tenancy to succeed you need fault, resource, functional
and performance isolation at all levels of the infrastructure. We see
that some enterprises are asking for a "hosted private cloud" with
nothing shared...or no multitenancy required. Although their
application may be multi-tenant. In fact we have instances where the
multi-tenant application has some layers of the app infrastructure
(web, app server) shared,but DB/storage is not shared at all.

Sandip

On Mar 1, 11:03 am, "Rao Dronamraju" <rao.dronamr...@sbcglobal.net>
wrote:

> http://www.informationweek.com/cloud-computing/blog/archives/2010/02/...

> titenanc.html?catid=cloud-computing
>
> Alok Misra
>
> --
> ~~~~~
> Register Today for Cloud Slam 2010 at official website -http://cloudslam10.com

> Posting guidelines:http://groups.google.ca/group/cloud-computing/web/frequently-asked-qu...
> Follow us on Twitterhttp://twitter.com/cloudcomp_groupor @cloudcomp_group
> Post Job/Resume athttp://cloudjobs.net
> Buy 88 conference sessions and panels on cloud computing on DVD athttp://www.amazon.com/gp/product/B002H07SEC,http://www.amazon.com/gp/product/B002H0IW1Uor get instant access to
> downloadable versions athttp://cloudslam09.com/content/registration-5.html

>
> ~~~~~
> You received this message because you are subscribed to the Google Groups
> "Cloud Computing" group.
> To post to this group, send email to cloud-c...@googlegroups.com
> To unsubscribe from this group, send email to

> cloud-computi...@googlegroups.com- Hide quoted text -
>
> - Show quoted text -

[amisra]

Hi folks,

Thanks for your very interesting thoughts. I agree with you -
regardless of definitions, it is expensive and cumbersome.

Instead of building, has anyone considered a multitenant PaaS such as
Force.com or LongJump?

Alok Misra

[Greg Pfister]

+1 to the comments by Rao and Miha and Fred, with this additional
$2x10E-2:

To me, this sounds suspiciously like the "private clouds are
impossible, anathema, evil, not clouds" discussion.

Cloud computing refers to a technology, and an operations model, and a
business model. Some, not all, of the ops/business models incorporate
multitenancy, as one of a number of possible tradeoffs.

Greg Pfister
http://perilsofparallel.blogspot.com/

> http://www.informationweek.com/cloud-computing/blog/archives/2010/02/...
>
> Alok Misra

[Ricky Ho]

I think the term "multi-tenancy" is not very well-defined.

If we think "multi-tenancy" means resource sharing, then having two application sitting on 2 hypervisor on the same machine is "multi-tenancy". Then IaaS is pretty much always "multi-tenant".

If we think "multi-tenancy" means sharing the same RDBMS table, then IaaS is not multi-tenant at all.

So we need to know at "which level of sharing" are we talking about, because the isolation mechanism as well as economic model can vary a lot. Without such clarification, we cannot quantify the amount of risks exposed vs the amount of cost savings.

We can also think "multi-tenancy" as a set of customization techniques such that a domain-specific application can be built in such a way that it is highly customizable to serve a specific need. This is about how to determine the boundary of generalization / specialization, what is configurable behavior mean and how to capture configuration parameters in a highly efficient way ... This will be a very different discussion from resource sharing.

I think "multi-tenancy" by itself is an interesting topic, but don't see a strong link (or prerequisite) to cloud computing. (although some cloud provider offers that).

Rgds,
Ricky

----- Original Message ----
From: amisra <alok_...@hotmail.com>
To: Cloud Computing <cloud-c...@googlegroups.com>
Sent: Mon, March 1, 2010 10:35:17 AM
Subject: [ Cloud Computing ] Why Multitenancy Matters In The Cloud

Read full article at:

http://www.informationweek.com/cloud-computing/blog/archives/2010/02/why_multitenanc.html?catid=cloud-computing

Alok Misra

--
~~~~~

Register Today for Cloud Slam 2010 at official website - http://cloudslam10.com
Posting guidelines: http://groups.google.ca/group/cloud-computing/web/frequently-asked-questions
Follow us on Twitter http://twitter.com/cloudcomp_group or @cloudcomp_group
Post Job/Resume at http://cloudjobs.net
Buy 88 conference sessions and panels on cloud computing on DVD at

http://www.amazon.com/gp/product/B002H07SEC, http://www.amazon.com/gp/product/B002H0IW1U or get instant access to downloadable versions at http://cloudslam09.com/content/registration-5.html

[Fred van den Bosch]

The challenge with multitenant apps that are hosted on infrastructure clouds is that these clouds provision VM’s with a limited number of configurations, and one cannot run VM’s inside VM’s.

 

Fred van den Bosch

[Barr, Bill]

Many of us (those who are old enough) still know how to write multi-user apps from our days on mainframes, minicomputers and headless unix systems. It’s the desktop-raised crowd who don’t know how. The more things change …

[Fred van den Bosch]

Ricky,

I agree that multi-tenancy issues are not specific for cloud environments,
but IaaS clouds present some specific challenges for hosting multi-tenant
applications:

- Cloud server instances (at least today) only come in a few configurations.
What if I want to support hundreds or thousands of users, each requiring
much less resource than even the smallest cloud server instance provides?
Firing up a server instance per user would be very expensive.
- Cloud server instances are virtual machines, and one cannot run VM's
inside VM's.

Fred

[Jayarama Shenoy]

Fred,

I'm afraid I didn't quite understand why one would need or want to run VM's inside VMs.

Without multi-tenancy - wouldn't you be doing "n" instances of a a VM each of which hosts a single tenanted application?
As opposed to with multi-tenancy: one instance of a VM that has a multi-tenanted application with "n" tenants sharing it?
In the first case, you'd rely on the hypervisor to do resource protection and resource scheduling. Perhaps even QoS type policing. (All of which have to be otherwise built into a multi-tenant app as you pointed out).

Or - did you mean that the "small" VM instances available are not small enough (and so "n" per physical server is not large enough). In which case, to compare, would you be running 10's of tenants per instance or 100's or 1000's in a multi-tenanted application? The latter numbers are easier to do at the app level than at the VM level - but you do run a risk of oversubscription problems at some point that become disruptive to service levels and hence not worth it.

Jay

p.s. I'm mostly a storage guy - I don't really care (in this phase of my career) either way as long as you folks keep those IOPS and terabytes coming.

---

From: fr...@fredvandenbosch.com
To: cloud-c...@googlegroups.com
Subject: RE: [ Cloud Computing ] Why Multitenancy Matters In The Cloud

Date: Mon, 1 Mar 2010 16:07:14 -0800

Hotmail: Trusted email with powerful SPAM protection. Sign up now.

[Jim Starkey]

Ricky Ho wrote:
> I think the term "multi-tenancy" is not very well-defined.
>
>

Multi-tenancy means that none of a set of systems sharing resources can
detect the presence of the another.

--
Jim Starkey
NimbusDB, Inc.
978 526-1376

[Jim Starkey]

Jayarama Shenoy wrote:
> Isn't it a bit ironic that operating systems were largely designed and
> tested to be multi-tasking, but application developers did not want to
> 'risk' it by having multiple applications in the same server and we
> ended up first with server sprawl and then with server virtualization
> (not the only use, but certainly a big reason for mass adoption).

Let be fair. The problem is that a modern application platform (say,
Linux) has two dozen layered services each a number of incompatible
versions, and any application is dependent on a specific cross section
of versions. MySQL, for example, has 4.x, 5.0, 5,1, 5,2x, all mutually
incompatible. At the same time, Apache has four flavors of 1.3x and
five flavors of 2.x.y, all mutually incompatible. The combinatorial
result boggles the imagination -- and the skill of as system administrator.

But that's hopeless. Time to move on.

> ------------------------------------------------------------------------
> Hotmail: Trusted email with Microsoft�s powerful SPAM protection. Sign
> up now. <http://clk.atdmt.com/GBL/go/201469226/direct/01/> --

> ~~~~~
> Register Today for Cloud Slam 2010 at official website -
> http://cloudslam10.com
> Posting guidelines:
> http://groups.google.ca/group/cloud-computing/web/frequently-asked-questions
> Follow us on Twitter http://twitter.com/cloudcomp_group or
> @cloudcomp_group
> Post Job/Resume at http://cloudjobs.net
> Buy 88 conference sessions and panels on cloud computing on DVD at
> http://www.amazon.com/gp/product/B002H07SEC,
> http://www.amazon.com/gp/product/B002H0IW1U or get instant access to
> downloadable versions at
> http://cloudslam09.com/content/registration-5.html
>
> ~~~~~
> You received this message because you are subscribed to the Google
> Groups "Cloud Computing" group.
> To post to this group, send email to cloud-c...@googlegroups.com
> To unsubscribe from this group, send email to
> cloud-computi...@googlegroups.com

--

[Fred van den Bosch]

Jay,

 

I did indeed mean that the “small” cloud server instances are not small enough (typically 1 core or 0.5 core). This may be way more than what an individual user of an application requires, so using one server instance per application would yield very low utilization of server instances. Even if the average resource consumption per user would be the same or larger than the smallest server instance, one still needs to over-provision to deal with peaks. A multi-tenant application serves many users in parallel and therefore can do a much better job when it comes to over-provisioning as well. Hope this clarifies my point.

 

Fred

[Fred van den Bosch]

Jay,

 

I should of course add that it’s possible to run multiple (many) application instances in parallel on a single (virtual) server instance and manage their resource consumption by using a traditional workload management approach (see the recent discussion on “What is a sponge?”; http://groups.google.com/group/cloud-computing/t/58fb80a7a1090098, and http://www.librato.com/products/load_manager). So the limited configuration flexibility of infrastructure clouds can be overcome. If one combines workload management with application virtualization, there also is complete isolation between the application instances.

 

Fred

[Ray Nugent]

Fred, I think you mixed some apples with your oranges. A user may not need a core or even half a core, but how many single user apps are there? The application probably serves many user who are members of a Tenant and so an application would likely need at least 1 core to provide decent performance (plus cores are getting so cheap that it may not make financial sense to fractionalize them). So I'm not all that sure of the case for fractional core VMs.  Even with single core applications that's still much more fine grained than you'd get with hardware typically.

Ray

---

From: Fred van den Bosch <fr...@fredvandenbosch.com>
To: cloud-c...@googlegroups.com
Sent: Mon, March 1, 2010 8:47:34 PM

[Ray Nugent]

Most consumer apps are multi-user not multi-tenant. Unless you mean that having an "account" of any type is multi-tenant. I would argue that the lowest level of multi-tenant means the tenant is a group of users larger than 1.

Ray

---

From: sandip <sandip...@gmail.com>
To: Cloud Computing <cloud-c...@googlegroups.com>
Sent: Mon, March 1, 2010 1:30:25 PM
Subject: [ Cloud Computing ] Re: Why Multitenancy Matters In The Cloud

Register Today for Cloud Slam 2010 at official website - http://cloudslam10.com
Posting guidelines: http://groups.google.ca/group/cloud-computing/web/frequently-asked-questions
Follow us on Twitter http://twitter.com/cloudcomp_group or @cloudcomp_group
Post Job/Resume at http://cloudjobs.net
Buy 88 conference sessions and panels on cloud computing on DVD at

http://www.amazon.com/gp/product/B002H07SEC, http://www.amazon.com/gp/product/B002H0IW1U or get instant access to downloadable versions at http://cloudslam09.com/content/registration-5.html

[Jayarama Shenoy]

So, how does elasticity work in a multi-tenancy case? Say 100 tenants share an app on a server (by which I would think they go all the way down to a shared database). Then,say, five of them grow quite rapidly such that they need to be moved off that server, and the other 95 can continue to exist on the original server. 

So 'something' in the application has to know how to pick off the records that belong to these five, copy it off into a second instance of that database and kill, move & restore application service for those tenants. (Of course, without being privy to the data contained in those records). And of course there's an implied load balancer element in front of all this to keep up appearances to the clients. 

{ BTW trying to figure this out. if this is too elementary - tell me so.}

---

From: fr...@fredvandenbosch.com
To: cloud-c...@googlegroups.com
Subject: RE: [ Cloud Computing ] Why Multitenancy Matters In The Cloud

Date: Mon, 1 Mar 2010 20:47:34 -0800

---

Your E-mail and More On-the-Go. Get Windows Live Hotmail Free. Sign up now.

[gopu.r...@wipro.com]

Hi

 

There are reference design and architecture documents available for IAAS from Cisco/Netapp/VMware . I also read similar documents from Altor networks on Multi tenancy model in terms of security and access.

http://www.cisco.com/en/US/docs/solutions/Enterprise/Data_Center/Virtualization/securecldg.html

http://static2.altornetworks.com/docs/SolutionBrief-JuniperIDP.pdf

 

For PAAS /SAAS type CC model is still complex . Security companies are working and provide solutions using SSL Protocol and Vendors need to have Set of Certificate servers for all the Cloud Seekers with SSO’s. And I’m not sure how the architecture would look like    

 

Regards

 

R.Gopu

 

[Fred van den Bosch]

Ray,

 

The question is what “sharing an application between customers” means (which is where this discussion started). One would assume that multiple instances of the “shared” application will each be shared between users from different customers or “tenants”, but each application instance is essentially a multi-user application that (in a cloud) has the need to manage resource consumption per customer (and thus per user). Tenants can be as small as a single user or a few users of course, and each user may only occasionally use the application, which means that the processor resources required to serve a specific tenant at each point in time could be far below a single core.

 

Fred

 

From: cloud-c...@googlegroups.com [mailto:cloud-c...@googlegroups.com] On Behalf Of Ray Nugent

Sent: Monday, March 01, 2010 9:23 PM
To: cloud-c...@googlegroups.com

[Ray Nugent]

This is a pretty common problem in SaaS and it would be nice if the application was smart enough to do this but, more often than not, it's an admin function today. The real fun is what happens when a single tenant exceeds a single server...

---

From: Jayarama Shenoy <jnsh...@hotmail.com>
To: cloud-c...@googlegroups.com
Sent: Mon, March 1, 2010 11:39:06 PM

[Jayarama Shenoy]

That (share web,app layers but decouple the DB/storage) is an interesting hybrid that completely takes care of the elasticity question I had before. Seems (at 100K altitude) to be an easier path towards improving resource utilization (which might be the only significant benefit of multi-tenancy).

It also illustrates that the tougher problem is the data (as Rob Peglar had pointed out here). 

Jay

> Date: Mon, 1 Mar 2010 13:30:25 -0800
> Subject: [ Cloud Computing ] Re: Why Multitenancy Matters In The Cloud
> From: sandip...@gmail.com
> To: cloud-c...@googlegroups.com

> Register Today for Cloud Slam 2010 at official website - http://cloudslam10.com
> Posting guidelines: http://groups.google.ca/group/cloud-computing/web/frequently-asked-questions
> Follow us on Twitter http://twitter.com/cloudcomp_group or @cloudcomp_group
> Post Job/Resume at http://cloudjobs.net
> Buy 88 conference sessions and panels on cloud computing on DVD at

> http://www.amazon.com/gp/product/B002H07SEC, http://www.amazon.com/gp/product/B002H0IW1U or get instant access to downloadable versions at http://cloudslam09.com/content/registration-5.html

>
> ~~~~~
> You received this message because you are subscribed to the Google Groups "Cloud Computing" group.
> To post to this group, send email to cloud-c...@googlegroups.com
> To unsubscribe from this group, send email to cloud-computi...@googlegroups.com

---

Hotmail: Powerful Free email with security by Microsoft. Get it now.

[Vic Winkler]

@Ray

Not clear what you mean by "The real fun is what happens when a single tenant exceeds a single server..." 

?  There are operating systems that would manage scaling apps across servers.

? There have been cloud IaaS implementations that allow single tenants multiple servers.

I am simply not clear as to what you intended by that statement.

vic

> http://www.amazon.com/gp/product/B002H07SEC, http://www.amazon.com/gp/product/B002H0IW1U or get instant access to downloadable versions athttp://cloudslam09.com/content/registration-5.html

> 
> ~~~~~
> You received this message because you are subscribed to the Google Groups "Cloud Computing" group.
> To post to this group, send email to cloud-c...@googlegroups.com
> To unsubscribe from this group, send email to cloud-computi...@googlegroups.com

---

Hotmail: Trusted email with Microsoft’s powerful SPAM protection. Sign up now.

-- 
~~~~~
Register Today for Cloud Slam 2010 at official website - http://cloudslam10.com
Posting guidelines: http://groups.google.ca/group/cloud-computing/web/frequently-asked-questions
Follow us on Twitter http://twitter.com/cloudcomp_group or @cloudcomp_group
Post Job/Resume at http://cloudjobs.net
Buy 88 conference sessions and panels on cloud computing on DVD at 

http://www.amazon.com/gp/product/B002H07SEC, http://www.amazon.com/gp/product/B002H0IW1U or get instant access to downloadable versions athttp://cloudslam09.com/content/registration-5.html

 
~~~~~
You received this message because you are subscribed to the Google Groups "Cloud Computing" group.
To post to this group, send email to cloud-c...@googlegroups.com
To unsubscribe from this group, send email to cloud-computi...@googlegroups.com

-- 
~~~~~
Register Today for Cloud Slam 2010 at official website - http://cloudslam10.com
Posting guidelines: http://groups.google.ca/group/cloud-computing/web/frequently-asked-questions
Follow us on Twitter http://twitter.com/cloudcomp_group or @cloudcomp_group
Post Job/Resume at http://cloudjobs.net
Buy 88 conference sessions and panels on cloud computing on DVD at 

http://www.amazon.com/gp/product/B002H07SEC, http://www.amazon.com/gp/product/B002H0IW1U or get instant access to downloadable versions athttp://cloudslam09.com/content/registration-5.html

-- 
~~~~~
Register Today for Cloud Slam 2010 at official website - http://cloudslam10.com
Posting guidelines: http://groups.google.ca/group/cloud-computing/web/frequently-asked-questions
Follow us on Twitter http://twitter.com/cloudcomp_group or @cloudcomp_group
Post Job/Resume at http://cloudjobs.net
Buy 88 conference sessions and panels on cloud computing on DVD at 

http://www.amazon.com/gp/product/B002H07SEC, http://www.amazon.com/gp/product/B002H0IW1U or get instant access to downloadable versions athttp://cloudslam09.com/content/registration-5.html

 
~~~~~
You received this message because you are subscribed to the Google Groups "Cloud Computing" group.
To post to this group, send email to cloud-c...@googlegroups.com
To unsubscribe from this group, send email to cloud-computi...@googlegroups.com

--------------------------------------------------------------------------------

  Vic Winkler

  http://Ground-Wire.com

  V...@VicWinkler.COM

  Formerly: 

  Chief Technologist Security, Sun Cloud Operations

  Sun Microsystems   

  703 622-7111 (mobile)  -&- 703 925-9020 (home office)

--------------------------------------------------------------------------------

[Vic Winkler]

@ Ray -- I agree with you.  Computer science has come a long way to allow for separation of user data within a single "application" even on a single machine instance.  And, as you say such applications can themselves have multiple and separate instantiations.

I think what is missing in this (and other) multi-tenant discussions is a better use of language and definitions.  We are talking about several different factors in a range of use cases...

We have users (a "single user" being the simplest case, but we also allow for "sets of users" who are collections of "individual users").  Users may or may not share scope and privilege over resources.

We have tenants, which I think we are using as a term of convenience to describe the notion that you are only "renting".  There seems to be a further distinction between a tenant who keeps some stuff around (somewhere in a locker of sorts) versus a tenant who comes in off the street and when they are done computing they leave nothing behind.  "Tenants" are an abstraction above "users".  (right?)

Then, we have the whole world of how the specific implementation supports users and tenants with isolation, elasticity, and resources.  That's a long discussion, but it is motivated by diverse and even conflicting goals (such as security versus profit).  I see a matrix here somewhere...

> http://www.amazon.com/gp/product/B002H07SEC, http://www.amazon.com/gp/product/B002H0IW1U or get instant access to downloadable versions athttp://cloudslam09.com/content/registration-5.html

> 
> ~~~~~
> You received this message because you are subscribed to the Google Groups "Cloud Computing" group.
> To post to this group, send email to cloud-c...@googlegroups.com
> To unsubscribe from this group, send email to cloud-computi...@googlegroups.com

---

Hotmail: Trusted email with Microsoft’s powerful SPAM protection. Sign up now.

-- 
~~~~~
Register Today for Cloud Slam 2010 at official website - http://cloudslam10.com
Posting guidelines: http://groups.google.ca/group/cloud-computing/web/frequently-asked-questions
Follow us on Twitter http://twitter.com/cloudcomp_group or @cloudcomp_group
Post Job/Resume at http://cloudjobs.net
Buy 88 conference sessions and panels on cloud computing on DVD at 

http://www.amazon.com/gp/product/B002H07SEC, http://www.amazon.com/gp/product/B002H0IW1U or get instant access to downloadable versions athttp://cloudslam09.com/content/registration-5.html

 
~~~~~
You received this message because you are subscribed to the Google Groups "Cloud Computing" group.
To post to this group, send email to cloud-c...@googlegroups.com
To unsubscribe from this group, send email to cloud-computi...@googlegroups.com

-- 
~~~~~
Register Today for Cloud Slam 2010 at official website - http://cloudslam10.com
Posting guidelines: http://groups.google.ca/group/cloud-computing/web/frequently-asked-questions
Follow us on Twitter http://twitter.com/cloudcomp_group or @cloudcomp_group
Post Job/Resume at http://cloudjobs.net
Buy 88 conference sessions and panels on cloud computing on DVD at 

http://www.amazon.com/gp/product/B002H07SEC, http://www.amazon.com/gp/product/B002H0IW1U or get instant access to downloadable versions athttp://cloudslam09.com/content/registration-5.html

-- 
~~~~~
Register Today for Cloud Slam 2010 at official website - http://cloudslam10.com
Posting guidelines: http://groups.google.ca/group/cloud-computing/web/frequently-asked-questions
Follow us on Twitter http://twitter.com/cloudcomp_group or @cloudcomp_group
Post Job/Resume at http://cloudjobs.net
Buy 88 conference sessions and panels on cloud computing on DVD at 

http://www.amazon.com/gp/product/B002H07SEC, http://www.amazon.com/gp/product/B002H0IW1U or get instant access to downloadable versions athttp://cloudslam09.com/content/registration-5.html

 
~~~~~
You received this message because you are subscribed to the Google Groups "Cloud Computing" group.
To post to this group, send email to cloud-c...@googlegroups.com
To unsubscribe from this group, send email to cloud-computi...@googlegroups.com

[Ricky Ho]

In a multi-tenant environment, the "smart" is in the distributed / partitioned DB, which will automatically grow and shrink and migrate data.

Looking across this email threads, I think there is no debate that ...
1) We should "share resource" to increase utilization and hence improve efficiency
2) We should accommodate highly dynamic growth and shrink requirement rapidly and smoothly
3) We should "isolate" the tenant so there is no leakage on sensitive information

So the real debate is on which layer should be facilitate that ?  Hypervisor level vs DB level.

In my opinion, Hypervisor level which focus on low-level system level primitives provides the cleanest separation and hence less security concerns.  By providing virtualized hardware, Hypervisor retain the same machine model that not only existing system/network admin are familiar with, but also completely agnostic to the app level.  This minimize the change required to move existing apps into the cloud and makes cloud adoption easier.  Of course, the downside is that virtualization introduce a certain % of overhead.  And the tenant still need to pay for the smallest VM even none of its user is using it.

Another school of thought:  DB level isolation.  If tenants are running the same kind of application, the only difference is the data each tenant store.  Why can't we just introduce an extra attribute "tenantId" in every table and then append a "where tenantId = $thisTenantId" in every query ?  In other words, add some hidden column and modify each submitted query.  Of course, the cloud provider also need to move to a distributed and partitioned DB as well as algorithm to determine the data placement based on workload patterns.  So the degree of isolating is as good as my rewritten query.  This doesn't seem to be hard, although it is less proven than the Hypervisor approach.  The advantage of DB level isolation is there is no VM overhead and there is no minimum charge to the tenant.

However, we should compare these 2 approach not just from a resource utilization / efficiency perspective, but also other perspectives as well, such as ...

Freedom of choice on underlying technology stacks
===================================
Hypervisor isolation gives it tenant maximum freedom of the underlying technology stack.  Each tenant can choose the stack that fits best to its application's need and inhouse IT skills.  The tenant can also free to move to latest technologies as they evolve.  This freedom of choice comes with a cost though.  The tenant need to hire system administrators to configure and maintain the technology stack.

In a DB level isolation, the tenants are live within a set of predefined data schema and application flow.  Their freedom is what the set of parameters that the cloud provider expose to you.  The tenants' applications are pretty much "lock-in" to the application framework that the cloud provider exposes, and the tenants' success are highly dependent on the cloud provider's success.  Of course, the advantage is that there is no administration needed in the technology stack.

Reuse of Domain Specific Logic
======================
Hypervisor isolation provides no reuse at the app logic level.  Tenant need to build their own technology stack and write their application logic.

In a DB level isolation, the cloud provide predefines a set of templates in DB schemas and Application flow logic based on their domain expertise (it is important that the cloud provider must be the recognized expert in that field).  The tenant can now leverage the cloud provider's expertise and focus in purely business operation.

My Conclusion
===========
I think each approach will attract a very different (and clearly disjoint) set of audiences.

Notice that DB-level isolation commoditize everything and hard to create product feature differentiation.  If I am a technology startup trying to develop a killer product, then my core value is my domain expertise.  In this case, I won't go with the DB-level isolation which impose too much constraint on me to distinguish my product from "anyone else".  Hypervisor level isolation much better because I can outsource the infrastructure layer and focus in my core value.

On the other hand, if I am operating a business but not building a product, then I would like to outsource all supporting functions including my applications as well.  In this case, I would pick the best app framework provided by the market leader and follow their best practices (also very willing to live by their constraints).

Rgds,
Ricky

---

From: Jayarama Shenoy <jnsh...@hotmail.com>

To: cloud-c...@googlegroups.com
Sent: Mon, March 1, 2010 11:39:06 PM

[Vic Winkler]

On Mar 2, 2010, at 2:17 PM, Ricky Ho wrote:

In a multi-tenant environment, the "smart" is in the distributed / partitioned DB, which will automatically grow and shrink and migrate data.

Looking across this email threads, I think there is no debate that ...
1) We should "share resource" to increase utilization and hence improve efficiency
2) We should accommodate highly dynamic growth and shrink requirement rapidly and smoothly
3) We should "isolate" the tenant so there is no leakage on sensitive information

So the real debate is on which layer should be facilitate that ?  Hypervisor level vs DB level.

In my opinion, Hypervisor level which focus on low-level system level primitives provides the cleanest separation and hence less security concerns.  By providing virtualized hardware, Hypervisor retain the same machine model that not only existing system/network admin are familiar with, but also completely agnostic to the app level.  This minimize the change required to move existing apps into the cloud and makes cloud adoption easier.  Of course, the downside is that virtualization introduce a certain % of overhead.  And the tenant still need to pay for the smallest VM even none of its user is using it.

Just a caution here:  We simply do not have the kinds of assurance in security testing for Hypervisors as we do for operating systems.  Thus, I think it is difficult to make any substantial claims about security concerns.  However, my sense is that there are security advantages in relying on a Hypervisor versus _many_ OSs...  But again, there are OSs that have superior isolation (Trusted), it's just that no one is even proposing using these for public clouds.

Another school of thought:  DB level isolation.  If tenants are running the same kind of application, the only difference is the data each tenant store.  Why can't we just introduce an extra attribute "tenantId" in every table and then append a "where tenantId = $thisTenantId" in every query ?  In other words, add some hidden column and modify each submitted query.  Of course, the cloud provider also need to move to a distributed and partitioned DB as well as algorithm to determine the data placement based on workload patterns.  So the degree of isolating is as good as my rewritten query.  This doesn't seem to be hard, although it is less proven than the Hypervisor approach.  The advantage of DB level isolation is there is no VM overhead and there is no minimum charge to the tenant.

I do not understand the need to do this.  There are other existing ways to obtain separation/isolation between in a system that processes individual and separate data sets that must be maintained/processed with confidentiality and integrity as a requirement.  But beyond that, I don't see the issue with giving each party that wants it it's own virtualized DB instance.  The overhead isn't that substantial (5-10%?  on current generation cpu's/cores and systems thats nothing!).  At the aggregate level, you still have real memory and real NICs handling the same real data.  I think the key questions here have more to do with the transparency from the user side and the costs from both user and provider (achievable profit, eh?)

However, we should compare these 2 approach not just from a resource utilization / efficiency perspective, but also other perspectives as well, such as ...

Freedom of choice on underlying technology stacks
===================================
Hypervisor isolation gives it tenant maximum freedom of the underlying technology stack.  Each tenant can choose the stack that fits best to its application's need and inhouse IT skills.  The tenant can also free to move to latest technologies as they evolve.  This freedom of choice comes with a cost though.  The tenant need to hire system administrators to configure and maintain the technology stack.

In both approaches, automation would go a long way if you pre-configure in a cookie cutter manner and simplify the maintenance...  Easier said than done, but we are headed there eventually if for no other reason than the need to reduce costs.

In a DB level isolation, the tenants are live within a set of predefined data schema and application flow.  Their freedom is what the set of parameters that the cloud provider expose to you.  The tenants' applications are pretty much "lock-in" to the application framework that the cloud provider exposes, and the tenants' success are highly dependent on the cloud provider's success.  Of course, the advantage is that there is no administration needed in the technology stack.

This model is well suited for customers who can make their problem fit within a solution-model.

Reuse of Domain Specific Logic
======================
Hypervisor isolation provides no reuse at the app logic level.  Tenant need to build their own technology stack and write their application logic.

In a DB level isolation, the cloud provide predefines a set of templates in DB schemas and Application flow logic based on their domain expertise (it is important that the cloud provider must be the recognized expert in that field).  The tenant can now leverage the cloud provider's expertise and focus in purely business operation.

My Conclusion
===========
I think each approach will attract a very different (and clearly disjoint) set of audiences.

Notice that DB-level isolation commoditize everything and hard to create product feature differentiation.  If I am a technology startup trying to develop a killer product, then my core value is my domain expertise.  In this case, I won't go with the DB-level isolation which impose too much constraint on me to distinguish my product from "anyone else".  Hypervisor level isolation much better because I can outsource the infrastructure layer and focus in my core value.

Agree completely.

Rgds,
Ricky

> http://www.amazon.com/gp/product/B002H07SEC, http://www.amazon.com/gp/product/B002H0IW1U or get instant access to downloadable versions athttp://cloudslam09.com/content/registration-5.html

> 
> ~~~~~
> You received this message because you are subscribed to the Google Groups "Cloud Computing" group.
> To post to this group, send email to cloud-c...@googlegroups.com
> To unsubscribe from this group, send email to cloud-computi...@googlegroups.com

---

Hotmail: Trusted email with Microsoft’s powerful SPAM protection. Sign up now.

-- 
~~~~~
Register Today for Cloud Slam 2010 at official website - http://cloudslam10.com
Posting guidelines: http://groups.google.ca/group/cloud-computing/web/frequently-asked-questions
Follow us on Twitter http://twitter.com/cloudcomp_group or @cloudcomp_group
Post Job/Resume at http://cloudjobs.net
Buy 88 conference sessions and panels on cloud computing on DVD at 

http://www.amazon.com/gp/product/B002H07SEC, http://www.amazon.com/gp/product/B002H0IW1U or get instant access to downloadable versions athttp://cloudslam09.com/content/registration-5.html

 
~~~~~
You received this message because you are subscribed to the Google Groups "Cloud Computing" group.
To post to this group, send email to cloud-c...@googlegroups.com
To unsubscribe from this group, send email to cloud-computi...@googlegroups.com

-- 
~~~~~
Register Today for Cloud Slam 2010 at official website - http://cloudslam10.com
Posting guidelines: http://groups.google.ca/group/cloud-computing/web/frequently-asked-questions
Follow us on Twitter http://twitter.com/cloudcomp_group or @cloudcomp_group
Post Job/Resume at http://cloudjobs.net
Buy 88 conference sessions and panels on cloud computing on DVD at 

http://www.amazon.com/gp/product/B002H07SEC, http://www.amazon.com/gp/product/B002H0IW1U or get instant access to downloadable versions athttp://cloudslam09.com/content/registration-5.html

-- 
~~~~~
Register Today for Cloud Slam 2010 at official website - http://cloudslam10.com
Posting guidelines: http://groups.google.ca/group/cloud-computing/web/frequently-asked-questions
Follow us on Twitter http://twitter.com/cloudcomp_group or @cloudcomp_group
Post Job/Resume at http://cloudjobs.net
Buy 88 conference sessions and panels on cloud computing on DVD at 

http://www.amazon.com/gp/product/B002H07SEC, http://www.amazon.com/gp/product/B002H0IW1U or get instant access to downloadable versions athttp://cloudslam09.com/content/registration-5.html

 
~~~~~
You received this message because you are subscribed to the Google Groups "Cloud Computing" group.
To post to this group, send email to cloud-c...@googlegroups.com
To unsubscribe from this group, send email to cloud-computi...@googlegroups.com

--------------------------------------------------------------------------------

  Vic Winkler

  http://Ground-Wire.com

  V...@VicWinkler.COM

  703 622-7111 (mobile)  -&- 703 925-9020 (home office)

--------------------------------------------------------------------------------

[Greg Pfister]

From a purely dumbass simplistic point of view, it *ought* *to* *be* a
lot simpler to get security guarantees from hypervisors than from DBSs
or OSs, just because hypervisors are much smaller.

Both DBSs and OSs are multi-million lines of bugs. The hypervisors I'm
familiar with are two orders of magnitude smaller. (Unfortunately, my
familiarity set does not include VMWare. :-( )

That, however, does not mean hypervisors have gone through security /
trust certification. I just don't know if any have, but haven't heard
of it. You'd think somebody would have thought it important.

Greg Pfister
http://perilsofparallel.blogspot.com/

> From: Jayarama Shenoy <jnshe...@hotmail.com>

> To: cloud-c...@googlegroups.com
> Sent: Mon, March 1, 2010 11:39:06 PM
> Subject: RE: [ Cloud Computing ] Why Multitenancy Matters In The Cloud
>
>  So, how does elasticity work in a multi-tenancy case? Say 100 tenants share an app on a server (by which I would think they go all the way down to a shared database). Then,say, five of them grow quite rapidly such that they need to be moved off that server, and the other 95 can continue to exist on the original server.
>
> So 'something' in the application has to know how to pick off the records that belong to these five, copy it off into a second instance of that database and kill, move & restore application service for those tenants. (Of course, without being privy to the data contained in those records). And of course there's an implied load balancer element in front of all this to keep up appearances to the clients.
>
> { BTW trying to figure this out. if this is too elementary - tell me so.}
>
> ________________________________

> From: f...@fredvandenbosch.com

> ...
>
> read more »

[Vic Winkler]

On Mar 3, 2010, at 5:45 PM, Greg Pfister wrote:

> From a purely dumbass simplistic point of view, it *ought* *to* *be* a
> lot simpler to get security guarantees from hypervisors than from DBSs
> or OSs, just because hypervisors are much smaller.

That should be true, but the reality needs the kind of testing/review
that OSs have been subject to for 20 years now...

>
> Both DBSs and OSs are multi-million lines of bugs. The hypervisors I'm
> familiar with are two orders of magnitude smaller. (Unfortunately, my
> familiarity set does not include VMWare. :-( )

Great point, which is why some 30 years ago we strove to take
security-relevant code out of the undifferentiated mass of code in
OSs using the security concept of the "Security Kernel". HW support
for that also helped.

>
> That, however, does not mean hypervisors have gone through security /
> trust certification. I just don't know if any have, but haven't heard
> of it. You'd think somebody would have thought it important.

I agree.

> --
> ~~~~~
> Register Today for Cloud Slam 2010 at official website - http://
> cloudslam10.com
> Posting guidelines: http://groups.google.ca/group/cloud-computing/
> web/frequently-asked-questions
> Follow us on Twitter http://twitter.com/cloudcomp_group or
> @cloudcomp_group
> Post Job/Resume at http://cloudjobs.net
> Buy 88 conference sessions and panels on cloud computing on DVD at
> http://www.amazon.com/gp/product/B002H07SEC, http://www.amazon.com/
> gp/product/B002H0IW1U or get instant access to downloadable
> versions at http://cloudslam09.com/content/registration-5.html
>
> ~~~~~
> You received this message because you are subscribed to the Google
> Groups "Cloud Computing" group.
> To post to this group, send email to cloud-c...@googlegroups.com

> To unsubscribe from this group, send email to cloud-computing-
> unsub...@googlegroups.com

[Ray Nugent]

@Vic, sorry, that sentence didn't come out the way I intended it. My comment was more about dealing with one tenant as they reach the edge of a server's capacity and spill into a new one. If your DB is partitioned by tenant then the app or the DB needs to be smart enough to catch it before hand. If not hilarity ensues...

Ray

---

From: Vic Winkler <v...@vicwinkler.com>
To: cloud-c...@googlegroups.com
Sent: Tue, March 2, 2010 9:06:25 AM
Subject: Re: [ Cloud Computing ] Why Multitenancy Matters In The Cloud