Software as a service (SaaS) is on the path to becoming the de facto model for building, delivering, and operating software solutions. Adopting a multi-tenant SaaS model requires builders to take on a broad range of new architecture, implementation, and operational challenges. How data is partitioned, how resources are isolated, how tenants are authenticated, how microservices are built—these are just a few of the many areas that need to be on your radar when you're designing and creating SaaS offerings.
In this book, Tod Golding, a global SaaS technical lead at AWS, provides an end-to-end view of the SaaS architectural landscape, outlining the practical techniques, strategies, and patterns that every architect must navigate as part of building a SaaS environment.
• Describe, classify, and characterize core SaaS patterns and strategies
• Identify the key building blocks, trade-offs, and considerations that will shape the design and implementation of your multi-tenant solution
• Examine essential multi-tenant architecture strategies, including tenant isolation, noisy neighbor, data partitioning, onboarding, identity, and multi-tenant DevOps
• Explore how multi-tenancy influences the design and implementation of microservices
• Learn how multi-tenancy shapes the operational footprint of your SaaS environment
Author(s): Tod Golding
Edition: 1
Publisher: O'Reilly Media
Year: 2024
Language: English
Commentary: Publisher's PDF
Pages: 484
City: Sebastopol, CA
Tags: DevOps; Best Practices; Kubernetes; Software Architecture; Serverless Architecture; Multitenancy; Software-as-a-Service; Generative AI; Amazon Web Services; Data Partititioning
Copyright
Table of Contents
Preface
An Evolving Landscape
Who’s This Book For?
A Foundation—Not a Bible
What’s Not in This Book
Conventions Used in This Book
Using Code Examples
O’Reilly Online Learning
How to Contact Us
Acknowledgments
Chapter 1. The SaaS Mindset
Where We Started
The Move to a Unified Model
Redefining Multi-Tenancy
Where Are the Boundaries of SaaS?
The Managed Service Provider Model
At Its Core, SaaS Is a Business Model
Building a Service—Not a Product
Defining SaaS
Conclusion
Chapter 2. Multi-Tenant Architecture Fundamentals
Adding Tenancy to Your Architecture
The Two Halves of Every SaaS Architecture
Inside the Control Plane
Onboarding
Identity
Metrics
Billing
Tenant Management
Inside the Application Plane
Tenant Context
Tenant Isolation
Data Partitioning
Tenant Routing
Multi-Tenant Application Deployment
The Gray Area
Tiering
Tenant, Tenant Admin, and System Admin Users
Tenant Provisioning
Integrating the Control and Application Planes
Picking Technologies for Your Planes
Avoiding the Absolutes
Conclusion
Chapter 3. Multi-Tenant Deployment Models
What’s a Deployment Model?
Picking a Deployment Model
Introducing the Silo and Pool Models
Full Stack Silo Deployment
Where Full Stack Silo Fits
Full Stack Silo Considerations
Full Stack Silo in Action
Remaining Aligned on a Full Stack Silo Mindset
The Full Stack Pool Model
Full Stack Pool Considerations
A Sample Architecture
A Hybrid Full Stack Deployment Model
The Mixed Mode Deployment Model
The Pod Deployment Model
Conclusion
Chapter 4. Onboarding and Identity
Creating a Baseline Environment
Creating Your Baseline Environment
Creating and Managing System Admin Identities
Triggering Onboarding from the Admin Console
Control Plane Provisioning Options
The Onboarding Experience
Onboarding Is Part of Your Service
Self-Service Versus Internal Onboarding
The Fundamental Parts of Onboarding
Tracking and Surfacing Onboarding States
Tier-Based Onboarding
Tracking Onboarded Resources
Handling Onboarding Failures
Testing Your Onboarding Experience
Creating a SaaS Identity
Attaching a Tenant Identity
Populating Custom Claims During Onboarding
Using Custom Claims Judiciously
No Centralized Services for Resolving Tenant Context
Federated SaaS Identity
Tenant Grouping/Mapping Constructs
Sharing User IDs Across Tenants
Tenant Authentication Is Not Tenant Isolation
Conclusion
Chapter 5. Tenant Management
Tenant Management Fundamentals
Building a Tenant Management Service
Generating a Tenant Identifier
Storing Infrastructure Configuration
Managing Tenant Configuration
Managing Tenant Lifecycle
Activating and Deactivating a Tenant
Decommissioning a Tenant
Changing Tenant Tiers
Conclusion
Chapter 6. Tenant Authentication and Routing
Entering the Front Door
Access via a Tenant Domain
Access via a Single Domain
The Man in the Middle Challenge
The Multi-Tenant Authentication Flow
A Sample Authentication Flow
Federated Authentication
No One-Size-Fits-All Authentication
Routing Authenticated Tenants
Routing with Different Technology Stacks
Serverless Tenant Routing
Container Tenant Routing
Conclusion
Chapter 7. Building Multi-Tenant Services
Designing Multi-Tenant Services
Services in Classic Software Environments
Services in Pooled Multi-Tenant Environments
Extending Existing Best Practices
Addressing Noisy Neighbor
Identifying Siloed Services
The Influence of Compute Technologies
The Influence of Storage Considerations
Using Metrics to Analyze Your Design
One Theme, Many Lenses
Inside Multi-Tenant Services
Extracting Tenant Context
Logging and Metrics with Tenant Context
Accessing Data with Tenant Context
Supporting Tenant Isolation
Hiding Away and Centralizing Multi-Tenant Details
Interception Tools and Strategies
Aspects
Sidecars
Middleware
AWS Lambda Layers/Extensions
Conclusion
Chapter 8. Data Partitioning
Data Partitioning Fundamentals
Workloads, SLAs, and Experience
Blast Radius
The Influence of Isolation
Management and Operations
The Right Tool for the Job
Defaulting to a Pooled Model
Supporting Multiple Environments
The Rightsizing Challenge
Throughput and Throttling
Serverless Storage
Relational Database Partitioning
Pooled Relational Data Partitioning
Siloed Relational Data Partitioning
NoSQL Data Partitioning
Pooled NoSQL Data Partitioning
Siloed NoSQL Data Partitioning
NoSQL Tuning Options
Object Data Partitioning
Pooled Object Data Partitioning
Siloed Object Data Partitioning
Database Managed Access
OpenSearch Data Partitioning
Pooled OpenSearch Data Partitioning
Siloed OpenSearch Data Partitioning
A Mixed Mode Partitioning Model
Sharding Tenant Data
Data Lifecycle Considerations
Multi-Tenant Data Security
Conclusion
Chapter 9. Tenant Isolation
Core Concepts
Categorizing Isolation Models
Application-Enforced Isolation
RBAC, Authorization, and Isolation
Application Isolation Versus Infrastructure Isolation
The Layers of the Isolation Model
Deployment-Time Versus Runtime Isolation
Isolation Through Interception
Scaling Considerations
Real-World Examples
Full Stack Isolation
Resource-Level Isolation
Item-Level Isolation
Managing Isolation Policies
Conclusion
Chapter 10. EKS (Kubernetes) SaaS: Architecture Patterns and Strategies
The EKS–SaaS Fit
Deployment Patterns
Pooled Deployment
Siloed Deployments
Mixing Pooled and Siloed Deployments
The Control Plane
Routing Considerations
Onboarding and Deployment Automation
Configuring Onboarding with Helm
Automating with Argo Workflows and Flux
Tenant-Aware Service Deployments
Tenant Isolation
Node Type Selection
Mixing Serverless Compute with EKS
Conclusion
Chapter 11. Serverless SaaS: Architecture Patterns and Strategies
The SaaS and Serverless Fit
Deployment Models
Pooled and Siloed Deployments
Mixed Mode Deployments
More Deployment Considerations
Control Plane Deployment
Operations Implications
Routing Strategies
Onboarding and Deployment Automation
Tenant Isolation
Pooled Isolation with Dynamic Injection
Deployment-Time Isolation
Simultaneously Supporting Silo and Pool Isolation
Route-Based Isolation
Concurrency and Noisy Neighbor
Beyond Serverless Compute
Conclusion
Chapter 12. Tenant-Aware Operations
The SaaS Operations Mindset
Multi-Tenant Operational Metrics
Tenant Activity Metrics
Agility Metrics
Consumption Metrics
Cost-per-Tenant Metrics
Business Health Metrics
Composite Metrics
Baseline Metrics
Metrics Instrumentation and Aggregation
Building a Tenant-Aware Operations Console
Combining Experience and Technical Metrics
Tenant-Aware Logs
Creating Proactive Strategies
Persona-Specific Dashboards
Multi-Tenant Deployment Automation
Scoping Deployments
Targeted Releases
Conclusion
Chapter 13. SaaS Migration Strategies
The Migration Balancing Act
Timing Considerations
What Kind of Fish Are You?
Thinking Beyond Technology Transformation
Migration Patterns
The Foundation
Silo Lift-and-Shift
Layered Migration
Service-by-Service Migration
Comparing Patterns
A Phased Approach
Where You Start Matters
Conclusion
Chapter 14. Tiering Strategies
Tiering Patterns
Consumption-Focused Tiering
Value-Focused Tiering
Deployment-Focused Tiering
Free Tiers
Composite Tiering Strategies
Billing and Tiering
Tiering and Product-Led Growth
Implementing Tiering
API Tiering
Compute Tiering
Storage Tiering
Deployment Models and Tiering
Throttling and Tenant Experience
Tier Management
Operations and Tiering
Conclusion
Chapter 15. SaaS Anywhere
The Fundamental Concepts
Ownership
Limiting Drift
Multiple Flavors of Remote Environments
Regional Deployments Versus Remote Resources
Architecture Patterns
Remote Data
Remote Application Services
Remote Application Plane
Staying in the Same Cloud
Integration Strategies
Operations Impacts and Considerations
Provisioning and Onboarding
Access to Remote Resources
Scale and Availability
Operational Insights
Deploying Updates
Conclusion
Chapter 16. GenAI and Multi-Tenancy
Core Concepts
The Influence of Multi-Tenancy
Creating Custom Tenant AI Experiences
A Broad Range of Possibilities
SaaS and AI/ML
Introducing Tenant Refinements
Supporting Tenant-Level Refinement with RAG
Supporting Tenant Refinement with Fine-Tuning
Combining RAG and Fine-Tuning
Applying General Multi-Tenant Principles
Onboarding
Noisy Neighbor
Tenant Isolation
GenAI Pricing and Tiering Considerations
Developing a Pricing Model
Creating Tiered Tenant Experiences
Conclusion
Chapter 17. Guiding Principles
Vision, Strategy, and Structure
Build a Business Model and Strategy
A Clear Focus on Efficiency
Avoiding the Tech-First Trap
Thinking Beyond Cost Savings
Be All-In with SaaS
Adopt a Service-Centric Mindset
Think Beyond Existing Tenant Personas
Core Technical Considerations
No One-Size-Fits-All Model
Protect the Multi-Tenant Principles
Build Your Multi-Tenant Foundation on Day One
Avoid One-Off Customization
Measure Your Multi-Tenant Architecture
Streamline the Developer Experience
Operations Mindset
Thinking Beyond System Health
Introducing Proactive Constructs
Validating Your Multi-Tenant Strategies
You’re Part of the Team
Conclusion
Index
About the Author
Colophon
