Information Technology Reference
In-Depth Information
instance but retain individual control of the application, and their data remains virtually
separate from each other. Even though they are using the same application instance, to the
user it seems like they are using their very own configurable instance of the application.
Multitenancy vs. Multi-instance
The term
multitenancy
is not the same as
multi-instance
, which means each user is given
a separate instance of the application and database. Multitenancy allows for easier main-
tenance of applications because only a single application instance needs to be updated.
In a multi-instance scenario, multiple instances of the same application with different
configurations need to be updated.
Multitenancy, when implemented correctly, poses little danger to its tenants in terms of
the separation of data unraveling, causing one tenant to end up with another tenant's data.
The danger here is different. First and foremost is the security risk involved if an attack or
breakdown should occur. In the event of an external attack, an attacker who manages to
break into an instance of an application has the potential to access all of the data owned
by all tenants using that application. The same goes for a fatal error where the database
instance of an application simply unravels and all data is lost, which means that the data
of no tenant currently using that application instance is safe. It's a one-for-all, all-for-one
scenario, for both good and bad events.
Multitenant systems also tend to be a bit inflexible because of the way multitenancy has to
be implemented. This includes the location of data, which cannot be altered at will because
all of that segregation is done automatically by the system, so data may be scattered across
different geographical locations. This poses big problems for organizations with strict com-
pliance guidelines that need to be followed. For example, it is a compliance requirement for
businesses in Europe to store data for specific people in the country in which they reside. For
example, data for German people has to be placed in a storage location within Germany. So
in this case, a multitenant system would cause the organization to fail to meet its compliance
requirements and possibly face some kind of punishment.
This is also a problem for competitors, who for obvious reasons may not want to share
space with each other. In a multitenant environment, Coca-Cola's data may reside in the
same database instance as that of PepsiCo (the makers of Pepsi).
This problem does not occur in a private or on-premises solution. Even though
multitenancy can be implemented in a private cloud, the previously mentioned problems
do not manifest because those tenants are simply individual users of the organization, so
if ever there is a successful attack, only one entity is affected. Regulations are easily dealt
with as well because the owner of the private cloud has total control over where it places
its data and how to go about it.
Search WWH ::
Custom Search