AWS Partner Network (APN) Blog

How Sela Builds Low-Latency Serverless Control Planes for Hybrid-Tenant Developer Platforms

By Yehuda Cohen, CTO – Sela US
By Laurell McCaffrey, Sr. Cloud Engineer – Sela US
By Puneet Kalra, Solutions Architect – AWS

Sela-AWS-Partners-2023
Sela Cloud
Sela-APN-Blog-CTA-2023

The Dittofi team describes their product as a hybrid no-code platform that enables mixed teams of coders and no-coders to visually build and launch enterprise-grade web apps faster than traditional coding.

Unlike traditional no-code, which is heavily limited, Dittofi uses a combination of artificial intelligence (AI) and code generation to transform visual designs into quality Google Go and React code that developers can access and edit. Code can then be deployed into Dittofi’s hosting model or exported and hosted on private infrastructure.

In the product’s earliest iteration, applications built and hosted with Dittofi were deployed to the same server that hosted Dittofi’s platform itself. Despite its powerful and expensive server, the platform became unstable and failed several times as the team approached their hundredth deployed application. This caused many Dittofi clients to export their source code and deploy their apps into custom-built hosting models.

In response, the Dittofi team paused new application deployments while they looked to quickly bring a new hosting platform online. This new platform needed to scale horizontally and be resilient to hardware failures. These goals needed to be achieved while ensuring the platform remained performant and cost-effective.

The Dittofi team engaged Sela Cloud to help them achieve these goals. Sela is an AWS Advanced Tier Services Partner and AWS Marketplace Seller with the Migration Consulting Competency that specializes in planning, implementing, and optimizing an organization’s cloud architecture.

In this post, we discuss the hybrid-tenant architecture Sela designed and implemented for Dittofi’s hosting platform. We’ll focus on the underlying architecture of the Dittofi hosting platform where tenant workloads run, as well as the architecture for the hybrid-tenant control plane that enables the provisioning, de-provisioning, and updating of tenants.

We will pay special attention to the user experience during the development of no-code applications and the measures Sela put in place to enable near-real-time code generation, building, and deployment cycle when Dittofi customers update their applications.

Hybrid-Tenant Architecture

Hybrid-tenant architecture is a way of designing software applications that serve multiple tenants with different levels of isolation and resource allocation. It leverages a mixture of components that can be single-tenant or multi-tenant. Unlike single-tenancy or multi-tenancy architectures, where each tenant has either a dedicated or shared instance of an application, hybrid-tenancy architectures offer more flexibility and cost savings.

With an effective hybrid-tenant architecture in place, platforms can efficiently serve hundreds of no-code applications while maintaining a high level of isolation and cost-effective resource allocation for each tenant.

Figure 1 represents a high-level view of the Dittofi hosting platform. Because this is a relatively technical solution, refer to it as you read through the details ahead.

Sela-Ditoffi-Serverless-1.1

Figure 1 – Hybrid-tenant architecture.

Single-Tenant Components

When designing Dittofi’s hosting platform, Sela wanted to isolate tenant applications to prevent resource contention issues and enable per-application auto scaling. Each tenant application is therefore deployed to Dittofi’s hosting platform with a set of logically, and sometimes physically, dedicated resources and components.

Infrastructure components that are unique per tenant application include:

  • Amazon Elastic Container Service (Amazon ECS) serves the tenant application’s dynamic backend.
  • Amazon Simple Storage Service (Amazon S3) bucket for static assets.
  • Amazon CloudFront distribution with two origins, one for the static assets, and one that serves dynamic content.
  • Two CloudFront functions associated with the CloudFront distribution to manipulate request and response headers.
  • Some domain name system (DNS) records.
  • Optional AWS Certificate Manager certificate for a tenant-specific domain name.

Each tenant’s ECS service auto scales independently, and each tenant application can be updated without impacting any other application.

In addition to a set of unique infrastructure components, tenant applications are each provisioned with a tenant-specific database and database user, along with a user for Redis with a set of privileges allowing access to a tenant-specific key prefix.

Physical and logical components are all created using a serverless control plane described in the section below entitled Serverless Control Plane.

Shared Platform Infrastructure Components

Aside from the single-tenant components that are unique per customer, Sela designed a set of shared platform infrastructure components that are used by all tenant applications designed to reduce the operational footprint and keep costs down.

These components include:

  1. Amazon ECS cluster running on a fleet of auto scaling Amazon Elastic Compute Cloud (Amazon EC2) instances onto which tenant applications are binpacked.
  2. Serverless Amazon Relational Database Service (Amazon RDS) cluster onto which logical databases are added to as each tenant application is created.
  3. Amazon ElastiCache for Redis cluster which serves as a low-latency cache for tenant applications that each have access to a key prefix..
  4. Amazon Elastic File System (Amazon EFS) volume for compiling and serving generated code.
  5. Shared application load balancer pointing to a Caddy reverse proxy.
  6. Caddy reverse proxy.

Using the Caddy reverse proxy enabled Sela to make Dittofi hosting much cheaper by sharing a single Application Load Balancer across hundreds of tenant applications despite listener limits. The reverse proxy’s function is to translate tenant-specific headers injected by CloudFront to a tenant application’s unique SRV DNS record. After finding where the upstream service is running, Caddy forwards requests upstream.

Serverless Control Plane

When managing hundreds of tenants, having a single control plane that provides a set of operations necessary to manage the lifecycle of each tenants becomes incredibly important. Sela designed Dittofi’s control plane to run on AWS serverless offerings to allow costs to scale as customers adopt the platform.

The serverless control plane comprises three AWS Step Functions state machines in conjunction with a control plane frontend to enable tenant application management.

The first state machine assembles the necessary infrastructure configuration based on the requester’s preferences. It subsequently creates or updates tenant infrastructure using Pulumi. Finally, it invokes another state machine.

The second state machine generates code, compiles the code, and executes tenant-specific database migrations. This state machine is used when tenants are being created, but it’s also used to enable low-latency code deployments whenever a tenant application creator wants application configuration changes to reflect on their running application.

Sela built one final state machine to de-provision tenants. The infrastructure provisioning state machine is illustrated in Figure 2.

Foresight-Ditoffi-Serverless-2

Figure 2 – Infrastructure deployment Step Function.

The code generation state machine is illustrated in Figure 3 below.

Foresight-Ditoffi-Serverless-3

Figure 3 – Application deployment Step Function.

Achieving Near-Real-Time Performance

To achieve near-real-time performance during the code generation and deployment process, Sela needed to bypass the Amazon ECS service deployment process. For users to be able to build and test changes, the experience needed to be far snappier.

The solution Sela arrived at was to prepare running containers ahead of time that are orchestrated by a tenant’s ECS service. These containers include platform dependencies, but the generated applications are externalized to a mounted Amazon EFS volume storing the compiled application binary.

In the foreground of the running containers, Sela ran an application reloader process designed to poll the EFS file system for updates to the application binary every second. If an update is detected, the application reloader process stops the old process and replace it with a process running the detected new binary.

How does the application binary arrive on the EFS volume, you ask? Cue Sela’s control plane. An AWS Lambda function compiles code to the same tenant-specific location on the EFS volume at which the application reloader is listening for changes.

With this architecture, Sela is able to health check the container runtime separately from the tenant application health check. This enables teams to easily know whether applications have simply been misconfigured or the runtime is unhealthy.

Without needing to pull, stop or start Docker containers, no-code application developers can quickly make changes to their no-code applications and see the changes deployed in near-real-time.

Conclusion

Ensuring systems are reliable, cost-effective, easy to operate, secure, and performant is what the AWS Well-Architected Framework is all about. The Dittofi hosting platform had tight constraints around each of these attributes and gave Sela’s team a chance to exercise their architectural muscles to arrive at a simple and stable solution built on top of AWS managed services and open-source solutions.

With systems designed to serve multiple tenants, it’s important to think about how to partition tenant data and resources to ensure security, reliability, and performance for each tenant. It’s also important to understand how increasing your infrastructure footprint costs more money and results in additional operational load on your teams. Hybrid-tenant architectures are key to successfully balancing the operational footprint and cost with the security, reliability, and performance concerns of your systems.

Using managed services and keeping architecture simple are essential to building maintainable solutions. AWS can reduce your operational footprint significantly when you use managed solutions, and when using serverless solutions the amount of operational work left for your team is further reduced. Plus, you only pay for the resources you use.

Whether you’re looking to implement a similar hybrid-tenant architecture for your solution, want to plan and implement your cloud architecture and roadmap, or have other AWS operational or development challenges, reach out to Sela. You can also learn more about Sela in AWS Marketplace.

Sela and Dittofi continue to work together to further improve speed of app development. If you’re interested in leveraging Dittofi to build quality apps faster and more cost effectively, try out Dittofi’s visual app development, code generation, and hybrid tenant architecture.

.
Sela-APN-Blog-Connect-2023
.

Sela Cloud – AWS Partner Spotlight

Sela is an AWS Advanced Tier Services Partner that specializes in planning, implementing, and optimizing an organization’s cloud architecture.

Contact Sela | Partner Overview | AWS Marketplace