Most applications require a form of identity service to manage, authenticate, and authorize users. In SaaS applications, multi-tenancy adds specific challenges to this task. To meet these needs, SaaS builders must consider integrating with an identity service provider. AWS services such as Amazon Cognito or AWS Partner services like Auth0 provide deep expertise in the field and allow you to focus on your SaaS application’s value proposition while relying on a secure, feature-rich identity provider.
Every SaaS architecture must introduce mechanisms and policies that prevent noisy neighbor conditions. Getting these policies right is essential to building a robust SaaS solution that delivers a consistent experience to customers. This post looks at the different strategies that can be used to introduce the throttles (transaction rate) and quotas (transaction volume) that manage each tenant’s activity, exploring the various AWS services that can be used to bring these concepts to life.
VMware Cloud on AWS allows customers to migrate their workloads faster without having to refactor or change any application code or logic. Many MSPs have built highly successful businesses on VMware Cloud Director-powered clouds running in their own data centers. These MSPs have earned trust with their customers over many years as trusted advisors and partners. Explore some of the challenges MSPs face and how using multi tenancy with VMware Cloud Director Service can help address them.
Amazon OpenSearch Service is frequently used by SaaS providers to address a broad range of use cases. The use of Amazon OpenSearch Service in a multi-tenant environment, however, introduces a collection of new considerations that will influence how you partition, isolate, deploy, and manage your solution. Explore the strategies and patterns that are used to address these common issues, and look at the specific models used to represent and isolate each tenant’s data with Amazon OpenSearch Service constructs.
Data security is a particularly important topic for multi-tenant SaaS applications that handle customers’ sensitive data. How to securely segregate tenant data and how to provide data access to customers will vary depending on the SaaS solution’s architecture and its requirements. This post explores how SaaS vendors can build secure, scalable, and cost-effective data exchange mechanisms using SFTP (SSH File Transfer Protocol) with AWS managed services like AWS Transfer Family.
Migrating Elasticsearch on Amazon EC2 to Modernized, Multi-Tenant Amazon OpenSearch Service Architecture
For a recent project, NTT DATA Services was asked to architect and design the migration of a customer’s backend search tool used by two of its applications. Both applications were leveraging Elasticsearch for data storage. Learn how NTT DATA used some of the DevOps pillars to implement migrations using an active migration strategy. The goal was to move from individual Elasticsearch instances on Amazon EC2 to a single multi-tenant hosted Elasticsearch solution per region—in this case, Amazon OpenSearch Service.
AWS Transfer Family provides SFTP, FTPS, and/or FTP access to Amazon S3 or Amazon Amazon EFS. It does that by providing a secure, highly available, and scalable server endpoint. You pay for the time this endpoint is enabled, and for data transfer (upload and download). Learn how this makes a multi-tenant setup where an endpoint is shared between different users (or applications), a more cost-efficient solution than having dedicated endpoints.
Many SaaS applications store multi-tenant data with Amazon S3. Learn about the various strategies that can be applied when partitioning tenant data with S3, and explore the considerations that may influence how and when you apply these mechanisms in your own solution. See how this influences tenant isolation and the accessibility of S3 objects, and dive deep on tenant activity and cost tracking, lifecycle management for objects, and additional bucket security configurations.
Organizations hosting customer-specific machine learning models on AWS have unique isolation and performance requirements and require a solution that provides a scalable, high-performance, and feature-rich ML platform. Learn how Amazon SageMaker Pipelines helps you to pre-process data, build, train, tune, and register ML models in SaaS applications. We’ll focus on best practices for building tenant-specific ML models with particular focus on tenant isolation and cost attribution.
Maximizing performance is a key area of focus for all architects. Achieving optimal performance, however, can be challenging in SaaS environments where multi-tenant workloads can make it difficult to efficiently profile and scale your environment. This post dives deep into the challenges, opportunities, and best practices of efficiently managing performance in multi-tenant SaaS environments on AWS. We’ll review these topics through the lens of an example multi-tenant search application.