multitenancy
in Nuxeo
![](https://s3.amazonaws.com/media-p.slid.es/uploads/101047/images/1725072/nx-font.png)
Thierry Delprat
tdelprat@nuxeo.com
https://github.com/tiry/
Multi-tenancy & Nuxeo
Generic use case
![](https://s3.amazonaws.com/media-p.slid.es/uploads/101047/images/1725189/nx-background.002.png)
Building ON TOP of a Platform
![](https://www.lucidchart.com/publicSegments/view/fc8a7fdc-d9f5-4b93-8c7e-8c9a38612f57/image.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/101047/images/1725193/nx-logo.png)
Building ON TOP of a Platform
![](https://www.lucidchart.com/publicSegments/view/a74fca0c-ae52-47ab-a2e9-4b9fe8359541/image.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/101047/images/1725193/nx-logo.png)
Building ON TOP of a Platform
![](https://www.lucidchart.com/publicSegments/view/6a6e6acf-dedf-4976-852d-34c3c2a96805/image.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/101047/images/1725193/nx-logo.png)
Building ON TOP of a Platform
![](https://www.lucidchart.com/publicSegments/view/2b63ec05-76f2-4e0f-aea9-160808d4b8ab/image.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/101047/images/1725193/nx-logo.png)
Customer
![](https://www.lucidchart.com/publicSegments/view/b4c0a641-f31a-410f-ad15-62c05659e4a0/image.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/101047/images/1725193/nx-logo.png)
Customers
![](https://www.lucidchart.com/publicSegments/view/adecacc4-c17a-4189-b2cf-83c9fa489d1a/image.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/101047/images/1725193/nx-logo.png)
Multi-Tenants
![](https://s3.amazonaws.com/media-p.slid.es/uploads/101047/images/1725193/nx-logo.png)
Multi-tenants application
Multi-tenants Infrastructure
vs
Multi-Tenants
![](https://s3.amazonaws.com/media-p.slid.es/uploads/101047/images/1725193/nx-logo.png)
Multi-tenants application
All clients share the same application.
Application manages data & configuration partitionning.
Multi-tenants Infrastructure
vs
Multi-Tenants
![](https://s3.amazonaws.com/media-p.slid.es/uploads/101047/images/1725193/nx-logo.png)
Multi-tenants application
All clients share the same application.
Application manages data & configuration partitionning.
Multi-tenants Infrastructure
All clients share the same infrastructure.
Deploy isolated customized application on PaaS.
vs
Application LeveL Multi-tenancy
the classic way
![](https://s3.amazonaws.com/media-p.slid.es/uploads/101047/images/1725189/nx-background.002.png)
APPLICATION LEVEL MULTI-TENANTS
![](https://www.lucidchart.com/publicSegments/view/8436d2a1-cda5-41f1-bbf4-db44b3a4232f/image.png)
Document Store
Security
Life Cycle
Indexing
Versioning
all clients share the same application
application manages data and configuration partitionning
Application level Multi-Tenancy - Data Isolation
-
Data Partitioning
-
Repository
- Security Policy
- "Domain based"
-
Elasticseach
- same index
-
Users/Groups
- filtering on per tenant basis
-
Repository
![](https://s3.amazonaws.com/media-p.slid.es/uploads/101047/images/1725193/nx-logo.png)
![](https://www.lucidchart.com/publicSegments/view/55391c67-4810-4bd3-ad61-4b1f0a009e60/image.png)
Logical isolation
Application level Multi-Tenancy - Data Isolation
-
Data Partitioning
-
Repository
-
Separated repositories
- MongoDB
- Separated Blob Stores
-
Separated repositories
-
Elasticseach
- per tenant index
-
Users/Groups
- different directories
-
Repository
![](https://s3.amazonaws.com/media-p.slid.es/uploads/101047/images/1725193/nx-logo.png)
![](https://www.lucidchart.com/publicSegments/view/55392cb5-8bd0-4bac-8099-2e930a00d7d7/image.png)
Physical isolation
Application level Multi-Tenancy - Configuration
-
Share everything
-
One Application : One configuration
-
One Application : One configuration
- All tenants share the same configuration
-
extension points contributions
-
extension points contributions
-
Tenant isolation is done via filtering
- all doc types are defined for all tenants
- UI filters access / hides part of it
![](https://s3.amazonaws.com/media-p.slid.es/uploads/101047/images/1725193/nx-logo.png)
Application level Multi-Tenancy - Configuration
![](https://s3.amazonaws.com/media-p.slid.es/uploads/101047/images/1725193/nx-logo.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/101047/images/3244136/Screenshot_from_2016-11-17_19-02-26.png)
Some Limitations
Shallow isolation
- quota management is difficult
-
customization options are constrained
Monolithic
- same version, same component set
-
same upgrade and maintenance policy
Scaling number of tenants adds complexity
- scale out is not that easy (i.e. move a tenant)
- per-tenant Backup/Restore is not easy
-
Heterogeneous deployment units
VM level / JVM level / App level
![](https://s3.amazonaws.com/media-p.slid.es/uploads/101047/images/2276517/russian-dolls-low-res.jpg)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/101047/images/2291879/alignment1.jpg)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/101047/images/1725193/nx-logo.png)
But
Well adapted for lightweight customization.
Easy first step.
![](https://s3.amazonaws.com/media-p.slid.es/uploads/101047/images/1725193/nx-logo.png)
Multi-tenanTS INFRASTRUCTURE
Cloud native approach
![](https://s3.amazonaws.com/media-p.slid.es/uploads/101047/images/1725189/nx-background.002.png)
Container Level Multi-tenants
![](https://www.lucidchart.com/publicSegments/view/2e186b77-aa94-49c9-ab70-62e15b861e72/image.png)
rely on infrastructure to provide tenants isolation
application does not need to be impacted
Bake custom images
![](https://www.lucidchart.com/publicSegments/view/92d032fe-2d0c-4b92-82b9-7dc83c957cb0/image.png)
Bake custom images
![](https://www.lucidchart.com/publicSegments/view/acf41114-8def-4231-b6ac-f4f57cf2ebfa/image.png)
Bake custom images
![](https://www.lucidchart.com/publicSegments/view/9013f141-2a03-4353-8141-f563e5116197/image.png)
Deploy custom images
![](https://www.lucidchart.com/publicSegments/view/ec0cfe0e-07dd-4ee6-8698-57d34367da64/image.png)
Deploy custom images
![](https://www.lucidchart.com/publicSegments/view/24c0764d-8dd1-49eb-8386-0ce26cd61ebf/image.png)
Principles
Docker containers !
Leverage AWS infrastructure
![](https://www.lucidchart.com/publicSegments/view/f07aff45-347f-47a6-a3d9-1dac21b64024/image.jpeg)
![](https://www.lucidchart.com/publicSegments/view/599ed547-74ba-4779-8ba3-be4b5883159f/image2.jpeg)
Container Level Multi-tenants
Unlimited Customization
Flexibility of isolated deployments
Full security Isolation & Quotas
-
Could be VM based
- AWS ECs / CloudFormation
- vSphere
-
Container based
- Rancher / Docker / Kubernetes
- OpenShift V3 / CloudFoundry
![](https://s3.amazonaws.com/media-p.slid.es/uploads/101047/images/2249655/Arken.png)
Build Your Own Application
Infrastructure Cost
Overhead is not that significant
(Docker is lightweight, JVM ~500MB)
Anyway, provisioning automation is needed to scale
(DNS, DB, Backup ...)
Nuxeo & Docker
- Working on Docker deployment since 2012 !
-
Working on Docker based PaaS
- CoreOS / Fleet
- Swarm / Kubernetes
-
Rancher
-
Working on Docker based PaaS
-
All existing PaaS solutions converge to this approach
- OpenShift 3 is now Docker/Kubernetes based
![](https://s3.amazonaws.com/media-p.slid.es/uploads/101047/images/1725193/nx-logo.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/101047/images/2447328/1024px-OpenShift-LogoType.svg.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/101047/images/2277477/kubernetes.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/101047/images/2277476/swarm.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/101047/images/2272352/coreos-wordmark-vert-color.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/101047/images/2245684/cloud-foundry-logo.png)
![](https://s3.amazonaws.com/media-p.slid.es/uploads/101047/images/2253281/Rancher-small.png)
Multi-Tenants ?
Choosing the right approach
![](https://s3.amazonaws.com/media-p.slid.es/uploads/101047/images/1725189/nx-background.002.png)
Decision Points
- Per tenant customization
- Per tenant isolation requirements
- Per tenant revenue model
- Differences between small and large customers
-
Number of tenants
- Hosting practices
![](https://s3.amazonaws.com/media-p.slid.es/uploads/101047/images/1725193/nx-logo.png)
Different solutions for Different clients
-
Small customers with entry level offering
- fully shared infrastructure
- limited customization
-
Medium customers with more security concerns
- shared configuration
- isolated storage
- limited customization
-
Platinium customers
- infrastructure level isolation
- full Studio power for each customer
![](https://s3.amazonaws.com/media-p.slid.es/uploads/101047/images/1725193/nx-logo.png)
Nuxeo Multitenancy
By Thierry Delprat
Nuxeo Multitenancy
Nuxeo Multi-tenancy approaches
- 2,813