Multi-tenant architectures – from small scale to hyper-scale Kennie Nybo Pontoppidan, Microsoft

Kennie Nybo Pontoppidan Senior Program Manager at Microsoft Have worked with data since 1998 17+ years in the it industry Has no humor kepontop@microsoft.com @KennieNP linkedin.com/in/kennie www.pontop.dk

SAY THANK YOU TO OUR SPONSORS!

Sponsor Raffle!!! Each sponsor stamp will opt you into their raffle prize and mailings Collect 9+ sponsor stamps on your Badge to be eligible for the Xbox Hand entire Badge/ ribbon back into registration desk at end of day We will draw Badges for prizes at 5pm in Cromwell (if you are drawn and do not have the pre-requisite stamp/s….. You lose!) SQLCloud: XBox One-S with Forza Horizon 3 Bundle; Amazon Fire TV with 4K Ultra HD; Raspberry Pi 3 Starter Kit; dbWatch: Apple iPad Mini; Skybow: Marshall Speaker; Coeo: A free place on any Coeo training course, RRP £600; Edison365: Helicopter ride (lunchtime session prize) and a Fire TV Stick; Pyramid Analytics: Amazon Echo; Quest: Samsung Gear S2 Smartwatch; DBPro/ SQLGovernor: Splash-proof JBL bluetooth speaker; Redgate: SQL Monitor License - with 12 months support and upgrades; Axioworks: Amazon Echo Dot; Idera: $100 Amazon card; Lightning Tools: Lego Technics Race Car; SQL Sentry: SQL Sentry license and 1 year of support (worth $2994); Locke Data: R for Data Science: Import, Tidy, Transform, Visualize, and Model Data; SharePoint Unite /BMM Media: A free pass to SharePoint Unite 2017 conference in Haarlem, Netherlands, on the 25th & 26th October. worth €699. travel and hotel not included; PASS: Recording (download) of all sessions from PASS Summit 2016

Social Make sure you tweet on #spscambridge or #sqlsatcambridge During the event we have Giant Jenga, Sack races and Conker Fights! After event, join us for a post event SharePint/ SQLPint from our bar Don’t forget to thank Sponsors, Volunteers and Speakers! The event will close at 6.30pm

Also thanks to All the speakers who have travelled from all over Europe! They have given us their valuable time and expert knowledge to present incredible presentations at their own personal cost! Amazing You the audience! Without an audience there is no show, and your enthusiasm and participation make the effort of hosting events like these possible, worthwhile and rewarding The volunteers! Did things run smoothly today? Yes – say thanks to the volunteers who gave up their time for free so you could have a great day.

Agenda On multi tenant architectures Three approaches Gory details What to choose Want to learn more?

On multi tenant architecture 11/9/2018 5:05 AM On multi tenant architecture © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Multitenancy – what is it? The term "software multitenancy" refers to a software architecture in which a single instance of software runs on a server and serves multiple tenants.

Tenant – what is it? A tenant is a group of users who share a common access with specific privileges to the software instance.

Multitenant architecture – why? Provide every tenant a dedicated share of the instance including Data Configuration User management Tenant individual functionality and Non-functional properties.

Continuum of sharedness

Three approaches 11/9/2018 5:05 AM © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Three approaches

Separate databases

Shared Database, Separate Schemas

Shared Database, Shared Schema

Scaling an app

100k-150k installations Dynamics NAV on-prem

Dynamics 365 For Financials

Microsoft Invoicing Every Office365 business SKU user will get business apps Microsoft Invoicing 80k new tenants per month are invited

Pros and cons on five dimensions http://www.cosmic-university.com/%D7%9B%D7%AA%D7%91%D7%94/dimensions

Dimensions to consider Security Resource governance Administration Extensibility Scalability

Security Filtering Permissions Encryption Cross tenant operations http://www.hackertyper.com/ Caps lock x 3, Alt gr x 3

Filtering Using an intermediary layer between a tenant and a data source that acts like a sieve, making it appear to the tenant as though its data is the only data in the database.

Filtering Separate databases Shared database, separate schemas Shared database, shared schema GRANT access on the database level GRANT access on schema GRANT access on object level GRANT access on tenant view level Row level security Filter in the application layer

Encryption Obscuring every tenant's critical data so that it will remain inaccessible to unauthorized parties even if they come into possession of it.

Encryption Separate databases Shared database, separate schemas Shared database, shared schema Encryption on the database level Always Encrypted Encryption on (selected) tables/columns One key per tenant Encryption on selected columns

Cross tenant operations Security Permissions Filtering Encryption

Resource governance Reuse of resources Noisy neighbor Telemetry Caps lock x 3, Alt gr x 3

Reuse of resources Execution plans Separate databases Shared database, separate schemas Shared database, shared schema No yes

Reuse of resources Memory Separate databases Shared database, separate schemas Shared database, shared schema No Yes yes

Reuse of resources Database connections Separate databases Shared database, separate schemas Shared database, shared schema No Yes yes

Noisy neighbor

Be data driven … use telemetry Telemetry is vital … because … You won’t be there when the code fails You won’t be able to repro the situation You don’t have access to the machine easily (security boundaries, separation of duties to meet compliance, log data persistence, PII, …) Real live situations have much more imaginations that one can anticipate … (testing is required but is limited too !)

Three categories of telemetry to think about Telemetry for engineering (mostly about the service eco-system) Telemetry about the business (mostly about growth, adoption, conversion, …) Telemetry for customers (mostly about actual usage, what feature, when, how, …)

Administration Backup/restore Delete Upgrade Move One Many

A tenant is a unit of data in a container Tenant database 1 Maersk tenant Lego tenant Administration on the tenant level Delete Upgrade Move Vestas tenant Tenant database 2

Backup/restore Separate databases Shared database, separate schemas Shared database, shared schema BACKUP/RESTORE database Meh

Delete Separate databases Shared database, separate schemas Shared database, shared schema DROP database DROP tables Soft/hard delete DROP tenant views DELETE FROM tables DROP partition

Upgrade Separate databases Shared database, separate schemas http://cheezburger.com/3160207872 Separate databases Shared database, separate schemas Shared database, shared schema Go nuts Go nuts (within limits) Utilize online operations for schema Offline hours for data Be careful

Move Separate databases Shared database, separate schemas https://memesuper.com/download/7774adccae642784dff737347534b890978e6049.html Separate databases Shared database, separate schemas Shared database, shared schema N/A Meh Elastic client library

Split/Merge Separate databases Shared database, separate schemas http://www.all4humor.com/picture/funny-pictures/split-pants.html Separate databases Shared database, separate schemas Shared database, shared schema N/A Meh Elastic client library

Split using replication AppDB 1 TenantDB 1 TenantDB Tenant global ID 1 a b c d Tenant global ID Tenant state a Online b c d Geo replication TenantDB 1 Read only replica Tenant global ID Tenant state a Online b c d Tenant global ID Tenant state a Online b c d TenantDB 1 Read only replica Tenant global ID Tenant state a Online b c Offline d Tenant global ID Tenant state a Online b c Offline d TenantDB 1 Tenant DB 2 Tenant global ID Tenant state a Online b c Offline d Tenant global ID Tenant state a Online b c Offline d

AppDB 1 TenantDB 1 Tenant DB 2 AppDB 1 TenantDB 1 Tenant DB 2 AppDB 2 Tenant global ID 1 a b c d Tenant global ID Tenant state a Online b c Offline d Tenant global ID Tenant state a Deleting b c Offline d AppDB 1 TenantDB 1 Tenant DB 2 AppDB 2 TenantDB Tenant global ID 1 a b c d Tenant global ID Tenant state a Online b c Offline d Tenant global ID Tenant state a Deleting b c Offline d TenantDB Tenant global ID 2 c d AppDB 1 TenantDB 1 Tenant DB 2 AppDB 2 TenantDB Tenant global ID 1 a b Tenant global ID Tenant state a Online b c Deleting d Tenant global ID Tenant state c Online d TenantDB Tenant global ID 2 c d AppDB 1 TenantDB 1 Tenant DB 2 AppDB 2 TenantDB Tenant global ID 1 a b Tenant global ID Tenant state a Online b c Deleting d Tenant global ID Tenant state c Online d TenantDB Tenant global ID 2 c d

Elastic* Elastic Pools Elastic Query Elastic Tools Elastic Transactions

Multi-tenant Data Models Desirable application patterns with ideal tenant isolation properties and most cost-effective resource sharing Resource sharing Tenant Isolation Little resource sharing Lots of resource sharing Little isolation Lots of isolation Shared - Single All tenants in a single(large) database Database-per-tenant Every tenant gets its own DB Shared-Sharded Multiple tenants per DB, sharded across many DBs Increasing deployment & manageability cost Increasing cost for tenant isolation DevOps

Designed for SaaS: Azure SQL DB’s Elastic Capabilities Tenant Isolation Elastic database tools & capabilities Resource sharing Little resource sharing Lots of resource sharing Little isolation Lots of isolation Shared - Single All tenants in a single(large) database Database-per-tenant Every tenant gets its own DB Shared-Sharded Multiple tenants per DB, sharded across many DBs Increasing deployment & manageability cost Increasing cost for tenant isolation DevOps Database-per-tenant with Elastic Pools Tenant isolation combined with sharing resources in an elastic database pool

Challenge 1: Manage database capacity with many dbs Elastic Pools Cloud Service Catalog Customer Catalog Cust 1 Cust 2 Cust 3 Cust 4 Cust 5 Cust 6 Cust 7 Cust 9 Cust 9 Cus Cus Cust N Cust 1 Cust 2 Cust 3 Cust 4 Cust 5 Cust 6 Cust 7 Cust 8 Customer Databases

Challenge 2: Querying across many databases Elastic Query Cloud Service PowerBI Catalog Customer Catalog Elastic Query Cust 1 Cust 2 Cust 3 Cust N Customer Databases

Challenge 3: Managing many databases Elastic Jobs Cloud Service Catalog Customer Catalog T-SQL Cust 1 Cust 2 Cust 3 Cust N Customer Databases

Challenge 4: Managing data distribution Elastic Tools 1. End users connect to cloud service Cloud Service 2. Cloud service looks up customer in catalog 3. Cloud service routes directly to customer database Catalog Customer Catalog Cust 1 Cust 2 Cust 3 Cust N Customer Databases

Challenge 5: Transactions across databases 1. End users connect to cloud service Elastic Transactions Cloud Service 2. Changes several databases as part of the request Catalog Customer Catalog Cust 1 Cust 2 Cust 3 Cust N Customer Databases

One approach to rule them all?

So what to choose?

Want to learn more? http://lenews.ch/2016/02/12/3-things-you-must-know-before-learning-french-that-most-schools-wont-tell-you/

https://msdn.microsoft.com/en-us/library/aa479086.aspx

https://mva. microsoft https://mva.microsoft.com/en-us/training-courses/elastic-database-capabilities-with-azure-sql-db-16554