Multi-tenant Architecture for SaaS
When building Software as a Service (SaaS) you'll often need to use a Multi-tenant Architecture. There are many different ways that you can segregate compute and data storage in a multi-tenant environment. Data storage can be in a silo or partitioned. Compute can be pooled or siloed. And both together you can create lanes for groups of tenants. In this architecture, having the identity of each request is critical in being able to route a request all the way through to the right services and resources.
? EventStoreDB
? Subscribe:
? Join this channel to get access to source code & demos!
? Don't have the JOIN button? Support me on Patreon!
? Blog:
? Twitter:
✨ LinkedIn:
0:00 Intro
0:38 Multi-tenant
3:32 Identity
5:01 Code Example
7:13 Lanes
#softwarearchitecture #multitenant #saas
Is this a good candidate for row level security?
Could be, assuming your database supports it.
I have the same question related to a broader topic of this kind asked in one of the earlier commets, too (re intra-group – within one business boundary – multitenancy with more complex filtering scenarios) / this is a really interesting and practical aspect
Project Orchard also has multitenant feature. Very few good tutorials out there. It does support in a decent way. It also covers the features which to turn on for which tenant.
For partitioned databases you can also do it by replicating tables for each tenant, tenant1_table1, tenant2_table1. Instead of saving all tenants data on the same table.
also true. but it’s easier to just use a database that supports partitions so this is all done under the hood. e.g. postgres.
Sounds like a maintenance hell tbh. Imagine 100+ tenants.. And how about that day when your app joins tables between different tenants in production? It may be game over
@Greenthum6 sure there are tradeoffs, all tenants in 1 table probably doesn’t scale as well too.
What you describe is also hard to do if you have 1 db per tenant, which in my opinion is the way to go.
But of course, will depend on your requirements…
@Mário Nunes I mean the joins between two tenants should NEVER happen. Same goes for queries where accidentally returning rows from wrong tenant may result in legal actions. Messing up is going to happen eventually as any query may break it. One database per one tenant is the only sane option if your application works with business critical data.
Integration testing and any kind troubleshooting would be difficult if you always need to map a specific tenant to a set of table names since all SQL must be tailored at all times.
Saas design using Hypermedia is pretty cool, Haven’t thought of Saas that way. Its new to me. Have you/any one you know has really hit the ceiling with pooled & partitioned SaaS architecture and had to move on to Hyper media etc..? I’ve never built a Saas. One thing that really scares me is that pooled and partitioned might not be good enough for the long run and migrating between pooled & partitioned to something else will be a big headache;
Don’t use auto increment IDs if you want to go from silo’ed databases to partitioned.
@CodeOpinion mmh.. That’s to ease the db distribution right?
That’s great and all, but when it comes to cross tenant capabilities of the system its a bit of pain 🙂
Tenants needing to communicate with each other I was going to bring up. But ultimately it’s not very far off as a request from a “client” and a request from tenant are treated the same.
I’ve worked most of my career with transactional multitenant systems starting from key-partitioned tables and eventually moving to dedicated databases. The last thing you want to face is to mess up data between tenants. That’s why I would always go for a model with a dedicated database for each tenant. Sharing a database between tenants will eventually result in customers calling and asking why do they see data from a wrong company. And the next, even harder question is are their data compromised also. I’ve seen that happen, believe me you don’t want to be there.
Database per tenant is also a great benefit when building test automation and CI. You just make sure users are redirected to correct tenant and from there it’s just single tenant system all the way. No need to carry any tenant IDs in every query or making sure all current and future SQL will use it correctly. The obvious benefits include scaling and better performance overall. Not all tenants are equal. There will be that mammoth one slowing others down.
I agree. Mixing diferent tenant data in the same DB is a REALLY BAD idea. It’s like “reverse sharding”. You’re basically putting stuff that don’t belong together in the same DB. In the same RDBMS. Usually you want to do the opposite, not only for security, but also for performance reasons. If your services are stateless, your relational database eventually becomes your main bottleneck.
How would you fit this with microservices ? Ideally each microservice should have its own database, so if you have 500 clients and 10 microservices you would end up with 5000 databases, which can be a nightmare
@DevilTrigger There is no need to echo the customer data model over the whole system. That would be bad micro service design. If you go with microservices and one or more of your services has hundreds of databases to manage maybe rethink the solution.
@Maestre3D how? links to how this can be done with postgresql?
what happens when you have millions of users??? how do you manage the databases? so each user signup is a new database? please share link of how this is done in real life..thanks
hi thanks for the information which very clearly explained just want to know if you have a code sample for “Multi-Tenant pooled & partitioned” which uses seperate identity server to return tenant and then login to client application thanks in advance
Just the sample code shown in the video. I don’t have a full sample app that illustrates it.
What about each tenant using its own schema? Data logically separated and you dont have to filter out the data being retrieved, just set the proper schema when querying
Sure, that works. It’s not any different than being silo’ed using different db instances because ultimately you need to know which schema to use (vs which instance to connect to).
Where do you feel Postgres schema separation fits into.
IMO it’s the best of both worlds with the data isolation of separate DBs with the cost savings of a single DBs.
You mean single instance with multiple schemas. Sure.
How would you handle this scenario with Entity framework? Is there an easy way?
I’m currently working on something closely resemble farms, the different is, I have a service working as a proxy to hold the emails (the main access way) and the associated api that this email belongs to, after that, the presentation (Mobile app and blazor app) uses that api for all subsequent calls until a sign out is made.
Watching this made me thinking if making a service for only an email check is an overkill, should it have the whole identity system, but I want each tenant to have a different jwt credential, and, with current implementation plan, there is only 2 methods exposed from the proxy, the first to register the email, the other is to check for the email, (Maybe an edit in the future), other methods are for the admin to spin up another tenant, these methods also required their own jwt credentials.
If you want to become good in designing (the architecture) your system, I highly recommend watching all of his videos (these are not for beginner programmers tho)
Hopefully they help.
About the identity, the user get a token from Identity how to know the tenant to assign to ? My used a login “companyAmyusername”, “companyBmyusername” depending of that I assign the tenant in the token but I think it’s not the best way. What is the best way ?
I enjoyed this video, thanks. I prefer the approach that uses a separate database per tenant, but I have a concern. When you have to modify the database schema (adding/modifying tables for example), would you have to update each database manually and separately?
The way to go will be to automate the updates with database migration scripts
Isn’t it the same as passing the tenant id as a parameter, but build in?
Multi Tenant is nice when your app share the same logic and that’s it . But when maybe a distributor from a different car seller say ” i want to remove one field ” you can change that for just one client , you have to change your entire app for only one client.
Clients are stupid sometimes.
You can do custom fields. Dynamically generated Fields: textbox, select, date, etc
Hi, I think my question is not really related to this topic. But I need advices from experts in this situation:
– My app allows users define their own objects
– Should I allow users to define their own real table per each object? Or should I use a big table (for ex: Integer1, Integer2,… String1, String2, …)
Thanks
Sounds like you don’t want a relational database but rather a document store.
@CodeOpinion Currently our app is using MSSQL server – it is relational database. But now, users want to define their custom objects. Do you have any advices on how database designing structure for this requirement? Thanks
How do you go about handling multi-tenancy in an event-sourced app where a consumer should be able to handle events from different tenants? I thought about creating different topics for each tenant, but then I would also need to create consumers that listen to those new topics. How would you go about aggregates in a case where many tenants can share the same topic? Is there a way to do this transparently without each consumer being aware that they are in a multi-tenant environment? I really would prefer not to rely on developers of each service making sure that they check tenant id and handle requests appropriately.
Same as the database really. Depends if you want to share it. You can make it seamless for the developer so they are unaware of where it’s actually being published. Take that concern out of their hands.
I would really like to know your take on Hexagonal Architecture aka Ports And Adapters Architecture. If possible, please, come up with a video on that.?
Check out this video: https://www.youtube.com/watch?v=Ys_W6MyWOCw
What is a tenant? How is it different from a user/client?
Tenant is a person/company/group of users. Just like a tenant in an apartment. The tenant is the customer who occupies property within a building.
thank you for such as a fantastic tutorial. Short, Easy and Professional thanks
You’re very welcome!