Designing a Multi-Tenant SystemPermanent link for this heading

There are different strategies to pursue to create services for tenants.

Approaches:

  • Shared: The tenants use common Fabasoft Folio COO Services and Fabasoft Folio MMC Services.
    shared.png
  • Connected services: Each tenant has own Fabasoft Folio COO Services and Fabasoft Folio MMC Services.
    isolated services.png

Approach

Security Patterns

Extensibility Patterns

Scalability Patterns

Shared

Connected Services

Access Control ListsPermanent link for this heading

In all Fabasoft software products the access to Fabasoft Folio object is controlled by access control lists (ACL). ACLs are defined by ACL objects. Each Fabasoft Folio business object has a pointer to an ACL object which defined the access to this business object.

Service Based RestrictionsPermanent link for this heading

The service based restrictions are defined by connection configurations of Fabasoft Folio Services. Access to these services can be restricted by client IP address to restrict data access to clients which belong to the given tenant. This restriction can be defined in the Fabasoft Folio COO Service object.

Example: It is possible to give a business unit its own Fabasoft Folio Web Service which is only allowed to connect to a specific Fabasoft Folio Backend Service where confidential data is stored.

Tenant Specific ConfigurationPermanent link for this heading

The domain configuration and administration may be delegated to the tenants to enable a decentralized administration or can still be handled centrally. The configuration of software components of a domain can be changed on a per tenant basis to customize the software for specific requirements of a tenant, independent from the domain configuration.

Tenant Specific Persistence ConfigurationPermanent link for this heading

The Fabasoft Folio objects of each Fabasoft Folio Tenant can be stored in different databases and file systems and can be made accessible via different Fabasoft Folio Services. By using different services per tenant, the data persistence configuration can be customized for specific requirements of a tenant.

Example: For each Fabasoft Folio Tenant own service definitions can be defined.

Service Based Scale-OutPermanent link for this heading

A Fabasoft Folio Service stores a specific data set in a dedicated database and file system. To handle increasing workloads and data size, Fabasoft Folio Services can be added to an existing installation to provide additional capacity.

Tenant Based Scale-OutPermanent link for this heading

A new Fabasoft Folio Tenant can be added to an existing installation and hosted by dedicated Fabasoft Folio Services to provide additional capacity for a new environment with an independent configuration.

Example: If a new business unit is founded in an organization, the system installation can be extended with a new tenant, which does not affect the existing installation.