What is Multitenancy?

Quick Definition: Multitenancy is a cloud architecture in which several physical server resources are shared with multiple users, allowing for better cost efficiency and more optimal hardware use.

"The cloud" has jokingly been called "just someone else's computer," and that's not a bad summary. Cloud hosting is essentially paying to rent time on a provider's hardware, networks, and power. Of course, there's a lot more nuance to it than that, with the advantages provided by concepts like elasticity, scalability, and huge numbers of managed services.

The cloud couldn't be what it is, however, without one more key concept: multitenancy, or the ability to run workloads from multiple customers by sharing hardware while maintaining secure separation of the resources. Multitenancy offers a huge advantage by allowing cloud providers to operate servers and data centers efficiently.

Let's explore multitenancy, including its definition, how it benefits cloud providers and their customers, security considerations, and when you shouldn't take advantage of the benefits. 

What is Multitenancy?

Multitenancy is the sharing of physical server hardware resources among multiple customers (tenants) within a cloud environment. Contrast this with single tenancy, where servers in a data center are dedicated to one customer's use.

The easiest way to conceptualize multitenancy is with virtual machines, which use virtualization software on a physical server to parse out resources to emulate multiple operating systems. You can essentially run multiple virtual computers on one physical computer. 

In a multitenant environment, a host divides up customer servers to best utilize available resources. If a single physical server has 32 CPU cores available, and four customers want to each run an 8-core server, then it makes sense to split up the big physical server into four ways to run the four smaller virtual servers.

This makes cloud computing much more cost-effective for service providers like AWS and Azure. They can use their resources very efficiently and not waste servers sitting idle or at half capacity.

Benefits of Multitenancy

Understanding the benefits of multitenancy is helpful in understanding why this is such a popular option. There are several benefits for both providers and users. 

Cost Efficiency

By sharing resources across tenants, cloud providers can make more efficient use of their resources and offer services at a lower price. By avoiding idle or underutilized servers, providers can optimize resource allocation, reduce redundancy, and do more with less. 

Scalability

Multitenancy also creates a perfect environment for efficient scalability, allowing for maximum flexibility when customers are choosing how much capacity to provision. Services and resources can seamlessly expand to accommodate growing workloads without compromising performance.

Improved Reliability

Multitenancy allows for maximum flexibility for reliability. In single-tenancy, a customer might have their own dedicated server. Think especially about the co-location model, where customers manage their own hardware in a dedicated rack. Failover is difficult because there are no shared resources. With multitenancy, a failed server means workloads are automatically redistributed to other racks or even other data centers.

Key Components of Multitenancy

While the exact function and setup of multitenancy servers can vary, they do have several core concepts in common, including: 

Tenant Isolation

With virtual machines from multiple customers running on shared hardware, security is an obvious concern. Virtual machines must not be unable to access each other, either through the network, their storage, what's in memory, or what's coming in and out of their network adapter. Otherwise, there would be huge security issues.

The hypervisor handles isolation; it divides up those resources and keeps them separate, only allowing VMs to access what is allotted to them. They cannot access the host server, as that would potentially give an attacker access to all of the VMs and the hosting network. This type of attack is called a virtual machine escape.

One recent and particularly nasty CVE from VMware details how a bug in the 3D graphics stack allowed for the execution of code on the host from a VM. Learn more about Common Vulnerabilities and Exposures (CVE) here.

Resource Sharing

Multitenancy depends on sharing a physical server's hardware resources between the tenant VMs. When a virtual server starts running, the hypervisor allocates a certain amount of CPU and RAM to it, as configured by the admin. Those reserved resources are carved out from the host and unusable for anything else while the VM is running.

Disk space is also allocated, usually in the form of virtual disk files on the host for each drive mounted to the host. Say an admin designates a new VM to have a 100 GB disk. The hypervisor will create a 100 GB file on the host to reserve the space and act as the virtual disk for the VM to use.

Balancing and correct resource allocation are critical to keeping a host alive; over allocating any resource could quickly bring things to a halt. For cloud providers like AWS, all this happens automatically, with the AWS backend finding a physical host with resources to spare on EC2 creation. All this happens transparently to the admin creating the server.

Customization and Personalization

Obviously, all servers are unique, and cloud providers must accommodate whatever their customers need. One common use case for this is CPU type. x86 processors are sufficient for most needs, but ARM processors are becoming more and more popular for their speed and cost-effectiveness. Providing capacity for both keeps everyone happy.

Security Considerations with Multitenancy

Security is a huge concern with multitenancy. If properly implemented, tenant servers should never be able to interact with each other or the host. Maintaining this strict isolation is paramount for protecting data and access. 

Every cloud provider invests heavily into securing their multitenant environment to protect their customers. It's actually another cost-efficiency advantage, as a cloud provider can develop and implement security across their entire hosting platform cheaper and more efficiently than each individual customer collectively doing the same work on their own.

Isolation must be maintained across data storage, memory, and networking. Without data isolation, tenants could access storage for other tenants' servers, revealing customer data, stored API keys and other secrets, or source code.

Memory contents must be isolated for the same reasons; while difficult, it's not impossible to retrieve data from RAM. Finally, networking must be isolated to avoid capturing data on the wire as it is transmitted and received.

Best Practices with Multitenancy

Multitenancy isn't something you need to switch on or configure, per se. It all happens behind the scenes with your cloud provider. Resource allocation happens transparently so you get the CPU and RAM that you pay for, and another tenant on the same server cannot overload the server, steal your resources, or starve the server.

Security is also handled transparently. Obviously, keeping your data isolated from other tenants is paramount. Cloud providers know this and handle it for you with strict controls in place to prevent data leaks across tenants.

When Not to Use Multitenancy

As great as multitenancy is, sometimes it isn't a viable option. Certain regulatory requirements do not allow for the sharing of physical resources, no matter how secure the cloud provider's multitenancy configurations are. Industries like banking and insurance will commonly require sensitive data and systems to utilize only single-tenant hardware.

Cloud providers make this easy, however, with dedicated hosts. With these virtual machine types, they dedicate a physical server to running your hosts with no other tenants sharing the hardware. This comes with a literal price, though with higher costs.

Conclusion 

Multitenancy is transformative in helping to move computing from the on-prem data center and collocations up to the cloud. Providers can offer more affordable services while optimizing how they use their hardware. Resource and security controls keep everyone in their lane and safe. Finally, and most importantly, IT pros win by taking advantage of the scalable and elastic power of the cloud!

Want to learn more about network design? Take CBT Nuggets training Building a Network Design Online Training with Jeremy Cioara.