-
Notifications
You must be signed in to change notification settings - Fork 1
/
paper.tex
154 lines (126 loc) · 9.36 KB
/
paper.tex
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
\documentclass{article}
\usepackage{a4wide}
\usepackage{graphicx}
\usepackage{float}
\usepackage{url}
\usepackage{fancyhdr}
\usepackage{geometry}
\usepackage{acronym}
\usepackage{lastpage}
\usepackage{color}
\usepackage[subtle]{savetrees}
\newcommand{\highlight}[1]{\colorbox{yellow}{#1}}
\urlstyle{same}
\acrodef{MTA}{Multi-Tenant Application}
\acrodef{GAE}{Google App Engine}
\acrodef{VP}{variation point}
\acrodef{AOSD}{Aspect Oriented Software Development}
\acrodef{VRT}{Variation Realization Technique}
\acrodef{COP}{Context Oriented Programming}
\acrodef{DI}{Dependency Injection}
\acrodef{DaaS}{Data as a Service}
\acrodef{IaaS}{Infrastructure as a Service}
\acrodef{PaaS}{Platform as a Service}
\acrodef{SaaS}{Software as a Service}
\acrodef{OVM}{Orthogonal Variability Model}
\acrodef{SLA}{Service Level Agreement}
\acrodef{MVC}{Model View Controller}
\acrodef{QoS}{Quality of Service}
\acrodef{VM}{Virtual Machine}
\acrodef{DBMS}{Database Management System}
\acrodef{RDBMS}{Relational Database Management System}
\acrodef{VMM}{Virtual Machine Monitor}
\acrodef{PECE}{Progressive Elliptic Curve Encryption}
\acrodef{OWASP}{Open Web Application Security Project}
\acrodef{FUP}{Fair Use Policy}
\acrodef{AWS}{Amazon Web Services}
\title{Investigating the State of the Art of Multi-Tenancy: a Survey}
% Previously: Multi-Tenancy: ready to rock? a survey
% We moeten nog wat leukers verzinnen...
% Jasper: ik vind de huidige wel aardig.
\author{Herman Banken\and
Jasper Dijt\and
Erwin van Eyk\and
Rick Wieman\and
\\Delft University of Technology
\\\{H.J.Banken, J.W.Dijt, E.D.C.vanEyk, R.Wieman\}@student.tudelft.nl
}
\date{\today}
\pagestyle{fancy}
\lhead{Investigating the State of the Art of Multi-Tenancy: a Survey}
\rhead{page \thepage\ of \pageref{LastPage}}
\cfoot{}
\begin{document}
\maketitle
\thispagestyle{empty}
\begin{abstract}
Multi-tenancy allows multiple organizations to use a single application with their own configuration, on the same system. Despite the fact that many authors have done research on multi-tenancy, no clear definition exists.
In our survey, we research the current state of multi-tenancy. We identified four major software concepts that need extra care or provide extra opportunities in multi-tenant application development:
security, as the security concerns are holding back adoption of multi-tenancy;
scalability, as an unscalable application cannot leverage the benefits of the economics of scale;
quality of service, as performance must be upheld for all active tenants;
and variability, as that is where value is added for tenants. \\
Our research agenda provides an overview of possible research opportunities, such as automation (automatic deployment, wizards for tenants), guarantees (solutions to new problems need to be provable) and tenant-aware components (such as load balancers and databases).
\\
\textbf{Keywords}: multi-tenancy, security, scalability, quality of service, variability
\end{abstract}
\section{Introduction}
Due to the uprising of \ac{SaaS}, more and more application providers chose to build their applications using a multi-tenant architecture. % TODO citation! Verder loopt dit nog niet zo...
Tenants are often companies or organizations consisting of multiple users.
Multi-tenancy is the sharing of resources between multiple tenants.
As a result, various tenants can use the same application with their own configurations.
Additionally, application providers achieve better economies of scale.
Multi-tenant applications pose new challenges, for example in terms of security and scalability.
This literature survey merges the information of about 21 papers, in order to create a clear view of the definitions of multi-tenancy, the challenges and the research opportunities.
In the first part of this survey, we will give background information on multi-tenancy (Section~\ref{sec:bg}). Thereafter, the most common challenges for multi-tenancy will be discussed: security (Section~\ref{sec:security}), scalability (Section~\ref{sec:scalability}), \ac{QoS} (Section~\ref{sec:qos}) and variability (Section~\ref{sec:variability}). After discussing these challenges we conclude the survey in Section~\ref{sec:conclusion}.
\section{Background information}
\label{sec:bg}
\input{background}
\section{Security}
\label{sec:security}
\input{security}
\section{Scalability}
\label{sec:scalability}
\input{scalability}
\section{Quality of Service}
\label{sec:qos}
\input{QoS}
\section{Variability}
\label{sec:variability}
\input{variability}
\section{Conclusion}
\label{sec:conclusion}
In this paper we surveyed the current state of multi-tenancy research.
We have identified several topics for further research on the subjects of security, scalability, quality of service and variability.
Multi-tenancy can be divided in three levels: a shared application with a separated database, a shared application with a shared database (separate schema) and a shared application with a shared schema~\cite{bezemer2010multi}. The latter is considered pure or native multi-tenancy~\cite{bezemer2010multi,lin2009feedback,aulbach2009comparison}.
The relationship between multi-tenancy and the \ac{SaaS} domain is considered close~\cite{dillon2010cloud}, or even stronger: multi-tenancy is a characteristic of the \ac{SaaS} domain~\cite{tsai2010towards}. Additionally, the challenges of cloud services overlap with the challenges of multi-tenancy~\cite{dillon2010cloud,krebs2012architecture}.
In Section~\ref{sec:security} on security, an overview has been provided of the new security concerns and their solutions introduced in multi-tenancy, including data localization, data storage and authentication and authorization. We showed that there is a thin line between security issues caused by multi-tenancy and security issues caused by the general cloud technologies. Multi-tenancy is a high-level concept, relying on a multitude of other technologies, which thereby inherits traditional security issues.
In Section~\ref{sec:scalability} on scalability, research on estimating resource consumption per tenant and using these estimations to place tenants within the existing infrastructure was discussed. In addition to that an overview of data layer specific scalability research was presented.
\ac{QoS} research was surveyed separately from scalability. Three techniques that use a form of per tenant request limiting for separating tenants were discussed.
On the subject of variability, most research is done on modeling variations and describing techniques to build variants. We provided an overview of the levels of variability (e.g. external variability, visible to the customer; and internal variability, invisible to the customer), three modeling techniques (Feature modeling, Decision modeling and Orthogonal Variability modeling) and the various variation techniques.
\subsection{Research Agenda}
\label{sec:ra}
Throughout the paper we identified several research opportunities. Below we list the most prominent opportunities. Some of the opportunities described earlier fit into a certain category. These opportunities have been merged.
\begin{itemize}
\item \textbf{Automation}.
To exploit economies of scale, providers of multi-tenant applications want to attract as many tenants and users as possible.
However, managing all these tenants and their configurations takes a lot of time without the proper tools.
Research has been done on creating wizards for tenants~\cite{mietzner2008generation,mietzner2008defining}, but this field is not completely covered yet and additionally, automatic deployment of the outcome of these wizards can be investigated (Section~\ref{sec:var_agenda}).
\item \textbf{Guarantees}.
In all aspects of multi-tenancy new problems arise.
The solutions proposed for these problems need to be provable, for multi-tenancy to be usable in high availability or business critical applications.
Open research opportunities lie in state consistency while updating the platform (Section~\ref{sec:var_agenda}), proving data isolation between tenants (Section~\ref{sec:security_agenda}), providing performance isolation and minimal performance (Section~\ref{sec:qos_agenda}).
\item \textbf{Effective security}.
Although security measures have been proposed to secure multi-tenant systems, research should be dedicated to finding a effective balance between security and performance. Traditional and new security mechanisms should be redesigned to increase their effectiveness in multi-tenancy environments (Section~\ref{sec:security_agenda}).
\item \textbf{Tenant aware components}.
In scalability and \ac{QoS} research, tools like tenant aware load balancers and tenant aware databases are used or proposed (Section~\ref{sec:scal_mta} and \ref{sec:tenant_aware}).
The benefits of such tools in a multi-tenant environment have already been proven.
The proposed multi-tenant aware database is still incomplete as it lacks tenant aware administration tooling and more work on the storage model is needed.
Also, the approaches used for making load balancers multi-tenant aware, need to be validated further.
%\item \highlight{Voeg hier je belangrijkste punten toe} en probeer te kijken of het niet overlapt met andere punten en zo ja: voeg samen.
\end{itemize}
\section{Acknowledgements}
This literature survey was done in the context of the TI3700 course on the Delft University of Technology. We thank Cor-Paul Bezemer, as our first reviewer, for his helpful comments to improve this paper.
\bibliographystyle{plain}
\bibliography{ref}
\end{document}