Evaluating the effect of multi-tenancy patterns in containerized cloud-hosted content management system

Multi-tenancy in cloud computing describes the extent to which resources can be shared while guaranteeing isolation among components (tenants) using these resources. There are three multi-tenancy patterns: shared, tenant-isolated and dedicated component patterns. These patterns have not previously been formally specified. In order to create a precise definition and verify each pattern, we formally specify each pattern using the Z language. To validate the interpretation of our formal description, We empirically evaluate each pattern using the data-tier of a cloud hosted distributed content management application, WordPress, deployed in a Docker container. Experimental results show that the dedicated pattern successfully managed larger numbers of tenants with fewer unhandled request errors. The shared and tenant isolated patterns exhibited larger number of unhandled request errors when the number of tenants increased. We present a selection algorithm to choose suitable multi-tenancy pattern for cloud deployment of content management system

Toward Customizable Multi-tenant SaaS Applications

abstract: Nowadays, Computing is so pervasive that it has become indeed the 5th utility (after water, electricity, gas, telephony) as Leonard Kleinrock once envisioned. Evolved from utility computing, cloud computing has emerged as a computing infrastructure that enables rapid delivery of computing resources as a utility in a dynamically scalable, virtualized manner. However, the current industrial cloud computing implementations promote segregation among different cloud providers, which leads to user lockdown because of prohibitive migration cost. On the other hand, Service-Orented Computing (SOC) including service-oriented architecture (SOA) and Web Services (WS) promote standardization and openness with its enabling standards and communication protocols. This thesis proposes a Service-Oriented Cloud Computing Architecture by combining the best attributes of the two paradigms to promote an open, interoperable environment for cloud computing development. Mutil-tenancy SaaS applicantions built on top of SOCCA have more flexibility and are not locked down by a certain platform. Tenants residing on a multi-tenant application appear to be the sole owner of the application and not aware of the existence of others. A multi-tenant SaaS application accommodates each tenant’s unique requirements by allowing tenant-level customization. A complex SaaS application that supports hundreds, even thousands of tenants could have hundreds of customization points with each of them providing multiple options, and this could result in a huge number of ways to customize the application. This dissertation also proposes innovative customization approaches, which studies similar tenants’ customization choices and each individual users behaviors, then provides guided semi-automated customization process for the future tenants. A semi-automated customization process could enable tenants to quickly implement the customization that best suits their business needs.Dissertation/ThesisDoctoral Dissertation Computer Science 201

A Modelling Language to Support Evolution of Multi-Tenant Cloud Data Architectures

Multi-tenant data architectures enable efficient resource utilization in cloud applications, but are currently being implemented in industry and research using manual coding techniques that tend to be time consuming and error prone. We propose a novel domain-specific modeling language, CadaML, to automatically manage the development and evolution of cloud data architectures that (a) adopt multi-tenancy and/or (b) comprise of a combination of different storage solutions such as relational and non-relational databases, and blob storage. CadaML provides concepts and notations to support abstract modelling of a multi-tenant data architecture, and also provides tools to validate the data architecture and automatically produce application code. We rigorously evaluate CadaML through a user experiment where developers of various capabilities are asked to re-architect the data layer of an industrial business process analysis application. We observe that CadaML users required 3.5x less development time than manual coders. In addition to improved productivity, CadaML users highlighted other benefits gained in terms of reliability of generated code and usability

Cloud computing security taxonomy: From an atomistic to a holistic view

Countless discussions around security challenges affecting cloud computing are often large textual accounts, which can be cumbersome to read and prone to misinterpretation. The growing reliance on cloud computing means that not only should we focus on evaluating its security challenges but devote greater attention towards how challenges are viewed and communicated. With many cloud computing implementations in use and a growing evolution of the cloud paradigm (including fog, edge and cloudlets), comprehending, correlating and classifying diverse perspectives to security challenges increasingly becomes critical. Current classifications are only suited for limited use; both as effective tools for research and countermeasures design. The taxonomic approach has been used as a modeling technique towards classifying concepts across many domains. This paper surveys multiple perspectives of cloud security challenges and systematically develops corresponding graphical taxonomy based upon meta-synthesis of important cloud security concepts in literature. The contributions and significance of this work are as follows: (1) a holistic view simplifies visualization for the reader by providing illustrative graphics of existing textual perspectives, highlighting entity relationships among cloud entities/players thereby exposing security areas at every layer of the cloud. (2) a holistic taxonomy that facilitates the design of enforcement or corrective countermeasures based upon the source or origin of a security incident. (3) a holistic taxonomy highlights security boundary and identifies apt areas to implement security countermeasures

Architecting the deployment of cloud-hosted services for guaranteeing multitenancy isolation.

In recent years, software tools used for Global Software Development (GSD) processes (e.g., continuous integration, version control and bug tracking) are increasingly being deployed in the cloud to serve multiple users. Multitenancy is an important architectural property in cloud computing in which a single instance of an application is used to serve multiple users. There are two key challenges of implementing multitenancy: (i) ensuring isolation either between multiple tenants accessing the service or components designed (or integrated) with the service; and (ii) resolving trade-offs between varying degrees of isolation between tenants or components. The aim of this thesis is to investigate how to architect the deployment of cloud-hosted service while guaranteeing the required degree of multitenancy isolation. Existing approaches for architecting the deployment of cloud-hosted services to serve multiple users have paid little attention to evaluating the effect of the varying degrees of multitenancy isolation on the required performance, resource consumption and access privilege of tenants (or components). Approaches for isolating tenants (or components) are usually implemented at lower layers of the cloud stack and often apply to the entire system and not to individual tenants (or components). This thesis adopts a multimethod research strategy to providing a set of novel approaches for addressing these problems. Firstly, a taxonomy of deployment patterns and a general process, CLIP (CLoud-based Identification process for deployment Patterns) was developed for guiding architects in selecting applicable cloud deployment patterns (together with the supporting technologies) using the taxonomy for deploying services to the cloud. Secondly, an approach named COMITRE (COmponent-based approach to Multitenancy Isolation Through request RE-routing) was developed together with supporting algorithms and then applied to three case studies to empirically evaluate the varying degrees of isolation between tenants enabled by multitenancy patterns for three different cloud-hosted GSD processes, namely-continuous integration, version control, and bug tracking. After that, a synthesis of findings from the three case studies was carried out to provide an explanatory framework and new insights about varying degrees of multitenancy isolation. Thirdly, a model-based decision support system together with four variants of a metaheuristic solution was developed for solving the model to provide an optimal solution for deploying components of a cloud-hosted application with guarantees for multitenancy isolation. By creating and applying the taxonomy, it was learnt that most deployment patterns are related and can be implemented by combining with others, for example, in hybrid deployment scenarios to integrate data residing in multiple clouds. It has been argued that the shared component is better for reducing resource consumption while the dedicated component is better in avoiding performance interference. However, as the experimental results show, there are certain GSD processes where that might not necessarily be so, for example, in version control, where additional copies of the files are created in the repository, thus consuming more disk space. Over time, performance begins to degrade as more time is spent searching across many files on the disk. Extensive performance evaluation of the model-based decision support system showed that the optimal solutions obtained had low variability and percent deviation, and were produced with low computational effort when compared to a given target solution

Degrees of tenant isolation for cloud-hosted software services : a cross-case analysis

A challenge, when implementing multi-tenancy in a cloud-hosted software service, is how to ensure that the performance and resource consumption of one tenant does not adversely affect other tenants. Software designers and architects must achieve an optimal degree of tenant isolation for their chosen application requirements. The objective of this research is to reveal the trade-offs, commonalities, and differences to be considered when implementing the required degree of tenant isolation. This research uses a cross-case analysis of selected open source cloud-hosted software engineering tools to empirically evaluate varying degrees of isolation between tenants. Our research reveals five commonalities across the case studies: disk space reduction, use of locking, low cloud resource consumption, customization and use of plug-in architecture, and choice of multi-tenancy pattern. Two of these common factors compromise tenant isolation. The degree of isolation is reduced when there is no strategy to reduce disk space and customization and plug-in architecture is not adopted. In contrast, the degree of isolation improves when careful consideration is given to how to handle a high workload, locking of data and processes is used to prevent clashes between multiple tenants and selection of appropriate multi-tenancy pattern. The research also revealed five case study differences: size of generated data, cloud resource consumption, sensitivity to workload changes, the effect of the software process, client latency and bandwidth, and type of software process. The degree of isolation is impaired, in our results, by the large size of generated data, high resource consumption by certain software processes, high or fluctuating workload, low client latency, and bandwidth when transferring multiple files between repositories. Additionally, this research provides a novel explanatory framework for (i) mapping tenant isolation to different software development processes, cloud resources and layers of the cloud stack; and (ii) explaining the different trade-offs to consider affecting tenant isolation (i.e. resource sharing, the number of users/requests, customizability, the size of generated data, the scope of control of the cloud application stack and business constraints) when implementing multi-tenant cloud-hosted software services. This research suggests that software architects have to pay attention to the trade-offs, commonalities, and differences we identify to achieve their degree of tenant isolation requirements