This blog may just turn into a vocabulary lesson for IT people. Today’s word is multi-tenancy.
Multi-tenancy is part of cloud design that enables shared resources and infrastructure. Those of you, who know me, know that I work for EMC covering the U.S. Federal Gov as a vSpecialist. So I will default to the NIST standard first the term Resource Pooling is used in the NIST Cloud Definition Guidance:
Resource pooling – The provider’s computing resources are pooled to serve multiple consumers using a multi-tenant model, with different physical and virtual resources dynamically assigned and reassigned according to consumer demand. There is a sense of location independence in that the customer generally has no control or knowledge over the exact location of the provided resources but may be able to specify location at a higher level of abstraction (e.g., country, state, or datacenter). Examples of resources include storage, processing, memory, and network bandwidth
Then in the Guidance for Security and Privacy in Public Cloud computing we find this:
Shared Multi-tenant Environment. Public cloud services offered by providers have a serious underlying complication—client organizations typically share components and resources with other consumers that are unknown to them. Rather than using physical separation of resources as a control, cloud computing places greater dependence on logical separation at multiple layers of the application stack [Owa10]. While not unique to cloud computing, logical separation is a non-trivial problem that is exacerbated by the scale of cloud computing (e.g., [Bos11]). An attacker could pose as a consumer to exploit vulnerabilities from within the cloud environment, overcome the separation mechanisms, and gain unauthorized access. Access to organizational data and resources could also inadvertently be exposed to other consumers or be blocked from legitimate consumers through a configuration or software error [Opp03]. Threats to network and computing infrastructures continue to increase each year and become more sophisticated. Having to share an infrastructure with unknown outside parties can be a major drawback for some applications and require a high level of assurance pertaining to the strength of the security mechanisms used for logical separation.
NIST doesn’t completely define multi-tenant models, does it? Nope part of that is due to the fact that the standard is watered down by the industry to ensure they can continue to support customers. No knock on NIST here because it has to be a tough job to create a standard for an entire industry. The way NIST builds the standard is partially through industry input; they look at what is available, what is coming and set definitions and guidelines based off of their insights. Sometimes this leads to solid guidance and clear direction, other times it leads to a loosely coupled series of semi-defined concepts. This is certainly one of those times.
So where do we then turn for guidance? How about the NSA? The NSA defines multi-tenancy thusly:
Multi-Tenancy – Multi-tenancy is the sharing of a common cloud resource that allows the cloud provider to efficiently utilize resources for multiple tenants and can be applied to all three cloud services (IaaS, PaaS, SaaS). Sharing resources, however, could result in residual data or operations being visible or discoverable by another user due to vulnerabilities or insecure configurations. There are varying degrees and definitions of Multi-tenancy among cloud providers and many providers have the option of not sharing resources at an additional cost.
Hahaha ok sorry clearly we need to go outside of the government if we want clear and concise on this topic, terms that the government is not known for. Since I have been beating on Gartner lately let’s see what Forrester has to say about this.
Our definition: Multitenancy defines IT architectures that let multiple customers (tenants) share the same applications and/or compute resources with security, reliability, and consistent performance.
Our research yielded three major findings about multitenant architectures. These are:
-
Multitenant architectures must strike a balance between sharing and security. To deliver cost savings and scalability, a multitenant architecture must be able to manage dynamic resource consumption by its tenants without violating their security. These two goals ultimately conflict with one another, since shared resources and individual security rarely go hand in hand.
-
Two common multitenant architecture models have arisen. Dedicated resource models stake boundaries within shared infrastructure, defining the resources a tenant can access, allowing for tangible and secure walls but lower flexibility. Metadata map models chart protected pathways to shared resources, allowing for increased flexibility, but they ultimately may feel less secure.
-
Despite resource sharing, multitenancy will often improve security. Most current enterprise security models are perimeter-based, making you vulnerable to inside attacks. Multitenant services secure all assets at all times, since those within the main perimeter are all different clients. Leveraging a mix of dedicated resources and metadata map architectures, these services can deliver stronger security.
You know what I can live with this, because at the end of the day it does actually depend.
We will never get everyone to agree to the definition of something life multi-tenant until we reach the utilization stage of solution maturity. Cloud is maturing but it’s not there yet. In the mean time we just need to know that everyone is trying to position their solutions as multi-tenant. If you are reading this odds are you are in a position to advise or make IT decisions so you need to know that words and language have power (I know I have said it before). Understanding that things some products are built for hybrid cloud management like vRealize Automation are only meant for multi-tenant for a single organization (as of today). That public cloud management solutions that logically separate shared resource multi-tenant solutions not without risk. Multi-tenant dedicated resource backends are expensive but they lack the issues found in logical separation from hardware and networking but tend to find front-end issues with portals or the ever present user created security gap.
Education and understanding help to lead you to intelligent and open-eyed decisions, which means you can mitigate, accept, or minimize the risks you take. Multi-tenancy will be defined by the customer so let’s make sure we all define their understanding of the word clearly to assist them in making the best choice possible.