Multitenancy & Cloud Computing Platforms: Four Big Problems

(Updated February 23) Sybase’s Eric Farrar explains what I meant to say about multitenancy, PaaS and ISVs, only much much better. I’d also recommend checking out SAP’s own very worthy PaaS efforts, which do serve their target enterprise customers very well: BusinessByDesign and the coming JPaaS River. As well, here is a blog by SAP Mentor Richard Hirsch, who explains how he views SQL Anywhere On-Demand.

(Updated February 21) This post has attracted some attention, some of it for the wrong reasons. To clarify: I think multitenancy rocks for large-scale cloud applications. Not every ISV shopping for a cloud data platform or Platform-as-a-Service (PaaS) needs that scale, though.

Many PaaS today seem to sacrifice features and/or customization in favor of one-size-fits-all scale. For ISVs, I truly believe that many multitenant cloud platforms today lack the flexibility to account for their security/regulatory requirements. Or that the benefits of a scalable new platform don’t always justify the cost of Apologies if my imprecise language caused any conflation/confusion. Obviously, this wasn’t meant to be an inadvertant criticism of SAP’s own cloud applications like BusinessByDesign or Successfactors.

(Post begins) It feels a little blasphemous to type this while Cloud Connect, the cloud industry’s premier conference, takes place just 30 miles away.

But sometimes when you see a balloon rising from all of the hot air filling it, you gotta take aim with the BB gun and pop it.

As most of you know, multitenancy is the term describing when a single instance of software serves dozens or hundreds of users/customers at the same time. Anyone can see how much more efficient this is versus the old server hosting model, where the ratio of server:customer is 1:1. Even using today’s Red Hat-type virtualization, each server can cram fewer users/customers onto itself than a true multitenant service.

Besides their efficiency, multitenant services can scale easily. Both of these mean lower costs for the hosters/software vendors, and, potentially, lower prices for customers.

It’s why Hotmail and Facebook were able to grow to tens of millions of customers before any meaningful revenue began rolling in. On the business side, Salesforce.com is multitenant, as is Successfactors, which my parent company SAP just spent $3.4 billion to acquire.

Outside of the application space, things are well, more stormy. Take the Platform-as-a-Service (PaaS) space. Providers here include Google App Engine, Windows Azure, Salesforce.com’s Database.com, and others.

For enterprises - who usually have much more rigorous requirements than consumers - a multitenant cloud platform has plenty of disadvantages. That goes double for the developers serving those enterprises.

1) It’s inflexible. Let’s say as your personal blow against globalization, you want Google to guarantee that your Gmail will only be stored on servers physically located in the U.S. Not. Going. To. Happen.

While that may be an esoteric request for a consumer, it is actually a requirement for businesses operating in Europe. There, strict national data privacy laws mean that data about French customers must be stored in servers located inside France, German customer data inside Germany, etc. As a result, cloud or hosted applications must be run from data centers in multiple countries. Most multitenant PaaS providers will find it difficult to make that happen.

Or let’s say you are a application vendor or ISV that happens to be blessed with multiple customers from the same industry. For competitive reasons, Coke may not want the risk of its secret formula being stored on the same physical server as data from its arch-rival, Pepsi.

This may not just be competitive paranoia; this too could be an law or industry regulation. Again, this is difficult for most multitenant PaaS providers to make happen today.

2) It’s less secure. Sure, cloud platform vendors will argue that their software, if run properly, isolates all user data and setting info from each other. However, there is always the potential for human carelessness or error. For instance, a database administrator can mistakenly implement a security policy that affects all of users of the service but actually contravenes the policies or rules that some customers need to abide by (due to above-mentioned national or industry rules).

Or let’s say a hacker is able to break the encryption of a database operated by a cloud service provider. If it’s a multitenant service, chances are he or she will be able to steal the data of dozens or hundreds of different business customers all stored on that database.

If the hosted service provider, however, stored each customer’s data on a different database, each with its own encryption key, then the hacker’s prize would be diminished. This is the upside of ‘less powerful’ software. Substitute hacker with “foreign government agent” and the possibilities get more chilling.

3) It’s less powerful. As mentioned before, most multi-tenant cloud services are created by Web 2.0 firms. What they may possess in fresh user interfaces and simplicity they lack in terms of features.

Take Database.com. The service doesn’t support applications written using the standard SQL language used by grown-up databases, notes ZDNet. Or Google App Engine, which has hard limits on the amount of data that users can store. Or Windows Azure, which hosts data in plenty of countries, but perhaps not the one that your customer requires.

In conclusion: cloud platforms may be perfect for webcentric developers looking for an easy-but-slightly-sophisticated way to store data. But for many others, a cloud platform will be too limiting. Also…

4) It may be more costly. Forget the temptingly-low utilization rate - what about the cost of rewriting your applications and porting your data over to this new platform? That can be a huge investment. For many smaller ISVs who serve small industry niches or sets of customers, the cost of porting over to a whole new platform may be too much for it to make sense.

A Better Choice?

For many enterprises and enterprise developers, what may make more sense are cloud-like platforms that offer the best of multiple worlds:

- the features and familiarity of regular relational databases;

- the security and flexibility of single-tenant software;

- the group management capabilities and the pricing model of multi-tenant services;

- and the low-touch, no-DBA-required stability of a mobile or embedded database.

The coming “Fuji” version of the SQL Anywhere database from my employer, Sybase, will offer all of the above, including a more developer-friendly pricing model that will be a first for Sybase.

If you are an enterprise or enterprise ISV, this may fit the bill better than some overhyped multi-tenant PaaS from one of the big boys.

To learn more, visit this link or read the blogs of the brains behind SQL Anywhere, including Eric Farrar (who kindly took the time to walk through this topic with me), Glenn Pauley, Chris Kleisath, Tom Slee and Jason Hinsperger.