How Salesforce Masters the Challenges Posed by Multi-Tenanted Systems?

Multi-tenancy, where a single instance of the software and allied infrastructure serves multiple customers, is an highly effective business model in many cloud-based applications.

Multi-tenant solutions allow one instance of the application to handle the needs of multiple clients, or tenants. The system provides each tenant with a dedicated share of the system instance. The tenants share the cost and enjoy the benefits of the common infrastructure. 

Multi-tenancy architecture offers several benefits over conventional single-tenancy architecture. Multi-tenancy enables cloud service providers to deliver ultra-quick services without going through the rigmarole of code changes, database set up and provisioning extra programming resources. Since the provider has to make the changes only once, updates are faster. The shared software development and maintenance costs reduce cost. Multi-tenancy systems are easily scalable as well.

Contents

1. Force.com Platform-as-a-Service (PaaS)
2. Architectural Challenges
3. Security Challenges

Force.com Platform-as-a-Service (PaaS)

Force.com Platform-as-a-Service (PaaS) powers a multi-tenant environment in Salesforce. Today the extremely reliable Force.com serves over 100,000 businesses and millions of users. It powers the Sales Cloud, the Service Cloud, and thousands of custom applications built by customers. 

The multi-tenant Salesforce model offers everyone the same version of the application, with data stored in a shared database. In such a set-up, the software vendor has to worry about only one version of the software, sparing them the hassles of supporting multiple versions of the software for different software and hardware configurations. Improvements made to the system become available to all clients, with clients having the choice to turn new features on or opt-out. Clients seeking to customize their application create and configure new metadata for new screens, database fields, or desired behavior. 

However, it is not all smooth sailing for multi-tenanted systems always. A multi-tenant environment raises several challenges. Salesforce’s success stems from its ability to resolve the inherent architectural, security, and other challenges of multi-tenant systems seamlessly. 

Here’s how. 

ARCHITECTURAL CHALLENGES 

The efficacy of a multi-tenancy PaaS or SaaS environment depends on the architecture, configuration, and scaling. Poor system infrastructure negatively affects speed, loading time, data storage, transmission, and backup protocols. 

The robust multitenant architecture in Salesforce ensures superior performance. At the core of the multi-tenancy architecture is the database.

Force.com breaks free from the conventional RDBMS, designed for on-premises single-tenant deployments. Conventional RDBMS databases run on top of a specifically tuned host operating system. In contrast, Force.com combines several persistence technologies. At the core is a custom-designed relational database schema, specifically designed for the cloud. The database is polymorphic and dynamic, fulfilling the needs and expectations of various tenants exceptionally well.

Many vendors explore virtualization as an alternative to the custom database schemas. But running the conventional RDBMS paraphilia with virtualization means huge extra overheads of a hypervisor that hurts the performance of the RDBMS in a big way.

Building a metadata-driven kernel is a hard task. Only an easily scalable and highly customizable kernel will meet user expectations. Also, the kernel should be secure, fast, and upgradeable without downtime, all at once. Force.com’s innovative, metadata-driven, multi-tenant database architecture lives up to such demands. It delivers operational and cost efficiencies and improves security at the same time. 

Easy and Customizable Updates

The biggest challenge with multi-tenanted systems is enabling one tenant to customize their schema objects and application user interface in real-time, without such tweaks affecting the functionality or availability of the system for other tenants.

Salesforce resolves the issue through the skillful use of metadata. Force.com’s runtime engine materializes all application data from metadata. The well-defined metadata-driven architecture separates the kernel or compiled runtime database engine, tenant data, and the metadata describing the application. Such distinct boundaries make it possible for each tenant to update their system kernel and tenant-specific applications and schemas, without affecting other tenants or users. 

Force.com’s Universal Data Dictionary (UDD) retains objects, fields, stored procedures, and database triggers as abstract constructs that exist as metadata. When a tenant defines a new application object or writes procedural code, Force.com does not create an actual table in a database or compile any code. Rather, it stores the information as metadata, which the system engine uses to generate the virtual application components at runtime. Modification or customization is thus a matter of simply issuing a non-blocking update to the corresponding metadata.

Speed and Performance

Today’s highly demanding customers demand speed and robust performance.

The multi-tenant environment in Salesforce supports a single version of the code base but emulates older versions. This enables significant maintenance, development, and performance gain.

Force.com’s sophisticated metadata caches the most recently used metadata in memory. This avoids performance-sapping disk I/O and code recompilations and improves application response times.

This polyglot persistence feature spares users from dealing with the complexity of integrating, managing, and testing several systems across applications and devices. Users have to only code to a single API, regardless of the optimal persistence type for any situation. 

Force.com also uses other persistence technologies to deliver fast, scalable performance. For example, a separate search engine optimizes full-text indexing and searches. As applications update data, the search service’s background processes asynchronously update tenant- and user-specific indexes in near real-time. 

The ever-changing Interface of SaaS apps, as a reaction to the changing customer preferences and demands, mandates backward compatibility. Salesforce makes sure different tenants can work with newly upgraded interfaces, or continue with their interfaces without breaking their well-integrated business logic to the incumbent interface. 

Scalability

A common issue with multi-tenanted systems is the “bad tenant” effect. If one tenant uses an inordinate amount of computing power, the other tenants face a slowdown in performance. Some tenants may even get a “temporarily restricted” warning. The bad tenant effect also causes other undesirable spill-offs, such as storage issues, and abnormal hypervisor and processor behavior that slows down everything. 

One way to avoid the bad tenant effect is through full visibility into precisely what workloads are being impacted and how. Quick diagnosis of performance issues makes it possible to make resource decisions that eliminate the bad tenant effect. A cluster performance monitoring solution that co-opts real-time and historical information about clusters, such as system demand, abusive users, and wasteful applications makes it possible to analyze the system and ensure fair resource allocation and management among the tenants.

READ : 6 Effective Tips To Use Salesforce For Customer Retention

The multitenant architecture in Salesforce ensures easy scalability. Access to a virtually infinite resource pool ensures that one tenant using a significant portion of the resource does not affect the performance of other tenants.

Issues related to code change and patch updates

The extent to which system bugs create vulnerability by leaving the door ajar for malicious intruders, depends on the architecture of the platform. Salesforce’s stable and rigorous architecture reduces the vulnerability risks. 

Salesforce embeds security into the platform at all stages of the development lifecycle.

At the design phase, the system mandates a comprehensive threat assessment exercise to identify potential security issues early in the development lifecycle.

At the coding stage, Salesforce lays down policies to use secure coding patterns and leverages static code analysis tools to identify security flaws. Comprehensive tests ensure the integrity of authentication and authorization mechanisms. 

Prompt and systematic patch updates are another key USP of Salesforce. One of the key challenges posed by multi-tenanted architecture is to patch or upgrade the code base without breaking tenant-specific schemas. Force.com ensures that the design and test take place without breaking the user experience.

Salesforce understands its periodic releases, while improving performance, security, logic, and usability, may affect existing customizations and incumbent needs. Salesforce makes updates optional for each tenant. Release Updates offer detailed information, allowing tenants to make informed decisions.

Testing

The integrity of the multi-tenant Salesforce model depends on robust testing, to prevent issues rather than trying to resolve them later. Robust multi-tenancy testing ensures that code changes are done without breaking a system that was working well.

Salesforce’s comprehensive testing approach involves internal staff and third-party external consultants. 

The following types of tests ensure the integrity of a multi-tenancy system.

• Regression testing, using automated testing tools such as Selenium and QTP, enables fast and comprehensive checks to see if the features are working right, post-update. 
• Interface testing measures the changes for one tenant over other tenants. 
• Security testing, through multi-tenant isolation and access privilege, role violation, and application data.
• Automated validating of functional and non-functional requirements, to shorten the release cycle.

A unique challenge while testing a multi-tenant application is ensuring that the live upgrades have zero-to-minimum downtime. If some tenant is accessing an application when the update is going on, it could cause serious issues. A proper deployment strategy, tested on a staging environment by quality control, minimize such risks. Salesforce also has an effective backup and recovery plan. 

SECURITY CHALLENGES

A multi-tenant cloud is ideal for users who do not have internal resources to meet the challenging requirements of single-tenant SaaS environments. Reliable multi-tenant cloud providers have strong security integrated into their service, and this protection will likely be better than what many enterprises have in-house.

Access Authentication

A major challenge facing multi-tenant providers is data confidentiality. The integrity of any multi-tenancy platform depends on keeping tenant-specific data secure in a shared database so that one tenant cannot see the data belonging to another tenant.

The Force.com architecture isolates data, configuration, and other characteristics between tenants to make a single system appear like a set of individual systems. Strong network security protocols and access control mechanisms ensure a client’s data in the multi-tenanted environment is as safe as it gets. 

Security Policies and Protocols

Security risks persist despite strong access protocols. With the data stored in the same database, the possibility of a bug exposing one tenant’s data to another tenant persist. Worse, vulnerabilities could give unauthorized third-parties, ranging from rogue insiders to malicious hackers, access to sensitive data. Security vulnerabilities such as SQL vulnerabilities or corrupted data from one tenant could spread to other tenants on the same machine.

To overcome such risks, reliable multi-tenant systems operate with much higher security standards compared to standalone systems. 

The Force.com platform co-opts detailed internal policies related to the detection of security threats, response mechanisms, and forensics. It deploys several layers of defense to resist different threats. It offers SAS 70 Type II, SysTrust, and ISO 27001 certifications—all without sacrificing application performance.

The Force.com platform secures its network on many fronts. Some security policies enforced include:

• Stateful packet inspection (SPI) firewalls, which inspect all network packets and prevent unauthorized connections.
• Bastion hosts, which serve as hardened barriers between the perimeter and core firewalls, and can withstand even major attacks. 
• Two-factor authentication, to verify the identity of access requests
• Strong encryption, using end-to-end TLS/SSL cryptographic protocols, to prevent data theft during transmissions.
• Use of MD5 one-way cryptographic hash function to protect customer passwords in the database layer.
• Encryption of field data in custom fields in the database layer.

Salesforce adopts industry-accepted best practices to strengthen the underlying host computers supporting the various software layers of the Force.com cloud platform. A case in point is the well-established policy of host systems using Solaris or Linux distributions, with non-default software configurations.

Proactive Monitoring 

Today’s highly fluid business environment operates in a fragmented ecosystem where subtle changes in the technology stack happen outside of anyone’s knowledge or control. Such changes compromise the systems running on it. It requires periodic assessments and proactive interventions to ensure the system once secured, remains secured.

Proactive monitoring is a key feature of the multi-tenant environment Salesforce. 

Salesforce employs several highly sophisticated security tools to monitor platform activity, including application database activity, in real-time. Such tools flag almost all threats and potential malicious events. Smart event management tools correlate user actions and event data, and flag potential internal and external threats, in real-time. While real-time monitoring helps counter threats as they emerge, Salesforce goes further and tries to curb threats from developing.

Salesforce also conducts regular internal and external vulnerability assessments. In-house security experts conduct periodic reviews of the system architecture, to identify weak spots proactively. Similarly, managed security services providers (MSSP) conduct external vulnerability assessments to nip any potential threats in the bud.

Physical Security 

Security is a composite activity. The best of protection and a rogue insider who has official access to the facilities hosting the infrastructure can easily compromise hardware level.

Salesforce.com is wise to such eventualities and ensures all its facilities have strict access control policies. The company also heavily regulates and monitors all the work operators perform inside any facility.

Every employee and contractor goes through a thorough background check before accessing a facility. Manual guards who take multiple biometric scans ensure strict access control. Once inside the premises, each employee has secure workstations, which limits the scope or extent of work on the principle of least privileges. 

Salesforce factors in all possibilities, even situations considered not plausible in the normal scheme of things. A case in point is the exterior perimeter of each premise being made bullet resistant, in addition to the normal practice of deploying closed-circuit television coverage, alarm systems, and manned guard stations

Factoring in the Human Element 

Any security is only as strong as its weakest link, and most times poorly trained or unskilled employees are the weak link. They make mistakes or cannot make the right interventions at the right time and end up compromising the best of policies or the most robust of systems.

Gartner estimates that about 60% of virtualized servers as less secure compared to the physical servers they replace. A plausible scenario is one machine of a multi-tenancy application hosted on virtualized infrastructure monitoring its neighbors by burrowing into the underlying infrastructure and bypassing the security at the software layer.

Salesforce not only deploys highly mature tools and processes, but ensures technicians, consultants, and all other stakeholders involved in the process receive extensive training regularly. Still better, it ensures training is specific to the roles handled by the employees.

Salesforce has placed its reputation on the line and leveraged its extensive experience and resources to ensure its multi-tenant infrastructure is as secure as possible. The Force.com multi-tenant Salesforce platform is as safe as it will ever get, and unlocks a world of benefits for its users.