Container Based Multitenant Applications

Multitenant applications comprise of many services and containers are best suited to host them. A container has a lower resource consumption and is easier for migration and expansion. When compared to Software-as-a-service application deployed to physical or virtual machines, container technologies provide good performance isolation and cost-effectiveness.

SaaS application deployment strategies include shared container, no shared container, and shared container per SLA class. Shared container strategy is easy to deploy and expand but not so great for performance isolation. No shared container strategy is just the opposite of shared container strategy.

A large scaled application can be separated into a group of loosely coupled, applications according to core functions. The application can be developed and deployed independently in the form of components, and this meets the differentiated function customization and performance requirements of tenants. The container based microservice instances are allocated to tenants

The multitenant SaaS applications under microservice architecture can achieve performance isolation based on container technology. An SLA oriented multitenant and multi-instance hybrid deployment scheme is designed to meet the performance requirements of different level of tenants. Tenant performance isolation algorithms for microservice clusters can be implemented that provide effective performance isolation for tenants and guarantees the quality of service.

Performance isolation mechanism for multitenant SaaS applications can be discussed in terms of system architecture, SLA-oriented multi-tenant and multi-instance hybrid deployment scheme and performance isolation algorithms for microservice clusters.

The architecture for performance isolation mechanisms can be based on Access Layer, Control Layer and Service Layer. SaaS service gateway is used to select container clusters according to tenant SLA level. Control layer can implement access control mechanism. A concurrent scheduler could regularly collect the estimated resource consumption of requests from service layer. A reverse proxy-based load balancer is used to schedule tenant requests to corresponding microservice instances in the service layer. Each microservice instance is deployed in a docker container.

With the SLA-oriented multitenant scheme, the resource allocation of tenants with different SLA levels is achieved by allocating different resource quotas to the containers. Service providers can classify the tenants’ SLA into several levels in terms of data size, request concurrency, response delay, number of users and so on. This strategy provides improved security isolation.

The performance isolation algorithm for microservice clusters is about resource consumption and limits. There exists contention between tenants at the same isolation level. When there are lots of requests, there can be higher resource utilization leading to higher latency and error rates. Some form of admission control mechanism will be required along with the stopping of the tenants who have exceeded their quotas.