This is a continuation of a series of articles on hosting solutions and services on Azure public cloud with the most recent discussion on Multitenancy here and picks up the discussion on the checklist for architecting and building multitenant solutions. Administrators will find that this list is familiar to them.
The previous article introduced the checklist as structured around business and technical considerations as well as the five pillars of the Azure well-architected framework. These pillars include 1) Reliability, 2) Security, 3) Cost Optimization, 4) Operational Excellence, and 5) Performance efficiency. The elements that support these pillars are Azure well-architected review, azure advisor, documentation, patterns-support-and-service offers, reference architectures, and design principles.
Operational excellence comes with security and reliability. Security and data management must be built right into the system at layers for every application and workload. The data management and analytics scenario focus on establishing a foundation for security. Although workload-specific solutions might be required, the foundation for security is built with the Azure landing zones and managed independently from the workload. Confidentiality and integrity of data including privilege management, data privacy, and appropriate controls must be ensured. Network isolation and end-to-end encryption must be implemented. SSO, MFA, conditional access, and managed service identities are involved to secure authentication. Separation of concerns between azure control plane and data plane as well as RBAC access control must be used.
The reliability considerations include reviewing the Azure well-architected reliability checklist and this is applicable to all workloads. There must be some safeguards against the noisy neighbor antipattern which is specific to some workloads. Service level objectives and even service level agreements could be defined. These would be based on the requirements of the tenants as well as the composite SLAs of the Azure resources. Reliability is easily impacted by scale and service level agreements can suffer from performance. Testing that the application performs well under load is an important consideration. Finally, Chaos engineering applications can be applied to test the reliability of the solution.
The cost optimization considerations involve Azure's well-architected cost optimization checklist and are applicable to all workloads. Per-tenant consumption must be adequately measured and combined with the infrastructure costs. Antipatterns must be avoided such as failing to track costs or doing it more than necessary.
The operational excellence considerations involve the Azure well-architected performance and efficiency checklist which is also applicable to all workloads. Shared infrastructure must mitigate noisy neighbor concerns. One tenant can reduce the performance of the system for other tenants from a variety of consumptions. Similarly, each Azure resource may impose its own limits on scalability. Solutions do not need to be over-architected or designed for requirements that do not exist.
No comments:
Post a Comment