Industry Solutions and Trends
Technology is more than just networking and Juniper experts share their views on all the trends affecting IT
Industry Solutions and Trends
Multi Tenancy Architecture Models
06.08.16

Multi Tenancy Architecture Models

In order to support multiple tenants on a physical server both virtualization and containers comes to the rescue. This blog discusses the following three different architecture models and compares the benefits and disadvantages of each of the model:

  1. Virtualization
  2. Containers
  3. Tenant aware application

Virtualization

Virtualization uses a combination of Hardware provided features and Software to abstract the physical HW into multiple virtual HW. The Virtual HW runs its own OS called Guest OS and applications on top of it. A tenant is contained within a Virtual Machine and provides the strongest level of isolation.

 

With virtualization a tenant is hosted on a VM and is self-contained with control, management, data and service planes.

Containers

Containers abstract the OS to provide resource isolation and control for applications. Containers are more like Tenant aware Operating System with each tenant using a unique name space. Linux kernel implements containers using name spaces and the following areas of kernel is aware of name spaces:

  • Mount namespaces – isolate file system mount points
  • UTS namespaces – isolate domain name, host name
  • IPC namespaces – isolate IPC identifiers
  • PID namespaces – isolate Process identifiers
  • Network namespaces – isolate IP Address, interface, route tables, port numbers
  • User namespaces – isolate users

 

With Containers a tenant is hosted on a container and is self-contained with control, management, data and service planes.

 

Tenant aware application

In Tenant aware application, the application itself has the knowledge of the tenant. Just like in containers the OS provides the abstraction using name spaces, the Tenant aware application need to have the notion of Tenants. An example will be the LSYS implementation that exists in the application.

 

In this model the tenant is hosted in the same application itself which abstracts each tenant.

Comparing the 3 models

Feature

Virtualization

Containers

Tenant aware application

Performance under CPU oversubscription

Good

VMEXIT and setting up HW context make it really expensive. As more tenants are added, VM switching brings down the aggregate throughput of the physical server

Better

Container switching is same as process switching. The process-switching overhead brings down the aggregate throughput of the physical server.

Best

No switching is needed as the application threads are pinned to cores and throughput per tenant = Throughput of the device / number of tenants.

Isolation

Best

HW provided isolation by means of the VT-x, VT-d provides full isolation such as memory and DMA between tenants. One instance per tenant ensures isolation.

Better

Software Isolation using the name spaces. One instance per tenant.

Good

Similar to Container name spaces, isolation is built into the application. Application going down will bring down all the tenants.

Resource usage efficiency

Good

Resource usage is high and efficiency is low. Every instance has its own guest OS packaged in and also have a runtime overhead on the resources

Better

There is no Guest OS makes the size smaller and the runtime foot print is small as well

Best

Application itself is aware of the tenants and can adjust resources based on the number of tenants. The OS level overhead such as scheduler can be completely avoided.

Resource Control

Better

Resources are allocated when instances are launched be means of vCPU and memory. Cgroups can be used to control resource allocation.

Better

Resources are controlled by Cgroups.

Best

Application has the full control of the resources.

Scale – number of tenants

In the double-digits

In the 1000’s

No OS level restriction.

Development complexity

Running a image on a VM is very easy as a VM is a full fledged Virtual Platform

Require Porting work to adopt to the Host OS

Tenant awareness in an application is complex.

 

In Summary

This blog compares and contrasts the 3 different multi-tenant architecture models. As discussed for people looking for isolation VM model works well, for people looking for performance with less/no OS level overhead tenant aware application works the best. The containers come in-between VM and tenant aware applications in terms of all the metrics used in the comparison.