Things to Know when Considering Multi-Tenant or Multi-Threaded Applications

It’s time to talk about the types of things you should consider when diving into multi-tenant applications and things to be especially aware of if you attempt to make things faster by going multi-threaded at the same time. Join us as Allen continues is non-winning / non-losing streak, JZ is taken out by a storm, and Outlaw continues to ignore the notes for the intro to the show…

News

Reviews

• Spotify – Colum Ferry

Upcoming Events

• Atlanta Dev Con
  September 7th, 2024
  https://www.atldevcon.com/
• DevFest Central Florida on September 28th, 2024
  https://devfestflorida.com/

Episode

• Single vs multi-tenanted applications and multi-threaded programming
  • Be very careful about sharing state when doing anything in multi-threaded AND multi-tenanted applications

What are some important things to consider when writing multi-tenanted applications – per Claude

As mentioned in the episode, Claude’s answers seem to be very database heavy

• Data isolation: Ensure that each tenant’s data is securely separated and inaccessible to other tenants.
• Authentication and authorization: Implement robust systems to verify tenant identity and control access to resources.
• Scalability: Design the architecture to handle growth in both the number of tenants and data volume per tenant.
• Performance: Optimize database queries and resource allocation to maintain speed as tenant count increases.
• Customization: Allow for tenant-specific configurations and features without compromising the core codebase.
• Monitoring and logging: Implement comprehensive logging and monitoring to track usage, errors, and performance per tenant.
• Maintenance and updates: Design the system to allow for updates and maintenance with minimal disruption to tenants.
• Data backup and recovery: Implement tenant-specific backup and recovery processes.
• Compliance and data regulations: Ensure the system can meet various regulatory requirements that may differ by tenant.
• Tenant onboarding and offboarding: Create efficient processes for adding new tenants and removing old ones.
• Good feature flagging support?
• Tracing / OpenTelemetry

Can you elaborate on the data isolation?
Data isolation is crucial in multi-tenant systems to prevent unauthorized access and ensure data privacy. Here are some key strategies to ensure data isolation:

• Separate databases
  • Use a separate database for each tenant
    • Pros: Strong isolation, easier compliance
    • Cons: Higher maintenance, potentially higher costs
• Shared database with separate schemas
  • Each tenant gets their own schema within a shared database
    • Pros: Good isolation, more cost-effective than separate databases
    • Cons: Requires careful access control, potential for errors
• Shared schema with tenant ID
  • Use a single schema but include a tenant ID column in each table
    • Pros: Most cost-effective, easiest to maintain
    • Cons: Highest risk of data leaks, requires vigilant query filtering
• Row-level security
  • Implement database-level security policies to restrict access based on tenant ID
  • Particularly useful with shared schema approach
• Encryption
  • Encrypt sensitive data, potentially using tenant-specific keys
  • Adds an extra layer of protection even if other measures fail
• Connection pooling
  • Use separate connection pools for each tenant to prevent session mixups
• Query filtering
  • Always include tenant ID in queries, preferably at the database level
  • Use ORMs or query builders that automatically add tenant filters
• API and application-level checks
  • Validate tenant ID in all API calls and application logic
  • Implement middleware to enforce tenant-specific access

Resources / Mentions

• Salable Postgres product – Citus
  https://www.citusdata.com/
• Envelope encryption if you’re wanting to use tenant specific keys for multi-tenanted encryption – one approach is envelope encryption
  https://en.wikipedia.org/wiki/Hybrid_cryptosystem#Envelope_encryption
  https://cloud.google.com/kms/docs/envelope-encryption
• OWASP multi-tenant or “Cloud Tenant” Isolation
  https://owasp.org/www-project-cloud-tenant-isolation/
• C#’s Parallel.ForEach method – the easy way to do parallel processing in C#
  https://learn.microsoft.com/en-us/dotnet/api/system.threading.tasks.parallel.foreach?view=net-8.0
• Can’t remember why we linked episode 11, but here it is!
  https://www.codingblocks.net/podcast/episode-11-design-patterns-part-1-you-create-me/

Tips of the Week

• Speculative fix? If you’re not sure that your fix is going to work, or you can’t reproduce the problem then consider over-communicating it and keeping artifacts such as screenshots of what you attempted.
  • It’s useful for communication, but also for looking back when and if you start second guessing yourself.
• Shapez 2 is a cool refactoring, automation, and puzzle game. It’s similar to Factorio, but with a heavier emphasis on refactoring and puzzles.
  https://store.steampowered.com/app/2162800/shapez_2/
• Kotlin – measureTimeMillis
  https://kotlinlang.org/api/latest/jvm/stdlib/kotlin.system/measure-time-millis.html
• Google skills – learn and get certified in Google Cloud https://www.cloudskillsboost.google
  • Pay for a year’s worth of training for $299 and get $200 towards a certification – over $1,500 value https://www.cloudskillsboost.google/payments/new https://www.cloudskillsboost.google/subscriptions
    
• From Ivan Kuchin – Dasel – like JQ except it does JSON, YAML, TOML, XML and CSV with zero runtime dependencies
  https://github.com/TomWright/dasel
• Google Cloud products in 4 words or less
  https://cloud.google.com/blog/topics/developers-practitioners/back-popular-demand-google-cloud-products-4-words-or-less-2022-edition
  https://googlecloudcheatsheet.withgoogle.com/