Multi-tenancy is an architecture in which a single instance of a software application serves multiple customers. Each customer is called a tenant. Tenants may be given the ability to customize some parts of the application, such as color of the user interface (UI) or business rules, but they cannot customize the application’s code.
The WebLogic domain can now be split between partitions, which are logically associated to a tenant. Tenants can be different companies or departments, basically different users communities. The partitions are administrative parts of the domain as they can contain isolated resources (applications, data sources etc) as well as runtime components as partitions can be started and stopped, thus starting associated applications together with all their dependencies.
The term “software multitenancy” refers to a software architecture in which a single instance of software runs on a server and serves multiple tenants. A tenant is a group of users who share a common access with specific privileges to the software instance.
Multi-tenancy can be economical because software development and maintenance costs are shared. It can be contrasted with single-tenancy, an architecture in which each customer has their own software instance and may be given access to code. With a multi-tenancy architecture, the provider only has to make updates once. With a single-tenancy architecture, the provider has to touch multiple instances of the software in order to make updates.
In cloud computing, the meaning of multi-tenancy architecture has broadened because of new service models that take advantage of virtualization and remote access. A software-as-a-service (SaaS) provider, for example, can run one instance of its application on one instance of a database and provide web access to multiple customers. In such a scenario, each tenant’s data is isolated and remains invisible to other tenants.
Multi-tenancy is the key common attribute for both public and private clouds and it applies to all three layers of a cloud: IaaS, PaaS and SaaS.
- High security: There are 3 key components that define the degree of isolation between multiple tenants in a data center: access policies, application deployment and data access and protection.
- Economy: The software development and maintenance costs are shared between the tenants. Service assurance and faster updates: with multi-tenancy, the provider has to make updates once. In contrast with single-tenancy, an architecture in which each customer has their own software instance and may be given access to application code.
- Efficiency and flexibility: A SaaS provider can run one instance of its application on one instance of a database and provide web access to multiple customers. Each tenant’s data is isolated and remains invisible to other tenants.
- Lower costs through economies of scale: With a single-tenancy-hosted solution, SaaS vendors must build out their data center to accommodate new customers.
In contrast, in a multi-tenant environment, new users get access to the same basic software, so scaling has far fewer infrastructure implications for vendors (depending on the size of the application and the amount of infrastructure required).
- Ongoing maintenance and updates: End users don’t need to pay costly maintenance fees in order to keep their software up to date. New features and updates are included with a SaaS subscription and are rolled out by the vendor.
Configuration can be done while leaving the underlying codebase unchanged.
- Using WebLogic Server Multitenant improves your time to market, simplifies movement of workloads to and from the cloud, enables up to 3X hardware consolidation, and reduces operating expenses by up to 25%.
Benefits of a Multitenancy (MT) in Weblogic:
- Microcontainers: Domain partitions act like microcontainers, encapsulating applications and the resources (datasources, JMS servers, etc) they depend on. Partitions are isolated from each other, so that applications in one partition do not disrupt applications running in other partitions in the same server or domain. This results in :
-Max portability between environments
-Parity between development and production
-Fast start up/shutdown – disposability
-Easy scale up
-Enable migration to cloud
- Logical Virtualization within the application server: It includes administrative constructs and infrastructure, including pluggable partitions, that enable you to share domains for many applications. By pushing virtualization higher in the technology stack, more of the stack can be shared. More sharing results in better efficiency.
- Isolation: Virtualization within the application server naturally implies some form of isolation between the applications running on the shared platform. For WebLogic Server Multitenant, Oracle built several forms of isolation that are critical for consolidating independent applications into a shared domain. These isolations are :
-Runtime and resource management (JDK and WLS partnership, runtime resources like Heap, CPU, threads, request)
-Administrative (Admin roles, lifecycle troubleshooting for every partition)
-Security/Identity (realms, users per partition, separate authentication and authorization providers.)
-Traffic/data (dedicated JNDI segregated data, dedicated and shared coherence caches)
Security Isolation: In WebLogic Server Multitenant, each microcontainer can have a separate security realm. This enables you to define a separate set of administrators and users for the microcontainer, as well as separate authentication and authorization providers.
Administrative Isolation: WebLogic Server Multitenant enables just such a set of administrative isolation features. Each microcontainer can be managed by its own set of administrators. It can also be started, stopped, configured, and updated independently
Data Isolation: Because each microcontainer has its own dedicated data source configuration, Java Message Service (JMS) configuration, and dedicated Oracle Coherence runtime cache service, data for the microcontainer is isolated from the data for all other microcontainers. Data sources in a microcontainer provide a natural pointer to a separate data set –a hallmark of a microservice architecture. Because JMS messages are also stored and processed for an individual microcontainer, data in JMS messagesis also naturally segregated. With dedicated cache services within a shared Coherence cluster, cached data is also segregated for each microcontainer
- End-to-End Integration: Multitenancy provides end-to-end integration and ease of use with OracleTraffic Director, Oracle Coherence, and Oracle Database 12c pluggable databases. WebLogic Server MT lifecycle management links together partitions across different components to form one cohesive unit that serves a tenant’s needs. To do this, the lifecycle manager provides configuration integration across components.
Microcontainers within WebLogic Server are only part of the story for WebLogic Server Multitenant. The solution provides end-to-end integration and ease of use with Oracle Traffic Director, Oracle Coherence, and Oracle Database 12cpluggable databases. ORACLE WEBLOGIC SERVER MULTITENANT END-TO-END INTEGRATION WebLogic Server Multitenant End-to-End Integration included in WebLogic Server Multitenant is the integration with Oracle Traffic Director, which is a high throughput, low latency HTTP(s), WebSocket, and TCP software load balancer.
In a WebLogic Server Multitenant environment, Traffic Director can act as a microcontainer gateway. When you add a pluggable partition to a WebLogic Server configuration, the Traffic Director configuration is automatically updated to include routing information to the services running in the microcontainer. When you move the microcontainer to a different environment, Traffic Director automatically routes traffic to the new location.
Oracle Coherence, the industry leading in -memory data grid solution, is also part of the end-To -end integration story. Coherence clusters can be part of the shared infrastructure, which means additional efficiency, ease of use, and cost savings. For services running in microcontainers, WebLogic Multitenant can automatically create dedicated or shared cache services within a shared Coherence cluster without additional manual configuration
Few Terms used in Multitentancy:
Pluggable database: The multitenant architecture enables an Oracle database to function as a multitenant container database (CDB).A CDB includes zero, one, or many customer-created pluggable databases (PDBs).A PDB is a portable collection of schemas, schema objects, and nonschema objects that appears to an Oracle Net client as a non-CDB. All Oracle databases before Oracle Database 12c were non-CDBs. Two types:
Virtual host: defines how partition is accessible from external world. This information is automatically registered in Oracle traffic director.
Virtual targets: A virtual target is the target used by a resource group at the domain level and partition level. Virtual targets are targeted to managed servers or clusters and they define access points to resources.
Resource groups: With the introduction of Weblogic Multi-Tenant, you can group applications and resources to create a resource group with the elements needed by each environment. In addition, we should create partitions (one per each environment) to target one or more resource groups on these partitions.
- at the domain level : A resource group created at the domain level has a global scope and cannot be used by any partition
- at the domain partition level: a resource group created at the partition level has an scope that only covers that partition, it means that applications at this level are not available at the domain level or for other partitions
This configuration can be seen in the following picture
Partitions: A partition is an administrative and runtime unit that is equivalent to a portion of a domain, which is used to run applications and their resources. Oracle recommends that you should not create more than 10 partitions per domain.
Security realms: I will create a security realm per partition in order to manage the security independently.
Partition users: The security realms created in the previous step will be used to define administrative users in charge of the administration of each partition.
Tenants: Tenants represent distinct user organizations, such as different external companies (for example, Company A and Company B), or different departments within a single company (for example, HR and Finance), that use applications and resources within a WebLogic domains.
A tenant is a logical grouping of your own choosing; it is not a configurable object. That is, you manage domain partitions, not tenants.
Resource Group Templates: A named, domain-level collection of deployable resources intended to be used as a pattern by (usually) multiple resource groups. Each resource group that refers to a given template will have its own runtime copies of the resources defined in the template. A resource group template is a convenient way to define and replicate resources for multiple tenants. Resource group templates make it very easy to deploy the same collection of applications and resources to multiple domain partitions
Resource group templates are defined at the domain level, and then referenced by one or more resource groups.
WebLogic Server MT Supports Only Java EE Applications
This means that WebLogic Server MT does not support the following products:
- Oracle Web Service Manager
- SOA Suite
- Application Development Framework (ADF)
- Oracle Service Bus
- Oracle Enterprise Scheduler
- WebLogic SCA