Multi-tenancy and all its flavors seems to be on people’s minds lately. I just finished going back and forth with Phil Wainewright on some of the nuances of multi-tenancy and how it impacts the cost model for SaaS. Phil’s post was on some of the sophisticated nuances of multi-tenancy as expressed by some of the latest announcements from the SaaS Vatican, Salesforce.com.
More recently, it has come to my attention both through my fellow bloggers of the Enterprise Irregulars as well as via a trackback to my blog post that there are those who are now saying the Cloud has made the world safe for SaaS vendors to forget multi-tenancy and plunge ahead with single-tenancy.
Not so fast!
Color me skeptical. If you don’t have a multi-tenant architecture, you’re going to argue it isn’t necessary. That doesn’t make it right. Before we get too far along, let me define multi-tenancy:
Multi-tenancy is a software architecture that allows multiple tenants to be hosted on a single box (or cluster of boxes) just as easily and economically as a single tenant could be hosted on the same configuration.
The bloggers taking the position that single tenancy is good enough hoist a variety of flags in support of their position, but for me, it boils down to answering one simple question about your SaaS business and its customers:
Fundamentally, do you have an application that can successfully run multiple tenants on a single box or not?
If a single box has enough horsepower to run multiple customers for your app, the argument for single-tenant is completely (pardon my near-pun) untenable.
Salesforce runs 55,000 customers on 1,000 commodity servers. You just aren’t going to be able to do that with a single tenant architecture no matter how much virtualization you choose to run. If nothing else, virtualization runs afoul of a fixed cost/variable cost phenomenon very quickly. A lot of the basic system software allocates fixed overhead, whether we’re talking about your DB server, your app server, your web server, or whatever. Virtualization does not share the resources required for the fixed overhead, only the the variable costs. Multitenant shares the fixed overhead too. Those variable costs put an upper limit on the number of tenants you can shove onto a single box, no matter how small the tenant’s needs may be.
The new articles maintain that the Cloud fixes all this through the magic of elasticity. Really? That’s hogwash. The Cloud at best and if you really architected your app to take full advantage of elasticity may help a little bit. But most of the problem is database, and elasticity and databases so far remain a very hard technical problem to solve. Try dynamically varying your partitioning and/or federation scheme to really scale up and down in real time in the Cloud. It’s hard enough to get apps to scale to arbitrary Enterprise needs at all. Try doing that in real time so you get multitenant cost savings? Good luck!
So if you can’t run an average of 55 customers on each of 1000 servers like Salesforce, how many can you run without multitenant? 3? 5? 10? What does that do to your cost versus true multitenant? What does that do to the overhead of maintaining the servers? What does that do to your cost of delivering the service and to the resultant cost model you have to saddle you customers with? What does that do to you competively if you’re up against a company that does have the true multitenant cost advantage?
One example on the cost subject that I am familiar with: a lot of the Social Software companies wind up charging by page views or total participant seats. In many ways, this is anathema to community where you should do everything you can to encourage participation and not penalize it. This is especially true for outwardly facing communities where the company wants a predictable cost model and can’t imagine being charged by their continually changing customer base or especially the changing usage patterns of that base.
In fairness, there are some business model + company + market + architecture combinations where it wouldn’t matter because you can’t run multiples on a single box. If you’re strictly selling to organizations that can’t run on a single box no matter what, single tenant is fine. Perhaps this is what these other bloggers are saying, but I’m skeptical any Enterprise 2.0 app would have that requirement, and that’s the kind of software these bloggers are describing. FWIW, Helpstream will run 150 customers and nearly 400K seats on a single box loaded to about 10% of capacity. That’s nothing though. Look to the Googles, Facebooks, Amazons, eBays, Twitters, and similar big web properties to see real capacity. Now combine that kind of capacity with multiple tenants. It is a powerful competitive position to be in.
As I say, one can imagine combinations where you couldn’t combine multiple tenants onto a single box. A honking big transaction processing ERP app might be one. For another, at Callidus, I had customers using as many as 150 CPU’s to generate all the sales commission calculations for a huge salesforce. To give an idea, we had telcos paying 20K sales reps and insurance companies paying 250K reps. That’s a lot of transactions paid to a lot of people! But those kind of Enteprise deals are very unusual for SaaS companies, and that kind of app is pretty unusual too because of the number of transactions being processed and the complexity of the business logic. Still, such apps could be successful in those markets with single tenancy.
The articles go on to talk about the advantages of being able to customize these multiple instances. Frankly, that scares me too, because the whole SaaS model really starts to break apart there when you decide to radically customize each instance. It may be a value add, but it is a radically different value add than SaaS. In fact, at that point, it’s a hosted ASP model, not SaaS. Useful for some organizations, but there is a reason that model never achieved broad market appeal.
Lastly, let’s talk about the whole security business. This is the 800lb Red Herring in the room. The minute you go SaaS or Cloud, you have outsourced that problem. You can listen to vendors argue all day long about which architecture is “safer”, but that is an over simplification of the myriad factors that matter to the point it is just marketing and not substance. It has as much to do with process as code architecture, which is why most of the security related standards like SAS70 and HIPAA don’t spend a lot of time on software architecture so much as the processes that surround that software. Don’t take my word for it. Look at what happened to Amazon around the whole AmazonFail incident for lack of process on an area that didn’t even involve any code. Their problem was due to a data change.
BTW, the multi-tenancy imperative gets stronger constantly due to the multicore crisis. We no longer get faster cpus (i.e. faster clock speeds) every 18 months according to Moore’s Law. Instead, we get twice as many cores. The easiest way to take advantage of more cores? You guessed it: stack more tenants into the same box.
For more, read Michael Dunham’s excellent post over on Haut Tec.