The Multi-Tenancy Spectrum
Multi-tenancy means serving multiple customers (tenants) from shared infrastructure. The fundamental tension: sharing reduces costs, but isolation provides security and performance guarantees.
Isolation Models
Silo model (database per tenant): Maximum isolation. Each tenant has dedicated database. Simplest to implement, easiest compliance story, but highest cost.
Pool model (shared database): All tenants share tables with tenant_id columns. Lowest cost, but requires careful security to prevent data leakage.
Bridge model (schema per tenant): Middle ground. Shared database server, separate schemas per tenant.
Hybrid: Different isolation levels for different tenant tiers. Enterprise customers get dedicated resources.
Data Isolation Strategies
Row-level security is the most common approach for pool models. Every query must include tenant context. PostgreSQL's RLS enforces this at the database level.
Critical: tenant context must be established at the edge and propagated through every layer. One missed filter can expose another tenant's data.
Preventing Noisy Neighbors
In shared infrastructure, one tenant's load can impact others. Mitigation strategies:
Rate limiting per tenant: API calls, database queries, CPU usage.
Resource quotas: Storage limits, row counts, feature usage caps.
Queue isolation: Separate queues for different tenant tiers.
Tenant-Aware Operations
Caching: Cache keys must include tenant ID.
Logging and monitoring: Tag all logs and metrics with tenant ID.
Background jobs: Jobs must run in tenant context.
Migrations: Schema changes must work across all tenants.
Customization Without Chaos
Configuration-driven: Store tenant preferences in configuration, not code.
Plugin architecture: Allow extensions without modifying core code.
Avoid tenant-specific branches: If you find yourself writing "if tenant == X" in business logic, something has gone wrong.
Best Practices
Recommended Reading
💬Discussion
No comments yet
Be the first to share your thoughts!
