Rubrik Multi-tenancy: Secure Data Isolation for a True Cloud Computing Era
Multi-tenancy is one of the cornerstones of a cloud data management platform. It enables you to support multiple customers (commonly referred to as ‘tenants’) on a single platform. Pooling resources results in lower costs, greater efficiencies, and faster innovation for both tenants and service providers. Secure data and metadata isolation is required in multi-tenant environments.
Traditionally, data isolation required for multi-tenant environments is established as physical boundaries. The storage domain, including its compute resources, is divided into multiple partitions, and role-based access control is applied on those partitions, as shown above.
Each tenant is given a rigid partition isolated from others using physical boundaries. The resources are often over-provisioned to meet tenant demand during peak usage. Thus, resources are often underutilized and typically wasted. The security principals (user and service accounts) need to be reserved for each partition.
Rubrik brings an innovative cloud-based framework for secure data and metadata isolation. This is designed to give the best of both worlds; security benefits of physical boundaries and economic advantages of a true cloud computing model. It is made possible by virtualizing all resources so that tenants can share allocated resources in a secure, isolated fashion, as pictured above.
Let’s take a closer look at Rubrik’s approach to multi-tenancy.
Imagine that you are the global administrator for a managed service provider (MSP):
- You are providing Infrastructure-as-a-Service (IaaS) to a number of tenants. The tenants have the flexibility to host their virtual machines (VMs) in VMware vSphere, Microsoft Hyper-V and Nutanix AHV based environments. A given tenant can host distributed applications using VMs coming from any of these hypervisors. For example, the front-end may be hosted in AHV, the middle layer with business logic is hosted in Hyper-V, and backend databases are hosted in vSphere
- You also provide Database-as-a-Service (DBaaS). Tenants who do not want to setup database servers on their own can consume DBaaS hosted in a dedicated SQL Server farm. The farm is built on several enterprise-grade servers in AlwaysOn Availability Group. This database farm is hosting hundreds of SQL Server instances, with each instance serving tens of databases. Each database corresponds to a DBaaS unit for tenants.
- You are providing Identity-as-a-Service (IDaaS) that is developed in-house on top of Active Directory. You also allow hosting dedicated AD services for tenants. Your tenants may also have AD on their own, and would like you to use select credentials to authenticate from their own AD for certain applications.
Your goals are the following:
- Include basic data protection as a standard option to differentiate your services from competition
- Provide Backup-as-a-Service (BaaS) as an add-on option in which your tenant administrators and end-users can manage their own service level agreements (SLA) and operations, but make use of your backup infrastructure
- Provide an external archiving add-on service where tenants can choose their own archive locations (AWS S3, Azure Blob, Google Compute Platform storage etc.) to send backups that require long-term retention
- Provide a Managed Backup Service (MBS) as a premium white glove offer, where your designated staff manages and monitors backups for tier 1 applications requiring tight RPOs
How do you build all the above using a legacy, storage-centric backup solution? It’s nearly impossible because of the micro-granularity of the assets to be protected. They provide isolation for data at physical boundaries.
So, how do you protect a distributed application that makes use of vSphere, Hyper-V and AHV using a single SLA policy? How do you make sure a tenant is allowed to backup just a single database from the database farm without building custom access controls and complex scripting? How do you let the backup application consume multiple AD domains while not exposing one AD org to another? How do you make sure that a Managed Backup Service administrator in MSPs payroll can manage data for a tenant hosting their own AD domain?
With Rubrik, it’s just a matter of a few clicks!
Rubrik’s multi-tenancy is at the object level. You can think of a Rubrik Cluster as a collection of objects: sources from where data is getting backed up, targets where backups are stored, and security principals (users and service accounts) that glue those relationships. As a managed service provider, you can host a Rubrik Cluster that grows linearly with your backup business. With Rubrik CDM’s object-level multi-tenancy, you can create virtual instances of Rubrik Cluster for each of your tenants. These virtual instances are aptly named as organizations. An organization can have a dedicated set of sources, targets, and security principals. Or some organizations may share a few security principals, as in the case of MSP staff providing Managed Backup Services. Several organizations might be business subsidiaries sharing a common archival account. There is really no limit to the flexibility, and complexity is eliminated altogether.
Remember that all these organizations are secure and isolated while being served from the same Rubrik CDM cluster! Thus, all the benefits of cloud computing and resource sharing apply here.
What if you are not an MSP? Rubrik’s object-level multi-tenancy is extremely useful in large enterprise organizations as well. You may want to delegate VMware vSphere protection to virtual infrastructure admins, Windows systems, and Hyper-V hosts managed by system admins; your SQL Server and Oracle managed by DBAs; and so on. Simply create ‘organizations’ for them. When they login, they will see only what they should. And unlike legacy solutions, you have the flexibility to delegate entire management responsibility or selected operations. With Rubrik, one UI manages everything; its context changes based on who logs in.
Lastly, what if you are in a situation where physical separation of data is important? No problem! Simply deploy multiple Rubrik clusters for each of your tenants. Or, if that is too big for a given tenant, there is also Rubrik Air, a virtual appliance designed to help your tenants in need of physical isolation and control. They can deploy it along with their production systems. The good news is that your tenants could still benefit from object-level multi-tenancy, but within their physical boundaries.
Learn more about Rubrik’s profitable, flexible Service Delivery Partner Program.