Multi-tenancy is the most popular model to support multiple customers with a single (shared) application environment. To further exploit economy of scale, we frequently see SaaS applications utilizing a shared cloud delivery platform. I've seen how architecting access and authorization impacts this -- enforcing security constraints between applications and between application tenants is a critical requirement for our customers.
My approach in architecting our own SAAS offerings -- and the cloud platforms at commercial and government organizations -- involves a few key considerations:
- Employing a security proxy component that ensures access to web servers and manages this infrastructure centrally. The result is linking the servers into one logical platform.
- Use the web server (Apache) as a reverse proxy, and a means to distribute the load from incoming requests to applications. A re-written URL for each incoming request matches the relevant internal location of the requested resource.
- In my architectures, I've endeavored to cluster application servers specific to each SaaS application.
- Virtually all architectures I've come up with have used a directory server that stores information about authorized users and what privileges each user has (less and less, Exchange/Active Directory, more and more LDAP - Lightweight Directory Access Protocol).
- Working with the customers to develop policies and security administration based on global policies. For example, setting reasonable password rules and session timeouts.
- Finally, creating templates for firewall considerations. Yes, firewalls are still present in cloud platforms such as Amazon's AWS. But these demilitarized zones (DMZs) are intended to maintain additional IP level access control. Using a template approach ensures uniformity, depending on the type of service.