AWS Partner Network (APN) Blog
How the DuploCloud platform allows customers to build SaaS on AWS
By Andy Boutte, Principal Solutions Architect, DuploCloud
Ian Hutchinson, VP, Sales, DuploCloud
Ranjith Raman, Principal Solutions Architect, AWS SaaS Factory
DuploCloud |
Organizations building software-as-a-service often start with a true multi-tenant model, benefiting from economies of scale that comes with sharing infrastructure resources across tenants. However, often tenants need to have dedicated, siloed infrastructure instead. This is because of practical constraints like compliance requirements, workload isolation, and tiering strategies lead SaaS providers to offer tenants their own separate infrastructure.
DuploCloud’s infrastructure provisioning and management platform is purpose built to help SaaS providers navigate these multi-tenant complexities. The AWS SaaS Factory team worked with the DuploCloud solutions engineering team to come up with a reference solution, to help companies accelerate their SaaS journey on AWS through the DuploCloud platform.
In this post, we will provide an overview of the solution, the capabilities of the DuploCloud platform, and the different deployment and tenancy models the platform offers for SaaS providers.
DuploCloud is an AWS Advanced Tier partner with competencies in DevOps, Migrations, and more. DuploCloud is also a member of the AWS Public Sector Partner Program.
DuploCloud platform
DuploCloud is a DevOps-as-a-Service platform that helps organizations simplify and secure their cloud infrastructure. DuploCloud’s cloud infrastructure automation software provides developers with a self-service experience along with continuous security and compliance.
Figure 1: DuploCloud platform features
Some of the key features and benefits of DuploCloud include:
- Infrastructure as Code – DuploCloud allows you to define your infrastructure as a code for simplified management, the ability to review and control versions of changes.
- Compliance Guardrails – Compliance standards and controls are built-in to ensure security and regulatory compliance.
- Developer Self-Service – Developers can provision infrastructure on-demand with guardrails in place which speeds up development cycles.
- Monitoring and Alerting – Logging, monitoring, alerting, and reporting are enabled for the provisioned systems.
Before we go in to our solution overview, we will define the core high-level abstractions within which applications are deployed on DuploCloud. These abstractions are responsible for the creation of AWS resources required to deploy our application.
- Infrastructure – Each Infrastructure is a unique Amazon Virtual Private Cloud (VPC) and Amazon Elastic Kubernetes Service (EKS) cluster, in a given AWS region
- Tenant – is a project or a workspace and is a child of the infrastructure. While Infrastructure is a VPC level isolation construct, Tenant further isolates by segregating using Security Groups, Amazon IAM role, Instance Profile, Kubernetes namespace, Amazon Key Management Service (KMS) Key, etc.
- Plan – Corresponding to each infrastructure is the concept of a Plan. A Plan acts as a placeholder or template for consistently applying configurations to all tenants within the plan or infrastructure.
- Cloud Services – Cloud Services in DuploCloud map one to one with AWS services, for example: Amazon S3 and Amazon Relational Database Service (RDS). The abstraction for Cloud Services comes at the configuration of these services.
An important distinction to make here is the notion of a “tenant”. In general, SaaS terms, a “tenant” is the customer of the SaaS service or offering. But a DuploCloud tenant denotes a workspace within the Duplo infrastructure, where your applications or services are deployed. This differs from the SaaS notion of a tenant.
Approaches to tenancy
With DuploCloud, SaaS providers can provision and manage infrastructure across both shared and dedicated environments. Compliance, and isolation requirements are implemented by creating policies to deploy infrastructure tailored for each tenant.
For tenants requiring dedicated infrastructure, DuploCloud spins up siloed resources that keep that tenant’s compute and data separate. Allocating dedicated infrastructure also helps provide a better Quality of Service (QoS) by preventing noisy neighbor situations in the SaaS environment. The platform also facilitates pooled deployments, allowing multiple tenants to share resources or services.
DuploCloud allows SaaS providers to optimize their infrastructure utilization while still offering flexible options to tenants. Providers can take advantage of economies of scale for tenants on shared infrastructure while also offering custom-provisioned environments for those that need it.
Tenancy models
The DuploCloud platform helps address tenant isolation requirements using these four models:
Figure 2. DuploCloud SaaS tenancy models
- Pooled tenancy: In this model, the deployed applications are responsible for implementing tenancy. Tenancy is a shared construct within a DuploCloud Infrastructure and isolation is achieved through policies inside the application’s microservices.
- Shared account, separate resources model: DuploCloud allows the deployment of tenant workloads into different Amazon Virtual Private Cloud, subnets, security groups, or separate Amazon Elastic Kubernetes Service (EKS) clusters within a shared AWS account. This provides resource-level isolation between tenants.
- Shared account, shared resources model: DuploCloud leverages tags and namespaces to isolate tenant workloads sharing the same resources. As an example, tenants in an Amazon EKS cluster can have their own dedicated namespace for deploying applications.
- Silo – AWS account per tenant: The DuploCloud platform has the capability of working across AWS accounts for each tenant. Tenant workloads can be deployed in their own accounts, achieving high levels of isolation at the account level.
Figure 3: Hybrid model
Hybrid model: By utilizing a hybrid model, as depicted in Figure 3 above, you have the ability to combine any of the above models to meet the isolation requirements of your SaaS application.
In summary, DuploCloud’s infrastructure-as-code approach allows implementing various tenant isolation models programmatically based on each tenant’s needs. Fine-grained access controls in DuploCloud also help restrict tenant access to only their allocated resources.
Solution Overview
In order to provide a more comprehensive understanding of these principles, we have created an example solution on how to deploy a multi-tenant application through automation on DuploCloud.
In the previous section, we described five deployment options. For the example solution, we focused on Option 5, which is the hybrid model, where we had a combination of the pooled tenancy and siloed tenancy models. However, you have the flexibility to combine any of the four options to create a hybrid approach for deploying tenants.
Figure 4: Example tenant deployment architecture
The project includes both an example SaaS application and the Infrastructure-as-Code (IaC) to create the required AWS resources to host the SaaS application.
The solution uses DuploCloud Terraform provider that provides resources to interact with the DuploCloud cloud management portal.
The duplocloud_infrastructure resource helps with the creation of AWS resources like the Amazon VPC, Amazon EKS cluster and other VPC level resources.
The duplocloud_tenant resource, creates AWS and Kubernetes resources like the Kubernetes namespace, service accounts, AWS KMS Key, Amazon IAM Role and policies to scope AWS resources within the DuploCloud Tenant. The Terraform resource also creates security groups with required rules to allow inter connectivity of resources within a DuploCloud Tenant.
DuploCloud wraps up this long list of resources into DuploCloud constructs and provides a simple no code or low code interface to create this base infrastructure. You will find a complete list of resources in the DuploCloud provider registry.
Once your infrastructure and application are deployed, DuploCloud offers a variety of tools and integrations that are required for day two operations like maintaining, monitoring and optimizing the system. Examples include centralized application logging, compliance controls for security frameworks, just-in-time access to AWS and Kubernetes, built-in metric dashboards for monitoring, and alerting.
Conclusion
In this blog, we looked at the capabilities of the DuploCloud platform and how it allows SaaS providers to focus on innovating for their customers, instead of navigating the challenges associated with implementing a multi-tenant infrastructure.
To try out the example solution, click this link and follow the instructions under the “To get started” section to reach out to the DuploCloud team.
The README in this Github repository will walk you through the setup details and instructions. This project represents a reference architecture for deploying a multi-tenant SaaS solution on AWS that leverages DuploCloud. It includes both a sample SaaS application and Infrastructure as Code (IaC) to create the required AWS resources to host the SaaS solution.
By streamlining the process of provisioning and managing tenant-specific infrastructure, the DuploCloud platform enables SaaS providers to offer reliable and compliant multi-tenant services. Get in touch to learn more about how DuploCloud can support you in building SaaS on AWS!
About AWS SaaS Factory
AWS SaaS Factory helps organizations at any stage of the SaaS development journey. Whether looking to build new products, migrate existing applications, or optimize SaaS solutions on AWS, we can help. Visit the AWS SaaS Factory Insights Hub to discover more technical and business content and best practices.
SaaS builders are encouraged to contact their AWS account representative to inquire about engagement models and to work directly with the AWS SaaS Factory team.
Build and scale your SaaS business. Visit the SaaS on AWS website to start leveraging resources today.
.
DuploCloud – AWS Partner Spotlight
DuploCloud is an AWS Advanced Tier partner with competencies in DevOps, Migrations, and more. DuploCloud is also a member of the AWS Public Sector Partner Program.