Multitenancy on filesystem

Describes what multitenancy is and how tenant data is kept private for each tenant.

Multitenancy architecture enables a single instance of a software to be provisioned for multiple customers or users, who are referred to as tenants. Each tenant, or group of users, has a specific share of the instance including access to its data, configuration, and access management. On the cloud, this enables a software-as-a-service (SaaS) provider to provision the software for multiple tenants.

The filesystem multitenancy architecture enables you to create and restrict a data-fabric volume (referred to as a share) to a subset of client nodes. By doing this, you can isolate users or hosts (referred to as tenants). Isolation enables you to set policies, quotas, and access privileges for specific tenants. You can provision the data-fabric filesystem on the cloud to various tenants, with each tenant owning its own copy of storage space, users, data security, administration, and so on.

In a multitenant environment, tenants operate in their own provisioned spaces, unaware of other tenants on the cluster. Tenants have exclusive access to data in their environment only.

For example, the following diagram depicts a cluster provisioned on the cloud for two tenants, Tenant1 and Tenant2. The cluster has two separate volumes, mounted at directories /cloud/tenant1, and /cloud/tenant2. Each tenant volume contains file data created and managed by tenant users on the tenant host. Each tenant maps to a different volume and therefore, data in each volume can have different policies, disk-usage quotas, snapshot and mirroring schedules. By using appropriate tenant tickets, access to data in these volumes is restricted only to users on the appropriate tenant hosts, and eliminates the possibility of a user from Tenant2 accessing data on the Tenant1 volume, and vice versa.

You can access tenant shares using loopbacknfs and FUSE-based POSIX clients only. After you mount the tenant volume for access using (FUSE-based and loopbacknfs) POSIX clients, you can perform operations using standard Linux commands.