Checklist for architecting and building multitenant solutions on Azure
When you build your multitenant solution in Azure, there are many elements that you need to consider. Use this checklist as a starting point to help you design and build your multitenant solution. This checklist is a companion resource to the Architecting multitenant solutions on Azure series of articles. The checklist is structured around the business and technical considerations, and the five pillars of the Azure Well-Architected Framework.
Tip
After going through this checklist, take the SaaS journey review to evaluate your SaaS product by analyzing your understanding of multitenant architecture and its alignment with SaaS operation best practices.
Business considerations
- Understand what kind of solution you're creating, such as business-to-business (B2B), business-to-consumer (B2C), or your enterprise software, and how tenants are different from users.
- Define your tenants. Understand how many tenants you'll support initially, and your growth plans.
- Define your pricing model and ensure it aligns with your tenants’ consumption of Azure resources.
- Understand whether you need to separate your tenants into different tiers. Tiers might have different pricing, features, performance promises, geographic locations, and so forth.
- Based on your customers’ requirements, decide on the tenancy models that are appropriate for various parts of your solution.
- When you're ready, sell your B2B multitenant solution using the Microsoft Commercial Marketplace.
Reliability considerations
- Review the Azure Well-Architected Reliability checklist, which is applicable to all workloads.
- Understand the Noisy Neighbor antipattern. Prevent individual tenants from impacting the system's availability for other tenants.
- Design your multitenant solution for the level of growth that you expect. But don't overengineer for unrealistic growth.
- Define service-level objectives (SLOs) and optionally service-level agreements (SLAs) for your solution. SLAs and SLOs should be based on the requirements of your tenants.
- Test the scale of your solution. Ensure that it performs well under all levels of load, and that it scales correctly as the number of tenants increases.
- Apply chaos engineering principles to test the reliability of your solution.
Security considerations
- Apply the Zero Trust and least privilege principles in all layers of your solution.
- Ensure that you can correctly map user requests to tenants. Consider including the tenant context as part of the identity system, or by using another means, like application-level tenant authorization.
- Design for tenant isolation. Continuously test your isolation model.
- Ensure that your application code prevents any cross-tenant access or data leakage.
- Perform ongoing penetration testing and security code reviews.
- Understand your tenants' compliance requirements, including data residency and any compliance or regulatory standards that they require you to meet.
- Correctly manage domain names and avoid vulnerabilities like dangling DNS and subdomain takeover attacks.
- Follow service-specific guidance for multitenancy.
Cost Optimization considerations
- Review the Azure Well-Architected Cost Optimization checklist, which is applicable to all workloads.
- Ensure you can adequately measure per-tenant consumption and correlate it with your infrastructure costs.
- Avoid antipatterns. Antipatterns include failing to track costs, tracking costs with unnecessary precision, real-time measurement, and using monitoring tools for billing.
Operational Excellence considerations
- Use automation to manage the tenant lifecycle, such as onboarding, deployment, provisioning, and configuration.
- Understand the differences between control plane and data plane in your multitenant solution.
- Find the right balance for deploying service updates. Consider both your tenants' requirements and your own operational requirements.
- Monitor the health of the overall system, as well as each tenant.
- Configure and test alerts to notify you when specific tenants are experiencing issues or are exceeding their consumption limits.
- Organize your Azure resources for isolation and scale.
- Avoid deployment and configuration antipatterns. Antipatterns include running separate versions of the solution for each tenant, hardcoding tenant-specific configurations or logic, and manual deployments.
Performance Efficiency considerations
- Review the Azure Well-Architected Performance Efficiency checklist, which is applicable to all workloads.
- If you use shared infrastructure, plan for how you'll mitigate Noisy Neighbor concerns. Ensure that one tenant can't reduce the performance of the system for other tenants.
- Determine how you'll scale your compute, storage, networking, and other Azure resources to match the demands of your tenants.
- Consider each Azure resource's scale limits. Organize your resources appropriately, in order to avoid resource organization antipatterns. For example, don't over-architect your solution to work within unrealistic scale requirements.
Contributors
This article is maintained by Microsoft. It was originally written by the following contributors.
Principal authors:
- Arsen Vladimirskiy | Principal Customer Engineer
- Bohdan Cherchyk | Senior Customer Engineer
Other contributor:
- John Downs | Principal Software Engineer
To see non-public LinkedIn profiles, sign in to LinkedIn.