| By Srinivasan Sundara Rajan | Article Rating: |
|
| April 14, 2011 11:00 AM EDT | Reads: |
673 |
Multi Tenancy Database Design and Security
We have seen that there are multiple ways a multi-tenant database can be designed. The important options being:
- Separate Database: Each of the tenants is allocated a separate physical database for storing their data.
- Separate Schema: Each of the tenants is allocated a separate logical unit called Schema, within a single physical database.
- Separate Rows: Each of the tenants is allocated same physical database and schema, but their information is separated using primary keys which are allocated as part of the data base design and all the information is kept within the same physical tables.
A diagram of these types of database designs can viewed here: MSDN article on Multi-Tenant Data Architecture.

As evident in some of these architectures, we store data from multiple clients in the same database and securing each client's data from others is of utmost important. While we could code these as part of our application code such kind of custom coded security is subject to breach if the developers miss a point or two and the verification is not done properly. Also custom coded security has the drawback of not enforcing it, if the database is accessed outside of the application like using another reporting tool or interactive SQL query studios like Sql*Plus, iSQL etc...
So Security for the Multi Tenancy Databases are best implemented if the underlying database platform itself is aware of Multi Tenancy Rules and prevent unauthorized access to data whatever the client tool that is accessing the data.
One such built-in feature built inside the Oracle 11g database is called as Fine-Grained Access Security, which is also known as Virtual Private Database, which provides transparent security cover for Multi-Tenant databases.
Virtual Private Database
An Oracle Virtual Private Database (VPD) is an aggregation of server-enforced, application-defined fine-grained access control, combined with a secure application context in the Oracle database server.
Much of security on a multi-tenant SaaS application is based on one simple principle: Users have to be identified and distinguished from each other. This is true for applications and for databases. This security tenet is exemplified in our world every day. Email applications show only the emails for the user who has logged in. Financial reports are delivered only to those authorized to receive them. For these applications to work effectively, you have to know who the person is before you can know if they are supposed to access an email or financial report.
A Virtual Private Database (VPD) allows you to build the security policies based on User's identity that can be applied to tables are views. One important factor about VPD is that, user's identify is not restricted to the ‘Database User' but the application user, which in a multi-tenant scenario is the actual tenant of the application.
The following are the typical steps in implementing the VPD for your multi-tenant databases, the detailed implementation is available on the Oracle manuals.
- Design the Multi-Tenant database with appropriate database columns to store the Tenant identity
- Create a function to apply the FILTERING conditions based on the multi tenant inquiry of data
- Create a policy to use the function so that the policy can be applied to different database objects
- Use the DBMS_RLS function to apply the policy to the multi-tenant database tables
- Use the Oracle client functions to set the Tenant identify from the application, so that the policy is applied transparently such each tenant views only the data owned by the tenant
Fine-Grained Auditing
In spite of having VPD on the multi-tenant database, most times Auditors would like to see the reports on database access patterns , especially access to the sensitive information. FGA (Fine Grained Auditing) provides the most granular level of auditing in a multi-tenant database.
This method creates audit records based on the exact query, condition, and data retrieved or manipulated by the statement. It provides a facility to audit only those statements (including actual values of possible bind-variables) that reference a particular column. DBMS_FGA package facilitates creation of FGA policies.
The salient features of FGA can be segregated as following:
Column Referencing: We can define policy such that audit is triggered only if the specified columns are referenced in query statement. For example in a multi-tenant application for e-Commerce, this can setup for columns like credit card number.
Conditional auditing: As explained in previous example also, auditing can be condition driven using FGA. For example, in a multi-tenant database if any one tried to query information of a specific client or across clients.
Oracle on the Cloud
While we see many new players in Analytical databases , ‘NO SQL' databases on cloud, Oracle continues to be a leading database in data centers for OLTP and - many high performance applications. There are several possibilities of implementing Oracle database on Cloud for your multi tenant application.
- Oracle versions are available as AMI on Amazon EC2
- There is a proposal to bring Amazon Relation Database Service (RDS) using Oracle 11g database
- If the organizations are building Private Clouds, HP's Blade System Matrix can be installed with Oracle to achieve the full potential
- Private Cloud In a Box(Buy) solutions like Oracle Exadata Database machine provide Oracle database on private cloud
Summary
Success of SaaS applications will be measured by the time-to-market, which means that faster we roll out our application we capture the market better. This can be achieved only if the best of the out-of-the-box features available in the product vendors are utilized, so that the much needed, Security, auditing and performance of the application are maintained. Oracle's VPD / FGA are one such feature which needs to be analyzed , if you plan to deploy your multi tenant application on Oracle platform.
Published April 14, 2011 Reads 673
Copyright © 2011 SYS-CON Media, Inc. — All Rights Reserved.
Syndicated stories and blog feeds, all rights reserved by the author.
More Stories By Srinivasan Sundara Rajan
Srinivasan Sundara Rajan works at Hewlett Packard as a Solution Architect. His primary focus is on enabling SOA through Legacy Modernization for Automobile Industries. He has worked as a consultant for Compuware, Verizon and other organizations in the earlier parts of career. All the views expressed are Srinivasan's independent analysis of industry and solutions and need not necessarily be of his current or past organizations. Srinivasan would like to thank every one who augmented his Architectural skills with Analytical ideas.
- Oracle to Present on Java in the Cloud at Cloud Expo 2011 New York
- The New York Times to Present at Cloud Expo 2011 New York
- Cloud Computing From "Agile Cloud Integration" to "Zero Latency"
- Agile Cloud Integration at Cloud Expo 2011 New York
- Patent Board Says Red Hat’s Portfolio Is Valuable
- Managing Cloud Infrastructure at Cloud Expo 2011 New York
- Dataflow Programming: A Scalable Data-Centric Approach to Parallelism
- GoGrid CEO John Keagy to Present at Cloud Expo 2011 New York
- The Top 100 Bloggers on Cloud Computing
- Yahoo! VP to Present Lessons of Big Data at Cloud Expo 2011 New York
- Driving Autopilot: The Key to Cloud Success at Cloud Expo 2011 New York
- Windows Azure vs VMware vFabric
- Five Signs You Need HTML5 WebSockets
- Cloud Expo 2011 New York Expands Technical Program
- Top Ten Cloud Computing & Virtualization Myths
- Cloud Expo, Inc. Announces Cloud Expo 2011 New York Venue
- Top Two Technology Priorities for CIOs in 2011: Cloud & Virtualization
- Oracle to Present on Java in the Cloud at Cloud Expo 2011 New York
- The New York Times to Present at Cloud Expo 2011 New York
- Cloud Computing From "Agile Cloud Integration" to "Zero Latency"
- Realizing the Benefits of Virtualization and Cloud Computing
- NetQin's CEO Addresses Mobile Internet Issues at World Economic Forum Annual Meeting 2011
- Cloud Computing Companies to Watch in 2011
- Monetization Strategies for Cloud at Cloud Expo 2011 New York
- The Top 150 Players in Cloud Computing
- Where Are RIA Technologies Headed in 2008?
- FullArmor GPAnywhere Secures Microsoft Application Virtualization Applications Through Group Policy
- SYS-CON's Virtualization Conference & Expo: Themes & Topics
- SYS-CON's Virtualization Journal Opens Its "Readers' Choice Awards" Nominations
- Application Virtualization
- Application Virtualization: Instant Migration to Vista, Fast Delivery, Secure Access, Side-by-Side Deployments
- "Virtualization Is Now a Key Strategic Theme," Says Citrix CTO
- Integration with Windows Vista, Microsoft Excel, and Microsoft Application Virtualization
- Will Microsoft Buy Citrix?
- mValent Extends Automated Application Configuration Management to Virtualization Environments
- Has the Technology Bounceback Begun?


































