Table of Contents | ||||||
---|---|---|---|---|---|---|
|
Introduction
The CoreOne Suite is multi-client capable. Multi-client capability can be implemented in different ways.
Logical separation
- Data records per client
- The data is stored in a database.
- Each object receives a client assignment
- he data is logically and not physically separated
The following synergies and advantages result:
...
offers various tools and patterns to cover a multi tenancy environment. Depending on the use case you can choose one deployment scenario or even combine some of them. Below you will find an overview of all possible deployments.
...
Logical Tenant Seperation
Each entity within the CoreOne Suite Meta Directory has a tenant_id
associated with it that references the tenant
entity. That entity itself has a parent_id
and let’s you therefore create a logical tenant tree. By assigning each entity to a logical tenant you clearly associate each entity to said tenant. In many places that association will then be taken into account. To give an example we can look at the organizational tree and the employments. If you create a new employment, you first have to select the tenant that this employment belongs to. Dependend on the selected tenant, you then can only select organizational units that are associated to that tenant.
The following rules apply for this deployment scenario:
Each data record is associated to a tenant
There is one single database, the data storage is not separated for multiple tenants
The actual data is no physically divided, there is only one
AppCustomer
Advantages | Disadvantages |
---|---|
The underlying hardware is the same for all tenants. | A misconfiguration of the security rules can lead to sharing data with other tenants. |
Licencing is shared across all tenants. | |
SaaS functions can be used, such as dynamic registration of a new |
...
tenant (IAMaaS). | |
Selected data / master data can be shared across |
...
Physical separation
- One dedicated system is provided per client.
The following synergies and advantages result:
...
tenants. | |
All services are hosted for all tenants. |
AppCustomer Seperation
The CoreOne Suite supports the creation of multiple AppCustomers
. An AppCustomer
is represented as a seperated schema within the same database. Therefore the underlying hardware can be shared but the data is stored in a dedicated schema and therefore logically seperated from other AppCustomers
.
The following rules apply for this deployment scenario:
Data records are stored in the appropriate
AppCustomer
schemasThere is one single database, but data storage is seperated on schema level
The actual data is logically divided, there are multiple
AppCustomers
Advantages | Disadvantages |
---|---|
The underlying hardware is the same for all tenants. | Additional complexity in the configuration. |
Licencing is shared across all tenants. | Certain services have to be hosted for each |
SaaS functions can be used, such as dynamic registration of a new tenant (IAMaaS). | |
Selected data / master data can be shared across tenants. | |
Data is further divided. The risk of accidentally sharing data with other tenants is mitigated. |
Physical Seperation
By actually installing the CoreOne Suite multiple times the data is completely separated.
Advantages | Disadvantages |
---|---|
The data is completely separated. | Additional complexity. |
Data is seperated completly. | Licences have to be ordered for each installation. |
No dynamic registration of new tenants. |
Logical Security Seperation
With the Advanced Permission Management of the CoreOne Suite you can configure security roles that gives users access to only selected data. This allows you to configure a wide variety of use cases with endless complexity. You can configure use cases such as give users only access to data that is associated to an organizational unit below the Legal Entity that they are employed to.
Advantages | Disadvantages |
---|---|
The underlying hardware is the same for all tenants. | Additional complexity in the configuration. |
Licencing is shared across all tenants. | Certain services have to be hosted for each |
SaaS functions can be used, such as dynamic registration of a new tenant (IAMaaS). | Misconfiguration can lead to data being shared across use cases |
Selected data / master data can be shared across tenants. | The evaluation of the security roles can be slow depending on the use case and data amount. |
Data is further divided. The risk of accidentally sharing data with other tenants is mitigated. | |
Complex use cases can be configured. |
Combining
All the described deployment scenarios can be combined. This allows you to find the best combination for your use cases. It’s also possible to migrate from one deployment scenario to another. But be aware that even though this is possible, it’s not an easy task to do. So be sure to select the ideal scenario for your use case.