Exploring Multi-Tenancy Options in Fauna
Building multi-tenant applications has historically posed significant challenges for developers. Traditional databases often require complex configurations and extensive manual intervention to ensure data isolation, security, and compliance across multiple tenants. Managing separate databases, configurations, and security protocols for each tenant can lead to increased operational overhead, higher costs, and slower development cycles. These issues are exacerbated when trying to balance performance and maintainability.
Fauna addresses these challenges with its innovative approach to multi-tenancy. Fauna’s architecture offers native support for hierarchical parent-child database structures, enabling streamlined management of tenant databases with individual access controls and logical isolation. This reduces the complexity of multi-tenant deployments, allowing developers to focus on building features and improving user experience rather than managing infrastructure. With Fauna, you can achieve optimal performance, robust security, and compliance with minimal manual configuration. These benefits significantly reduce cognitive overhead, minimize errors in your code, and accelerate feature development.
Get Started Building Multi-Tenant Apps with Fauna Today
Explore these resources to help you get started building with Fauna multi-tenancy.
Building Multi-tenant Serverless SaaS with AWS and Fauna Workshop → Webinar Recording: Next-Gen Multi-tenant SaaS with Algolia and Fauna → Fauna + AWS Multi-tenant SaaS Blog → Webinar Recording: Building Multi-Region, Multi-tenant Applications with Fauna and AWS →Fauna Multi-tenant Architecture Approaches
When designing a multi-tenant architecture in Fauna, your choices impact your system’s maintainability, ease of use, and performance. In this post, we’ll dive into the nuances of two popular strategies used by Fauna customers: 1) creating child databases per tenant or 2) using collections per tenant. We’ll discuss the pros and cons of each and how you might decide between them, especially when your application involves shared and tenant-specific resources. Your use case and capabilities should dictate how to structure databases and manage data access efficiently while maintaining security and performance.
Using Child Databases for Each Tenant
Imagine you decide to assign each tenant their own database. This approach is like giving each tenant a secure apartment in a vast complex. They can furnish and manage their space independently without the risk of interfering with their neighbors. This separation simplifies roles and security settings since each tenant's environment is clearly delineated. This also enables you to write your application as a single tenant but deploy it as a multi-tenant. Another benefit of this strategy is how it fits with regulatory needs. If you deal with clients across borders, you can place their databases in appropriate regions, ensuring compliance with local data protection laws. Moreover, if a tenant decides to leave your platform, managing their data removal is as straightforward as vacating an apartment—just delete their database, and you’re set.
While this method has its intricacies, it can be streamlined with automation. Setting up a new environment for each tenant might add to your operational overhead, but automation can simplify this process. Additionally, maintenance—such as applying updates or changes—might require individual attention to each database, but with effective tools and strategies, this effort can be managed efficiently, even with many tenants.
To implement, you’d create a database and then create a child database under that parent database. Each database has separate collections, functions, and roles. The parent database has the top-level collections, functions, and roles needed for the entire database and application. For example, consider a SaaS application. The app’s data for managing the service is in the parent database, but each child database is a separate tenant.
Opting for Shared Collections
Now, let’s consider the alternative—using a single database where all tenants' data coexists, differentiated by custom access controls. This setup is akin to having a large open-plan office where everyone works together, but personal files are kept in secure, individual lockers.
This model simplifies many aspects of database management. For one, you only need to maintain one database. Any schema updates or migrations are done once, universally applying to all tenants. It also streamlines the querying process; tenants can access shared and their specific data seamlessly.
Yet, this approach requires careful planning when it comes to security. Defining roles and access permissions becomes more complex as you must ensure that each tenant can only interact with their data and common resources without any leaks. Additionally, if your application’s performance relies on geographic data distribution, you might still find yourself managing multiple databases to ensure compliance, albeit fewer than one per tenant.
Combining the best of both worlds
Given the shared and specific resources your tenants need, why not combine these strategies? You can set up a parent database that houses collections of resources shared across all tenants. Then, each tenant has their own child database for their private data.
This hybrid setup offers the best of both worlds. It maintains isolation and security for tenant-specific data while enabling efficient access to shared resources. It’s flexible enough to adapt to various regulatory requirements and simplifies the process of onboarding and off-boarding tenants.
| Feature/Component | Child DB per Tenant | Collection per Tenant. |
|---|---|---|
| Security | High security due to complete data isolation, reducing blast radius in the event of a breach. | Less isolated; requires more sophisticated ABAC rules |
| Role Management | Simpler, as roles are defined at the database level and unique to each tenant. | More involved, especially with ABAC predicates. |
| Operational Simplicity | Each tenant’s database operates independently, reducing cognitive overhead. | Single database simplifies operations and migrations, but issues affect all tenants. |
| Scalability | High; you can easily add more databases as your business scales. | Limited by the maximum number of collections and their manageability. |
| Database Provisioning | It requires setting up a new database for each tenant, but can be automated on user signup. | A one-time database setup is required, but scalability could be an issue. |
| Migration Management | Migrations need to be applied to each database individually. | Single migration applies to all data. |
| Cleanup Efficiency | Easy to remove a tenant’s data by deleting their database. | Requires careful data purging within a shared environment. |
| Key/Token Management | More complex; different keys are needed for each database. | More simplified, one key grants access as per ABAC rules. |
Conclusion
The choice between child databases and collections per tenant largely depends on the specific needs of your application, such as security requirements, ease of management, and performance considerations. In scenarios where both shared resources and tenant-specific data exist, leveraging a combination of a parent database for shared resources and child databases for tenant-specific data often provides a balanced solution. This architecture optimizes for both security and operational efficiency, making it a robust choice for scalable, multi-tenant applications. Get started building with Fauna today for free, and contact us to schedule a demo.
If you enjoyed our blog, and want to work on systems and challenges related to globally distributed systems, and serverless databases, Fauna is hiring
Subscribe to Fauna's newsletter
Get latest blog posts, development tips & tricks, and latest learning material delivered right to your inbox.