Kloia believes that every ISV needs a customised modernisation plan. That’s why kloia customised approaches to help single and multi-tenant ISVs;
For single-tenant architectures, our approach is to modernise the application for decoupling the software and dockerizing the application(s) so we can benefit from using kubernetes. After that, we help ISVs isolate tenants.
1. Account-Based Isolation
Account-based isolation is probably the highest-priced package that a customer may buy/subscribe. As we’ve assumed above, let’s consider this as a Platinum/Gold Package.
In this approach, we automatically create a different AWS account for each tenant. By doing this, we can create the highest security, performance, and isolation.
2. VPC-Based Isolation
If the ISV would not want to deal with different AWS accounts for each platinum/gold customer, then we suggest isolating tenants over VPC. This isolation method is the second preferred isolation approach after account-based isolation.
3. Subnet-Based Isolation
If ISVs do not need the isolation level of VPC for platinum/gold customers, our next suggestion would be subnet-based isolation. This is where we create different subnets and EKS clusters for different customers.
4. Node-Based Isolation
Node-based isolation could be used for cheaper service levels, where having one of the isolations above could be very expensive. That’s why we suggest having a node-based isolation per tenant.
5. Namespace-Based Isolation
For free/lower-tier packages, we assume ISV would rather spending the minimum amount of money, which is why we’ve created namespace-based isolation for them. With this option, there will be one VPC and one cluster. Nodes will be shared among all customers. The isolation will be done on kubernetes namespace level.
Here you can find our sample reference model for a single-tenant SaaS architecture. Let’s say a new customer subscribes to a SaaS account from the ISV. When they place the order or complete the subscription, everything will be done automatically within minutes using terraform. Based on the package customer subscribed, all necessary actions will be taken by terraform scripts and all necessary notifications will be sent to the customer and internal team.
For the ISV’s that would prefer managing multi-tenants on a single infrastructure, we help them with the transition to this architecture.
Some transition approaches are;