Page 106 - Cloud computing: From paradigm to operation
P. 106
1 Framework and requirements for cloud computing
10.2.3 Multi-tenancy and isolation
Cloud computing involves the sharing of some resources, and this typically means the sharing of those
resources with other customers of the cloud services involved. The terms tenancy and multi-tenancy are
used to describe the situation where resources are shared.
A tenant of a cloud service is not quite the same as a cloud service customer – a tenant is a group of
CSC:cloud service users sharing access to a set of physical and virtual resources. Typically, the group of
CSC:cloud service users will be associated with a particular cloud service customer, but a cloud service
customer can well have multiple tenants – groups of users from different departments within the customer
organization, for example.
Multi-tenancy is the allocation of physical or virtual resources so that multiple tenants and their
computations and data are isolated from and inaccessible to one another. In other words, the users who
belong to one tenancy should be completely unaware of the presence of users from another tenancy.
Multi-tenancy does not only affect the cloud services themselves; it also affects the business and
administration capabilities offered to cloud service customers by the cloud service provider. Information
about user accounts, subscriptions, usage and billing must all be kept isolated and visible only to the
customers who own the related tenancies. Particular care must be taken in relation to resources such as log
files, which can contain records relating to multiple tenants. If a particular customer needs to access the log
records, for example when an incident occurs, then the log records must be filtered so that the customer can
only see records relating to its tenancies.
98
