With the latest release of our business rules management platform Visual Rules 6.0, we switched the underlying system architecture to complete tenant-awareness. Sounds pretty neat. But what does this imply? Why did we decide for multitenancy support? Please go on reading to learn more about it.

A pack full of definitions

When we talk about multitenancy, we should at first define what the meaning of a tenant is. Google it. You will get something like: “A person who occupies land or property rented from a landlord.” Well, that´s not exactly the kind of tenant, I’m talking about. The IT researchers at Gartner hit the spot, from my point of view:

“The tenants […] can be representations of organizations that obtained access to the multitenant application […]. The tenants may also be multiple applications competing for shared underlying resources [...].”

You can find multiple definitions of multitenancy in the internet from very different perspectives. Here is an arbitrary selection:

For us, multitenancy is the capability of a single Visual Rules application instance to handle different tenants whereupon the strict separation of their data is ensured. This means, that a service provider offering Visual Rules does not need to install separate instances of Visual Rules Team Servers, Visual Rules Execution Servers, web application servers, database instances, etc., for each of his customers (tenants), but to maintain a single Visual Rules infrastructure (see graphic below). This also means, that tenants using this infrastructure are strictly separated from each other. They cannot access rules, data, rule services, build processes, users, permissions, etc. in any way.

VR multitenancy vs multi instance

Multi-tenancy vs. Multi-instance infrastructure

Why did we do it?

Multitenancy requests have been around for a while. Especially customers and partners who are IT service providers or have large IT departments have very precise conceptions regarding maintainability and security operating IT applications and infrastructure. Multitenancy addresses both requirements: Security issues with the strict segregation of data coming along with multitenancy and maintainability, due the fact that one installation of servers, data bases, etc. may serve multiple tenants or customers, respectively.

Additionally, Bosch Software Innovations will increasingly act as a provider of cloud services in the medium term. The upcoming engagement in Internet of Things scenarios – use cases are omnipresent in this blog – has to securely enforce sharing of resources alongside with strict data separation issues.

What had to be changed?

Requirements analysis is a sine qua non before making the decision to switch the architecture of a software product – especially if the product is a mature one that has gradually been developed for more than a decade now. We´ve seriously discussed requirements with our customers and internal stakeholders. Additionally, relevant authorities engaged in data privacy and protection concerns and their findings and recommendations  (e.g. “Orientierungshilfe Mandantenfähigkeit” by the German Federal Commissioner for Data Protection and Freedom of Information) have carefully been taken into consideration. Finally, we ended up with the following main development issues:

  1. Create a new Identity Management component, which is able
    • to manage tenants, permissions, users, roles, groups, etc, and
    • to provide tenant-aware authentication and authorization
    • as well as a strictly controllable way for data presentation across multiple tenants.
  2. Enhance all Visual Rules server components by permissions and ACLs for access control of application functionality and resources
  3. Implement the strict separation of tenant-specific data in all types of data stores (database, file system, etc.), plus mechanisms to allow tenants to share their data
  4. And last but not least audit-logging capabilities for traceability of authorization changes

The following graphic is an overview of which technical aspects of the Visual Rules components had to be modified introducing tenant-awareness to our Business Rules Management Platform.


Visual Rules components modified in order to introduce multitenancy support

As you see, this architectural shift affected nearly each and every layer of all components.

What’s next?

So, finally the tenant-aware version of Visual Rules has been released and is available for free evaluation on our website www.visual-rules.com . In the upcoming release, we will soften the strict separation of tenant data and introduce the so called “tenant relationships”. This means that every single tenant can then grant access to its very own data to other tenants´ users. Extended audit logging capabilities will come along with this set of features, in order to make sure that changes of permissions, tenant relations, etc. can be traced at any time.

Which aspects of multi-tenancy and/or business rules management would you like to discuss? Leave a comment below, I will be glad hearing from you!

About The Author

Caroline Buck

I hold a diploma degree of business management with a specialization in information systems and business process reengineering and work for Bosch Software Innovations since 2001. After more than a decade developing and consulting in the fields of enterprise java and web applications, I am working as the product manager in charge of Visual Rules. To give you a personal glimpse: I enjoy my lively life with my triplets, cooking, writing for different technology magazines aswell as for food blogs.

11 Responses

  1. Geraldine Horn

    code — to business analysts. That heretical idea presupposes a fundamentally different approach to development, where developers isolate an application’s business logic from its data validation logic — usually a GUI of some kind — and from its flow control. The business logic then gets its own container, the BRMS, in which business analysts “code” business rules in a simple, English-like programming language. Leading BRMS products include ILOG’s JRules, Fair Isaac’s Blaze Advisor, the Corticon Decision Management System, and Production Systems Technology’s (PST’s) OPSJ (Official Production System for Java). Even Microsoft is getting into the act with a Business Rules Framework for BizTalk 2004.

  2. Caroline Buck

    Hi Geraldine,
    thanks for your comment!
    IT researchers and analysts like Forrester, Gartner, etc. are constantly watching the BRMS space. You can find an overview of studies on our company website:
    A tight integration of business analysts into the software developement process surely is a major goal of all business rules management systems. The graphical modeling approach of our BRM product Visual Rules has been stated especially intuitive and easy to use both by analysts and customers alike. True or not, you can find out by downloading and evaluating our product yourself.
    I am looking forward to your findings!

  3. Dino Pittman

    Many of the multi-tenant considerations listed in this chapter relate to architectural challenges that CQRS can help you to address. However, you should not assume that multi-tenancy necessarily implies that you should use the CQRS pattern. For example, although the Tailspin Surveys application must be highly scalable to support many subscribers with different usage patterns, it is not an especially complex application. In particular, it is not a collaborative application where multiple users simultaneously edit the same data, which is one of the scenarios specifically addressed by the CQRS pattern. Furthermore, Tailspin does not expect the business rules in the Surveys application to change much over time.

  4. Marshall Gordon

    Zoot’s business rules developer is a robust tool that enables clients to create complete business logic (including rules) and credit attributes to modify their decisioning platforms without the assistance of IT or programming staff. This tool seamlessly blends ease of use and high-level programming using its browser-based interface. Business users can make realtime changes to their decisioning logic, using the intuitive interface to respond quickly to the lending environment.

  5. Errol Patton

    Just downloaded this control and visited their site to view documentation. Ended up running their demo VS project. Very cool. Absolutely new approach to business rules management. No decision tables, no rule compilation and deployment, everything’s online. Can’t tell anything about performance yet, though. Highly recommended!

  6. Lucinda Church

    In our understanding tenants are organizational and data-related separated entities. With the multitenancy-enabled Visual Rules BRM software it is now possible to run one instance of the Visual Rules Team Server and Visual Rules Execution Server and provide access to multiple tenants (customers) at the same time. The users of one tenant do not have access to the rules, data, rule services, build processes, users, authorization structure etc. of the other tenants.

  7. Cornell S. Adkins

    “No worries” about data integrity With Visual DataFlex, a solution’s business rules and data validations are encapsulated in middle-tier Data Dictionary Objects that are automatically bound to the application interface whether it runs on the Windows desktop, in a web browser or as a web service. Data Dictionary modeling is accomplished with the Visual Data Dictionary designer allowing you to visually maintain your rules and validations without the need to work directly with source code.

  8. Tenant Management

    There are a multitude of reasons why it’s a great idea to have your property managed by an expert, maximising your investment and minimising your stress

  9. Caroline Buck

    I´d daresay, there are a multitude of reasons why it´s a great idea to have your business rules managed by your business experts in a BRMS, maximising your investment and minimising your stress. :D

  10. Katrina D. Sweeney

    Existing resources are put to good use – and data, applications, and processes are transparently integrated, even in substantially heterogeneous IT landscapes. Your business people will be able to manage their business rules themselves so they can automate a huge number of operational decisions – without programming knowledge.

  11. Lacy J. Haney

    Your application must determine the identity of a user and verify that the user is a tenant of the application before granting access to any private data. It is your responsibility to provide an appropriate authentication mechanism for your multi-tenant application in Windows Azure, or to enable tenants to reuse their existing authentication mechanisms.


Leave a Reply

Your email address will not be published.