Multitenancy on MapR Filesystem

Multitenancy architecture enables a single instance of a software to be provisioned for multiple customers or users, who are referred to as tenants. Each tenant, or group of users, has a specific share of the instance including access to its data, configuration, and access management. On the cloud, this enables a software-as-a-service (SaaS) provider to provision the software for multiple tenants.

The MapR Filesystem multitenancy architecture enables you to create and restrict a MapR volume (referred to as a share) to a subset of client nodes. By doing this, you can isolate users or hosts (referred to as tenants). Isolation enables you to set policies, quotas, and access privileges for specific tenants. You can provision MapR File System on the cloud to various tenants, with each tenant owning its own copy of storage space, users, data security, administration, and so on.

In a multitenant environment, tenants operate in their own provisioned spaces, unaware of other tenants on the cluster. Tenants have exclusive access to data in their environment only.

For example, the following diagram depicts cluster provisioned on the cloud for two tenants, Tenant1 and Tenant2. The cluster has two separate volumes, mounted at directories /cloud/tenant1 and /cloud/tenant2. Each tenant volume contains file data created and managed by tenant users on the tenant host. Each of these tenants maps to a different volume and so, data in each volume can have different policies, disk-usage quotas, snapshot and mirroring schedules, and so on. By using appropriate tenant tickets, access to data in these volumes is restricted to users on the appropriate tenant hosts only, thus eliminating the possibility of a user from Tenant2 accessing data on the Tenant1 volume, and vice versa.

Tenant shares can be accessed using loopbacknfs and FUSE-based POSIX clients only. After the tenant volume is mounted for access using (FUSE-based and loopbacknfs) POSIX clients, operations can be performed using standard Linux commands.