The shift in the market is clear: Companies across all verticals and of all sizes, are stampeding into Software-as-a-Service (SaaS) solutions to solve core business needs.
It’s easy to see why: SaaS offers over-burdened IT teams with the promise of fewer fire drills, less working nights and weekends, and a more straightforward way of delivering IT solutions to the business.
How does SaaS make this possible? It removes most of the complexity (not all) by taking on the day-to-day operational overhead required to manage traditional enterprise software solutions, and their underlying compute, storage, and networking infrastructure.
However, there are essential considerations to weight as you contemplate the shift to SaaS.
In a rush to adopt SaaS, and effectively outsource the underlying systems and infrastructure to the management of third-party vendors, too little attention goes to the underlying SaaS architecture, specifically the differences between single and multi-tenant SaaS.
In this, the first of a series of posts on understanding SaaS model nuances, I’ll talk about one: For backup and archival use cases, what are the significant considerations between single-tenant versus multi-tenant SaaS?
What is single-tenant, and how is it different from multi-tenant?
Before we get into pros and cons of single versus multi-tenant SaaS, let’s first explain the difference:
- Single-tenant SaaS. In a single-tenant SaaS architecture, each customer has 100% dedicated and isolated resources (i.e., databases, Web services, and storage accounts are specific to each customer). Since customers do not share resources, so there is no commingling of customer data in a single-tenant SaaS model.
- Multi-tenant SaaS. In a multi-tenant SaaS architecture, customers share resources. Usually, the software component of the SaaS platform is responsible for providing logical segregation of customer data and balancing resource demands from various customers. So, you can expect the compute, networking, and storage resources to be serving multiple customers simultaneously in a multi-tenant SaaS model.
Why should you care?
Well, as it turns out, there are several reasons why you might care about whether a SaaS solution you will trust delivers in a single or multi-tenant model.
Performance (or lack thereof)
Mingling various customers across a shared pool of resources requires governance mechanisms to maintain a level of performance predictability.
In general, multi-tenant SaaS offerings cannot provide reliable predictability or robust SLAs and often employ techniques like throttling to avoid high-activity tenants from starving resources.
If you’re on a multi-tenant SaaS solution and temporarily need to perform an abnormally large amount of processing or operations, you will be prevented from doing so, or only able to do so at a slow pace.
A SaaS backup and archive platform can see large activity spikes during the seeding of large datasets, bulk recovery operations, or content indexing for legal discovery.
Performance throttling is not the case in a single-tenant offering, which often allow you to leverage the scalability of the cloud to temporarily increase the oomph of your tenant, and decrease it again once the demand drops. This elasticity is possible in the single-tenant model precisely because customers have dedicated resources, which can scale in isolation from other customers.
Can a multi-tenant SaaS solution take advantage of the cloud’s elasticity? Yes, absolutely. However, you will still see performance throttling measures in place with most multi-tenant SaaS because scaling up resources increases the SaaS vendor’s costs, reducing their margins.
Throttling is seldom an issue in a single-tenant architecture since most heavy-usage scenarios will not impact other customers, and thus a vendor has no motivation to regulate the rate of processing for a given tenant artificially.
Security hardening (or lack thereof)
In a multi-tenant architecture, customer data will intermingle on shared resources. Multi-tenant platforms rely exclusively on a software layer for logical data segregation.
Logical separation is essential because, in a multi-tenant SaaS platform, any software bug has the potential to expose information from one customer to other customers sharing the same resources.
It does not mean that multi-tenant SaaS solutions are less secure because they are multi-tenant, but the harsh reality is that multi-tenant SaaS architectures have more variables at play that increase the risk that flaws will expose customer data to third parties.
Or, even if there is no software issue, flaws in the security model of one of the underlying components might have the same effect, but in a multi-tenant breach, the hacker potentially gains access to the data of multiple customers. The same is not true for a single-tenant architecture, where any compromised resource will impact only a single customer.
Related to this is the first line of defense for any security-conscious customer: IP whitelisting.
IP whitelisting restricts access to a resource based on the IP address of the requesting device. This simple measure is beneficial at drastically reducing the attack surface of your SaaS platform.
Many enteprise-level HubStor customers have us enable IP whitelisting in their single-tenant HubStor instance because security is top of mind for their valuable data sets.
The problem for multi-tenant SaaS architectures is that IP whitelisting is very hard to implement, and can only be implemented in the software layer of the SaaS solution (not against the underlying compute and storage resources directly).
On the topic of legal, regulatory, and compliance motivations, we often see the need for companies to maintain regional control of their data.
Keeping all the processing and storage of your data in a particular country is an essential requirement for many organizations. It can be a significant challenge for large enterprises that operate multi-nationally, having this requirement repeated in several jurisdictions.
If you need regional control, you most likely are going to find the multi-tenant offerings lacking. Very few multi-tenant offerings provide regional control, and fewer still have any multi-geo capability.
Operating a shared architecture model, the multi-tenant SaaS provider has predetermined the physical datacenter locations from which its software service runs.
However, when it comes to single-tenant SaaS offerings, vendors can usually support deployment into the customer’s region of choice, and typically determine this with the customer during deployment.
Also, some single-tenant vendors like HubStor natively support multi-region deployments and have built multi-geo capabilities directly into their platforms to ensure granular controls over which region the processing and storage of their data will occur. For many large multi-nationals, this kind of ability is critical and something they only get with a single-tenant SaaS platform.
Bring your own account (aka. Self-hosting)
For many organizations, especially larger companies, the thought of storing business critical data in some third-party cloud, which is essentially a black box, is kind of scary.
And it should be!
Fortunately, single-tenant SaaS has the potential of offering you the flexibility to host the solution in a subscription or account that you own and control.
Usually, self-hosting means rolling up your sleeves with the do-it-yourself tasks of deployment, security, monitoring, backup, upgrades, etc. However, there are a few SaaS vendors (HubStor is one) that have figured out how to enable customer self-hosting while still delivering a true SaaS customer experience.
Why might self-hosting your SaaS solutions be desirable? There are two primary motivators.
First, with multi-tenant SaaS, should anything happen to your SaaS provider, without protections, you could be in a terrible situation since they are the sole holder of your data.
Secondly, there can be legal, regulatory, or compliance reasons why companies might require the final resting place of their data to remain in a cloud account that they own and control. (GDPR, anyone?)
With regards to concerns about the SaaS provider going out of business, the same potential issue exists for single-tenant SaaS that is hosted by a third party or by the SaaS provider.
How do we solve this problem at HubStor?
Today, 57% of HubStor’s customers choose to have their HubStor tenant reside in HubStor’s account. We provide slightly better pricing this way, and for many customers, it is more convenient and secure than hosting themselves. As unique protections, in HubStor’s standard terms and conditions, our customers know that in an unlikely insolvency event, HubStor is obligated to transferring their data to a HubStor tenant they host AND then their subscription would convert to a perpetual use license of the software.
Otherwise, without such protections, SaaS hosted by someone else means that your data could be at risk in the worst-case scenario of your SaaS provider becoming insolvent.
Single-tenant SaaS exclusively can provide the flexibility to allow you to experience the software as a fully managed service while also having the entire solution deployed in your tenancy. So, if you’re using multi-tenant SaaS or single-tenant SaaS hosted by a third-party, have a good trust relationship and look for protections like what HubStor provides to its customers.
Economies of scale
When it comes to price, we can generalize the differences between single and multi-tenant SaaS as follows:
- Multi-tenant SaaS is typically less expensive for smaller workloads.
- Single-tenant SaaS is typically less expensive for larger workloads.
Why are we generalizing like this?
The reason is simple: Multi-tenant SaaS offerings, typically having per-user licensing models, share the fixed infrastructure costs across multiple customers and the SaaS provider enjoys the economies of scale benefits. Single-tenant SaaS offerings require each customer to pay for all of the fixed infrastructure costs, but with a consumption-based pricing model, the customer directly realizes economies of scale benefits.
Economies of scale is a phrase that refers to increasing cost efficiencies at larger and larger volumes.
Typically, multi-tenant SaaS solutions are available on monthly and annual subscription terms with per-user pricing. If you opt for an annual subscription, you typically see better pricing. And if you have an incredibly large user license requirement, you might be able to get better per user economics.
However, the economies of scale advantage in a multi-tenant SaaS scenario will almost always go to the pockets of the SaaS provider. They get to realize the better margins in their business as they onboard more and more customers on the shared resources. Indeed, they probably incurred losses in their early days when they didn’t have economies of scale on their side. But as they grow their customer base, their gross margin generally gets better and better.
Smaller customers that are not overly concerned in the security, performance, and data residency advantages of single-tenant SaaS will indeed view multi-tenant SaaS more attractive because they can pay a per-user cost for a nominal amount of users and enjoy a convenient SaaS solution at a lower entry price point.
But what about larger customers? This is where things get more interesting. Single-tenant platforms can often, at scale, be significantly less expensive than multi-tenant.
With most multi-tenant SaaS sticking to a per-user pricing model, even at large enterprise scale, they become expensive.
HubStor provides a compelling pricing model that works as a transparent, volume-discounted markup on the underlying cloud costs. As a pure consumption-based price, customers with growing data volumes, multiple workloads, or large numbers of users can realize substantial cost advantages.
HubStor’s consumption-based pricing is very different from a per-user pricing model and, from what we see in practice, is drastically less expensive at scale.
The flexibility of tying price to actual consumption, and not arbitrary units like user counts, is a model we believe is the future of SaaS pricing for backup and archive infrastructure solutions like HubStor.
HubStor supports both single and multi-tenant models, so we don’t have a bone to pick with either approach.
Instead, we often see opportunities where one approach is a far superior fit over the other, so hopefully this post offers insight to help you understand some of the considerations.
In the world of backup and archive, we typically recommend the single-tenant SaaS approach for our medium and large-sized customers because it allows us greater control over their deployment’s security configuration, performance, and data residency. And, having more data and multiple workloads, they can achieve economies of scale with the cost of dedicated compute resources.
When it comes to smaller organizations with just a few hundred users or just a few terabytes of data, we typically recommend the multi-tenant SaaS approach (available through HubStor MSP) because it offers better pricing that doesn’t include the baseline cost of dedicated compute resources.
Have questions about HubStor and want to speak with a technologist? Let us know here.