The Ubuntoo Greenhouse solution presented technical challenges that drew on Oneture’s rich experience in cloud engineering. Some key factors were –
As multiple Greenhouses exist independent of each other, the Ubuntoo Greenhouse had to support a multi-tenant SaaS architecture. Ensuring this functionality meant that the solution architecture incorporated data isolation, seamless onboarding, provisioning, security and compliance.
A key design consideration to ensure multi-tenancy is to partition the data. For this, Oneture evaluated three data partitioning models.
After evaluating each model thoroughly, Oneture proposed implementation of the Pool Model. The Pool Model represents the all-in, multi-tenant model where a common database with a common schema handles all the data from different tenants. This requires introduction of a partitioning key that is used to scope and control access to tenant data in silos. This model tends to simplify a SaaS solution’s provisioning, management, and update experience. It also fits well with the continuous delivery and agility goals that are essential to SaaS providers.
Role Identification and Access Control
Each Greenhouse member is assigned to a defined roles and identity. Each role would have its own defined access control. In a Greenhouse, members can be classified into different user types – normal members, curators, innovators and experts – which have different roles and access controls. Data visibility is limited based on member type; e.g. innovators & experts can only see the solutions and forum posts in which they have been tagged, curators can access and manage users and other data resources inside a Greenhouse. Since the users have a many-to-many relationship with Greenhouses, we introduced an extra layer of isolation which detects greenhouse members and their (user) types.
Ubuntoo proposed to transition users from its existing platform to Greenhouse within a short time with minimal business discontinuity to the users. To ensure smooth conversion to the upgraded functionality, Ubuntoo chalked a two-month implementation window within which Oneture had to design and implement the solution. Our knowledge and experience of working in SaaS, especially native to AWS was invaluable. We delivered the platform by building the underlying security engine, configuration engine and multi-tenancy management system within the timeline.