{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在上一篇文章","attrs":{}},{"type":"link","attrs":{"href":"https://xie.infoq.cn/article/825455585b19008023b36ee7d","title":"","type":null},"content":[{"type":"text","text":"《多租戶是一種技術》","attrs":{}}]},{"type":"text","text":"中提到,多租戶是雲計算服務供應的模型。本文將繼續探討雲服務供應商所提供的資源、技術棧和應用實例在不同租戶之間的共享與隔離。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"【本期主要內容】","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"1. 用戶視角的多租戶","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"2. 全棧隔離模型","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"3. 資源池模型","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"4. 橋接模型","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在雲計算的服務模式中,共享和隔離是共存的。用戶通過自服務的方式直接訪問到對應租戶範圍內隔離的業務對象、數據或資源,對其進行操作和管理;租戶共享雲服務提供者所提供的資源和服務,響應用戶的操作,滿足面向用戶的SLA。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"用戶視角的多租戶","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在多租戶模型中,用戶對雲服務的訪問範圍是由其對應服務/子服務的租戶控制的。因此,從用戶的視角,共享與隔離與用戶所使用的服務並無直接關聯,且用戶通常是無感知的(或者說,用戶“自以爲”使用的是獨立的資源)。例如:在政務雲中,雲服務商按照各個委辦局劃分基礎設施的租戶,爲每個租戶分配隔離的資源池(VPC);訪問各委辦局的雲計算資源部署業務系統的運維人員使用共享的統一身份認證服務登錄其可管理的資源池對業務系統進行管理,業務人員通過統一身份認證服務訪問部署在委辦局租戶範圍內的業務系統。在使用過程中,無論是運維人員或是業務人員,都無需關注所使用的服務和資源與其他租戶之間是否隔離或共享,僅關注自身業務即可。在這個過程中,運維人員作爲共享統一身份認證服務和政務雲管理服務的租戶,實現身份認證和指定管理範圍內的資源池管理;業務人員則作爲共享統一身份認證服務的租戶完成身份認證,並登陸到與其他委辦局隔離的資源池中部署的業務應用,處理日常事務。上述樣例的共享與隔離模型如下圖所示。","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/20/204f2a0a8f484ed3b44efa440f8c1ae6.png","alt":null,"title":"","style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":"","fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":"center","origin":null},"content":[{"type":"text","text":"政務雲中的租戶","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"從上述案例不難看出,在雲服務供應的內容只有共享和隔離兩種方式,即,非共享即隔離。因此,本文將以隔離爲主線,討論共享與隔離模型。根據雲服務隔離的粒度與架構方式,多租戶的隔離模型可分爲全棧隔離模型、資源池模型和橋接模型。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"全棧隔離模型","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"全棧隔離意味着在當前的服務模式之上,雲計算提供者爲服務的租戶提供的服務內容是一組隔離且完全獨立部署的實例。全棧隔離模型下,租戶間除了可能共享服務模式底層的資源,通常還會共享計量計費、服務部署、身份驗證、運維分析等服務。例如,在PaaS的服務模式之上,全棧隔離模型的租戶服務內容是一套獨立部署的應用運行環境,不同租戶之間的應用運行環境之間不存在關聯,且包含了支撐應用運行所需的全部技術棧。如下圖所示。","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/d3/d3f4ef9944e1f3b3c6becb759c81a4c1.png","alt":null,"title":"","style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":"","fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":"center","origin":null},"content":[{"type":"text","text":"全棧隔離模型(PaaS)","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":"center","origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"全棧隔離模型下,租戶間除了可能共享服務模式底層的資源,通常還會共享計量計費、服務部署、身份驗證、運維分析等服務及設施,通過上述服務或設施的共享,雲服務提供者能夠達到節省雲服務運營成本以及提升運營水平等目的。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"全棧隔離模型適合對業務系統間隔離的合規性要求嚴格的場景,例如前文提到的政務雲中的不同委辦局,通常採用全棧隔離模型。在全棧隔離模型下,雲服務提供者爲每個租戶提供專有的環境,不會受到其他租戶影響。然而,全棧隔離模型下的每個租戶都會佔用相對固定的資源,且雲服務提供者對其管理的複雜度也更高,因而云服務提供者可管理和提供的租戶數量是有限的。同時,全棧隔離模型下,每個租戶的開銷更大。由於租戶獨佔了資源,因而云服務提供者無法根據資源的利用率動態分配和調整資源(即使一個租戶在某個時段有大量的空閒資源,也無法“挪用”),帶來較低的雲計算資源使用效率。另外,全棧隔離模型要求每個租戶部署完整獨立的資源、技術棧以及軟件實例,導致新租戶環境的上線時間較長。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"資源池模型","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"資源池模型將當前服務模式下的服務內容進行統一部署和管理,在租戶間共享服務內容和實例,通過數據字段和命名空間(namespace)等方式,實現對租戶在業務和數據上的邏輯隔離。在資源池模型中,租戶間的所有服務內容的部署實例都是共享的,這些部署實例構成資源池,可能會在不同租戶間切換,或同時服務多個租戶。例如:在PaaS模式下,雲服務提供者維護了Web容器、數據庫和服務網關的資源池,不同的租戶共享資源池中的實例,編排爲Runtime,部署業務應用。實例按租戶的namespace隔離租戶的業務,按照TENANT_ID隔離租戶的數據。如下圖所示。","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/55/55ee291352ebacbb5fee91d6058f37a7.png","alt":null,"title":"","style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":"","fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":"center","origin":null},"content":[{"type":"text","text":"資源池模型","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":"center","origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"資源池模型的隔離最大程度上共享了通過雲服務提供的基礎設施、技術棧和軟件,被很多公共SaaS供應商採納。資源池模型能夠帶來資源使用效率和運維效率的提升,由於租戶間共享基礎設施模型和技術棧,服務供應的過程變得簡單,流程的敏捷性也得到提升。雲服務提供者可以在爲不同租戶提供服務時,複用在相同技術棧的內容和實例上管理、擴縮容和操作上的經驗,在服務的維護、升級和變更時,也可以實現批量、統一操作。資源池模型採用邏輯隔離的方式,由於租戶間資源和技術棧的共享,使用戶之間的影響的機會增大,在某些時候,租戶對資源的濫用或誤操作甚至可能會波及其他用戶的正常使用。因此,在資源池模型下,雲服務提供者需要爲用戶操作設定規則和邊界。例如,谷歌在其最初版本的PaaS平臺GAE中,限定了用戶在編碼中不允許創建線程,以避免用戶通過線程操作佔用額外的資源,降低資源分配管理上的難度。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"橋接模型","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"橋接模型是混合了全棧隔離模型和資源池模型的方案。橋接模型將用戶對租戶資源訪問的入口抽象爲共享服務層,以資源池模型提供服務,同時,連接底層全隔離模型的環境。例如,在PaaS的服務模式下,租戶共享服務網關,服務網關通過路由的namespace給每個租戶分配空間,並將用戶的訪問轉發至相應租戶專有的Runtime實例。通過橋接的方式,租戶能夠獲得相應隔離的環境,租戶間的業務可以做到互不打擾;同時,雲服務提供者可以通過統一的入口對租戶的流量、負載進行統一管理,尤其在隔離環境基於微服務架構構建時,通過服務網關實現的服務治理可以更大程度上提升全隔離模型的可管理型。橋接模型如下圖所示。","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/55/55ee291352ebacbb5fee91d6058f37a7.png","alt":null,"title":"","style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":"","fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":"center","origin":null},"content":[{"type":"text","text":"橋接模型","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":"center","origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"以上介紹了雲服務供應過程中,多租戶的共享與隔離模型。在實際的應用中,雲服務提供者可能會根據用戶的訂閱和部署方式不同,提供分級的多租戶模型。例如,對於隔離性需求較高的高端客戶,提供全隔離模型;對於隔離性需求不高並追求性價比的客戶或業務領域,提供資源池模型;對於業務系統之間隔離性要求較高,且對集中管控有較高要求的客戶或業務領域,提供橋接模型幫助用戶提升資源使用的效能,提升管理效率。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在後續的文章中,我們將繼續探討不同多租戶模型的實現方式,以及服務模式對多租戶的影響。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}}]}
多租戶的共享與隔離
{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在上一篇文章","attrs":{}},{"type":"link","attrs":{"href":"https://xie.infoq.cn/article/825455585b19008023b36ee7d","title":"","type":null},"content":[{"type":"text","text":"《多租戶是一種技術》","attrs":{}}]},{"type":"text","text":"中提到,多租戶是雲計算服務供應的模型。本文將繼續探討雲服務供應商所提供的資源、技術棧和應用實例在不同租戶之間的共享與隔離。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","marks":[{"type":"strong","attrs":{}}],"text":"【本期主要內容】","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"1. 用戶視角的多租戶","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"2. 全棧隔離模型","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"3. 資源池模型","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"4. 橋接模型","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在雲計算的服務模式中,共享和隔離是共存的。用戶通過自服務的方式直接訪問到對應租戶範圍內隔離的業務對象、數據或資源,對其進行操作和管理;租戶共享雲服務提供者所提供的資源和服務,響應用戶的操作,滿足面向用戶的SLA。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"用戶視角的多租戶","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在多租戶模型中,用戶對雲服務的訪問範圍是由其對應服務/子服務的租戶控制的。因此,從用戶的視角,共享與隔離與用戶所使用的服務並無直接關聯,且用戶通常是無感知的(或者說,用戶“自以爲”使用的是獨立的資源)。例如:在政務雲中,雲服務商按照各個委辦局劃分基礎設施的租戶,爲每個租戶分配隔離的資源池(VPC);訪問各委辦局的雲計算資源部署業務系統的運維人員使用共享的統一身份認證服務登錄其可管理的資源池對業務系統進行管理,業務人員通過統一身份認證服務訪問部署在委辦局租戶範圍內的業務系統。在使用過程中,無論是運維人員或是業務人員,都無需關注所使用的服務和資源與其他租戶之間是否隔離或共享,僅關注自身業務即可。在這個過程中,運維人員作爲共享統一身份認證服務和政務雲管理服務的租戶,實現身份認證和指定管理範圍內的資源池管理;業務人員則作爲共享統一身份認證服務的租戶完成身份認證,並登陸到與其他委辦局隔離的資源池中部署的業務應用,處理日常事務。上述樣例的共享與隔離模型如下圖所示。","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/20/204f2a0a8f484ed3b44efa440f8c1ae6.png","alt":null,"title":"","style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":"","fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":"center","origin":null},"content":[{"type":"text","text":"政務雲中的租戶","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"從上述案例不難看出,在雲服務供應的內容只有共享和隔離兩種方式,即,非共享即隔離。因此,本文將以隔離爲主線,討論共享與隔離模型。根據雲服務隔離的粒度與架構方式,多租戶的隔離模型可分爲全棧隔離模型、資源池模型和橋接模型。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"全棧隔離模型","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"全棧隔離意味着在當前的服務模式之上,雲計算提供者爲服務的租戶提供的服務內容是一組隔離且完全獨立部署的實例。全棧隔離模型下,租戶間除了可能共享服務模式底層的資源,通常還會共享計量計費、服務部署、身份驗證、運維分析等服務。例如,在PaaS的服務模式之上,全棧隔離模型的租戶服務內容是一套獨立部署的應用運行環境,不同租戶之間的應用運行環境之間不存在關聯,且包含了支撐應用運行所需的全部技術棧。如下圖所示。","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/d3/d3f4ef9944e1f3b3c6becb759c81a4c1.png","alt":null,"title":"","style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":"","fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":"center","origin":null},"content":[{"type":"text","text":"全棧隔離模型(PaaS)","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":"center","origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"全棧隔離模型下,租戶間除了可能共享服務模式底層的資源,通常還會共享計量計費、服務部署、身份驗證、運維分析等服務及設施,通過上述服務或設施的共享,雲服務提供者能夠達到節省雲服務運營成本以及提升運營水平等目的。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"全棧隔離模型適合對業務系統間隔離的合規性要求嚴格的場景,例如前文提到的政務雲中的不同委辦局,通常採用全棧隔離模型。在全棧隔離模型下,雲服務提供者爲每個租戶提供專有的環境,不會受到其他租戶影響。然而,全棧隔離模型下的每個租戶都會佔用相對固定的資源,且雲服務提供者對其管理的複雜度也更高,因而云服務提供者可管理和提供的租戶數量是有限的。同時,全棧隔離模型下,每個租戶的開銷更大。由於租戶獨佔了資源,因而云服務提供者無法根據資源的利用率動態分配和調整資源(即使一個租戶在某個時段有大量的空閒資源,也無法“挪用”),帶來較低的雲計算資源使用效率。另外,全棧隔離模型要求每個租戶部署完整獨立的資源、技術棧以及軟件實例,導致新租戶環境的上線時間較長。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"資源池模型","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"資源池模型將當前服務模式下的服務內容進行統一部署和管理,在租戶間共享服務內容和實例,通過數據字段和命名空間(namespace)等方式,實現對租戶在業務和數據上的邏輯隔離。在資源池模型中,租戶間的所有服務內容的部署實例都是共享的,這些部署實例構成資源池,可能會在不同租戶間切換,或同時服務多個租戶。例如:在PaaS模式下,雲服務提供者維護了Web容器、數據庫和服務網關的資源池,不同的租戶共享資源池中的實例,編排爲Runtime,部署業務應用。實例按租戶的namespace隔離租戶的業務,按照TENANT_ID隔離租戶的數據。如下圖所示。","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/55/55ee291352ebacbb5fee91d6058f37a7.png","alt":null,"title":"","style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":"","fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":"center","origin":null},"content":[{"type":"text","text":"資源池模型","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":"center","origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"資源池模型的隔離最大程度上共享了通過雲服務提供的基礎設施、技術棧和軟件,被很多公共SaaS供應商採納。資源池模型能夠帶來資源使用效率和運維效率的提升,由於租戶間共享基礎設施模型和技術棧,服務供應的過程變得簡單,流程的敏捷性也得到提升。雲服務提供者可以在爲不同租戶提供服務時,複用在相同技術棧的內容和實例上管理、擴縮容和操作上的經驗,在服務的維護、升級和變更時,也可以實現批量、統一操作。資源池模型採用邏輯隔離的方式,由於租戶間資源和技術棧的共享,使用戶之間的影響的機會增大,在某些時候,租戶對資源的濫用或誤操作甚至可能會波及其他用戶的正常使用。因此,在資源池模型下,雲服務提供者需要爲用戶操作設定規則和邊界。例如,谷歌在其最初版本的PaaS平臺GAE中,限定了用戶在編碼中不允許創建線程,以避免用戶通過線程操作佔用額外的資源,降低資源分配管理上的難度。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"橋接模型","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"橋接模型是混合了全棧隔離模型和資源池模型的方案。橋接模型將用戶對租戶資源訪問的入口抽象爲共享服務層,以資源池模型提供服務,同時,連接底層全隔離模型的環境。例如,在PaaS的服務模式下,租戶共享服務網關,服務網關通過路由的namespace給每個租戶分配空間,並將用戶的訪問轉發至相應租戶專有的Runtime實例。通過橋接的方式,租戶能夠獲得相應隔離的環境,租戶間的業務可以做到互不打擾;同時,雲服務提供者可以通過統一的入口對租戶的流量、負載進行統一管理,尤其在隔離環境基於微服務架構構建時,通過服務網關實現的服務治理可以更大程度上提升全隔離模型的可管理型。橋接模型如下圖所示。","attrs":{}}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/55/55ee291352ebacbb5fee91d6058f37a7.png","alt":null,"title":"","style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"none"}],"href":"","fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":"center","origin":null},"content":[{"type":"text","text":"橋接模型","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":"center","origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"以上介紹了雲服務供應過程中,多租戶的共享與隔離模型。在實際的應用中,雲服務提供者可能會根據用戶的訂閱和部署方式不同,提供分級的多租戶模型。例如,對於隔離性需求較高的高端客戶,提供全隔離模型;對於隔離性需求不高並追求性價比的客戶或業務領域,提供資源池模型;對於業務系統之間隔離性要求較高,且對集中管控有較高要求的客戶或業務領域,提供橋接模型幫助用戶提升資源使用的效能,提升管理效率。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"在後續的文章中,我們將繼續探討不同多租戶模型的實現方式,以及服務模式對多租戶的影響。","attrs":{}}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}}]}
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章