I’m sorry about my late response to this 2 month old thread.
Thanks David E. and Mike for the input. As Mike noted, document permissions are the right technical solution. I may consider compartment security where each client has a unique compartment (collection of roles). => http://docs.marklogic.com/guide/security/compartment#chapter Another option that I considered is a super-database where each client has its own sub-database. => http://docs.marklogic.com/guide/admin/tiered-storage#id_85580 This sounds like a good approach but, unfortunately, this generates thousands of forests too since each sub-database has its own forest. From: general-boun...@developer.marklogic.com [mailto:general-boun...@developer.marklogic.com] On Behalf Of Michael Blakeley Sent: Thursday, December 18, 2014 8:05 PM To: MarkLogic Developer Discussion Subject: Re: [MarkLogic Dev General] What's the best Multitenancy approach for 5, 000 tenants in a shared MarkLogic Cluster? I don't think thousands of forests on one host will be practical. Just to pick one problem, each forest writes to its label once per second. So thousands of forests will drive thousands of writes/sec, without even running any queries. So I'd rethink the physical isolation: document permissions are the right technical solution. Use prefixes to provide unique usernames. -- Mike On Dec 18, 2014, at 13:50, Gary Russo <garyru...@hotmail.com> wrote: I’m building a MarkLogic cluster that will be used by accounting firms to manage client tax data. Notes: · Each accounting firm will have a unique set of users and clients. · Every accounting firm needs their own isolated “dataspace” to store client data. · Need to support 5,000 accounting firms. · Need to have a “physical” firewall to isolate data of each accounting firm. · It is very important to not commingle data between accounting firms. Example: · Account Firm A – Will have 20 users that will manage data for 40 clients. · Account Firm B – Will have 25 users and will manage data for 100 clients. · Account Firm C – Will have 100 users and will manage data for 500 clients. I see 2 approaches: option 1 - Application/User Level and option 2 - Port/Database Level Option 1 is the salesforce.com approach where each firm has a unique REST endpoint with unique set of users/permissions. Option 2 is to give every accounting firm a unique database and port numbers. This means the MarkLogic cluster will have more than ~10,000 forests with ~5,000 unique HTTP servers. If Option 2 is used, the accounting firm on boarding process will be fully automated. A web app will be created that will utilize the REST Management APIs. => http://docs.marklogic.com/REST/management My questions: 1. What is the best approach to support the “multiple tenants” like this? 2. For option 2, is the use of unique databases/port numbers for 5,000 firms considered too much? 3. For option2, how will 10,000 forests on a 3 node cluster impact performance considering the 2 CPU core per forest rule of thumb? Gary Russo Enterprise NoSQL Developer Phone: 201-536-4432 Skype: garyprusso http://garyrusso.wordpress.com <http://garyrusso.wordpress.com/> _______________________________________________ General mailing list General@developer.marklogic.com http://developer.marklogic.com/mailman/listinfo/general
_______________________________________________ General mailing list General@developer.marklogic.com http://developer.marklogic.com/mailman/listinfo/general
