Thread-level resource consumption control of tenant custom code in a shared JVM for multi-tenant SaaS

Software-as-a-Service (SaaS) providers commonly support customization of their services to allow them to attract larger tenant bases. The nature of these customizations in practice ranges from anticipated configuration options to sophisticated code extensions. From a SaaS provider viewpoint, the latter category is particularly challenging as it involves executing untrusted tenant custom code in the SaaS production environment. Proper isolation of custom code in turn requires the ability to control resource consumption of each tenant. In current practice, OS-level virtualization tools such as hypervisors or containers are predominantly used for this purpose. These techniques, however, constrain the number of tenants that a single node can cost-effectively accommodate. Furthermore, additional overhead will be incurred for (un)marshaling objects and possibly a network round-trip of data when these techniques are applied. In this paper, we present a practical solution for thread-level resource consumption control of tenant-provided custom code. This solution provides control mechanism for four types of resources, namely CPU, memory, network and storage. Usage data are gathered using the Java Resource Consumption Management API (JSR-284). In case of CPU and memory, where this API is not capable of imposing limits, both the Java Runtime Environment (JRE) bytecode and tenant code are instrumented with usage control checkpoints which ensures that CPU and memory usage of tenants remain within their Service-level Agreements (SLA) limits. Our experiments show that the proposed solution outperforms containers in terms of tenant accommodation capacity and performance overhead. It is shown that 84 times more tenants can be accommodated on a single node when our solution is adopted while, at the same time, the performance overhead of the control mechanism is less than hosting the tenant code as a remote process.

Publication year:2021

BOF-keylabel:yes

IOF-keylabel:yes

BOF-publication weight:6

CSS-citation score:1

Authors from:Higher Education

Accessibility:Closed