Go Back   Access World Forums > Microsoft Access Discussion > General

 
Reply
 
Thread Tools Rate Thread Display Modes
Old 07-17-2018, 01:41 PM   #16
GinaWhipp
AWF VIP
 
GinaWhipp's Avatar
 
Join Date: Jun 2011
Location: Ohio, USA
Posts: 5,369
Thanks: 21
Thanked 893 Times in 878 Posts
GinaWhipp has a spectacular aura about GinaWhipp has a spectacular aura about
Re: Multi-tier application

Quote:
Originally Posted by lpapad View Post
I believe all SaaS solutions use a common database for all customers. I do not know for sure, I guess they do that.
Yep, as far as I know they do and so do some cloud based companies. Customers are identified by a Key or Token.

__________________
Gina Whipp
Microsoft MVP (Access 2010-2015)


To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
GinaWhipp is offline   Reply With Quote
Old 07-17-2018, 02:22 PM   #17
Mark_
Longboard on the internet
 
Join Date: Sep 2017
Location: Not the middle of no where, but I can see the road to it from my house.
Posts: 2,024
Thanks: 20
Thanked 381 Times in 374 Posts
Mark_ will become famous soon enough Mark_ will become famous soon enough
Re: Multi-tier application

The most secure, lease overhead, and most portable for clients would be separate back ends.

Which would be easier for you to add, procedure level security to ensure only the correct datasets are returned (and some way to keep an end user from running their own FE against your back end without a care as to YOUR security), table level security on an SQL sever, or spend a little money to get each client their own small NAS and set permissions based on user login?

To me, I'd spend a weeks worth of junk food on the NAS and have each client have NO VISIBILITY on other's data. The first time you get questioned about security / ability to provide the end user their data, you'll have saved more than a few orders of fries by saying "Here it is". This also means you can use disconnected networks to add additional security. Nothing stops a hacker like an air gap.
Mark_ is offline   Reply With Quote
The Following User Says Thank You to Mark_ For This Useful Post:
MajP (07-17-2018)
Old 07-17-2018, 08:19 PM   #18
Pat Hartman
Super Moderator
 
Join Date: Feb 2002
Location: Stratford,Ct USA
Posts: 28,133
Thanks: 15
Thanked 1,570 Times in 1,492 Posts
Pat Hartman is a name known to all Pat Hartman is a name known to all Pat Hartman is a name known to all Pat Hartman is a name known to all Pat Hartman is a name known to all Pat Hartman is a name known to all
Re: Multi-tier application

Why are different companies working on the same LAN using the same Jet/ACE BE? That would have to be extremely unusual.

Unless you have a need to have consolidated reporting, there is no advantage to having a single BE and many disadvantages starting with the extra complexity of the code and queries needed to keep company data from being commingled.

If you get some of the FMSINC.com tools, they will handle a lot of the backup and compacting that needs to be done on a regular basis so multiple BE's won't be an issue.

__________________
Bridge Players Still Know All the Tricks
Pat Hartman is offline   Reply With Quote
Old 07-17-2018, 11:10 PM   #19
jleach
Newly Registered User
 
jleach's Avatar
 
Join Date: Jan 2012
Location: New York, NY
Posts: 308
Thanks: 16
Thanked 70 Times in 70 Posts
jleach will become famous soon enough
Re: Multi-tier application

Quote:
Originally Posted by lpapad View Post
I believe all SaaS solutions use a common database for all customers. I do not know for sure, I guess they do that.
Not the ones I build.

We made the decision not to do this (for many reasons) and I've always felt it was the right decision. Having separate backends/deployments per customer seems to be the generally accepted practice by most others who are building SaaS apps as well.

Set yourself up with a different backend for each client, be disciplined in your control of changes to the backend, and you'll thank yourself later, I'd bet.
__________________
- Jack D. Leach

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

Microsoft MVP 2012-2016
jleach is offline   Reply With Quote
Old 07-18-2018, 05:27 AM   #20
The_Doc_Man
Happy Retired Curmudgeon
 
Join Date: Feb 2001
Location: Suburban New Orleans, LA, USA
Posts: 14,352
Thanks: 87
Thanked 1,642 Times in 1,524 Posts
The_Doc_Man is a splendid one to behold The_Doc_Man is a splendid one to behold The_Doc_Man is a splendid one to behold The_Doc_Man is a splendid one to behold The_Doc_Man is a splendid one to behold The_Doc_Man is a splendid one to behold The_Doc_Man is a splendid one to behold
Re: Multi-tier application

Since Access security is "roll your own" or "none" (on a native solution), and you WILL want to keep things separate as a matter of fiduciary responsibility, I'd say that separate BE files would be the way to go. First, it is FAR easier to assure that users cannot overlap if you can use Windows domain-level security as a factor in that solution.

However, another factor pops up in my mind. If you are going to have multiple users from multiple companies on a single BE, you have VASTLY expanded your exposure to the random true hacker or hacker "wanna-be" types that are in every company.

There are the "curious George" types who will browse anything that isn't nailed down. There are the "grumpy Gus" types who will SHOW you that you can't keep THEM out of a system. There are the "helpful Harry" types who will tell you "Your security would be better if...." followed "... because I just found THIS on the alternate paths." Not to mention "Carmen the corporate spy" who will work assiduously to find some tidbit of saleable corporate "insider" knowledge.

If you can keep them physically separate because they don't have rights to anyone else's folders all the way up and down the path from the BE server to their particular database, you are better off. And this is what firewalls are meant to do. With THAT kind of security and physical separation of the sub-nets, your security is not going to be so much of an issue. Besides which, most customers want to believe that they have a dedicated system all to themselves.

If you are hell-bent on a single-BE solution, just remember that some products have size limits. If you have something that can go up to 10 GB databases, just remember that if you have as few as six customers, you just crossed the line in BE size. Because with "pure" Access and a split FE/BE you can have 2 GB of data, but with a unified BE and a 10 GB limit, six customers only have an average of 1.666 GB each.

Not only that: You will have to arrange for maintenance times and with five or six different corporations, you will have PURE HELL to get them to agree on a regular schedule of down times.

Here's a thought: If you are going into this in a serious way, look into something like VMWare or some other provider of virtual host management. Their cross-client security is excellent and with some network-attached storage to bolster available data space, you can have a pretty good-sized server farm. Yes, NAS is quite capable of partitioning itself to keep multiple projects and data separate.

My last job before I retired was with the U.S. Navy's Enterprise Data Center in New Orleans. At the NEDC NO site, we had a few dozen VMWare systems hosting several HUNDRED virtual systems spread out to service over 80 different Navy and other government groups. We also had TERABYTES worth of NAS. Not only that, but we had systems that maintained SECRET-level security. If you think about the stringent security needs of the USA armed forces, you would realize that our setup was under constant scrutiny for holes, leaks, and breaches. But we WERE considered a secure site. And we found that keeping projects on separate sub-nets and servers from the moment they came online was the best way to keep their data separate AND SAFE.
__________________
I'm a certified grandpa (3 times now) and proud of it.
Retired over one year and survived being home all day with the wife. She must really love me.
If I have helped you, please either click the thanks or click the scales.
The_Doc_Man is offline   Reply With Quote
Old 07-18-2018, 06:02 AM   #21
Lightwave
Ad astra
 
Lightwave's Avatar
 
Join Date: Sep 2004
Location: Edinburgh
Posts: 1,401
Thanks: 123
Thanked 137 Times in 129 Posts
Lightwave will become famous soon enough
Re: Multi-tier application

Quote:
Originally Posted by lpapad View Post
The same method is embedded in mssql 2016. Looks like a low level secure method.

https://channel9.msdn.com/Events/Dat...Level-Security
Yes I believe this is called multi-tennacy - I've been meaning to try and learn about it.

I can see the benefits but at the moment I suspect it would be overkill big time for me.

Most companies don't use it and those that do are spending a lot of money on this kind of thing.
__________________

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
Lightwave is offline   Reply With Quote
Old 07-18-2018, 06:16 AM   #22
jleach
Newly Registered User
 
jleach's Avatar
 
Join Date: Jan 2012
Location: New York, NY
Posts: 308
Thanks: 16
Thanked 70 Times in 70 Posts
jleach will become famous soon enough
Re: Multi-tier application

Great post DocMan. It hits on a few of the many reasons we've decided not to go this route in the past.

Security aside, the maintenance window thing is a big one as well. Then we often have customer "weight" comparisons: does one large customers hog resources for 90% of the system while five small companies suffer the consequences? What if you want to roll out a feature for testing to a particular company prior to rolling out to all? Much more difficult with a shared database. What if one particular client has more stringent protection (or auditing) needs imposed by some regulatory entity that others customers don't need to adhere to?

While all of these scenarios come with some troubles in terms of developing and maintaining a shared codebase, having them all running in the same instances makes the job so much harder.

While it might seem like a bit more work initially to run different instances of your system components (e.g., databases) for each tenant, the long term payoffs are immense. Think of it as "normalizing your architecture" in the same way as how not bothering to normalize a database will put you dead in a corner later. We're not so much different in this either, but on a different scale.

Cheers,

__________________
- Jack D. Leach

To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

Microsoft MVP 2012-2016
jleach is offline   Reply With Quote
Old 07-18-2018, 06:25 AM   #23
Mark_
Longboard on the internet
 
Join Date: Sep 2017
Location: Not the middle of no where, but I can see the road to it from my house.
Posts: 2,024
Thanks: 20
Thanked 381 Times in 374 Posts
Mark_ will become famous soon enough Mark_ will become famous soon enough
Re: Multi-tier application

Regarding separate back ends for separate companies, If you are HOSTING or providing services to multiple companies, you may think “Toss everything together so we can understand OUR business”. If you are in a call center environment, this often happens.

Having worked with a couple call centers, the best advice I can give is “Each client gets their own”. One of the companies I was working with had a very straight forward way of dealing with multiple clients when it came time to do the reporting and data analysis required to run the call center; they would have “Call center” software go through their clients data, database by database, to accumulate the information THEY needed. Often this was date/time of call, call duration, who took the call, and call resolution. If you have 20 clients and your reps are not dedicated to A client, this is vital for tracking rep performance.

They were geared so each rep could see which ever back end they were assigned to at that time. I don’t remember their network topology, but I do remember they had one subnet all clients were on that was used for backup as well as their internal reporting. This subnet had no outside access and was ONLY used for internal purposes.

In the end, it allowed them to do a lot of projections and forecasts without having to have just a single database. I’d bet it was a pain to get the reporting set up but it allowed them to avoid soo many headaches it was definitely worth it.
Mark_ is offline   Reply With Quote
Old 07-18-2018, 11:48 AM   #24
The_Doc_Man
Happy Retired Curmudgeon
 
Join Date: Feb 2001
Location: Suburban New Orleans, LA, USA
Posts: 14,352
Thanks: 87
Thanked 1,642 Times in 1,524 Posts
The_Doc_Man is a splendid one to behold The_Doc_Man is a splendid one to behold The_Doc_Man is a splendid one to behold The_Doc_Man is a splendid one to behold The_Doc_Man is a splendid one to behold The_Doc_Man is a splendid one to behold The_Doc_Man is a splendid one to behold
Re: Multi-tier application

In our environment, the call center was treated as an in-house client (as opposed to those less friendly out-house clients?). The call center was a single database because it was a single call center. Tier II responders had access to the common call center database, which DID include entries for each project. (Because they were billed according to need and recent usage.)

The backup system was also joined to a single server that could touch all of the NAS as needed, but more often, the client software just relayed what needed to be stored. The backup client ran on each machine but the tapes were spun by a backup server.

The actual production, development, and test systems were separate for each project. In fact, the production systems had different security than the other two systems because the clients didn't want their employees to see the dev/test environments.

__________________
I'm a certified grandpa (3 times now) and proud of it.
Retired over one year and survived being home all day with the wife. She must really love me.
If I have helped you, please either click the thanks or click the scales.
The_Doc_Man is offline   Reply With Quote
Reply

Tags
multi-tier

Thread Tools
Display Modes Rate This Thread
Rate This Thread:

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Can Access application have multi-languages? AccessPractice General 4 08-09-2016 08:01 AM
Multi-tier BOMCompare Confuzzled1235 Queries 1 03-18-2014 02:52 PM
Set a third tier form filter based on a first tier form control Morganism Forms 0 02-19-2013 02:21 AM
Question Best way to build a multi user application ? blaze_away General 5 09-29-2010 06:14 AM
How to make a Multi user application PaulSharma General 1 08-23-2005 07:30 AM




All times are GMT -8. The time now is 07:00 AM.


Microsoft Access Help
General
Tables
Queries
Forms
Reports
Macros
Modules & VBA
Theory & Practice
Access FAQs
Code Repository
Sample Databases
Video Tutorials

Featured Forum post


Sponsored Links


Powered by vBulletin®
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
(c) copyright 2017 Access World