Several vendors have come to an important realization while implementing Nuon as their solution for Bring Your Own Cloud (BYOC). Partway through the set up, they realized Nuon was already handling what their internal single-tenant tooling was supposed to handle. Fleet-wide version rollouts, secrets that never leave the customer's single-tenant environment, a formally scoped access model their security teams could actually audit, and customer-controlled update approval.
Single Tenancy Defined
All software deployed in enterprises was self-hosted before it was even called self-hosted. Once cloud SaaS emerged as an alternative, the vendors did not bend to customer requests for self-hosted deployments, and held a conviction that everything would be delivered as multi-tenant SaaS. This paradigm is where a single instance of the vendor software manages multiple customers or tenants with security guarantees that customer data is not intermixed.
That changed when regulated industries like finance, healthcare, and government mandated that if vendors wanted their business, their data would have to be segregated from other customers. So vendors designed a single-tenant deployment option where the vendor offers one instance, one database, one set of infrastructure, per customer, with no unified management layer. The instances can be deployed in specific geographic regions for data residency requirements, too. The vendor hosts these instances in their cloud provider and provides the management tool to upgrade and keep them healthy for their customers to access them.
BYOC and Single-Tenant Have the Same Problem
A couple decades after single and multi-tenant cloud SaaS, the same regulated enterprises noticed other risks with even single-tenant deployments. While the data is separated from other customers, there was implicit trust that the vendor's cloud was secure and their data was protected. Occasional outages at the cloud and identity SaaS providers raised the risks of relying on someone else’s infrastructure for continuity of business and security of data.
These trends led to a new BYOC or Cloud-Prem deployment option. The vendor is still responsible for deploying and managing their software, but it resides in the customer’s cloud environment, not the vendor’s like single-tenant.
Both single-tenant and BYOC deployment models share nearly identical characteristics and requirements. The vendor is responsible for deploying and managing the software. Security is paramount, while ensuring the vendor has just enough permissions to create, maintain, and destroy infrastructure resources as required. Everything needs to be auditable, to demonstrate controls over what the vendor has done to the customer’s instance of the software and their data. From a vendor’s point of view, single-tenant deployments may have a bit less scrutiny of the security controls, since the customer’s instance is within the security boundary of the vendor’s cloud environment, but that is no less a concern for the customer, since it is their data.
Maintaining Isolated Environments at Scale
Single-tenant still requires humans in the loop and automation to upgrade instances. But because the software vendor shields the customer from knowing what these processes are, they may be more technical with less documentation, and basically amount to a run book of scripts and Terraform.
Without a centralized way to see the current versions across their fleet of customers, manually tracking and changing vendor application versions and applying helm upgrades can be challenging.
Customers may also prefer their own particular maintenance windows, while the software vendor prefers specific dates and less frequent upgrades, due to the level of effort and complexity of using their internal processes.
Some software vendors deploy development and test environments along with the production single-tenant environment, and would prefer to have a soak period in these non-prod environments to work out the kinks. However, the difficulty of manually doing upgrades doesn’t allow for this — all environments were upgraded at the same time.
Just adding a new environment for a new customer can be a challenge with these manual approaches, leading to slower time to value by the customer.
Exacerbating all of these issues is the difficulty of export metrics and logs, and establishing alerting across the fleet for environment health.
What Happened When Customers Came to Us for BYOC
When software vendors approach Nuon, it is about using our platform to automate and secure how they can offer a BYOC deployment option to their customers. During the evaluation phase, we see the light bulb go off when they realize Nuon’s functionality is a drastic improvement over their single-tenant architecture and procedures.
Because there is no interaction or integration required with the customer for single-tenant setup, software vendors see applying Nuon to their single-tenant fleet as a quick win, both in terms of setup and onboarding of new customers.
In a way, using Nuon to support their single-tenant customers is a lower risk testing ground and break-in period to refine how they configure and use Nuon.
Why This Matters at Scale
Optimally, you want a solution that can solve multiple use cases. It is one thread of procurement, one license subscription and technical setup investment, and one tool to learn and maintain.
While the install and day-2 operations may be a bit different for single-tenant to BYOC, that is a configuration step in Nuon, and not a major implementation detail.
We even see customers using Nuon to migrate single-tenant customers to BYOC, leveraging Nuon action scripts to migrate database instances and configurations.
The Broader Shift: Infrastructure That Follows the Customer
Enterprise customers have made their intentions clear by shifting from software vendors who offered single-tenancy to now moving the data plane or all of the vendor’s apps into the customer’s cloud environment.
Both deployment options directionally achieve similar goals, but software vendors should not adopt two tool chains, procedures, and staff to implement and manage them.
Vendors who standardize on one platform like Nuon, whether in the vendor’s or customer’s cloud environment, will move faster and potentially with a lower cost of ownership. By meeting customers where they want their data stored with BYOC, vendors can incrementally increase their overall revenue by securing customers who resisted signing up for a single-tenant offering.
Ready to get started?
Deploy your application into customer clouds
See how Nuon can help you unlock BYOC deployment for your entire customer base.