SYS-CON MEDIA Authors: Stackify Blog, Yeshim Deniz, Elizabeth White, Pat Romanski, Liz McMillan

Blog Feed Post

Six considerations for running a multi-tenant mobile app using Azure App Service

With the launch of HappenZap, I now have two multi-tenant mobile app platforms running on Azure App Service.  When it comes to the backend services for mobile apps, Azure App Service really isn’t used that much though.  In fact, in the 2017 Ionic Developer Survey, Azure only accounted for 10% of the users using it as a server side platform (behind Heroku, Digital Ocean, and Amazon ECS).  For authentication, it ranked even lower at only 2.9% of the survey results.  For Push Notifications, it wasn’t even on the list.  However, for both my platforms, I have chosen to use it and have been doing so successfully.

Why did I go with Azure App Service?  When I was getting started with mobile development, I found Azure as an option pretty quickly.  Having a lot of experience around the Microsoft stack, I found that App Service was something I could get going with.  Maybe this was partly due to my lack of experience with mobile, but I chose to go this route and I am pretty happy with a lot of it.  Most mobile developers I have ran into don’t even consider Azure App Service as an option, but I think it’s worth a look.

Let’s look at some of the different aspects.

Database

Azure App Service offers Easy Tables and they are in fact easy.  They are awesome for prototyping because you don’t even have to define a schema (although I always do in my apps).  In fact, you can basically just insert anything and if the column doesn’t exist in your table, it will create it for you.  it automatically creates an id column, a createdAt, modifiedAt, version number, and deleted fields for you as well.  It supports a soft-delete capability that you can easily turn on as well.  From a developer stand point, it’s easy to get started with a simple API around your database tables using node.js.

From a cost perspective, this is where you want to plan.  Even the cheapest Azure SQL database costs you $5.  For a service I am charging $40 a month for, having a separate database for each customer is not cost effective.  As a result, I put all of my customers in the same database and every table is segmented by a tenant_id column.  This works, but that means you have to write a level of security into your API.  We’ll talk more about authorization in a bit, but this means you have to validate that the user making the API call has permission to make queries into that tenant.

Azure Web Apps / Mobile Apps

Whether you create a new “Mobile App” or “Web App”, it’s basically the same thing with a different icon in the Azure Portal.  When thinking multi-tenant, your goal is to create one of these that can serve all of your clients.  If each client has to have their own Web App, you will quickly exceed the memory capacity of your App Service plan.  There are reasons why you might consider having more than one though as you will see when you read on.

Authentication

Authentication in mobile apps with Azure App Service is easy due to the large number of SDKs available including Cordova, Xamarin, and native iOS and Android.  App Service supports authenticating against Azure Active Directory, Facebook, Google, Microsoft, and Twitter.  If you want to authenticate against Microsoft consumer or AAD, App Service is a great option because Firebase doesn’t support it.  You can authenticate against one or all of the providers too.  Logging a user in as simple as calling azureMobileClient.login(‘providername’).  On mobile apps, it will open the InAppBrowser and sign the user in.  This works great for interactive logins but auto-login with the token is a bit of a different story.  I’ll post in the near future about how to do that as it is not well documented.

The way authentication works is that your mobile client makes a call into the App Service back in which in effect proxies the request over to the appropriate provider.  The nice thing about this is that, any subsequent API calls you make automatically pass the user’s token and the API can respond accordingly if the user is not authenticated or their token has expired.  If you don’t need authentication on a particular type of API call, you can allow anonymous users to access it.  For example, anonymous users might get read access, but authenticated users can insert / update / delete.

The issue you run into with authentication on app service is that all users have to request the same scope / permissions.  For example, you may want end users to have just basic profile access to Facebook, but you want administrators to be able to manage pages.  The permissions you request are set in the Azure Portal and are essentially fixed.  That means all users have to request the same permissions.  That’s no good.  One way to work around this is to call the authentication provider directly.  For example, I’ve done this with AAD to request a scope that included admin consent credentials such as Group.Read.All.  Another way to work around this is to have multiple Azure Mobile Apps configured with different permissions.  This really doesn’t scale all that well either, but could be an option for simple scenarios.  It does create a bit of overhead though since you have to push code to each one and your client side code has to know which endpoint to call.

Authorization

Azure takes care of the Authentication for you, but authorization is still up to you.  There are not a lot of complex examples out there for this, so I’ll probably write something up soon.  Your API will receive the user’s context and therefore you can get there access token and username if needed.  For authentication, I simply implement a users table which has the user’s unique id, role, and tenant id.  I first make sure that the user is in that tenant id.  Then I make sure the user has the right role for whatever operation I am performing.  It’s fairly simple, but it works.

Save Cash with Caching

You pay for every bit of data egress from Azure whether that is your API or SQL.  It can really add up too as your volume grows.  Be sure and take advantage of caching wherever you can. Cache frequent database calls at the API layer.  Cache data that doesn’t change frequently on the mobile app.  Only get data when you need it.

Push Notifications

Azure Mobile Apps supports push notifications with Google, Apple, Amazon, and a few others.  It’s pretty simple to set up and their are methods built into the node.js SDK that make it easy to set up.  However, there are a few limitations.  First, App Service doesn’t support the newer key based model used by APNS so that means you need a certificate (for both development and production) for every tenant.  The next issue is that you can only install one key per instance of an Azure Mobile App.  That means you would have to have a separate Azure Mobile App per tenant.  That doesn’t scale well at all.  I used this approach for a while but I switched over to Firebase Cloud Messaging and now I can use a single tenant.

Summary

Azure App Service is a cost effective way to run multi-tenant mobile applications.  There are factors that you have to consider, but I do think its a viable choice for hosting your mobile app’s backend. 

Read the original blog entry...

More Stories By Corey Roth

Corey Roth, a SharePoint Server MVP, is an independent consultant specializing in Cloud technologies such as Azure and Office 365. He also specializes in mobile development. Corey serves as the product manager for two cloud-first mobile app platforms: BrewZap and HappenZap.

Latest Stories
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...
Here to help unpack insights into the new era of using containers to gain ease with multi-cloud deployments are our panelists: Matt Baldwin, Founder and CEO at StackPointCloud, based in Seattle; Nic Jackson, Developer Advocate at HashiCorp, based in San Francisco, and Reynold Harbin, Director of Product Marketing at DigitalOcean, based in New York. The discussion is moderated by Dana Gardner, principal analyst at Interarbor Solutions.
Atmosera delivers modern cloud services that maximize the advantages of cloud-based infrastructures. Offering private, hybrid, and public cloud solutions, Atmosera works closely with customers to engineer, deploy, and operate cloud architectures with advanced services that deliver strategic business outcomes. Atmosera's expertise simplifies the process of cloud transformation and our 20+ years of experience managing complex IT environments provides our customers with the confidence and trust tha...
Today most companies are adopting or evaluating container technology - Docker in particular - to speed up application deployment, drive down cost, ease management and make application delivery more flexible overall. As with most new architectures, this dream takes significant work to become a reality. Even when you do get your application componentized enough and packaged properly, there are still challenges for DevOps teams to making the shift to continuous delivery and achieving that reducti...
GCP Marketplace is based on a multi-cloud and hybrid-first philosophy, focused on giving Google Cloud partners and enterprise customers flexibility without lock-in. It also helps customers innovate by easily adopting new technologies from ISV partners, such as commercial Kubernetes applications, and allows companies to oversee the full lifecycle of a solution, from discovery through management.
Skeuomorphism usually means retaining existing design cues in something new that doesn’t actually need them. However, the concept of skeuomorphism can be thought of as relating more broadly to applying existing patterns to new technologies that, in fact, cry out for new approaches. In his session at DevOps Summit, Gordon Haff, Senior Cloud Strategy Marketing and Evangelism Manager at Red Hat, discussed why containers should be paired with new architectural practices such as microservices rathe...
In 2014, Amazon announced a new form of compute called Lambda. We didn't know it at the time, but this represented a fundamental shift in what we expect from cloud computing. Now, all of the major cloud computing vendors want to take part in this disruptive technology. In his session at 20th Cloud Expo, John Jelinek IV, a web developer at Linux Academy, will discuss why major players like AWS, Microsoft Azure, IBM Bluemix, and Google Cloud Platform are all trying to sidestep VMs and containers...
Using serverless computing has a number of obvious benefits over traditional application infrastructure - you pay only for what you use, scale up or down immediately to match supply with demand, and avoid operating any server infrastructure at all. However, implementing maintainable and scalable applications using serverless computing services like AWS Lambda poses a number of challenges. The absence of long-lived, user-managed servers means that states cannot be maintained by the service. Lo...
Using serverless computing has a number of obvious benefits over traditional application infrastructure - you pay only for what you use, scale up or down immediately to match supply with demand, and avoid operating any server infrastructure at all. However, implementing maintainable and scalable applications using serverless computing services like AWS Lambda poses a number of challenges. The absence of long-lived, user-managed servers means that states cannot be maintained by the service. Lo...
With the new Kubernetes offering, ClearDATA solves one of the largest challenges in healthcare IT around time-to-deployment. Using ClearDATA's Automated Safeguards for Kubernetes, healthcare organizations have access to the container orchestration to dynamically deploy new containers on demand, monitor the health of each container for threats and seamlessly roll back faulty application updates to a previous version, avoid system-wide downtime and ensure secure continuous access to patient data.
With the rise of Docker, Kubernetes, and other container technologies, the growth of microservices has skyrocketed among dev teams looking to innovate on a faster release cycle. This has enabled teams to finally realize their DevOps goals to ship and iterate quickly in a continuous delivery model. Why containers are growing in popularity is no surprise — they’re extremely easy to spin up or down, but come with an unforeseen issue. However, without the right foresight, DevOps and IT teams may lo...
Docker and Kubernetes are key elements of modern cloud native deployment automations. After building your microservices, common practice is to create docker images and create YAML files to automate the deployment with Docker and Kubernetes. Writing these YAMLs, Dockerfile descriptors are really painful and error prone.Ballerina is a new cloud-native programing language which understands the architecture around it - the compiler is environment aware of microservices directly deployable into infra...
Signs of a shift in the usage of public clouds are everywhere. Previously, as organizations outgrew old IT methods, the natural answer was to try the public cloud approach; however, the public platform alone is not a complete solution. Complaints include unpredictable/escalating costs and mounting security concerns in the public cloud. Ultimately, public cloud adoption can ultimately mean a shift of IT pains instead of a resolution. That's why the move to hybrid, custom, and multi-cloud will ...
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...
As you know, enterprise IT conversation over the past year have often centered upon the open-source Kubernetes container orchestration system. In fact, Kubernetes has emerged as the key technology -- and even primary platform -- of cloud migrations for a wide variety of organizations. Kubernetes is critical to forward-looking enterprises that continue to push their IT infrastructures toward maximum functionality, scalability, and flexibility. As they do so, IT professionals are also embr...