SYS-CON MEDIA Authors: Pat Romanski, Gary Arora, Zakia Bouachraoui, Yeshim Deniz, Liz McMillan

Blog Feed Post

Six considerations for running a multi-tenant mobile app using Azure App Service

With the launch of HappenZap, I now have two multi-tenant mobile app platforms running on Azure App Service.  When it comes to the backend services for mobile apps, Azure App Service really isn’t used that much though.  In fact, in the 2017 Ionic Developer Survey, Azure only accounted for 10% of the users using it as a server side platform (behind Heroku, Digital Ocean, and Amazon ECS).  For authentication, it ranked even lower at only 2.9% of the survey results.  For Push Notifications, it wasn’t even on the list.  However, for both my platforms, I have chosen to use it and have been doing so successfully.

Why did I go with Azure App Service?  When I was getting started with mobile development, I found Azure as an option pretty quickly.  Having a lot of experience around the Microsoft stack, I found that App Service was something I could get going with.  Maybe this was partly due to my lack of experience with mobile, but I chose to go this route and I am pretty happy with a lot of it.  Most mobile developers I have ran into don’t even consider Azure App Service as an option, but I think it’s worth a look.

Let’s look at some of the different aspects.

Database

Azure App Service offers Easy Tables and they are in fact easy.  They are awesome for prototyping because you don’t even have to define a schema (although I always do in my apps).  In fact, you can basically just insert anything and if the column doesn’t exist in your table, it will create it for you.  it automatically creates an id column, a createdAt, modifiedAt, version number, and deleted fields for you as well.  It supports a soft-delete capability that you can easily turn on as well.  From a developer stand point, it’s easy to get started with a simple API around your database tables using node.js.

From a cost perspective, this is where you want to plan.  Even the cheapest Azure SQL database costs you $5.  For a service I am charging $40 a month for, having a separate database for each customer is not cost effective.  As a result, I put all of my customers in the same database and every table is segmented by a tenant_id column.  This works, but that means you have to write a level of security into your API.  We’ll talk more about authorization in a bit, but this means you have to validate that the user making the API call has permission to make queries into that tenant.

Azure Web Apps / Mobile Apps

Whether you create a new “Mobile App” or “Web App”, it’s basically the same thing with a different icon in the Azure Portal.  When thinking multi-tenant, your goal is to create one of these that can serve all of your clients.  If each client has to have their own Web App, you will quickly exceed the memory capacity of your App Service plan.  There are reasons why you might consider having more than one though as you will see when you read on.

Authentication

Authentication in mobile apps with Azure App Service is easy due to the large number of SDKs available including Cordova, Xamarin, and native iOS and Android.  App Service supports authenticating against Azure Active Directory, Facebook, Google, Microsoft, and Twitter.  If you want to authenticate against Microsoft consumer or AAD, App Service is a great option because Firebase doesn’t support it.  You can authenticate against one or all of the providers too.  Logging a user in as simple as calling azureMobileClient.login(‘providername’).  On mobile apps, it will open the InAppBrowser and sign the user in.  This works great for interactive logins but auto-login with the token is a bit of a different story.  I’ll post in the near future about how to do that as it is not well documented.

The way authentication works is that your mobile client makes a call into the App Service back in which in effect proxies the request over to the appropriate provider.  The nice thing about this is that, any subsequent API calls you make automatically pass the user’s token and the API can respond accordingly if the user is not authenticated or their token has expired.  If you don’t need authentication on a particular type of API call, you can allow anonymous users to access it.  For example, anonymous users might get read access, but authenticated users can insert / update / delete.

The issue you run into with authentication on app service is that all users have to request the same scope / permissions.  For example, you may want end users to have just basic profile access to Facebook, but you want administrators to be able to manage pages.  The permissions you request are set in the Azure Portal and are essentially fixed.  That means all users have to request the same permissions.  That’s no good.  One way to work around this is to call the authentication provider directly.  For example, I’ve done this with AAD to request a scope that included admin consent credentials such as Group.Read.All.  Another way to work around this is to have multiple Azure Mobile Apps configured with different permissions.  This really doesn’t scale all that well either, but could be an option for simple scenarios.  It does create a bit of overhead though since you have to push code to each one and your client side code has to know which endpoint to call.

Authorization

Azure takes care of the Authentication for you, but authorization is still up to you.  There are not a lot of complex examples out there for this, so I’ll probably write something up soon.  Your API will receive the user’s context and therefore you can get there access token and username if needed.  For authentication, I simply implement a users table which has the user’s unique id, role, and tenant id.  I first make sure that the user is in that tenant id.  Then I make sure the user has the right role for whatever operation I am performing.  It’s fairly simple, but it works.

Save Cash with Caching

You pay for every bit of data egress from Azure whether that is your API or SQL.  It can really add up too as your volume grows.  Be sure and take advantage of caching wherever you can. Cache frequent database calls at the API layer.  Cache data that doesn’t change frequently on the mobile app.  Only get data when you need it.

Push Notifications

Azure Mobile Apps supports push notifications with Google, Apple, Amazon, and a few others.  It’s pretty simple to set up and their are methods built into the node.js SDK that make it easy to set up.  However, there are a few limitations.  First, App Service doesn’t support the newer key based model used by APNS so that means you need a certificate (for both development and production) for every tenant.  The next issue is that you can only install one key per instance of an Azure Mobile App.  That means you would have to have a separate Azure Mobile App per tenant.  That doesn’t scale well at all.  I used this approach for a while but I switched over to Firebase Cloud Messaging and now I can use a single tenant.

Summary

Azure App Service is a cost effective way to run multi-tenant mobile applications.  There are factors that you have to consider, but I do think its a viable choice for hosting your mobile app’s backend. 

Read the original blog entry...

More Stories By Corey Roth

Corey Roth, a SharePoint Server MVP, is an independent consultant specializing in Cloud technologies such as Azure and Office 365. He also specializes in mobile development. Corey serves as the product manager for two cloud-first mobile app platforms: BrewZap and HappenZap.

Latest Stories
Isomorphic Software is the global leader in high-end, web-based business applications. We develop, market, and support the SmartClient & Smart GWT HTML5/Ajax platform, combining the productivity and performance of traditional desktop software with the simplicity and reach of the open web. With staff in 10 timezones, Isomorphic provides a global network of services related to our technology, with offerings ranging from turnkey application development to SLA-backed enterprise support. Leadin...
While a hybrid cloud can ease that transition, designing and deploy that hybrid cloud still offers challenges for organizations concerned about lack of available cloud skillsets within their organization. Managed service providers offer a unique opportunity to fill those gaps and get organizations of all sizes on a hybrid cloud that meets their comfort level, while delivering enhanced benefits for cost, efficiency, agility, mobility, and elasticity.
DevOps has long focused on reinventing the SDLC (e.g. with CI/CD, ARA, pipeline automation etc.), while reinvention of IT Ops has lagged. However, new approaches like Site Reliability Engineering, Observability, Containerization, Operations Analytics, and ML/AI are driving a resurgence of IT Ops. In this session our expert panel will focus on how these new ideas are [putting the Ops back in DevOps orbringing modern IT Ops to DevOps].
Darktrace is the world's leading AI company for cyber security. Created by mathematicians from the University of Cambridge, Darktrace's Enterprise Immune System is the first non-consumer application of machine learning to work at scale, across all network types, from physical, virtualized, and cloud, through to IoT and industrial control systems. Installed as a self-configuring cyber defense platform, Darktrace continuously learns what is ‘normal' for all devices and users, updating its understa...
Enterprises are striving to become digital businesses for differentiated innovation and customer-centricity. Traditionally, they focused on digitizing processes and paper workflow. To be a disruptor and compete against new players, they need to gain insight into business data and innovate at scale. Cloud and cognitive technologies can help them leverage hidden data in SAP/ERP systems to fuel their businesses to accelerate digital transformation success.
Concerns about security, downtime and latency, budgets, and general unfamiliarity with cloud technologies continue to create hesitation for many organizations that truly need to be developing a cloud strategy. Hybrid cloud solutions are helping to elevate those concerns by enabling the combination or orchestration of two or more platforms, including on-premise infrastructure, private clouds and/or third-party, public cloud services. This gives organizations more comfort to begin their digital tr...
Most organizations are awash today in data and IT systems, yet they're still struggling mightily to use these invaluable assets to meet the rising demand for new digital solutions and customer experiences that drive innovation and growth. What's lacking are potent and effective ways to rapidly combine together on-premises IT and the numerous commercial clouds that the average organization has in place today into effective new business solutions.
Keeping an application running at scale can be a daunting task. When do you need to add more capacity? Larger databases? Additional servers? These questions get harder as the complexity of your application grows. Microservice based architectures and cloud-based dynamic infrastructures are technologies that help you keep your application running with high availability, even during times of extreme scaling. But real cloud success, at scale, requires much more than a basic lift-and-shift migrati...
David Friend is the co-founder and CEO of Wasabi, the hot cloud storage company that delivers fast, low-cost, and reliable cloud storage. Prior to Wasabi, David co-founded Carbonite, one of the world's leading cloud backup companies. A successful tech entrepreneur for more than 30 years, David got his start at ARP Instruments, a manufacturer of synthesizers for rock bands, where he worked with leading musicians of the day like Stevie Wonder, Pete Townsend of The Who, and Led Zeppelin. David has ...
Darktrace is the world's leading AI company for cyber security. Created by mathematicians from the University of Cambridge, Darktrace's Enterprise Immune System is the first non-consumer application of machine learning to work at scale, across all network types, from physical, virtualized, and cloud, through to IoT and industrial control systems. Installed as a self-configuring cyber defense platform, Darktrace continuously learns what is ‘normal' for all devices and users, updating its understa...
Dion Hinchcliffe is an internationally recognized digital expert, bestselling book author, frequent keynote speaker, analyst, futurist, and transformation expert based in Washington, DC. He is currently Chief Strategy Officer at the industry-leading digital strategy and online community solutions firm, 7Summits.
Addteq is a leader in providing business solutions to Enterprise clients. Addteq has been in the business for more than 10 years. Through the use of DevOps automation, Addteq strives on creating innovative solutions to solve business processes. Clients depend on Addteq to modernize the software delivery process by providing Atlassian solutions, create custom add-ons, conduct training, offer hosting, perform DevOps services, and provide overall support services.
Contino is a global technical consultancy that helps highly-regulated enterprises transform faster, modernizing their way of working through DevOps and cloud computing. They focus on building capability and assisting our clients to in-source strategic technology capability so they get to market quickly and build their own innovation engine.
When applications are hosted on servers, they produce immense quantities of logging data. Quality engineers should verify that apps are producing log data that is existent, correct, consumable, and complete. Otherwise, apps in production are not easily monitored, have issues that are difficult to detect, and cannot be corrected quickly. Tom Chavez presents the four steps that quality engineers should include in every test plan for apps that produce log output or other machine data. Learn the ste...
Digital Transformation is much more than a buzzword. The radical shift to digital mechanisms for almost every process is evident across all industries and verticals. This is often especially true in financial services, where the legacy environment is many times unable to keep up with the rapidly shifting demands of the consumer. The constant pressure to provide complete, omnichannel delivery of customer-facing solutions to meet both regulatory and customer demands is putting enormous pressure on...