Multi Tenant

Introduction

The new Sentilo Multi Tenant release provides the capacity of creating and managing virtual Sentilo instances related  with different organizations(e.g. cities). Every organization has its own context, entities and data, and it can share information with third parties at its will, even it's possible to have different look & feel for every tenant.

Above all the tenants, a new role emerges for administer the platform, manage the organizations and create the necessary users for administer each one.
Additionally, the platform can provide addional services to its organizations, like common integrations and offer a single map showing the public information of all its organization.

The Sentilo multi-tennancy model implements level 3 of SAAS maturity model, which offers a good levels of efficiency and scalability balanced with a complexity and a reasonable operational costs:

  • Single instance for all the tenants.
  • Same software deployed version for all the entities.
  • Unique typologies for components and sensors.
  • Common data repositories for all the tenants.
  • Personalization and access control for entities through admin console.
  • Personalization of look & feel for tenants.
  • Delegated administration for each entity, allowing them to administer its own data, devices, users and to share data a their will.

After configuring it, every organization has its own virtual Sentilo instance and can be administered autonomously.

The Organization concept

The Organizations represent the different entities, usually cities, that owns a virtual Sentilo instance.
Every one can manage autonomously its own applications, providers, components and sensors. All these elements are property of the organization, and nobody outside the organization can access to them, unless the organization grants access permissions to other organizations.

Organizations are administered through the various existing user roles, and according to them, be managed in different ways:


Role
Access type 
Super AdminThe Super Admin user can create and administer organizations, users and typologies
AdminThe Admin user can only manage its own organization parameters and has capacity for creating his own users, applications, providers, components, sensors and alerts, which will be automatically related to its organization
UserThe User can only access to public information data about the applications, providers, components, sensors and alerts which belong to its own organization

Below you can see an organization list from a multi tenant Sentilo instance, when connecting as super admin user:

organizations_list.png

Sentilo contexts

There are several virtual contexts(URL paths) for a multi tenant Sentilo instance, one for every organization and one for the public common area.
It's important to remark that for accessing to each organization console, you should choose the correct path, otherwise you won't be able to access, even using correct credentials. 

Organization console

You should access to the administration console through the corresponding url address, adding the organization id as a last parameter, as follows.

  • http://sentilo_instance_host[:port]/sentilo-catalog-web/organizationId

In the parameter organizationId  you should inform the organization identifier where you want access to. For example, we could access to an organization named Sample Organization, with a sample_organization as organization identifier in a Senilo instance deployed in a host with name example.com:

  • http://example.com/sentilo-catalog-web/sample_organization

Platform console

Super Admin users should access to the catalog console without informing any organization iddentifier in the url. In this case, no data is filtered by organization, and all the public information is visible in the public map and statistics:

  • http://your_sentilo_server_ip/sentilo-catalog-web

Super Admin users are responsibles of configure the platform organizations and its users, and also to define the component and sensor typologies.

Anonymous access

Anonymous users(not logged) can access the universal viewer directly without informing organization in the url. In this case, no data is filtered by organization, and all public information is displayed in the public maps and statistics, using the platform common look & feel.

  • http://sentilo_instance_host[:port]/sentilo-catalog-web

In this case, the user will see all the public information provided for the instance organizations.

Alternatively, the users can access to a specific organization public information, specifying a different URL context:

  • http://sentilo_instance_host[:port]/sentilo-catalog-web/organizationId

For example, we could access to an organization named Sample Organization, with a sample_organization as organization identifier in a Senilo instance deployed in a host with name example.com:

  • http://example.com/sentilo-catalog-web/sample_organization

Then the user will see all the public data offered by the Sample Organization, displayed using the organization custom look & feel.

For the rest of it, the features and behaviour of the public area is the same as described in Catalog and Maps section.

Platform administration

Super Admin users are responsibles of configure the platform organizations and its users, and also to define the component and sensor typologies.
They cannot see any organization data, such as components, sensors, alerts. 

Organization administration

Only the Super Admin user can list, create and delete organizations. After the organization is created, an Admin  user can edit its own configuration settings.
User  role don't have access to this information.

organizations_list.png

Below, the organization creation form, as a Super Admin:

organization_create.png

There are some additional parameters for customizing the public map behaviour:

organization_create_2.png

In order to create an organization, we must inform, at least, these parameters:

  • identifier: an unique organization identifier
  • name: the organization name
  • contact name: the name of the responsable person
  • contact email: the email of the responsable person

Some other parameters are optionals:

  • description: some description about the organization
  • config params tag (public map styles)
    • zoom level: the default map zoom level (see Google Maps API for more information)
    • latitude: map center latitude component
    • longitude: map center longitude component
    • map background color: the map color

Users administration

The Super Admin user can create, edit and delete any user from any Organization whatever role they have. In Addition, Super Admin role is the unique user role that can create additional Super Admin users. 

In a multi tenant instance, except for Super Admin users, when creating users, it's mandatory to specify the related organization.

user_list.png

user_create.png

Component and Sensor types administration

Only the Super Admin user can administer the components and sensor types.
In this case, the behaviour is the same like for a normal Sentilo instance.

See more information about it in the Catalog and Maps section.

Tenant administration

Admin role users are directly related with an specific organization. They are the only ones who are able to administer the organization private data, such as its providers, applications, components, sensors and alarms. They can also manage  its own users.
The admin users will also be capable of seeng all the defined component and sensor typologies, but they wont be able to modify them.

Basically, the only difference between the simple Sentilo instance and a Multi Tenant instace version is that only users from one organization can see and access to information from its own organization. It's also possible to share information with another organitzations, as described later.
This data isolation make possible taking advantadge of user and organization hierarchy.

Below, we review the specific behaviour of tenant administration, remarking is specificities. For more information, you can read the Catalog and Maps section.

Organization administration

Admin users can only manage its own organization information.

organization_detail.png

Alternatively, Admin user can manage third party from/to permissions for sharing information purposes. You'll find them in the two last tabs that located in the top of the detail section.

Permission administration


Permission type

Functionallity 
To third party organizations from usGrant read / write permissions to other organizations over our providers (and dependent components / sensors / alerts). We can add an drop these permissions.
From third party organizations to usRead / Write permissions from third party organizations granted to us. We can only make them visible or not in the universal map.

organization_to_permissions_list.png

Adding to third party read & write permission:

organization_create_to_permission.png

organization_create_to_permission_ok.png

In this case we had granted read&write permissions from our organization and our provider sample_provider to third party organization named Sentilo. So, now the Sentilo organization can access to the sample_provider data and manage ii (publish data).

In the other side, the Sentilo organization can see these permissions in the second tab, Permissions from others:

organization_from_permissions_list.pngAnd now, from this tab, we can change the permission visibility on the map. Simply select the checkbox from the permission and click on Show in map or Hide in map.

When sharing providers with other organizations, their related entities(providers, components, sensors), will appear on the other tenant console, but only in read mode.

Last modified by Administrator on 2015/11/17 16:34