Multi-Tenant Google Cloud Platform B2B SaaS Applications

Concepts

Overview

Many of Google Cloud Platform’s customers and partners build B2B applications on GCP; some of these applications are available on other platforms, either on-premise or in the cloud (eg. SAP), while some take greater advantage of GCP’s managed services (eg. JDA, EnergyWorx, Leanplum) to implement Software as a Service (SaaS) on GCP.

This latter group of enterprises faces three interesting challenges:

  • Managing authentication and authorization for the users of your customers.
  • Addressing your customers’ concerns around isolation.
  • Providing your customers with a holistic interface to all their services.

We’ll look at ways of addressing these challenges in the How-to Guides, but first a little more context.

Authentication and Authorization

Google Cloud provides robust authentication and authorization services; the challenge is in reconciling two worlds:

In many cases this can be bridged by service accounts; this is more difficult if you wish to expose some of GCP’s managed services directly to your customers’ end users, eg. upload files to Google Cloud Storage, run analytics on BigQuery.

Isolation

Google Cloud Platform provides a number of isolation boundaries including projects, and now folders and organizations, in addition to ACL and network-based controls.

The key is to apply Google Cloud’s defense-in-depth approach in a way which matches your customers expectations, which are often grounded in the hard shell, soft interior on-premise world.

Holistic Interface

When people think of SaaS applications, they often think of UI. However, many of your customers also require programmatic ways of being able to interact with your SaaS services (eg. Google Drive API, Google Apps Script).

Google Cloud Endpoints provides an Open API compliant way of exposing your GCP services; however, many of you either have some services which will remain on-premise, or are migrating to GCP over time, and need to provide a holistic interface to all your applications include your “legacy” applications.


released free of copyrights under Creative Commons CC0

What’s next

Read Best Practices for Enterprise Organizations to learn more about best practices underpinning this article.

Refer to the Google Cloud trust & security, and Google Cloud Platform security overview micro-sites for more information on Google Cloud security.

Read the following guides to understand how to implement: