Using Azure Load Testing to test Multi-Tenant services
Using Azure Load Testing to test Multi-Tenant services
This article describes how to use Azure Load Testing to test a multi-tenant service based on Azure App Service. It also describes how to run the Load Testing scenario from either:
- a Dev Container in Visual Studio Code
- an Azure DevOps Pipeline
- a Github Action
Scenario details
For this scenario, Azure Load Testing is used to test the performances of a Multi-Tenant service hosted on Azure. The Load Testing resources are only deployed during the tests and can be managed from an Azure DevOps pipeline or a Github Action.
Potential use cases
Multi-tenant architectures are commonly used for building SaaS applications, where multiple customers share the same application instance while keeping their data isolated.
For instance, applications like project management tools or customer relationship management systems, where multiple users collaborate and share data, can benefit from a multi-tenant architecture. Some Microsoft Teams applications can also provide Multi-Tenant Services.
Architecture of the system we want to load test
The architecture diagram below describes a minimal architecture to provide a multi-tenant service. The multi-tenant service is composed of:
- a backend (REST API) hosted on Azure Function,
- a Frontend hosted on Azure Static Web App,
- a database hosted on Azure Table Storage.
This architecture could be extended with an Azure Front Door to support a distributed application in several regions. Azure Front Door routes client traffic to the correct region, moreover it can fail over to the second region if a regional failure happens, and it can secure the internet-facing entry point via Azure Web Application Firewall.
Application Gateway could also be deployed to route and load-balances traffic internally. Application Gateway has awareness of the load on individual services within a group.
Azure Front Door and Application Gateway combine to provide complex load-balancing at all levels in a multitenant solution.
Load testing Architecture
The load testing of this infrastructure requires the deployment of Azure Load Testing service to test the multi-tenant service through the REST API endpoint.
As this REST API is protected and requires an authentication, each client will send a token to get access to the service. Those tokens will be stored in the Azure Key Vault.
Moreover, a Microsoft Entra ID Test Renant could be created to provision temporary users. Using those users' credentials the load testing preparation script will store the access token of each user in an Azure Key Vault secret.
You can get a test tenant in joining the Microsoft 365 Developer Program:
https://learn.microsoft.com/en-us/entra/identity-platform/test-setup-environment#get-a-test-tenant
Load testing scenario
This paragraph describes all the steps to load test the Multi-Tenant service.
- Before launching the load testing scenario, temporary users are created in the Microsoft Entra ID Test tenant. The multi-factor authentication is disabled for those users to allow the authentication with the REST API to load test.
- When the users in the Microsoft Entra ID test tenant are provisioned, the infrastructure to test is deployed.
- The multi-tenant application is created in the Microsoft Entra ID tenant associated with the Azure Subscription where the resources are deployed.
- The backend and frontend services are built and deployed on the targeted infrastructure.
- Once the frontend is running, the administrator of the Microsoft Entra ID test tenant grants admin consent on behalf of the organization. After this step, users aren't usually prompted for consent for that application.
- A preparation script gets the access token for each test user and stores the token in a secret in Azure Key Vault.
- The targeted infrastructure and services are now ready.
- The load testing engines are now sending request towards the REST API endpoint using the token stored in the Azure Key Vault.
- When the load testing duration is reached, the service stops sending requests to the REST API endpoint. The load testing results are successful if the error rate is below the targeted error threshold and the average response time below the targeted response time.
Components
Beyond Azure Load Testing, this paragraph describes the list of services which could be deployed on Azure to offer a multi-tenant service.
- Azure Load Testing: Enable developers and testers to generate high-scale load and run simulations that reveal actionable insights into app performance, scalability, and capacity with a fully managed load-testing service. Create tests quickly without prior knowledge of load testing tools, or upload your existing Apache JMeter scripts. Gain specialized recommendations backed by comprehensive metrics and analytics, and support continuous improvement through automated continuous integration and continuous delivery (CI/CD) workflows—all with a testing service built for Azure.
- App Service: Azure's premier service for web applications and web-based APIs. Security integrates with services like Microsoft Entra ID and Azure Key Vault. You can configure automatic scaling. Also, the amount of resources available to scale to is flexible between the various App Service plans on which the app can run. App Service can also leverage integrated DevOps capabilities for continuous integration and deployment to multiple environments. These and other supporting features of the Azure platform allow for developers to focus on the development of their applications.
- Azure Event Hubs: Stream millions of events per second from any source to build dynamic data pipelines and immediately respond to business challenges.
- Azure Machine Learning: Empowers data scientists and developers to build, deploy, and manage high-quality models faster and with confidence.
- Azure Blob Storage: A massively scalable object storage for any type of unstructured data, including images, videos, audio, documents, and more. It's easy and cost effective.
- Azure Front Door: A regional load balancer that routes client traffic to the correct region. It can fail over to the second region if a regional failure happens, and it can secure the internet-facing entry point via Azure Web Application Firewall.
- Microsoft Entra ID: Acts as the identity provider for the entire application, enforcing authentication and end-to-end authorization of the request in the application.
- Azure DNS: A hosting service in Azure for domain name resolution. In a multitenant solution, multiple clients access the solution via their own individual domains. Use Azure DNS to configure and resolve client requests to their correct application stack.
- Application Gateway: Routes and load-balances traffic internally in the application to the various services that satisfy client business needs. While Azure Front Door balances load across high-level regions, it's Application Gateway that has awareness of the load on individual services within a group. Azure Front Door and Application Gateway combine to provide complex load-balancing at all levels in a multitenant solution. For more information on load-balancing options in Azure, visit this overview on Azure load-balancing.
- Azure Kubernetes Service (AKS): Orchestrates instances of container images deployed to a cluster. Managing multiple clients' data often involves implementing a suite of components to manage:
- Data modeling
- Data source connectivity
- Extract, transform, load (ETL)
- Import/export activities.
- Azure SQL Elastic Pools: Provides a solution for managing a set of databases flexibly with a pool of resources. The service allocates resources on demand to the databases. It gives the developer of a multitenant SaaS architecture the power to deliver database resources to clients as they need it. The service also reduces the budget and overhead of maintaining multiple SQL Servers with large chunks of unused compute resources.
- Azure Cognitive Search (formerly known as Azure Search): A service that adds a powerful indexing and query engine to your application. It gives clients access to strong query functionality. They can also use Azure's AI capabilities to enrich and enhance the query functionality. Azure Cognitive Search can account for multitenancy using an index-per-tenant or service-per-tenant strategy.
- Azure Cache for Redis: Applies a caching layer as a service to the solution, providing an in-memory managed cache to reduce latency and increase performance for the clients. High throughput allows for a high volume of requests to handle multiple tenants accessing the system. You can flexibly scale up the service as application loads increase. It also supports encryption at rest to protect and isolate cached tenant data.
- Email: Create automated task and workflows with Azure Logic Apps and Microsoft 365 Outlook Connector to send an email.
Azure DevOps pipelines
After installing the Azure Load Testing component from the Azure DevOps Market Place, it’s possible to run the same load testing scenario from an Azure DevOps pipeline.
Below the load testing task:
Github Actions
From a Github Action it’s also possible to run the same load testing scenario.
Below the load testing task:
Considerations
These considerations implement the pillars of the Azure Well-Architected Framework, which is a set of guiding tenets that can be used to improve the quality of a workload. For more information, see Microsoft Azure Well-Architected Framework.
Cost optimization
Cost optimization is about looking at ways to reduce unnecessary expenses and improve operational efficiencies. For more information, see Overview of the cost optimization pillar.
Use the Azure pricing calculator to get customized pricing estimates.
Next steps
- Get started with this Using Azure Load Testing to test services running on Azure
- A sample implementation here load testing a multi-tenant service composed of:
- a backend (REST API) hosted on Azure Function,
- a Frontend hosted on Azure Static Web App,
- a database hosted on Azure Table Storage.
The performances of this service can be tested from either a dev container in Visual Studio Code or an Azure DevOps pipeline or a Github Action using a Microsoft Entra Id Test Tenant.
Published on:
Learn moreRelated posts
Microsoft Purview compliance portal: Information Protection – MIP auto-labeling for Azure SQL & Storage
Microsoft's Purview compliance portal has added a new feature that enables users to extend sensitivity labels to specific or all subscriptions...
Optimizing Azure Container App Deployments: Best Practices for Pipelines & Security
In this post, we take Azure Container App deployments to the next level with best practices for optimizing pipelines and securing sensitive d...
Seamless Updates, Zero Downtime: Master Continuous Deployment in Azure Container Apps
In this fifth part of our Azure Container Apps series, we dive into the world of Continuous Deployment. Learn how to automate your deployment ...
This Month in Azure Static Web Apps | 09/2024
We are back with another edition of the Azure Static Web Apps Community! :party_popper: September was yet another month ...
IPv6 Adoption: Enhancing Azure WAF on Front Door
The transition to IPv6 is a significant step for enterprise corporations, reflecting the evolution of internet technology and the need for a l...
Introducing the Data-Bound Reference Layer in Azure Maps Visual for Power BI
Imagine managing a nationwide sales team and needing to understand how your sales align with factors like population density, competitor locat...