Being an MSP today is complicated
- The service is expected to be ‘as a Service’
- Customers have many different risk profiles
- It’s difficult to explain how commercials affect the risk profile
- It can feel like your custom building solutions for each customer.
This blog post will unpack and give you tools to discuss with your customer:
- How risk, economics and performance interact
- Why Multi-tenancy might or might not be right
- Where they can use Multi-Tenancy in their own organisation to manage costs and resources
We’ll discuss the most common customer scenarios, the reasons why they’re right for Multi-Tenancy and the drivers that your customers may have that you can use to help them understand your value.
Future blog posts in this series will cover:
- The economics of MSP services – with a deep dive into Multitenancy
- When is Single tenant right for my customer and my business?
- Dealing with the cloud – Office 365, Citrix Cloud and others
- Deep dive into customer/solution scenarios
Building a multi-tenant AD
When does building a Multi-tenant AD work? Where is it still relevant.
Scenario 1 – The ISV focused App
The Situation:
You have a line of business app your MSP business focuses on/have a lot of customers using. Common examples are older versions of Quickbooks, Health Applications used by GP’s or Vets, Legal applications and even country/region specific ERP’s. In this scenario you are often not hosting the customers whole IT environment, you are generally focused on this application, delivered via Citrix Xenapp or RDS.
This app is a known quantity –
- your customers don’t want or need to change
- The vendor isn’t planning a cloud version, or the cloud version is far away from being feature complete
- There are material costs in transitioning to a cloud/SaaS product
- There is no competitor
In this case a Multi-tenant AD based hosting environment makes a lot of sense.
Because you are focused on delivering a single application it is easier to build a secure environment, even when taking multi-tenancy into account.
Building automation, or leveraging the out of the box automation of tools like Atria allows for quick, simple customer onboarding as almost everything is pre-built and ready to go.
Being able to share resources like SQL servers means more can be invested into value added capability like high availability, while still keeping costs low.
Scenario 2: The small customer
Many of the customers you have or are aiming for are small – 50 users or less but up to 500 in certain scenarios. Customers like this can be easier to win, and tend to have simpler requirements for the growing MSP to manage. You are also more likely to be able to offer all of the services the customer requires – from WiFi to onsite services to Hosted or Cloud applications. If you are lucky you may even have a vertical application or two that you primarily target.
- Your customers are often running legacy environments – Windows 7 (even XP shudder)
- They want more flexibility in the way they work – from home or even from the holiday house. Covid-19 has increased demand for this dramatically
- They have a legacy app they are stuck to, and the cost to upgrade is just too high
- They may have been targeted by ransomware, or know people who have
- They may be becoming more capex averse and looking for a cost flexible/scalable environment
In this scenario having a multi-tenant offering allows you to win cost conscious customers, who don’t want large capex projects (even want to reuse existing old desktops and laptops) while you can confidently offer them a secure modern desktop, available wherever they have internet access. You can still leverage Cloud where required – Office 365, build on Azure, AWS or any other IaaS vendor to give yourself redundancy, flexibility and a path to the cloud if desired.
Scenario 3: The Conglomerate/Government
In this scenario you’ve won or are running an environment for a conglomerate of companies or a government department/local government. These are complex customers, have big dependencies between departments/companies but also want control of their own operating environment. They will commonly have an IT environment per company, or for government per department, all with their own infrastructure, services and if in Office 365 tenants. For government you are also likely to be operating in an environment with additional security requirements.
At first glance this feels like a terrible use case for multi-tenancy, but wait – hear me out.
In this scenario in general the security, commercial and access goals are the same between each company/department. With these shared goals agreed, and the understanding that as they are part of the same broader organisation, instead of this being a security discussion (it’s not – you are building an specific isolated, shared environment for the conglomerate/government to their security requirements) it becomes an economic discussion.
With a Multi-Tenant Shared AD your conglomerate or government can
- Save infrastructure costs by sharing
- Save operational costs by having one operating environment to manage, with one shared helpdesk
- Increase speed of service deployment by only having to deploy once and everyone being able to access
- Investing in automation becomes simpler – tools like Atria can be used, and any custom scripting is able to be used across all companies/departments
To satisfy strict security requirements you can alternatively have dedicated application farms, file servers and even SQL if required, but all managed the same way in one shared Active Directory. These departments/companies will all also be able to use the same training for operational matters, like self service user creation, password resets and application management – further lowering helpdesk overhead.
Multi-Tenant Summary
Isolation: A multitenant environment supports mid isolation (Shared servers, separated by AD Groups and Permissions) to high levels of isolation (Shared AD, All other Servers are dedicated). This is an economic and risk slider you can use when talking to your customers. To your benefit – both models can be delivered out of the same shared AD.
Costs: This is the lowest cost per user service you can build. With as much as possible shared you can minimise your infrastructure and management costs. As you move higher up the isolation metric your costs will increase, however it is transparent to the customer and they can make informed choices with your guidance.
Security: This is also the functionally the least secure environment you can build. Automated tools like Atria will lock down your AD, and your RDS/Citrix and Databases, however care still needs to be taken. There is inherent risk, no matter how small in allowing multiple customers to share the same environment. This is a key conversation to have with your customer – balancing economics vs risk.
Customisation: You can offer your customers varying levels of customisation, from as simple as branded wallpapers, to dedicated servers they are able to manage their own applications on. The major restriction your customers have is no longer being able to manage Active Directory directly – it all needs to be done via your helpdesk or via a Multi-Tenant Active Directory administration tool like Atria
In bullet points
- Building a single Active Directory reduces management overhead
- Build 1 server farm (even if the application/RDS/Xenapp) servers are dedicated) lowers deployment and onboarding costs and time
- Having one consistent environment means helpdesk is easier and lower cost
- You can share other resources like SQL, load balancers, AV etc
- Using automation, either scripts or the Atria Portal minimises any risks and allows for self service and efficient helpdesk operation
- Multi-tenancy works for a wide range of customers, even complex ones like Government and Conglomerates
