- INDUSTRY: Education
- Vertical: Multi-Tenant SaaS Platform
- Location: Houstan,Texas,USA
- Completed Date: 10-11-2021
Executive Summary
A provider of higher education software sought to develop a multi-tenant Software as a Service (SaaS) application. The application aimed to empower non-technical users at educational institutions to access, manipulate, and report on data from various sources without requiring in-depth SQL knowledge. This case study explores the challenges faced, the solution provided, the technologies used, and the positive outcomes of the project. OktaBytes partnered to build the platform on AWS, enabling users to generate custom reports from diverse data sources without requiring in-depth knowledge of SQL. The application features a multi-tenant architecture, secure connectivity, and a user-friendly interface, significantly reducing the burden on technical staff and improving data accessibility for educational institutions.
Challenge
The organization identified a need for a solution that would allow non-technical staff at educational institutions to generate statistics and reports independently. The key challenges included:
Lack of SQL Knowledge: End-users often lacked the SQL expertise required to query and analyze data effectively.
Data Silos: Data was scattered across various on-premise databases (Oracle, MS SQL), REST APIs, and CSV files, making it difficult to combine and analyze.
Multi-Tenancy and Data Isolation: The application needed to support multiple institutions (multi-tenancy) while ensuring strict data isolation between them.
Role-Based Access Control: Different user roles (Tenant Admin, Site Admin, User) with granular permissions were required to control data access.
Deployment Complexity: The organization sought a hassle-free deployment process that didn't require on-site configuration at each institution.
Reporting Needs: The application needed to enable the creation of diverse reports for various purposes, including government compliance.
Solution
OktaBytes collaborated with the organization to develop a cloud-based application that addressed these challenges. The solution included:
-
Multi-Tenant Architecture: The application was designed as a multi-tenant application, allowing multiple institutions to use the same infrastructure while maintaining data segregation.
-
Common User Identity: The solution integrates with institutions' identity providers (e.g., Active Directory), enabling users to log in with their existing credentials.
-
User Roles and Permissions: The application provides built-in roles (Tenant Admin, Site Admin, User) and granular permissions to control user access to data and functionality.
-
Data Isolation: Data is isolated at multiple levels: organization, department/sub-department ("Sites"), and user. Multiple layers of access control ensure data security.
-
Access Control: The application uses AWS Cognito for user authentication and its own role-based access control (RBAC) model for authorization. This allows administrators to assign different roles to users with specific permissions.
-
Security Auditing: Application logs all security-related events, such as logins, logouts, and data access attempts. These logs can be used to audit security and identify potential security breaches.
-
Data Encryption: Application encrypts data both in transit and at rest. Data in transit is encrypted using TLS, while data at rest is encrypted using AWS Key Management Service (KMS).
-
Multiple Data Sources: The application connects to various data sources, including on-premise JDBC databases (Oracle, MS SQL), REST APIs, and CSV files. AWS Glue Jobs are used to ingest and process data from these sources.
-
Data Exchanger: The "Data Exchanger" tool allows non-technical users to generate reports, create collections, and view sample data using a drag-and-drop interface. Users can also apply filters, sorting, and grouping operations.
-
Reusing Saved Data: Data was organized into "Collections," which included both the data itself and associated metadata, facilitating reuse and management.
-
Secure Connectivity: Secure VPN connectivity (SHA-256 encrypted) with AWS Transit Gateway was established to connect to on-premise data sources.
-
Hassle-Free Deployment: The solution featured continuous integration and continuous delivery (CI/CD) and infrastructure provisioning using AWS Service Catalog, eliminating the need for on-site deployments.
Tech Stack
Typescript
JavaScript
NodeJS
React Js
Python
PostgreSQL
AWS Services
Lambda
API Gateway
S3
RDS
Athena
StepFunctions
CloudWatch
Glue
Cognito
IAM
CodePipeline
CodeBuild
Impact
-
Serverless Architecture: Increase scalability, reduce operational overhead, and enable faster development cycles for the platform.
-
Empowered Non-Technical Users: Users can now access and analyze data independently, reducing reliance on IT staff.
-
Improved Data Accessibility: Data from multiple sources is now easily accessible and can be combined for comprehensive analysis.
-
Enhanced Data Security: Multi-level data isolation and role-based access control ensure data security and governance.
-
Streamlined Reporting: Users can create customized reports for various needs, including compliance requirements.
-
Reduced IT Burden: Lowering the costs associated with traditional inspections.
-
Improved Safety: The hassle-free deployment and user-friendly interface have reduced the burden on IT department.
-
Enhanced Data Quality: Ensuring accurate and reliable data collection and analysis.
-
Scalable and Flexible Solution: The cloud-based architecture and use of AWS services provide scalability and flexibility to meet future needs.
Conclusion
The application successfully delivered a powerful and user-friendly data analysis and reporting tool. By leveraging AWS cloud services and a well-designed architecture, it empowered its users, improved data accessibility and security, and reduced IT overhead. This case study showcases the positive impact of cloud-based solutions in addressing complex business challenges and enabling data-driven decision-making.
