Understanding SaaS Systems: Architecture, Features, Types, and Multi‑Tenant Design

Introduction: The author introduces the concept of SaaS systems and explains that the article will cover various aspects of SaaS.

1. Cloud Service Architecture Concepts

1.1 PaaS (Platform-as-a-Service) PaaS provides a cloud platform where developers can deploy applications using languages and tools such as Java, Python, .NET without managing underlying infrastructure.

1.2 IaaS (Infrastructure-as-a-Service) IaaS offers compute, storage, network resources that users can control, including operating systems and applications, while the provider manages the physical hardware.

1.3 SaaS (Software-as-a-Service) SaaS delivers complete applications over the cloud that users access via browsers or client interfaces, without needing to manage any underlying infrastructure.

2. Two Main Features of SaaS Systems

• Deployment on the provider’s servers rather than the customer’s own servers. • Subscription-based model where customers select and combine functionalities and pay per usage or time period.

3. Differences Between SaaS, Traditional Software, and Internet Services

3.1 SaaS Services Hosted in the cloud, users subscribe to obtain usage rights; the software and hardware belong to the provider.

3.2 Traditional Software Sold and installed on the customer’s own servers or designated cloud servers, often with accompanying hardware.

3.3 Internet Application Providers Host services in the cloud and monetize through ads or premium features.

4. B2B2C Model SaaS must support both end‑user (C‑side) registration, purchase, and business system access, as well as B‑side tenant management, traffic monitoring, and operational dashboards.

5. SaaS Classification

5.1 Business-oriented SaaS Provides tools for revenue‑generating activities such as e‑commerce platforms and CRM for B2B2C enterprises.

5.2 Efficiency-oriented SaaS Improves productivity with tools like project management or video conferencing for internal use.

5.3 Hybrid SaaS Combines business and efficiency functions, e.g., enterprise WeChat offering both collaboration and private‑domain management.

6. How to SaaSify an Existing System

Deploy to the cloud and upgrade performance for larger user scale.

Refactor user system to support C‑side login methods (phone, mini‑program, SMS).

Implement gateway services, rate limiting, and request tampering protection.

Develop tenant management (basic info, resource binding, service periods).

Adapt client (usually web) with permission control based on tenant resources.

Build a website for quoting, trial, purchase, and payment.

Modify backend APIs for tenant‑level data permission.

7. Core Components of a SaaS Product

Security component – ensures system security.

Data isolation component – guarantees that tenant data remains invisible to others.

Configurable component – allows customization of UI, themes, logos, etc.

Scalable component – supports horizontal scaling via load balancers and containers.

Zero‑downtime upgrade component – enables updates without restarting services.

Multi‑tenant component – isolates tenant data while providing shared functionality.

8. Multi‑Tenant Concepts

Key entities: tenant, user, organization, employee, solution, resource domain, and cloud resources.

8.1 Core Concepts

Tenant – an enterprise or individual customer with isolated data and behavior.

User – an individual who logs in to use the SaaS service.

Organization – the internal structure of a tenant.

Employee – a person within the organization.

Solution – packaged product and service offerings for specific business problems.

Resource domain – a set of cloud resources that run one or more product applications.

Cloud resource – compute, storage, network, container resources provided by cloud platforms.

8.2 Three Multi‑Tenant Isolation Modes

8.2.1 Vertical Isolation Each tenant runs in a completely separate environment, offering strong isolation and simple billing but higher cost and management complexity.

8.2.2 Shared Mode Tenants share the same infrastructure, reducing cost and enabling efficient management, but tenant activities can affect each other and billing becomes more complex.

8.2.3 Domain Isolation Combines aspects of both, allowing selective resource sharing while maintaining logical isolation.

8.3 Required Capabilities for Multi‑Tenant Systems

Support shared or dedicated cloud resources per tenant.

Ensure data and behavior isolation with fine‑grained permission control.

Allow organization‑based management within a tenant.

Enable different product capabilities to run on distinct cloud resources as needed.

8.4 Multi‑Tenant Architecture Diagram