Alfresco multi-tenancy has been around for some time, we were using it in version 3 long time ago. Now as we speak version 4.2 is actual and we are going to go through details on this subject. In this post we will explain
- How to use alfresco in multi tenancy mode
- How to manage tenants
- How to customize all tenants or specific one
- What features do not exist
What is multi-tenancy? When this feature should be used? We are going to assume that you have number of clients that you work with, each client have their IT person that manages the permissions, creates folders and so on. If this is your case then you probably do not have to use multi-tenancy at all. This will work fine, as long as you previously set permissions in such a way that this clients of yours do not collide in any way.
What happens if IT person needs to create a user and assign permissions for him or her, or just set different quota on some user, or maybe to create a group? Then you are in a problematic situation, either you need to do this creating users, managing quotas and creating groups or you will allow clients IT person to do this instead of you.
Making clients employees administrators of your system is not smart thing to do, you can be sure of that. This is a situation when you need to have multi-tenancy enabled and used.
Multi-tenancy is alfresco mode where you have users, their data, and settings separated from eachother. Lets see our clients problem from before, this way every IT person will have admin rights and be able to administer only his company. You as system owner will have default tenant admin rights as you will need to create new tenants for your new clients. You as default tenant admin can reset tenant administrators password and be sure to keep your password safe.
Being default admin holds certain problems, as you need to make sure that if you allow any other user to be administrator of default tenant that user can reset any tenant password even if his user name is not admin ( just making sure you understand).
Alfresco 4+ has multi-tenancy enabled by default, and using it is very easy. Just login as admin user and go to
this will open tenant administrator console, here you can manage the tenants using few commands .
To create tenant you can use
create alfrescoblog.com admin
“alfrescoblog.com” will represent tenant name, and “admin” will represent password in our case. You of course will not use “admin” as a password for security reasons.
System will respond with something like this and that means you are ready to go.
Last command: create alfrescoblog.com admin Duration: 11708ms
If you plan to have big clients that will use a lot of your space it is smart to set their repository on certain path, previous command would be :
create alfrescoblog.com admin /usr/alfrescoblog.com/
This would put the repo on specified path allowing you to mount especial drive for this client .
Listing tenants in your system
Response of your system would be something like this:
Last command: show tenants Duration: 2ms ----- Enabled - Tenant: tenant (J:/Develop/servers/alfrescoblog/alf_data/contentstore) Enabled - Tenant: alfrescoblog.com (J:/Develop/servers/alfrescoblog/alf_data/contentstore)
You can disable, enable and delete tenant using next commands:
Setting tenant admin password
One thing that always happens is when you need to change tenant admin password, handy command in this case would be
changeAdminPassword alfrescoblog.com newPassword
Using the Tenant
After you create the tenant, users can start logging in, in our case should be only one user called firstname.lastname@example.org with specified password. This user can login, create users, groups and folders as he pleases without worrying about colliding with other users of alfresco system.
What happens with modules that are previously been installed?
All modules are bootstrapped and installed when new tenant is created, and all of its features, many of them are explained here. Question that you might have is how to customize something only for particular tenant. Easy, just put what you need in Data Dictionary folder. Whatever is in there it is only for this tenant.
One of the problems with having customizations is you need to restart server(tomcat) every time you add jars that represent implementations of your actions, services, spring beans or activiti POJOs and so on. You might need to reconsider using alfresco and multi-tenancy if you have problem with this.
We mentioned one problem and that is restart of the tomcat server on every change. Backup and restore, what happens if one of the clients decides to restore to certain point. You have import export commands in tenant console. Let us know how that goes
Alfresco has many features like FTP, CIFS, LDAP and so on. Few of them your clients will not be able to use like:
- Record management module
- LDAP, NTLM
- Inbound Email
- Content replication
Inbound email can be a problematic thing, but it can be easily fixed. Lets assume that you have email of folder 123, then inbound email would be email@example.com, but if this is tenant alfrescoblog.com then its associated mail address would be firstname.lastname@example.org. This unfortunately needs to be developed, so this feature will be done in some other posts here in the future. Or if you need it let us know.
Use multi-tenancy when your clients have their IT personal that needs to create users, groups and so on. When your clients need to have their own customizations and you need to be able to backup and restore one client at a time.
Do not use multi-tenancy when you do not need to backup each tenant by it self, when clients just store data on your server, and do not have IT personal to handle settings.