blob: 08cd2801e8c6306d962fa129b1bbf3a778ce092e [file] [log] [blame]
<!DOCTYPE html>
<html lang="1.1" class="js csstransforms3d">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="generator" content="Hugo 0.81.0" />
<meta name="description" content="A set of micro-services for connecting millions of devices.">
<meta name="author" content="The Eclipse Hono Project">
<link rel="apple-touch-icon" sizes="180x180" href="/hono/docs/favicon/apple-touch-icon.png">
<link rel="icon" type="image/png" sizes="48x48" href="/hono/docs/favicon/favicon-48x48.png">
<link rel="icon" type="image/png" sizes="32x32" href="/hono/docs/favicon/favicon-32x32.png">
<link rel="icon" type="image/png" sizes="16x16" href="/hono/docs/favicon/favicon-16x16.png">
<link rel="manifest" href="/hono/docs/favicon/site.webmanifest">
<link rel="mask-icon" href="/hono/docs/favicon/safari-pinned-tab.svg" color="#5bbad5">
<link rel="shortcut icon" href="/hono/docs/favicon/favicon.ico">
<meta name="msapplication-TileColor" content="#da532c">
<meta name="msapplication-config" content="/hono/docs/favicon/browserconfig.xml">
<meta name="theme-color" content="#ffffff">
<title>Multi-Tenancy :: Eclipse Hono&trade; Vers.: 1.1</title>
<link href="/hono/docs/css/nucleus.css?1619054957" rel="stylesheet">
<link href="/hono/docs/css/fontawesome-all.min.css?1619054957" rel="stylesheet">
<link href="/hono/docs/css/hybrid.css?1619054957" rel="stylesheet">
<link href="/hono/docs/css/featherlight.min.css?1619054957" rel="stylesheet">
<link href="/hono/docs/css/perfect-scrollbar.min.css?1619054957" rel="stylesheet">
<link href="/hono/docs/css/auto-complete.css?1619054957" rel="stylesheet">
<link href="/hono/docs/css/atom-one-dark-reasonable.css?1619054957" rel="stylesheet">
<link href="/hono/docs/css/theme.css?1619054957" rel="stylesheet">
<link href="/hono/docs/css/hugo-theme.css?1619054957" rel="stylesheet">
<link href="/hono/docs/css/theme-hono.css?1619054957" rel="stylesheet">
<link href="/hono/docs/css/hono.css?1619054957" rel="stylesheet">
<script src="/hono/docs/js/jquery-3.3.1.min.js?1619054957"></script>
<style>
:root #header + #content > #left > #rlblock_left{
display:none !important;
}
:not(pre) > code + span.copy-to-clipboard {
display: none;
}
</style>
<link rel="stylesheet" href="https://www.eclipse.org/eclipse.org-common/themes/solstice/public/stylesheets/vendor/cookieconsent/cookieconsent.min.css">
<meta name="twitter:card" content="summary_large_image">
<meta name="twitter:site" content="@EclipseHono">
<meta name="twitter:title" content="Multi-Tenancy :: Eclipse Hono&amp;trade; Vers.: 1.1">
<meta name="twitter:image" content="https://www.eclipse.org/hono/docs/images/twitter_image.png">
<meta name="twitter:description" content="A set of micro-services for connecting millions of devices.">
<meta property="og:title" content="Multi-Tenancy :: Eclipse Hono&amp;trade; Vers.: 1.1" />
<meta property="og:type" content="website" />
<meta property="og:url" content="https://www.eclipse.org/hono/docs/1.1/concepts/tenancy//" />
<meta property="og:image" content="https://www.eclipse.org/hono/docs/images/twitter_image.png" />
</head>
<body class="" data-url="/hono/docs/1.1/concepts/tenancy/">
<nav id="sidebar" class="">
<div id="header-wrapper">
<div id="header">
<a href="https://www.eclipse.org/hono/">
<img src="/hono/docs/images/HONO-Logo_Bild-Wort_quer-w-310x120px.svg" alt="Hono logo" class="logo-img">
</a>
</div>
<div class="searchbox">
<label for="search-by"><i class="fas fa-search"></i></label>
<input data-search-input id="search-by" type="search" placeholder="Search...">
<span data-search-clear=""><i class="fas fa-times"></i></span>
</div>
<script type="text/javascript" src="/hono/docs/js/lunr.min.js?1619054957"></script>
<script type="text/javascript" src="/hono/docs/js/auto-complete.js?1619054957"></script>
<script type="text/javascript">
var baseurl = "https:\/\/www.eclipse.org\/hono\/docs\/\/1.1";
</script>
<script type="text/javascript" src="/hono/docs/js/search.js?1619054957"></script>
</div>
<div class="highlightable">
<ul class="topics">
<li data-nav-id="/hono/docs/1.1/concepts/" title="Concepts" class="dd-item
parent
">
<a href="/hono/docs/1.1/concepts/">
<i class="far fa-lightbulb"></i> Concepts
</a>
<ul>
<li data-nav-id="/hono/docs/1.1/concepts/device-identity/" title="Device Identity" class="dd-item ">
<a href="/hono/docs/1.1/concepts/device-identity/">
Device Identity
</a>
</li>
<li data-nav-id="/hono/docs/1.1/concepts/tenancy/" title="Multi-Tenancy" class="dd-item active">
<a href="/hono/docs/1.1/concepts/tenancy/">
Multi-Tenancy
</a>
</li>
<li data-nav-id="/hono/docs/1.1/concepts/device-provisioning/" title="Device Provisioning" class="dd-item ">
<a href="/hono/docs/1.1/concepts/device-provisioning/">
Device Provisioning
</a>
</li>
<li data-nav-id="/hono/docs/1.1/concepts/connecting-devices/" title="Connecting Devices" class="dd-item ">
<a href="/hono/docs/1.1/concepts/connecting-devices/">
Connecting Devices
</a>
</li>
<li data-nav-id="/hono/docs/1.1/concepts/device-notifications/" title="Device Notifications" class="dd-item ">
<a href="/hono/docs/1.1/concepts/device-notifications/">
Device Notifications
</a>
</li>
<li data-nav-id="/hono/docs/1.1/concepts/command-and-control/" title="Command &amp; Control" class="dd-item ">
<a href="/hono/docs/1.1/concepts/command-and-control/">
Command &amp; Control
</a>
</li>
<li data-nav-id="/hono/docs/1.1/concepts/resource-limits/" title="Resource limits" class="dd-item ">
<a href="/hono/docs/1.1/concepts/resource-limits/">
Resource limits
</a>
</li>
<li data-nav-id="/hono/docs/1.1/concepts/connection-events/" title="Connection Events" class="dd-item ">
<a href="/hono/docs/1.1/concepts/connection-events/">
Connection Events
</a>
</li>
</ul>
</li>
<li data-nav-id="/hono/docs/1.1/user-guide/" title="User Guide" class="dd-item
">
<a href="/hono/docs/1.1/user-guide/">
<i class="fas fa-book-reader"></i> User Guide
</a>
<ul>
<li data-nav-id="/hono/docs/1.1/user-guide/device-registry/" title="Device Registry" class="dd-item ">
<a href="/hono/docs/1.1/user-guide/device-registry/">
Device Registry
</a>
</li>
<li data-nav-id="/hono/docs/1.1/user-guide/http-adapter/" title="HTTP Adapter" class="dd-item ">
<a href="/hono/docs/1.1/user-guide/http-adapter/">
HTTP Adapter
</a>
</li>
<li data-nav-id="/hono/docs/1.1/user-guide/mqtt-adapter/" title="MQTT Adapter" class="dd-item ">
<a href="/hono/docs/1.1/user-guide/mqtt-adapter/">
MQTT Adapter
</a>
</li>
<li data-nav-id="/hono/docs/1.1/user-guide/amqp-adapter/" title="AMQP Adapter" class="dd-item ">
<a href="/hono/docs/1.1/user-guide/amqp-adapter/">
AMQP Adapter
</a>
</li>
<li data-nav-id="/hono/docs/1.1/user-guide/kura-adapter/" title="Kura Adapter" class="dd-item ">
<a href="/hono/docs/1.1/user-guide/kura-adapter/">
Kura Adapter
</a>
</li>
<li data-nav-id="/hono/docs/1.1/user-guide/sigfox-adapter/" title="Sigfox Adapter" class="dd-item ">
<a href="/hono/docs/1.1/user-guide/sigfox-adapter/">
Sigfox Adapter
</a>
</li>
<li data-nav-id="/hono/docs/1.1/user-guide/jmeter_load_tests/" title="Load Tests with JMeter" class="dd-item ">
<a href="/hono/docs/1.1/user-guide/jmeter_load_tests/">
Load Tests with JMeter
</a>
</li>
</ul>
</li>
<li data-nav-id="/hono/docs/1.1/admin-guide/" title="Admin Guide" class="dd-item
">
<a href="/hono/docs/1.1/admin-guide/">
<i class="fas fa-sliders-h"></i> Admin Guide
</a>
<ul>
<li data-nav-id="/hono/docs/1.1/admin-guide/common-config/" title="Common Configuration" class="dd-item ">
<a href="/hono/docs/1.1/admin-guide/common-config/">
Common Configuration
</a>
</li>
<li data-nav-id="/hono/docs/1.1/admin-guide/auth-server-config/" title="Auth Server Configuration" class="dd-item ">
<a href="/hono/docs/1.1/admin-guide/auth-server-config/">
Auth Server Configuration
</a>
</li>
<li data-nav-id="/hono/docs/1.1/admin-guide/device-registry-config/" title="Device Registry Configuration" class="dd-item ">
<a href="/hono/docs/1.1/admin-guide/device-registry-config/">
Device Registry Configuration
</a>
</li>
<li data-nav-id="/hono/docs/1.1/admin-guide/device-connection-config/" title="Configuring the Device Connection Service" class="dd-item ">
<a href="/hono/docs/1.1/admin-guide/device-connection-config/">
Device Connection Service Configuration
</a>
</li>
<li data-nav-id="/hono/docs/1.1/admin-guide/http-adapter-config/" title="HTTP Adapter Configuration" class="dd-item ">
<a href="/hono/docs/1.1/admin-guide/http-adapter-config/">
HTTP Adapter Configuration
</a>
</li>
<li data-nav-id="/hono/docs/1.1/admin-guide/amqp-adapter-config/" title="AMQP Adapter Configuration" class="dd-item ">
<a href="/hono/docs/1.1/admin-guide/amqp-adapter-config/">
AMQP Adapter Configuration
</a>
</li>
<li data-nav-id="/hono/docs/1.1/admin-guide/mqtt-adapter-config/" title="MQTT Adapter Configuration" class="dd-item ">
<a href="/hono/docs/1.1/admin-guide/mqtt-adapter-config/">
MQTT Adapter Configuration
</a>
</li>
<li data-nav-id="/hono/docs/1.1/admin-guide/kura-adapter-config/" title="Kura Adapter Configuration" class="dd-item ">
<a href="/hono/docs/1.1/admin-guide/kura-adapter-config/">
Kura Adapter Configuration
</a>
</li>
<li data-nav-id="/hono/docs/1.1/admin-guide/hono-client-configuration/" title="Hono Client Configuration" class="dd-item ">
<a href="/hono/docs/1.1/admin-guide/hono-client-configuration/">
Hono Client Configuration
</a>
</li>
<li data-nav-id="/hono/docs/1.1/admin-guide/amqp-network-config/" title="AMQP 1.0 Messaging Network Configuration" class="dd-item ">
<a href="/hono/docs/1.1/admin-guide/amqp-network-config/">
AMQP 1.0 Messaging Network Configuration
</a>
</li>
<li data-nav-id="/hono/docs/1.1/admin-guide/secure_communication/" title="Secure Communication" class="dd-item ">
<a href="/hono/docs/1.1/admin-guide/secure_communication/">
Secure Communication
</a>
</li>
<li data-nav-id="/hono/docs/1.1/admin-guide/monitoring-tracing-config/" title="Monitoring &amp; Tracing" class="dd-item ">
<a href="/hono/docs/1.1/admin-guide/monitoring-tracing-config/">
Monitoring &amp; Tracing
</a>
</li>
</ul>
</li>
<li data-nav-id="/hono/docs/1.1/dev-guide/" title="Developer Guide" class="dd-item
">
<a href="/hono/docs/1.1/dev-guide/">
<i class="fas fa-tools"></i> Developer Guide
</a>
<ul>
<li data-nav-id="/hono/docs/1.1/dev-guide/building_hono/" title="Building from Source" class="dd-item ">
<a href="/hono/docs/1.1/dev-guide/building_hono/">
Building from Source
</a>
</li>
<li data-nav-id="/hono/docs/1.1/dev-guide/java_client_consumer/" title="Consuming Messages from Java" class="dd-item ">
<a href="/hono/docs/1.1/dev-guide/java_client_consumer/">
Consuming Messages from Java
</a>
</li>
<li data-nav-id="/hono/docs/1.1/dev-guide/custom_http_adapter/" title="Implement a Custom Hono HTTP Protocol Adapter" class="dd-item ">
<a href="/hono/docs/1.1/dev-guide/custom_http_adapter/">
Implement a Custom Hono HTTP Protocol Adapter
</a>
</li>
</ul>
</li>
<li data-nav-id="/hono/docs/1.1/api/" title="API" class="dd-item
">
<a href="/hono/docs/1.1/api/">
&nbsp;<i class='fas fa-plug'></i>&nbsp;API
</a>
<ul>
<li data-nav-id="/hono/docs/1.1/api/telemetry/" title="Telemetry API Specification" class="dd-item ">
<a href="/hono/docs/1.1/api/telemetry/">
Telemetry API
</a>
</li>
<li data-nav-id="/hono/docs/1.1/api/event/" title="Event API Specification" class="dd-item ">
<a href="/hono/docs/1.1/api/event/">
Event API
</a>
</li>
<li data-nav-id="/hono/docs/1.1/api/command-and-control/" title="Command &amp; Control API Specification" class="dd-item ">
<a href="/hono/docs/1.1/api/command-and-control/">
Command &amp; Control API
</a>
</li>
<li data-nav-id="/hono/docs/1.1/api/tenant/" title="Tenant API Specification" class="dd-item ">
<a href="/hono/docs/1.1/api/tenant/">
Tenant API
</a>
</li>
<li data-nav-id="/hono/docs/1.1/api/device-connection/" title="Device Connection API Specification" class="dd-item ">
<a href="/hono/docs/1.1/api/device-connection/">
Device Connection API
</a>
</li>
<li data-nav-id="/hono/docs/1.1/api/device-registration/" title="Device Registration API Specification" class="dd-item ">
<a href="/hono/docs/1.1/api/device-registration/">
Device Registration API
</a>
</li>
<li data-nav-id="/hono/docs/1.1/api/credentials/" title="Credentials API Specification" class="dd-item ">
<a href="/hono/docs/1.1/api/credentials/">
Credentials API
</a>
</li>
<li data-nav-id="/hono/docs/1.1/api/authentication/" title="Authentication API Specification" class="dd-item ">
<a href="/hono/docs/1.1/api/authentication/">
Authentication API
</a>
</li>
<li data-nav-id="/hono/docs/1.1/api/management/" title="Device Registry Management API Specification" class="dd-item ">
<a href="/hono/docs/1.1/api/management/">
Device Registry Management API
</a>
</li>
<li data-nav-id="/hono/docs/1.1/api/metrics/" title="Metrics" class="dd-item ">
<a href="/hono/docs/1.1/api/metrics/">
Metrics
</a>
</li>
</ul>
</li>
<li data-nav-id="/hono/docs/1.1/deployment/" title="Deployment" class="dd-item
">
<a href="/hono/docs/1.1/deployment/">
<i class="fas fa-shipping-fast"></i> Deployment
</a>
<ul>
<li data-nav-id="/hono/docs/1.1/deployment/helm-based-deployment/" title="Helm based Deployment" class="dd-item ">
<a href="/hono/docs/1.1/deployment/helm-based-deployment/">
Helm based Deployment
</a>
</li>
<li data-nav-id="/hono/docs/1.1/deployment/openshift/" title="OpenShift / OKD" class="dd-item ">
<a href="/hono/docs/1.1/deployment/openshift/">
OpenShift / OKD
</a>
</li>
<li data-nav-id="/hono/docs/1.1/deployment/create-kubernetes-cluster/" title="Setting up a Kubernetes Cluster" class="dd-item ">
<a href="/hono/docs/1.1/deployment/create-kubernetes-cluster/">
Setting up a Kubernetes Cluster
</a>
</li>
<li data-nav-id="/hono/docs/1.1/deployment/resource-limitation/" title="Limiting Resource Usage" class="dd-item ">
<a href="/hono/docs/1.1/deployment/resource-limitation/">
Limiting Resource Usage
</a>
</li>
</ul>
</li>
<li data-nav-id="/hono/docs/1.1/architecture/" title="Architecture" class="dd-item
">
<a href="/hono/docs/1.1/architecture/">
<i class="fas fa-landmark"></i> Architecture
</a>
<ul>
<li data-nav-id="/hono/docs/1.1/architecture/component-view/" title="Component View" class="dd-item ">
<a href="/hono/docs/1.1/architecture/component-view/">
Component View
</a>
</li>
<li data-nav-id="/hono/docs/1.1/architecture/auth/" title="Authentication/Authorization" class="dd-item ">
<a href="/hono/docs/1.1/architecture/auth/">
Authentication/Authorization
</a>
</li>
</ul>
</li>
</ul>
<section id="shortcuts">
<h3></h3>
<ul>
<li>
<a class="padding" href="https://www.eclipse.org/hono/" title="Hono&#39;s Homepage"><i class='fas fa-home'></i> Hono Home</a>
</li>
<li>
<a class="padding" href="https://www.eclipse.org/hono/getting-started/" title="Getting started with Eclipse Hono"><i class='fas fa-plane-departure'></i> Getting Started</a>
</li>
</ul>
</section>
<section id="prefooter">
<hr/>
<ul>
<li>
<div id="select-box-wrapper">
<div id="select-box">
<a class="padding">
Version:&nbsp;
<div class="select-style">
<select id="select-language" onchange="location = this.value;">
<option id="1.2" value="https://www.eclipse.org/hono/docs/1.2/concepts/tenancy/">1.2</option>
<option id="1.1" value="https://www.eclipse.org/hono/docs/1.1/concepts/tenancy/" selected>1.1</option>
<option id="1.0" value="https://www.eclipse.org/hono/docs/1.0/concepts/tenancy/">1.0</option>
</select>
<svg version="1.1" id="Capa_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
width="255px" height="255px" viewBox="0 0 255 255" style="enable-background:new 0 0 255 255;" xml:space="preserve">
<g>
<g id="arrow-drop-down">
<polygon points="0,63.75 127.5,191.25 255,63.75 " />
</g>
</g>
</svg>
</div>
</a>
</div>
</div>
</li>
</ul>
</section>
<section id="footer">
<p>&copy; 2021 <a href="https://www.eclipse.org/hono/">The Eclipse Hono Project</a></p>
<p>
Documentation built with
<a href="https://gohugo.io/" target="_blank">Hugo</a>
using the
<a href="https://github.com/matcornic/hugo-theme-learn" target="_blank">Learn</a> theme.
</p>
<div class="eclipse-logo">
<a href="https://www.eclipse.org" target="_blank">
<img src="https://www.eclipse.org/hono/docs/images/eclipse_foundation_logo.svg"/>
</a>
</div>
</section>
</div>
</nav>
<section id="body">
<div id="overlay"></div>
<div class="old-version-hint">
<p>This page refers to version <em>1.1</em>.
You might want to use the <a href="https://www.eclipse.org/hono/docs/">current stable</a> version.
</p>
</div>
<div class="padding highlightable">
<div>
<div id="top-bar">
<div id="top-github-link">
<a class="github-link" title='Edit this page' href="https://github.com/eclipse/hono/edit/master/site/documentation/content/concepts/tenancy.md" target="blank">
<i class="fas fa-code-branch"></i>
<span id="top-github-link-text">Edit this page</span>
</a>
</div>
<div id="breadcrumbs" itemscope="" itemtype="http://data-vocabulary.org/Breadcrumb">
<span id="sidebar-toggle-span">
<a href="#" id="sidebar-toggle" data-sidebar-toggle="">
<i class="fas fa-bars"></i>
</a>
</span>
<span id="toc-menu"><i class="fas fa-list-alt"></i></span>
<span class="links">
<a href='/hono/docs/1.1/'>Documentation</a> > <a href='/hono/docs/1.1/concepts/'>Concepts</a> > Multi-Tenancy
</span>
</div>
<div class="progress">
<div class="wrapper">
<nav id="TableOfContents">
<ul>
<li><a href="#the-tenant-api">The Tenant API</a></li>
<li><a href="#protocol-adapters-respect-the-tenant-api">Protocol Adapters respect the Tenant API</a></li>
<li><a href="#protocol-adapter-configuration">Protocol Adapter Configuration</a></li>
<li><a href="#amqp-10-endpoints">AMQP 1.0 Endpoints</a></li>
<li><a href="#devices-and-tenants">Devices and Tenants</a></li>
<li><a href="#tenant-based-flow-control">Tenant based Flow Control</a></li>
<li><a href="#authorization-at-tenant-level">Authorization at Tenant Level</a></li>
<li><a href="#business-applications-and-tenants">Business Applications and Tenants</a></li>
<li><a href="#separation-of-tenants">Separation of Tenants</a></li>
<li><a href="#hints-for-production">Hints for Production</a></li>
</ul>
</nav>
</div>
</div>
</div>
</div>
<div id="head-tags">
</div>
<div id="body-inner">
<h1>
Multi-Tenancy
</h1>
<p>Hono is designed to structure the set of all internally managed data and data streams into strictly isolated subsets.
This includes the registration data and credentials of devices, internal users that are used for authentication,
and the <em>Business Applications</em> that are part of such subsets as well.</p>
<p>This way of <em>strict</em> isolation is generally known as multi-tenancy, where a <strong>tenant</strong> is the term for such a subset.
Such an isolation is essential for enabling a scalable distributed architecture to handle independent subsets as if each subset had its
own installation (which would be much harder to maintain and would not benefit from runtime cost sharing).</p>
<p>Hono&rsquo;s multi-tenancy concept is based on handling tenants as own <em>entities</em>. All functionality of Hono is
provided in the context of a previously created tenant - except the creation of a tenant itself.</p>
<p>In the following the different aspects of multi-tenancy in Hono are addressed and a full overview of the concept is given.</p>
<h2 id="the-tenant-api">The Tenant API</h2>
<p>By means of the <a href="/hono/docs/1.1/api/tenant/">Tenant API</a> Hono handles tenants as own <em>entities</em>.
The API defines how to <em>retrieve</em> the details of a specific tenant. This offers the possibility to handle arbitrary
properties on the level of a tenant (see e.g. <a href="#protocol-adapter-configuration">Protocol adapter configuration</a>).
For convenience, there are CRUD operations for the handling of tenants, which can be found in the
<a href="/hono/docs/1.1/user-guide/device-registry/">Device Registry</a>.</p>
<h2 id="protocol-adapters-respect-the-tenant-api">Protocol Adapters respect the Tenant API</h2>
<p>When a device connects to one of Hono&rsquo;s protocol adapters, the adapter determines the tenant this device belongs to.
How this is done is described in the User Guide.
After the tenant is determined, the adapter retrieves the details of the determined tenant by means of the Tenant API.
Only if the tenant exists and is enabled the adapter further processes the data of the device that is connecting. Otherwise
the connection will be closed.</p>
<h2 id="protocol-adapter-configuration">Protocol Adapter Configuration</h2>
<p>Protocol adapters retrieve parts of their configuration on a tenant level by using the details of the determined tenant.
This includes e.g. if a specific protocol adapter is enabled at all for this tenant, allowing to define tenants with
only a subset of Hono&rsquo;s functionality. This feature is foreseen to be especially important for production setups.</p>
<p><em>Example</em>: a tenant that</p>
<ul>
<li>can use the MQTT protocol adapter</li>
<li>but is not allowed to use the HTTP protocol adapter</li>
</ul>
<p>Please refer to the <a href="/hono/docs/1.1/api/tenant/">Tenant API</a> to find out which protocol adapter properties
can be configured at the tenant level.</p>
<h2 id="amqp-10-endpoints">AMQP 1.0 Endpoints</h2>
<p>The AMQP 1.0 endpoints for all APIs of Hono are scoped to a tenant, by using the scheme <code>&lt;api-name&gt;/TENANT/...</code>.</p>
<p><em>Examples</em>:</p>
<ul>
<li><code>telemetry/TENANT</code></li>
<li><code>registration/TENANT</code></li>
</ul>
<p>etc.</p>
<p>This separates the AMQP endpoints from each other on a tenant level.</p>
<p>The only exception to this is the <a href="/hono/docs/1.1/api/tenant/">Tenant API</a>, which does not follow this scheme since it
is addressing the tenants themselves.</p>
<h2 id="devices-and-tenants">Devices and Tenants</h2>
<p>A physical device will usually be represented in Hono as an entity in the device registry, having a unique identity
and belonging to exactly one tenant. All data sent from a device, as well as from the application to the device,
is therefore treated as belonging to the corresponding tenant.</p>
<p>The following diagram shows the relation between tenants, devices and their credentials:</p>
<figure>
<img src="../Tenants_Devices_Credentials.png"/> <figcaption>
<h4>Tenants, Devices and Credentials</h4>
</figcaption>
</figure>
<h2 id="tenant-based-flow-control">Tenant based Flow Control</h2>
<p>An important detail in Hono&rsquo;s architecture is that data sent downstream is transported via the tenant
scoped AMQP 1.0 links from the protocol adapters to the AMQP 1.0 network.
Each tenant has its own pair of AMQP 1.0 links and is treated
independently from other tenants regarding the back pressure mechanism that AMQP 1.0 offers.
This enables a <em>Business application</em> to limit the rate at which it consumes AMQP 1.0 messages per tenant.</p>
<p>For the other direction, when commands are sent from the application to the device, the rate is also limited per tenant.</p>
<h2 id="authorization-at-tenant-level">Authorization at Tenant Level</h2>
<p>Hono&rsquo;s components authenticate each other by means of the <a href="/hono/docs/1.1/api/authentication/">Authentication API</a>.
The returned token for a successful authentication contains authorization information that is addressing the AMQP 1.0
endpoints. Since the endpoints (as outlined above) are scoped to a tenant, this enables to configure tenants that are
authorized to only a subset of Hono&rsquo;s full functionality.</p>
<p><em>Example</em>: a tenant (defined by means of authorization configuration) that</p>
<ul>
<li>is allowed to send telemetry data downstream</li>
<li>but is not allowed to send event data</li>
</ul>
<p>This is done by not including the event endpoint in the authorization token for these tenants.</p>
<h2 id="business-applications-and-tenants">Business Applications and Tenants</h2>
<p>The northbound <em>Business applications</em> are always connecting to the AMQP 1.0 endpoints of Hono.
By means of the authentication and authorization setup and the fact that the endpoints are scoped to a tenant, the
<em>Business application</em> is only acting in the context of one tenant.</p>
<h2 id="separation-of-tenants">Separation of Tenants</h2>
<p>Tenants are separated from each other in all of Hono&rsquo;s components.
Here is a summary of how this is implemented:</p>
<ul>
<li>the registration of devices are strictly scoped to a tenant</li>
<li>the credentials of devices are strictly scoped to a tenant</li>
<li>protocol adapters can be enabled/disabled for a tenant</li>
<li>the downstream data flow is isolated for every tenant</li>
<li>the upstream data flow (<a href="/hono/docs/1.1/concepts/command-and-control/">Command &amp; Control</a>) is isolated for every tenant</li>
<li><em>Business applications</em> need to authenticate to the AMQP 1.0 network and are by that mechanism scoped to their tenant</li>
</ul>
<h2 id="hints-for-production">Hints for Production</h2>
<p>To be flexible for the different needs of production setups, Hono tries to make as few assumptions about the combination
of the different APIs as possible.
This means e.g. that the Device Registry does not enforce referential integrity of the APIs:</p>
<ul>
<li>devices can be created for a tenant that is not existing (yet)</li>
<li>credentials can be created for a tenant and/or a device that is not existing (yet)</li>
<li>tenants can be deleted and leave their scoped devices and credentials still in the configuration (which may not be usable
anymore, since the tenant is missing)</li>
</ul>
<p>These are points that production setups may want to implement differently.</p>
<footer class="footline">
</footer>
</div>
</div>
<div id="navigation">
</div>
</section>
<div style="left: -1000px; overflow: scroll; position: absolute; top: -1000px; border: none; box-sizing: content-box; height: 200px; margin: 0px; padding: 0px; width: 200px;">
<div style="border: none; box-sizing: content-box; height: 200px; margin: 0px; padding: 0px; width: 200px;"></div>
</div>
<script src="/hono/docs/js/clipboard.min.js?1619054958"></script>
<script src="/hono/docs/js/perfect-scrollbar.min.js?1619054958"></script>
<script src="/hono/docs/js/perfect-scrollbar.jquery.min.js?1619054958"></script>
<script src="/hono/docs/js/jquery.sticky.js?1619054958"></script>
<script src="/hono/docs/js/featherlight.min.js?1619054958"></script>
<script src="/hono/docs/js/highlight.pack.js?1619054958"></script>
<script>hljs.initHighlightingOnLoad();</script>
<script src="/hono/docs/js/modernizr.custom-3.6.0.js?1619054958"></script>
<script src="/hono/docs/js/learn.js?1619054958"></script>
<script src="/hono/docs/js/hugo-learn.js?1619054958"></script>
<link href="/hono/docs/mermaid/mermaid.css?1619054958" rel="stylesheet" />
<script src="/hono/docs/mermaid/mermaid.js?1619054958"></script>
<script>
mermaid.initialize({ startOnLoad: true });
</script>
<script>
(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':
new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],
j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src=
'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);
})(window,document,'script','dataLayer','GTM-5WLCZXC');
</script>
<script src="https://www.eclipse.org/eclipse.org-common/themes/solstice/public/javascript/vendor/cookieconsent/default.min.js"></script>
</body>
</html>