Skip to main content

Multi-Tenant Architecture

GCXONE employs a sophisticated multi-tenant architecture that enables multiple organizations to use the same cloud infrastructure while maintaining complete data isolation, security, and independent configuration.

🏢

Multi-Tenant

Complete Isolation

Architecture Overview

How Multi-Tenancy Works

Each tenant operates in complete isolation while sharing the same cloud infrastructure

Core Principles

🔒

Data Isolation

Each tenant's data is completely separate and inaccessible to other tenants. Isolation is enforced at database, application, and infrastructure levels.

  • Database-level separation
  • Application-level scoping
  • Infrastructure isolation
⚙️

Independent Config

Each tenant can have custom settings, branding, and integrations. Configuration changes in one tenant never affect others.

  • Custom branding
  • Feature flags
  • Integration settings
📈

Scalable Infrastructure

Shared resources scale efficiently across all tenants. Infrastructure costs are shared while maintaining security and performance.

  • Auto-scaling
  • Resource efficiency
  • Cost optimization

Data Isolation Mechanisms

Database-Level Isolation

Implementation

  • Logical Separation: Each tenant has logically separated data within shared databases
  • Tenant ID Embedding: Tenant ID embedded in every database query
  • Query Scoping: Cross-tenant queries prevented at application layer
  • Index Optimization: Indexes optimized for tenant-scoped queries

MongoDB Architecture

  • ✅ Shared MongoDB clusters
  • ✅ Logical tenant separation
  • ✅ Tenant ID in all queries
  • ✅ Efficient query patterns
  • ✅ Tenant-aware backups

Subdomain-Based Access

🌐 Unique Subdomain Access

Domain Patterns

company.nxgen.cloud

Primary domain pattern

customer.inexchange.cloud

Alternative domain pattern

Benefits

  • Easy Identification: Clear tenant identification from URL
  • SSL/TLS Management: Simplified certificate management
  • DNS-Based Routing: Efficient request routing
  • Branding: Custom domains support white-label

Security Features

🔐 Authentication & Authorization

  • Multi-Factor Authentication (MFA)
    • Optional MFA for enhanced security
    • Tenant-specific MFA policies
    • Auth0 integration
  • Role-Based Access Control (RBAC)
    • Granular permissions at every level
    • Tenant administrators manage scope
    • Customer-level user management

🔒 Encryption

  • Data in Transit
    • TLS 1.2+ for all communications
    • End-to-end encryption for sensitive data
    • Certificate management per tenant
  • Data at Rest
    • AES-256 encryption
    • AWS KMS key management
    • Tenant-specific keys where required

✅ Compliance Standards

🇪🇺

GDPR

Data protection and privacy compliance

🛡️

SOC 2

Security and availability controls

📋

ISO 27001

Information security management

Use Cases

🏢

MSSPs

Managed Security Service Providers

  • Multiple customers per tenant
  • White-label options
  • Centralized management
  • Isolated operations
🏭

Enterprises

Large Enterprise Organizations

  • Division separation
  • Geographic organization
  • Departmental control
  • Centralized oversight
🚀

Service Providers

Platform Service Providers

  • White-label deployment
  • Custom integrations
  • Scalable growth
  • Resource efficiency

Benefits Comparison

For Tenants

  • ✅ Complete data isolation
  • ✅ Custom configuration
  • ✅ Scalability without infrastructure concerns
  • ✅ Enterprise-grade security
  • ✅ Cost efficiency

For Platform

  • ✅ Resource efficiency
  • ✅ Scalable growth
  • ✅ Centralized maintenance
  • ✅ Innovation deployment
  • ✅ Cost optimization

Need Help?

If you have questions about multi-tenant architecture or need assistance with tenant configuration, check our Troubleshooting Guide or contact support.