REFERENCE ARCHITECTURE
B2B SaaS multi-tenant platform
Tenant isolation at the organization layer, Fabric private networking, per-tenant Datastore schemas, Gateway custom domains, Sentinel and Autoscale for enterprise SLAs.
AdvancedPlan: Business / EnterpriseResilience: multi-zona
Diagram
Use cases
- Vertical SaaS
- Developer platforms
- Compliance dashboards
Components
| Layer | Role | Product |
|---|---|---|
| Edge | Custom domains + WAF | Gateway + Sentinel |
| Application | Multi-tenant API + admin | Compute |
| Network | Private service mesh | Fabric |
| Persistence | Shared PG with RLS or schema/tenant | Datastore |
| Files | Tenant uploads | Archive |
| Events | Lifecycle notifications | Beacon |
| Scale | Tenant traffic bursts | Autoscale |
| Operations | Per-tenant metrics | Insight |
Products
Fabric
View product docs →Compute
View product docs →Datastore
View product docs →Gateway
View product docs →Sentinel
View product docs →Autoscale
View product docs →Archive
View product docs →Insight
View product docs →Beacon
View product docs →When to use
- B2B products where each customer brings their own subdomain.
- Row-level or schema-per-tenant isolation requirements.
- Enterprise deals demanding SSO-ready infra and audit trails.
When to avoid
- Single-tenant internal app — web mono-region is simpler.
- Consumer social app with billions of rows — needs sharding review.
Design notes
Tenant routing
Gateway maps {tenant}.app.acme.com to the same Compute fleet; tenant ID resolved at edge or app middleware.
Isolation model
Tesserra isolates organizations at the platform layer. Inside your app, enforce tenant_id on every query.
Beacon for webhooks
Publish tenant lifecycle events (signup, plan change) via Beacon for billing and CRM integrations.
Blueprint
Use this JSON as a starting point when creating a project via the Tesserra API or console. Replace image URLs, domains, and resource references with your values.
json
{
"nome": "B2B Platform",
"resiliencia": "multi-zona",
"recursos": [
{
"tipo": "fabric",
"nome": "saas-net",
"config": {
"cidr": "10.50.0.0/16",
"publica": true
}
},
{
"tipo": "compute",
"nome": "tenant-api",
"config": {
"subtipo": "api",
"replicas_min": 3,
"replicas_max": 20
}
},
{
"tipo": "compute",
"nome": "admin-ui",
"config": {
"subtipo": "web",
"replicas_min": 2
}
},
{
"tipo": "datastore",
"nome": "platform-db",
"config": {
"engine": "postgres",
"ha": true,
"tamanho_gb": 100
}
},
{
"tipo": "archive",
"nome": "tenant-files",
"config": {
"tamanho_gb": 500,
"publico": false
}
},
{
"tipo": "beacon",
"nome": "lifecycle",
"config": {
"jetstream": true
}
},
{
"tipo": "sentinel",
"nome": "edge-waf",
"config": {
"modo": "bloquear",
"alvo_recurso_id": "tenant-api"
}
},
{
"tipo": "gateway",
"nome": "wildcard-dns",
"config": {
"dominio": "*.app.acme.io",
"tls": true
}
},
{
"tipo": "autoscale",
"nome": "api-scale",
"config": {
"alvo_recurso_id": "tenant-api",
"metrica": "requests",
"limiar": 60
}
},
{
"tipo": "insight",
"nome": "tenant-obs",
"config": {
"retencao_dias": 90,
"alertas": true
}
}
]
}Related
Microservices on private Fabric
Multiple Compute services on an isolated Fabric network, public ingress via Gateway, per-service Datastores and Autoscale policies.
Multi-region active-active
Compute replicas across continental Zones, Gateway geo-routing, asynchronous or synchronous Datastore replication — Business and Enterprise tiers.
Secure edge ingress
Defense-in-depth at the perimeter — Sentinel WAF, Gateway TLS termination, Fabric isolation, and Insight security monitoring.