Multi-tenant strategy with shared services

Hey I am evaluation if we can use temporal in our product. We have multiple tenants (lets say no more than 200). Each tenant has his own set of services that work in complete isolation from services from other tenants, but there are some services that are shared between all the tenants. I was thinking about using different queues for every tenant and then have a service that listens on every tenant’s queue and executes a workflow on shared services.

is it a feasible solution? Is there any way to make sure that no matter what happens, a workflow from tenant A never reaches workers on tenant B side?

Is there any way to make sure that no matter what happens, a workflow from tenant A never reaches workers on tenant B side?

You could achieve this isolation by using namespace per tenant. Workflow execution is defined with its workflow id, run id and namespace and you can control this by setting the correct tenant namespace in your client config of their workers.

As far as shared services goes, you could have a “shared” namespace for this and set up on service end a custom authorizer to for example only allow workflow executions from available tenants (to disable just any client from being able to invoke the shared service). Then your tenant workflows could invoke these shared services as child workflows when needed. Just make sure to test your cross-namespace invocations as there could potentially still be small issues (its an area thats still being improved), but there were some found issues that were already addressed, see here for example.