Launch HN: Fortress (YC S24) – Database platform for multi-tenant SaaS

Speaking as a dev with over 12 years of experience in both dev and ops, that has implemented and maintained multiple multi-tenant systems with different levels of multi-tenant isolation (infra, db, schema, table, shared tables).

I dot see the value proposition here. Let's take couple of examples

If I need to have my totally separate infra for each tenant I'm going to go for terraform

If I need separate database on the same db infra, I'm Goin to either have a db initialization script that creates a usable db or clones a template database already present

So why do I need your sdk? To avoid a call to postgres to execute a script or a terraform script?

How does that work with the need for prefilled data?

Maybe I'm missing something, but I do not understand this service.

If I understand this correctly it's mainly a UI to create new instances of postgresql on existing platforms that offer it as a service or create clusters/databases (in the postgresql jargon) on those. Seems like the SDK is a wrapper for existing libraries to provide connection string for connecting and not much else. Is that correct?

Am I your target customer?

Here's my two cents: your FTUX has so many steps and so many tour popups, and IMHO these are overwhelm your value prop. You have an opportunity to focus more on your value prop first and foremost. If you like, I can give you my actual use cases.

I use AWS, and I use multi-tenant Postgres such as with a tenant_id row, as well as multi-region setups, and for some projects one database per end organization tenant.

On AWS I use Aurora and also some self-managed Postgres. Some of the Postgres extensions I use are for geofencing, trigramming, etc. and these ideally could/should have tenant-specific instantiations. I code using Go & Rust. I work in regulated industries that use SOX, HIPAA, FERPA, etc.

Can you speak to if/how the Fortress value prop can help me, and if/how/when to get the API in Go and Rust?

I think you have a lot of potential customers who know they have a multi tenant challenge but don’t know that they have a “don’t roll your own” challenge. Most multi tenant systems fail open rather than fail closed and leak data very easily. Forget a where clause? Query should find no data, not everyone’s data.

Always try to find ways to remove an entire class of problem.

Multi-tenant stuff is very interesting to me.

Do you provide any per-tenant resource limits or prioritization (storage, memory, network [rates plus total], CPU)? Anything to limit the impact of noisy neighbors?

Do you provide per-tenant accounting (for billing) capabilities?

Would be nice to have ActiveRecord integration for Ruby/Rails. It's nice to have the same API for all languages, but AR is pretty much the standard for Rails SaaS and you're adding a lot of work that Ruby devs don't generally need to do otherwise.

Not to say that effort is or isn't worth it, but Rails companies will have to _really want_ what you offer to build on it, and your call if it's worth investing that effort on your side or not.

If you’re interested in row level access control on Postgres, it works like this:

Prior to doing queries, you do a SQL query that sets a “Postgres environment variable”.

In very simplified terms, after that, queries automatically have a WHERE clause applied which ensures only rows with the value of the env variable are returned.

This is a good thing because it means you do not have to write WHERE customer = ‘blah’ anywhere.

Congrats on your launch. There are some very mature solutions out there https://www.citusdata.com/use-cases/multi-tenant-apps/

What's the comparison with citus?

Do you support scaling to zero? I wonder if native offerings of cloud providers (Cloud SQL/Alloydb or Aurora) still make sense as keeping hundreds of PG instances at scale will likely be a challenge if you're managing them from your control plane.

Also, is there any compliance that requires it to be in different Postgresql servers? I assume most companies just use some sort of isolation (tenant_id column or dedicated tenant database/table) so I wonder if this problem could better be solved as a proxy layer.

(edited from a different question) It could be interesting to pivot as a layer on top of Supabase ?

Like "we protect / monitor / audit / lock your Supabase instance".

RLS is an easy pitfall there, and it's a database used by a lot of SaaS products.

You wouldn't get the pain of managing clusters, and at the same time, you get the good role, and companies who care about data safety can use it as additional security assurance.

FYI I can’t really see the code examples on mobile.

Congratulations on the launch! That’s really an innovative way to enforce tenant isolation. Curious to hear people’s toughts on another interesting approach:

https://zenstack.dev/blog/multi-tenant#innovative-approach

At Adaptive (https://adaptive.live), we working with lot of orgs in regulated space. for eg. this setup will not pass compliance requirements for multi-tenancy for Reserved Bank of India, where the expectation is that each tenant is isolated storage-wise.

Does Fortress add any value if SaaS product is creating Neon.tech instances for each tenant?

At my current workplace, we deal with this via postgres schema per tenant. We have a script that ensures every schema has the same tables, indices and permissions. Scales pretty well.

I just wish postgres on AWS had better ability to separate compute and storage.

You might check out the work https://wristband.dev is doing on multi-tenant auth. My read is it's complimentary to what you're doing rather than competitive.

Reading "Database platform for multi-tenant SaaS" scared me and made me think you're building another Database

IMO the tagline should be a "Postgres platform for multi-tenant SaaS"

This seems interesting, but I can’t quite figure out what your target audience is. Can you give an example of a theoretical customer and how they would use your product?

Do you think cloud providers will all provide multi-tenancy as a native feature eventually? What's your strategy for that?

How does this compare to Nile? (thenile.dev)

Congrats on launching. Looks promising.

Congratulations on your launch. would you mind elaborating why you pivoted from AI web scraping.

I think the big wins for something like this would be where you can say to a company "you are SOC2 compliant on your database if you do this and don't export data to your laptops" and frankly the people who are going to care the most about this are going to be either the Very large companies or those targeting Very large companies, and they are going to have a different sales cycle than this looks like it will naturally have in a YC context.

I have worked on bigger data sharing stuff, and the smaller clients have no interest in paying the single tenant tax, and the huge folks wont hear anything but.

How do you support local development?