Multi-tenant environment using pre-readied trust boundary components

US 10,389,746 B2
Filed: 09/27/2016
Issued: 08/20/2019
Est. Priority Date: 09/28/2015
Status: Active Grant

First Claim

Patent Images

1. A computing system comprising:

one or more processors;

one or more computer-readable storage devices having stored thereon computer-executable instructions that are configured to be executed by the one or more processors to cause the computing system to configure the computing system to perform a method for providing a multi-tenancy environment in which a plurality of tenants share physical resources, the method comprising;

before determining that a new process associated with a tenant is to be run in the multi-tenancy environment, pre-readying a plurality of trust boundary components within the computing system, each of the pre-readied trust boundary components being instantiated, initialized, and pre-booted but not yet operating and each of the pre-readied trust boundary components being enabled, after having been started, to host one or more resource containers and one or more processes in the multi-tenancy environment;

determining that the new process associated with the tenant is to run in the multi-tenancy environment; and

in response to determining that the new process is to be run;

commencing running one of the plurality of pre-readied trust boundary components in the multi-tenancy environment; and

hosting and running the new process associated with the tenant within the now running pre-readied trust boundary component.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The low latency use of a multi-tenancy environment. To protect against hostility between tenants within different trust domains, tenant(s) of a common trust domain are run within a trust boundary component. Thus, there is security to protect against potential hostility between tenants of different trust domains. In order to quickly start up trust boundary components, there are multiple pre-readied (e.g., initialized, pre-booted, and/or snapshotted) trust boundary components that may be started up quickly when a new trust boundary is to be established. Processes within the trust boundary component may additionally be run within a resource container that facilitates allocation of resources amongst the various processes. Because trust boundary components may be started up quickly, the multi-tenancy environment may have security (as provided by the trust boundary components) while still being lower latency (due to the fast availability of pre-readied trust boundaries).

24 Citations

View as Search Results

20 Claims

1. A computing system comprising:
- one or more processors;
  
  one or more computer-readable storage devices having stored thereon computer-executable instructions that are configured to be executed by the one or more processors to cause the computing system to configure the computing system to perform a method for providing a multi-tenancy environment in which a plurality of tenants share physical resources, the method comprising;
  
  before determining that a new process associated with a tenant is to be run in the multi-tenancy environment, pre-readying a plurality of trust boundary components within the computing system, each of the pre-readied trust boundary components being instantiated, initialized, and pre-booted but not yet operating and each of the pre-readied trust boundary components being enabled, after having been started, to host one or more resource containers and one or more processes in the multi-tenancy environment;
  
  determining that the new process associated with the tenant is to run in the multi-tenancy environment; and
  
  in response to determining that the new process is to be run;
  
  commencing running one of the plurality of pre-readied trust boundary components in the multi-tenancy environment; and
  
  hosting and running the new process associated with the tenant within the now running pre-readied trust boundary component.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The computing system in accordance with claim 1, the plurality of pre-readied trust boundary components comprising a plurality of pre-readied virtual machines.
  - 3. The computing system in accordance with claim 1, the pre-readied plurality of trust boundary components comprising at least a plurality of initialized trust boundary components.
  - 4. The computing system in accordance with claim 1, the pre-readied plurality of trust boundary components comprising at least a plurality of revertible trust boundary components.
  - 5. The computing system in accordance with claim 4, at least one of the plurality of revertible trust boundary components comprises a hibernation file.
  - 6. The computing system in accordance with claim 4, wherein changes to a state of a revertible trust boundary component since a reversion time being kept separate from other state of the revertible trust boundary component.
  - 7. The computing system in accordance with claim 1, wherein running the new process associated with the tenant within the trust boundary component comprises:
    - running the new processes associated with the tenant within a resource container within the trust boundary component.
  - 8. The computing system in accordance with claim 1, the method further comprising:
    - an act of running a plurality of resource containers within a trust boundary component.
  - 9. The computing system in accordance with claim 8, wherein after a process is finished using a resource container of the plurality of resource containers, the resource container is removed from the trust boundary component.
  - 10. The computing system in accordance with claim 9, wherein after a process is finished using a final resource container of the plurality of resources, the method further comprises:
    - an act of revertibly initializing the trust boundary component; and
      
      an act of adding the initialized trust boundary component back into the plurality of pre-readied trust boundary components.
  - 11. The computing system in accordance with claim 1, the multi-tenancy environment including an application program interface that is usable for communicating with different types of running and/or pre-readied trust boundary components.
  - 12. The computing system in accordance with claim 1, the running trust boundary component including a container management agent that performs time-varying resource management that allocates resources allocated to the trust boundary component to the running trust boundary component itself and amongst a plurality of resource containers operating within the trust boundary component such that a service level agreement is honored.
  - 13. The computing system in accordance with claim 12, the container management agent affinitizing containers with the trust boundary component to virtual cores allocated to the trust boundary component.
  - 14. The computing system in accordance with claim 12, the running trust boundary component including a container management agent that performs time varying resource management that allocates resources allocated to the trust boundary component amongst a plurality of resource containers operating within the trust boundary component such that resources for each of the plurality of resource containers do not overlap.
  - 15. The computing system in accordance with claim 1, the computing system further comprising a container management service that allocates overlapping resources of a particular type to each of the plurality of trust boundary components.
  - 16. The computing system in accordance with claim 15, the container management service affinitizing virtual cores to physical cores.
  - 17. The computing system in accordance with claim 15, the container management service performing time-varying resource management to ensure that a service level agreement is honored.
  - 18. The computing system in accordance with claim 15, the container management service performing time-varying resource management to ensure that there is no overlapping of actually used resources of a particular type amongst the plurality of trust boundary components.

19. A method for providing a multi-tenancy environment in which a plurality of tenants share physical resources, the method comprising:
- before determining that a new process associated with a tenant is to be run in the multi-tenancy environment, pre-readying a plurality of trust boundary components within the computing system, each of the pre-readied trust boundary components being instantiated, initialized, and pre-booted but not yet operating and each of the pre-readied trust boundary components being enabled, after having been started, to host one or more resource containers and one or more processes in the multi-tenancy environment;
  
  determining that the new process associated with the tenant is to run in the multi-tenancy environment; and
  
  in response to determining that the new process is to be run;
  
  commencing running one of the plurality of pre-readied trust boundary components in the multi-tenancy environment; and
  
  hosting and running the new process associated with the tenant within the now running pre-readied trust boundary component.

20. A computer program product comprising one or more computer-readable storage devices having thereon computer-executable instructions that are structured such that, when executed by one or more processors, cause the computing system to perform a method for providing a multi-tenancy environment in which a plurality of tenants share physical resources, the method comprising:
- before determining that a new process associated with a tenant is to be run in the multi-tenancy environment, pre-readying a plurality of trust boundary components within the computing system, each of the pre-readied trust boundary components being instantiated, initialized, and pre-booted but not yet operating and each of the pre-readied trust boundary components being enabled, after having been started, to host one or more resource containers and one or more processes in the multi-tenancy environment;
  
  determining that the new process associated with the tenant is to run in the multi-tenancy environment; and
  
  in response to determining that the new process is to be run;
  
  commencing running one of the plurality of pre-readied trust boundary components in the multi-tenancy environment; and
  
  hosting and running the new process associated with the tenant within the now running one of the plurality of pre-readied trust boundary components.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Sakalanaga, Sarvesh, Heddaya, Abdelsalam, Arene, Mitchel Chinedu
Primary Examiner(s)
Reza, Mohammad W

Application Number

US15/277,654
Publication Number

US 20170093903A1
Time in Patent Office

1,057 Days
Field of Search

726 25
US Class Current
CPC Class Codes

G06F 21/53   by executing in a restricte...

G06F 21/57   Certifying or maintaining t...

G06F 21/74   operating in dual or compar...

G06F 9/5027   the resource being a machin...

H04L 63/1433   Vulnerability analysis

Multi-tenant environment using pre-readied trust boundary components

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

24 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Multi-tenant environment using pre-readied trust boundary components

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

24 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links