TECHNIQUES FOR PROVIDING TENANT BASED STORAGE SECURITY AND SERVICE LEVEL ASSURANCE IN CLOUD STORAGE ENVIRONMENT

US 20130036449A1
Filed: 07/26/2012
Published: 02/07/2013
Est. Priority Date: 08/03/2011
Status: Active Grant

First Claim

Patent Images

1. A method implemented in a non-transitory machine-readable storage medium and processed by one or more processors of a machine configured to perform the method, comprising:

receiving, at the machine, a request for access to a portion of shared storage situated in a cloud environment, the request originates from a tenant and the storage services multiple other tenants from the cloud environment;

instantiating, on the machine, a tenant storage machine (TSM) uniquely assigned to the tenant;

dynamically allocating, on the machine, operating system (OS) resources for the TSM based on service level assurance (SLA) policies for the tenant, the OS resources accessible from within the TSM; and

processing, on the machine, the request within the TSM using the OS resources and in accordance with the SLA policies.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for tenant-bases storage security and service level assurances in a cloud environment are presented. A Tenant Storage Machine (TSM) for each tenant uses a unique identifier. The TSM is dynamically allocated with operating system resources to run processes based on agreed service level assurances. The service level assurances are stored in a Service Level Assurance (SLA) policy store. The TSM communicates with the SLA policy store via a TSM bus to acquire a SLA policy configured for the tenant and based on which resources are dynamically allocated. Processes running under the TSM run with root privileges to provide security.

Citations

20 Claims

1. A method implemented in a non-transitory machine-readable storage medium and processed by one or more processors of a machine configured to perform the method, comprising:
- receiving, at the machine, a request for access to a portion of shared storage situated in a cloud environment, the request originates from a tenant and the storage services multiple other tenants from the cloud environment;
  
  instantiating, on the machine, a tenant storage machine (TSM) uniquely assigned to the tenant;
  
  dynamically allocating, on the machine, operating system (OS) resources for the TSM based on service level assurance (SLA) policies for the tenant, the OS resources accessible from within the TSM; and
  
  processing, on the machine, the request within the TSM using the OS resources and in accordance with the SLA policies.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1 further comprising, using, by the machine, a TSM bus interface for all communication to and from the TSM.
  - 3. The method of claim 1 further comprising, executing, by the machine, the OS resources within the TSM in a root access mode for the OS.
  - 4. The method of claim 1 further comprising, executing the method within a storage appliance which is the machine.
  - 5. The method of claim 1, wherein instantiating further includes assigning a unique Internet Protocol (IP) address to the TSM.
  - 6. The method of claim 1, wherein dynamically allocating further includes assigning predefined percentages of machine resources used by the OS resources based on the SLA policies.
  - 7. The method of claim 6, wherein dynamically allocating further includes obtaining current processing and memory loads for the cloud environment from the SLA policies when assigning the predefined percentages.
  - 8. The method of claim 1, wherein processing further includes enforcing security restrictions defined with the SLA policies when processing the request within the TSM.

9. A method implemented in a non-transitory machine-readable storage medium and processed by one or more processors of a machine configured to perform the method, comprising.encapsulating, on the machine, a plurality of tenant storage machines (TSMs) within a tenant bus interface, each TSM uniquely assigned to a particular tenant having access to a particular portion of storage, the storage situated in a cloud environment and the storage services multiple tenants;
- dynamically allocating, on the machine, storage resources to each TSM based on a particular request, a particular tenant, and particular service level assurance (SLA) policies;
  
  controlling, on the machine all communication to and from each TSM to ensure that all communication occurs via the tenant bus interface; and
  
  processing, on the machine, each request from each tenant within that tenant'"'"'s TSM and in accordance with the SLA policies.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
- - 10. The method of claim 9, wherein encapsulating further includes dynamically instantiating each TSM as each tenant is identified or as each request is made for the storage.
  - 11. The method of claim 9, wherein encapsulating further includes generating a unique Internet Protocol (IP) address for each TSM for communication to and from the tenant bus interface with a particular TSM.
  - 12. The method of claim 9, wherein dynamically allocating further includes assigning the storage resources as operating system (OS) resources, processor resources, and memory resources.
  - 13. The method of claim 12, wherein assigning further includes reserving a predefined access percentage to each storage resource within each TSM.
  - 14. The method of claim 13, wherein reserving further includes determining each predefined access percentage based on a dynamic load resolved for the cloud environment and based on the SLA policies.
  - 15. The method of claim 9, wherein processing further includes enforcing custom security restrictions defined in the SLA policies when processing each request within each TSM.
  - 16. The method of claim 9 further comprising, embedding the method as a tenant-based storage controller within a storage appliance for the storage of the cloud environment.
  - 17. The method of claim 9 further comprising, dynamically de-allocating, by the machine, one or more of the TSMs based on a dynamic detected event.

18. A system, comprising:
- a cloud storage appliance having one or more processors, memory, and storage, the cloud storage appliance situated in a cloud environment; and
  
  the memory configured with a tenant-based storage controller implemented as executable instructions that process on the one or more processors of the storage appliance;
  
  wherein the tenant-based storage controller is configured to dynamically instantiate a tenant storage machine (TSM) for a tenant that request access to a portion of the storage, the TSM is configured to encapsulate storage resources used in processing a request for storage access and to enforce custom security policies against the TSM, the request is processed within the TSM, the tenant-based storage controller configured to handle multiple requests and tenants accessing the storage, each request for each tenant handled by a uniquely instantiated TSM.
- View Dependent Claims (19, 20)
- - 19. The system of claim 18, wherein the tenant-based storage controller is configured to establish a tenant bus interface that handles all communication to and from a particular TSM via the tenant bus interface.
  - 20. The system of claim 19, wherein the tenant-based storage controller is configured to resolve:
    - the storage resources, a percentage of allocated use for each storage resource, and the custom security policies via a service level assurance (SLA) policy repository.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Mayadata, Inc.
Original Assignee
Mayadata, Inc.
Inventors
Mukkara, Umasankar, Xavier, Felix, Balaram, Srivibhavan, Bam, Shailesh

Granted Patent

US 9,141,785 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 21/53 by executing in a restricte...

G06F 9/5072 Grid computing

TECHNIQUES FOR PROVIDING TENANT BASED STORAGE SECURITY AND SERVICE LEVEL ASSURANCE IN CLOUD STORAGE ENVIRONMENT

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

TECHNIQUES FOR PROVIDING TENANT BASED STORAGE SECURITY AND SERVICE LEVEL ASSURANCE IN CLOUD STORAGE ENVIRONMENT

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links