TECHNIQUES FOR PROVIDING TENANT BASED STORAGE SECURITY AND SERVICE LEVEL ASSURANCE IN CLOUD STORAGE ENVIRONMENT
First Claim
1. A method implemented in a non-transitory machine-readable storage medium and processed by one or more processors of a machine configured to perform the method, comprising:
- receiving, at the machine, a request for access to a portion of shared storage situated in a cloud environment, the request originates from a tenant and the storage services multiple other tenants from the cloud environment;
instantiating, on the machine, a tenant storage machine (TSM) uniquely assigned to the tenant;
dynamically allocating, on the machine, operating system (OS) resources for the TSM based on service level assurance (SLA) policies for the tenant, the OS resources accessible from within the TSM; and
processing, on the machine, the request within the TSM using the OS resources and in accordance with the SLA policies.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques for tenant-bases storage security and service level assurances in a cloud environment are presented. A Tenant Storage Machine (TSM) for each tenant uses a unique identifier. The TSM is dynamically allocated with operating system resources to run processes based on agreed service level assurances. The service level assurances are stored in a Service Level Assurance (SLA) policy store. The TSM communicates with the SLA policy store via a TSM bus to acquire a SLA policy configured for the tenant and based on which resources are dynamically allocated. Processes running under the TSM run with root privileges to provide security.
-
Citations
20 Claims
-
1. A method implemented in a non-transitory machine-readable storage medium and processed by one or more processors of a machine configured to perform the method, comprising:
-
receiving, at the machine, a request for access to a portion of shared storage situated in a cloud environment, the request originates from a tenant and the storage services multiple other tenants from the cloud environment; instantiating, on the machine, a tenant storage machine (TSM) uniquely assigned to the tenant; dynamically allocating, on the machine, operating system (OS) resources for the TSM based on service level assurance (SLA) policies for the tenant, the OS resources accessible from within the TSM; and processing, on the machine, the request within the TSM using the OS resources and in accordance with the SLA policies. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method implemented in a non-transitory machine-readable storage medium and processed by one or more processors of a machine configured to perform the method, comprising.
encapsulating, on the machine, a plurality of tenant storage machines (TSMs) within a tenant bus interface, each TSM uniquely assigned to a particular tenant having access to a particular portion of storage, the storage situated in a cloud environment and the storage services multiple tenants; -
dynamically allocating, on the machine, storage resources to each TSM based on a particular request, a particular tenant, and particular service level assurance (SLA) policies; controlling, on the machine all communication to and from each TSM to ensure that all communication occurs via the tenant bus interface; and processing, on the machine, each request from each tenant within that tenant'"'"'s TSM and in accordance with the SLA policies. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A system, comprising:
-
a cloud storage appliance having one or more processors, memory, and storage, the cloud storage appliance situated in a cloud environment; and the memory configured with a tenant-based storage controller implemented as executable instructions that process on the one or more processors of the storage appliance; wherein the tenant-based storage controller is configured to dynamically instantiate a tenant storage machine (TSM) for a tenant that request access to a portion of the storage, the TSM is configured to encapsulate storage resources used in processing a request for storage access and to enforce custom security policies against the TSM, the request is processed within the TSM, the tenant-based storage controller configured to handle multiple requests and tenants accessing the storage, each request for each tenant handled by a uniquely instantiated TSM. - View Dependent Claims (19, 20)
-
Specification