SECURE ISOLATION OF TENANT RESOURCES IN A MULTI-TENANT STORAGE SYSTEM USING A GATEKEEPER
First Claim
Patent Images
1. A method for controlling access to data stored on shared storage, servicing a plurality of tenants, the method comprising:
- receiving a request from a first process to access a first data item associated with a first tenant in a multi-tenant data storage system, andproviding access to the data item through a gatekeeper, in response to determining that the first process is associated with the first tenant.
1 Assignment
0 Petitions
Accused Products
Abstract
Machines, systems and methods for controlling access to data stored on shared storage, servicing a plurality of tenants, the method comprising receiving a request from a first process to access a first data item associated with a first tenant in a multi-tenant data storage system, and providing access to the data item through a gatekeeper, in response to determining that the first process is associated with the first tenant.
52 Citations
20 Claims
-
1. A method for controlling access to data stored on shared storage, servicing a plurality of tenants, the method comprising:
-
receiving a request from a first process to access a first data item associated with a first tenant in a multi-tenant data storage system, and providing access to the data item through a gatekeeper, in response to determining that the first process is associated with the first tenant. - View Dependent Claims (2, 3)
-
-
4. A method of maintaining data isolation in a multi-tenant data storage system, the method comprising:
-
receiving a first request submitted by a first user associated with a first tenant in a multi-tenant data storage system; assigning a first request processor to service the first request, wherein a first process ID is assigned to the first request processor, so that the first process ID is correlated with the first tenant; submitting a first data access request, received by a gatekeeper, to access first data stored on one or more data storage mediums, in response to the first request; and providing the first request processor, by way of the gatekeeper, with access to the first data, in response to determining that the first data is associated with the first tenant based on a correlation between the first process ID and the first tenant. - View Dependent Claims (5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A system for controlling access to data stored on shared storage, servicing a plurality of tenants, the system comprising:
-
a logic unit for receiving a request from a first process to access a first data item associated with a first tenant in a multi-tenant data storage system, and a logic unit for providing access to the data item through a gatekeeper, in response to determining that the first process is associated with the first tenant. - View Dependent Claims (15, 16)
-
-
17. A system of maintaining data isolation in a multi-tenant data storage system, the method comprising:
-
a logic unit for receiving a first request submitted by a first user associated with a first tenant in a multi-tenant data storage system; a logic unit for assigning a first request processor to service the first request, wherein a first process ID is assigned to the first request processor, so that the first process ID is correlated with the first tenant; a logic unit for submitting a first data access request, received by a gatekeeper, to access first data stored on one or more data storage mediums, in response to the first request; and a logic unit for providing the first request processor, by way of the gatekeeper, with access to the first data, in response to determining that the first data is associated with the first tenant based on a correlation between the first process ID and the first tenant.
-
-
18. A computer program product comprising logic code embedded on a data storage medium for controlling access to data stored on shared storage, servicing a plurality of tenants, wherein execution of the logic code on a computer causes the computer to:
-
receive a request from a first process to access a first data item associated with a first tenant in a multi-tenant data storage system, and provide access to the data item through a gatekeeper, in response to determining that the first process is associated with the first tenant. - View Dependent Claims (19, 20)
-
Specification