Hierarchical multi-tenancy support for host attachment configuration through resource groups

US 8,683,103 B2
Filed: 08/19/2011
Issued: 03/25/2014
Est. Priority Date: 08/19/2011
Status: Active Grant

First Claim

Patent Images

1. A system of hierarchy multi-tenancy support for configuration of a plurality of host attachments through a plurality of resource groups in a computing storage environment, comprising:

a processor device in the computing storage environment, wherein processor device is adapted for;

configuring a plurality of data storage systems with a plurality of operators for configuration and management of the plurality of host attachments to a plurality of logical volumes,designating a logical operator with at least the responsibility of designating authority to a host attachment operator and ability to configure a plurality of logical volumes,providing limited authority for the host attachment operator to configure a plurality of volume groups and a plurality of host ports to at least a specific user,providing an administrator with the ability to configure at least one of those of the plurality of resource groups for a specified tenant,assigning a configured one of the plurality of logical volumes to those of the plurality of resource groups belonging to the specified tenant, wherein the logical operators of the specified tenant is given authority to manage the plurality of logical volumes of the specified tenant and the ability to specify those of the plurality of resource groups of the specified tenant a policy whereby the logical operators of the specified tenant are prevented from one of configuring an additional number of the logical operators and expanding the plurality of logical volumes that are existing, andenforcing a plurality of policies and a plurality of controls for performing one of at least configuration, modification, deletion, and management of a plurality of configuration objects, the plurality of policies adapted to include at least one of the plurality of controls associated in a plurality of resource group objects, the plurality of policies and the plurality of controls include at least one of the following;

performing one of creating and modifying of the plurality of host ports for limiting a specified at least one I/O port to the set allowed in a I/O port allowed mask,assigning at least one of the plurality of host ports to at least one of the plurality of volume groups, wherein the assignment of the at least one of the plurality of host ports is limited to the plurality of volume groups within a scope of access to a user resource scope in a user ID, andassigning the plurality of logical volumes to a plurality of volume group configuration objects, the assignment of the plurality of logical volumes is limited to the plurality of logical volumes within a scope of access to the user resource scope in the user ID.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Exemplary system and computer program embodiments for hierarchy multi-tenancy support for configuration of a plurality of host attachment through a plurality of resource groups in a computing storage environment are provided. In one embodiment, multiple data storage subsystems are configured with multiple operators for configuration and management of multiple host attachments to multiple logical volumes. A logical operator is designated with the responsibility of designating authority to a host attachment operator and the ability to configure multiple logical volumes. Limited authority is provided for the host attachment operator to configure multiple volume groups and multiple host ports to a specific user.

Citations

12 Claims

1. A system of hierarchy multi-tenancy support for configuration of a plurality of host attachments through a plurality of resource groups in a computing storage environment, comprising:
- a processor device in the computing storage environment, wherein processor device is adapted for;
  
  configuring a plurality of data storage systems with a plurality of operators for configuration and management of the plurality of host attachments to a plurality of logical volumes,designating a logical operator with at least the responsibility of designating authority to a host attachment operator and ability to configure a plurality of logical volumes,providing limited authority for the host attachment operator to configure a plurality of volume groups and a plurality of host ports to at least a specific user,providing an administrator with the ability to configure at least one of those of the plurality of resource groups for a specified tenant,assigning a configured one of the plurality of logical volumes to those of the plurality of resource groups belonging to the specified tenant, wherein the logical operators of the specified tenant is given authority to manage the plurality of logical volumes of the specified tenant and the ability to specify those of the plurality of resource groups of the specified tenant a policy whereby the logical operators of the specified tenant are prevented from one of configuring an additional number of the logical operators and expanding the plurality of logical volumes that are existing, andenforcing a plurality of policies and a plurality of controls for performing one of at least configuration, modification, deletion, and management of a plurality of configuration objects, the plurality of policies adapted to include at least one of the plurality of controls associated in a plurality of resource group objects, the plurality of policies and the plurality of controls include at least one of the following;
  
  performing one of creating and modifying of the plurality of host ports for limiting a specified at least one I/O port to the set allowed in a I/O port allowed mask,assigning at least one of the plurality of host ports to at least one of the plurality of volume groups, wherein the assignment of the at least one of the plurality of host ports is limited to the plurality of volume groups within a scope of access to a user resource scope in a user ID, andassigning the plurality of logical volumes to a plurality of volume group configuration objects, the assignment of the plurality of logical volumes is limited to the plurality of logical volumes within a scope of access to the user resource scope in the user ID.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The system of claim 1, wherein the processor device is further adapted for adding a plurality of resource group attributes to a plurality of configuration objects to associate with a specific one of the plurality of resource groups, wherein an authority to manage and control the plurality of configuration objects is created for a user role with a user ID scope of access to the plurality of configuration objects is created with authority to manage and control the plurality of configuration objects.
  - 3. The system of claim 2, wherein the processor device is further adapted for configuring the user ID scope of access to include at least one of creating, deleting, and modifying the configuration of the plurality of configuration objects.
  - 4. The system of claim 1, wherein the processor device is further adapted for authorizing the administrator to create a tenant administrator identification (ID) having authority to configure a plurality of user IDs with a specific user role and limited to a user scope that is consistent with the user scope of a tenant administrator, wherein a tenant is adapted to configure the logical operator and the host attachment operator having authority to access a plurality of resources within a scope of the tenant.
  - 5. The system of claim 1, wherein the processor device is further adapted for creating and adding at least one I/O port allowed mask attribute by the plurality of resource groups.
  - 6. The system of claim 1, wherein the processor device is further adapted for configuring the logical operator to manage, control, and create a plurality of subordinate resource groups based upon a plurality of hierarchy rules for the plurality of resource groups and move a plurality of configuration objects between the plurality of resource groups to which the logical operator authority to access, the plurality of subordinate resource groups being a child of one of the plurality resource groups to which a user has authority to access.

7. A computer program product for hierarchy multi-tenancy support for configuration of a plurality of host attachments through a plurality of resource groups in a computing storage environment by a processor device, the computer program product comprising a non-transitory computer-readable storage medium having computer-readable program code portions stored therein, the computer-readable program code portions comprising:
- a first executable portion for configuring a plurality of data storage systems with a plurality of operators for configuration and management of the plurality of host attachments to a plurality of logical volumes;
  
  a second executable portion for designating a logical operator with at least the responsibility of designating authority to a host attachment operator and ability to configure a plurality of logical volumes;
  
  a third executable portion for providing limited authority for the host attachment operator to configure a plurality of volume groups and a plurality of host ports to at least a specific user;
  
  a fourth executable portion for providing an administrator with the ability to configure at least one of those of the plurality of resource groups for a specified tenant;
  
  a fifth executable portion for assigning a configured one of the plurality of logical volumes to those of the plurality of resource groups belonging to the specified tenant, wherein the logical operators of the specified tenant is given authority to manage the plurality of logical volumes of the specified tenant and the ability to specify those of the plurality of resource groups of the specified tenant a policy whereby the logical operators of the specified tenant are prevented from one of configuring an additional number of the logical operators and expanding the plurality of logical volumes that are existing; and
  
  a sixth executable portion for enforcing a plurality of policies and a plurality of controls for performing one of at least configuration, modification, deletion, and management of a plurality of configuration objects, the plurality of policies adapted to include at least one of the plurality of controls associated in a plurality of resource group objects, the plurality of policies and the plurality of controls include at least one of the following;
  
  performing one of creating and modifying of the plurality of host ports for limiting a specified at least one I/O port to the set allowed in a I/O port allowed mask,assigning at least one of the plurality of host ports to at least one of the plurality of volume groups, wherein the assignment of the at least one of the plurality of host ports is limited to the plurality of volume groups within a scope of access to a user resource scope in a user ID, andassigning the plurality of logical volumes to a plurality of volume group configuration objects, the assignment of the plurality of logical volumes is limited to the plurality of logical volumes within a scope of access to the user resource scope in the user ID.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The computer program product of claim 7, further including a seventh executable portion for adding a plurality of resource group attributes to a plurality of configuration objects to associate with a specific one of the plurality of resource groups, wherein an authority to manage and control the plurality of configuration objects is created for a user role with a user ID scope of access to the plurality of configuration objects is created with authority to manage and control the plurality of configuration objects.
  - 9. The computer program product of claim 8, further including an eighth executable portion for configuring the user ID scope of access to include at least one of creating, deleting, and modifying the configuration of the plurality of configuration objects.
  - 10. The computer program product of claim 7, further including a seventh executable portion for authorizing the administrator to create a tenant administrator identification (ID) having authority to configure a plurality of user IDs with a specific user role and limited to a user scope that is consistent with the user scope of a tenant administrator, wherein a tenant is adapted to configure the logical operator and the host attachment operator having authority to access a plurality of resources within a scope of the tenant.
  - 11. The computer program product of claim 7, further including a seventh executable portion for creating and adding at least one I/O port allowed mask attribute by the plurality of resource groups.
  - 12. The computer program product of claim 7, further including a seventh executable portion for configuring the logical operator to manage, control, and create a plurality of subordinate resource groups based upon a plurality of hierarchy rules for the plurality of resource groups and move a plurality of configuration objects between the plurality of resource groups to which the logical operator authority to access, the plurality of subordinate resource groups being a child of one of the plurality resource groups to which a user has authority to access.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Ripberger, Richard A.
Primary Examiner(s)
ABAD, FARLEY J

Application Number

US13/214,129
Publication Number

US 20130046906A1
Time in Patent Office

949 Days
Field of Search

710/8, 710/36, 710/42, 710/10, 710/12, 710/37
US Class Current

710/120
CPC Class Codes

G06F 3/0622   in relation to access

G06F 3/0629   Configuration or reconfigur...

G06F 3/0631   by allocating resources to ...

G06F 3/0637   Permissions

G06F 3/067   Distributed or networked st...

Hierarchical multi-tenancy support for host attachment configuration through resource groups

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Hierarchical multi-tenancy support for host attachment configuration through resource groups

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links