Automated deployment of applications with tenant-isolation requirements

US 9,104,514 B2
Filed: 01/11/2011
Issued: 08/11/2015
Est. Priority Date: 01/11/2011
Status: Active Grant

First Claim

Patent Images

1. A method for multi-tenant enabling a service, said method comprising:

receiving rules from a provider of the service, the service including a plurality of components, the rules including rules for isolating the components of the service and rules for sharing the components of the service;

associating the rules with the components of the service;

automatically matching the components of the service with virtualization environments and physical environments, the virtualization environments including at least one isolation container and at least one shared container, said virtualization environments including a plurality of nested virtualization environments in a nesting virtualization environment;

automatically provisioning the components of the service in the matched at least one isolation container, the matched at least one shared container, and the matched physical environments based on the rules, such that the components of the service are stored in the matched at least one isolation container, the matched at least one shared container, and the matched physical environments;

automatically reconfiguring the components of the service based on said provisioning of the components of the service; and

sharing platform-specific resources between tenants of a platform via an integrated repository of the platform.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An embodiment of the invention provides a method for multi-tenant enabling a service, where the service includes a plurality of service components. Rules are received from a provider of the service, wherein the rules include rules for isolating the service components and rules for sharing the service components. The service components are matched with virtualization environments and/or physical environments based on the rules. The virtualization environments include at least one isolation container and/or at least one shared container. The service components are stored in the virtualization environments and/or the physical environments based on the matching. The service components are mapped to the at least one isolation container of the virtualization environments, the at least one shared container of the virtualization environments, and/or the physical environments based on the storing of the service components.

Citations

19 Claims

1. A method for multi-tenant enabling a service, said method comprising:
- receiving rules from a provider of the service, the service including a plurality of components, the rules including rules for isolating the components of the service and rules for sharing the components of the service;
  
  associating the rules with the components of the service;
  
  automatically matching the components of the service with virtualization environments and physical environments, the virtualization environments including at least one isolation container and at least one shared container, said virtualization environments including a plurality of nested virtualization environments in a nesting virtualization environment;
  
  automatically provisioning the components of the service in the matched at least one isolation container, the matched at least one shared container, and the matched physical environments based on the rules, such that the components of the service are stored in the matched at least one isolation container, the matched at least one shared container, and the matched physical environments;
  
  automatically reconfiguring the components of the service based on said provisioning of the components of the service; and
  
  sharing platform-specific resources between tenants of a platform via an integrated repository of the platform.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, wherein the service enables developing of applications and hosting of the applications, wherein the applications are at least one of created by a tenant and deployed by the tenant as a function of the service.
  - 3. The method of claim 1, further including:
    - permitting access to the platform via platform-defined browser-based tooling.
  - 4. The method of claim 1, wherein the service includes browser-based, self-service administrative tools forallowing tenants to configure at least one of tenant containers and tenant components andrestricting access via a command prompt shell.

5. A method for multi-tenant enabling a service, the service including a plurality of service components, said method comprising:
- receiving rules from a provider of the service, the rules including rules for isolating the service components and rules for sharing the service components;
  
  matching the service components with virtualization environments based on the rules, said virtualization environments including at least one nested virtualization environment in a nesting virtualization environment, the virtualization environments including;
  
  at least one isolation container, andat least one shared container, the at least one shared container comprising shared components, the shared components being shared by all tenants of the service;
  
  storing the service components in the at least one isolation container and the at least one shared container of the virtualization environments based on said matching;
  
  mapping the service components to the at least one isolation container and the at least one shared container of the virtualization environments based on said storing of the service components; and
  
  sharing platform-specific resources between tenants of a platform via an integrated repository of the platform.
- View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13, 19)
- - 6. The method of claim 5, further comprising:
    - matching physical environments with the service components;
      
      storing the service components in the physical environments based on said matching of the physical environments; and
      
      mapping the service components to the physical environments based on said storing of the service components in the physical environments.
  - 7. The method of claim 6, wherein at least one of the physical environments, the virtualization environments, and an isolation container of the physical environments uses an operating system including a Linux kernel.
  - 8. The method of claim 5, further comprising:
    - receiving a request for the service from an end-user; and
      
      routing the request to the service components based on said mapping.
  - 9. The method of claim 5, further including at least one of developing applications with the service and hosting the applications with the service, wherein the applications are at least one of created by a first user and deployed by the first user as a function of the service.
  - 10. The method of claim 5, wherein said isolation container includes a higher level of isolation relative to said shared container, and wherein said shared container includes a higher level of sharing relative to said isolation container.
  - 11. The method of claim 5, further including receiving a request to provision the service components from at least one of a first user and the provider of the service, wherein said storing of the service components is performed based on the request.
  - 12. The method of claim 5, further including extending an initial configuration of a container by a first user, said extending of the initial configuration including at least one of acquiring additional component libraries and upgrading existing component libraries.
  - 13. The method of claim 5, wherein the service includes a natively standalone service extended with platform-specific extensions.
  - 19. The method of claim 5, wherein the at least one shared container comprises shared components, the shared components being shared by all tenants of the service.

14. A method for multi-tenant enabling a service, the service including a plurality of service components, said method comprising:
- receiving rules from a provider of the service with an interface, the rules including rules for isolating the service components and rules for sharing the service components;
  
  matching the service components with virtualization environments and physical environments with a configuration module based on the rules, the virtualization environments including at least one nested virtualization environment in a nesting virtualization environment, the virtualization environments including;
  
  at least one isolation container, andat least one shared container, the at least one shared container comprising shared components, the shared components being shared by all tenants of the service, the isolation container including a higher level of isolation relative to the shared container, and the shared container including a higher level of sharing relative to the isolation container;
  
  storing the service components in the at least one isolation container and the at least one shared container of the virtualization environments and the physical environments with a storage module, said storing of the service components being based on said matching;
  
  mapping the service components with a mapping module to the at least one isolation container of the virtualization environments, the at least one shared container of the virtualization environments, and the physical environments based on said storing of the service components;
  
  receiving a request for the service from an end-user with a second interface;
  
  routing the request to the service components with a router based on said mapping; and
  
  sharing platform-specific resources between tenants of a platform via and integrated repository of the platform.

15. A system for multi-tenant enabling a service, said system comprising:
- one or more processors;
  
  an interface for receiving rules from a provider of the service, the rules including rules for isolating the service components and rules for sharing the service components;
  
  a configuration module connected to said interface, said configuration module matches the service components with virtualization environments based on the rules, the virtualization environments including at least one nested virtualization environment in a nesting virtualization environment, the virtualization environments including;
  
  at least one isolation container, andat least one shared container;
  
  a storage module connected to said configuration module, said storage module stores the service components in the at least one isolation container and the at least one shared container of the virtualization environments based on the matching performed by said configuration module;
  
  a mapping module connected to said storage module, said mapping module maps the service components to the at least one isolation container and the at least one shared container of the virtualization environments based on the storing performed by said storage module; and
  
  sharing platform-specific resources between tenants of a platform via an integrated repository of the platform.
- View Dependent Claims (16, 17)
- - 16. The system of claim 15, further comprising:
    - a second interface for receiving a request for the service from an end-user; and
      
      a router connected to said second interface for routing the request to the service components based on the mapping performed by said mapping module.
  - 17. The system of claim 15, further including a statistics module for generating at least one statistics report, the statistics report including statistics of use of the service.

18. A computer program product for multi-tenant enabling a service, the service including a plurality of service components, said computer program product including:
- a non-transitory computer readable storage medium;
  
  first program instructions to receive rules from a provider of the service, the rules including rules for isolating the service components and rules for sharing the service components;
  
  second program instructions to match the service components with virtualization environments based on the rules, the virtualization environments including at least one nested virtualization environment in a nesting virtualization environment, the virtualization environments includingat least one isolation container andat least one shared container;
  
  third program instructions to store the service components in the at least one isolation container and the at least one shared container of the virtualization environments based on said matching;
  
  fourth program instructions to map the service components to the at least one isolation container and the at least one shared container of the virtualization environments based on said storing of the service components, said first program instructions, said second program instructions, said third program instructions, and said fourth program instructions are stored on said computer readable storage medium; and
  
  sharing platform-specific resources between tenants of a platform via an integrated repository of the platform.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Bravery, Andrew James Frederick, Iyengar, Arun Kwangil, Kasman, Aaron Edward, Mikalsen, Thomas Arthur, Rouvellou, Isabelle M.
Primary Examiner(s)
Dao, Thuy
Assistant Examiner(s)
HAYIM, SAMUEL E

Application Number

US13/004,402
Publication Number

US 20120180039A1
Time in Patent Office

1,673 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

G06F 21/53   by executing in a restricte...

G06F 8/60   Software deployment

G06F 9/45504   Abstract machines for progr...

G06F 9/45533   Hypervisors; Virtual machin...

G06F 9/45537   Provision of facilities of ...

G06F 9/5077   Logical partitioning of res...

Automated deployment of applications with tenant-isolation requirements

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Automated deployment of applications with tenant-isolation requirements

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links