Techniques for providing tenant based storage security and service level assurance in cloud storage environment
First Claim
1. A method implemented in a non-transitory machine-readable storage medium and processed by one or more processors of a server machine configured to perform the method for dynamically allocating, controlling, and dedicating storage, comprising:
- receiving, at the server machine, a request for access to a portion of shared storage situated in a cloud environment, the request that originates from a tenant and from the shared storage, services multiple other tenants from the cloud environment;
instantiating, on the machine, a tenant storage machine (TSM) uniquely assigned to the tenant, the TSM instantiated on the machine as a Virtual Machine (VM) isolated from other instances of the TSM on the machine operating as other VMs, the other instances of the TSM servicing the multiple other tenants;
dynamically allocating, on the server machine, operating system (OS) resources for the TSM based on service level assurance (SLA) policies for the tenant, the OS resources accessible from within the TSM, and the SLA policies provide guarantees to the tenant for security, performance, data protection, data availability, and data management, and where dynamically allocating further includes assigning predefined percentages of machine resources used by the OS resources based on the SLA policies, and where dynamically allocating further includes obtaining current processing and memory loads for the cloud environment from the SLA policies when assigning the predefined percentages; and
processing, on the server machine, the request within the TSM using the OS resources and in accordance with the SLA policies providing the tenant access to the TSM.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques for tenant-bases storage security and service level assurances in a cloud environment are presented. A Tenant Storage Machine (TSM) for each tenant uses a unique identifier. The TSM is dynamically allocated with operating system resources to run processes based on agreed service level assurances. The service level assurances are stored in a Service Level Assurance (SLA) policy store. The TSM communicates with the SLA policy store via a TSM bus to acquire a SLA policy configured for the tenant and based on which resources are dynamically allocated. Processes running under the TSM run with root privileges to provide security.
43 Citations
13 Claims
-
1. A method implemented in a non-transitory machine-readable storage medium and processed by one or more processors of a server machine configured to perform the method for dynamically allocating, controlling, and dedicating storage, comprising:
-
receiving, at the server machine, a request for access to a portion of shared storage situated in a cloud environment, the request that originates from a tenant and from the shared storage, services multiple other tenants from the cloud environment; instantiating, on the machine, a tenant storage machine (TSM) uniquely assigned to the tenant, the TSM instantiated on the machine as a Virtual Machine (VM) isolated from other instances of the TSM on the machine operating as other VMs, the other instances of the TSM servicing the multiple other tenants; dynamically allocating, on the server machine, operating system (OS) resources for the TSM based on service level assurance (SLA) policies for the tenant, the OS resources accessible from within the TSM, and the SLA policies provide guarantees to the tenant for security, performance, data protection, data availability, and data management, and where dynamically allocating further includes assigning predefined percentages of machine resources used by the OS resources based on the SLA policies, and where dynamically allocating further includes obtaining current processing and memory loads for the cloud environment from the SLA policies when assigning the predefined percentages; and processing, on the server machine, the request within the TSM using the OS resources and in accordance with the SLA policies providing the tenant access to the TSM. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method implemented in a non-transitory machine-readable storage medium and processed by one or more processors of a server machine configured to perform the method for dynamically allocating, controlling, and dedicating storage, comprising:
-
encapsulating, on the server machine, a plurality of tenant storage machines (TSMs) within a tenant bus interface, each TSM uniquely assigned to a particular tenant having access to a particular portion of storage, the storage that is situated in a cloud environment and the storage, services multiple tenants, and each tenant is unaware of remaining ones of the tenants to appear to each tenant that processing occurs on that tenant'"'"'s own processing environment, each TSM encapsulated as a unique Virtual Machine (VM) isolated on the machine from the other TSMs, which are other VMs on the machine; dynamically allocating, on the server machine, storage resources to each TSM based on a particular request, a particular tenant, and particular service level assurance (SLA) policies, and where dynamically allocating further includes assigning the storage resources as operating system (OS) resources, processor resources, and memory resources, and where assigning further includes reserving a predefined access percentage to each storage resource within each TSM, and where reserving further includes determining each predefined access percentage based on a dynamic load resolved for the cloud environment and based on the SLA policies; controlling, on the server machine all communication to and from each TSM to ensure that all communication occurs via the tenant bus interface; and processing, on the server machine, each request from each tenant within that tenant'"'"'s TSM and in accordance with the SLA policies providing each tenant access to that tenant'"'"'s TSM. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A system for segmented and dedicated storage controlled access, comprising:
-
a cloud storage appliance having one or more hardware processors, memory, and storage, the cloud storage appliance situated in a cloud environment; and the memory configured with a tenant-based storage controller implemented as executable instructions that process on the one or more hardware processors of the cloud storage appliance; where the tenant-based storage controller is configured to dynamically instantiate a tenant storage machine (TSM) as a Virtual Machine (VM) for a tenant that request access to a portion of the storage, the TSM is configured to encapsulate storage resources used in processing a request for storage access and to enforce custom security policies against the TSM, the request is processed within the TSM and the TSM restricted to providing access to just the portion of the storage, the tenant-based storage controller configured to handle multiple requests and tenants accessing the storage, each request for each tenant handled by a uniquely instantiated TSM operating as a unique separate VM for that tenant and permitting each tenant controlled access to that tenant'"'"'s TSM, where the tenant-based storage controller is configured to establish a tenant bus interface that handles all communication to and from a particular TSM via the tenant bus interface, and where the tenant-based storage controller is configured to resolve;
the storage resources, a percentage of allocated use for each storage resource, and the custom security policies via a service level assurance (SLA) policy repository.
-
Specification