Techniques for providing tenant based storage security and service level assurance in cloud storage environment

US 9,141,785 B2
Filed: 07/26/2012
Issued: 09/22/2015
Est. Priority Date: 08/03/2011
Status: Expired due to Fees

First Claim

Patent Images

1. A method implemented in a non-transitory machine-readable storage medium and processed by one or more processors of a server machine configured to perform the method for dynamically allocating, controlling, and dedicating storage, comprising:

receiving, at the server machine, a request for access to a portion of shared storage situated in a cloud environment, the request that originates from a tenant and from the shared storage, services multiple other tenants from the cloud environment;

instantiating, on the machine, a tenant storage machine (TSM) uniquely assigned to the tenant, the TSM instantiated on the machine as a Virtual Machine (VM) isolated from other instances of the TSM on the machine operating as other VMs, the other instances of the TSM servicing the multiple other tenants;

dynamically allocating, on the server machine, operating system (OS) resources for the TSM based on service level assurance (SLA) policies for the tenant, the OS resources accessible from within the TSM, and the SLA policies provide guarantees to the tenant for security, performance, data protection, data availability, and data management, and where dynamically allocating further includes assigning predefined percentages of machine resources used by the OS resources based on the SLA policies, and where dynamically allocating further includes obtaining current processing and memory loads for the cloud environment from the SLA policies when assigning the predefined percentages; and

processing, on the server machine, the request within the TSM using the OS resources and in accordance with the SLA policies providing the tenant access to the TSM.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for tenant-bases storage security and service level assurances in a cloud environment are presented. A Tenant Storage Machine (TSM) for each tenant uses a unique identifier. The TSM is dynamically allocated with operating system resources to run processes based on agreed service level assurances. The service level assurances are stored in a Service Level Assurance (SLA) policy store. The TSM communicates with the SLA policy store via a TSM bus to acquire a SLA policy configured for the tenant and based on which resources are dynamically allocated. Processes running under the TSM run with root privileges to provide security.

43 Citations

View as Search Results

13 Claims

1. A method implemented in a non-transitory machine-readable storage medium and processed by one or more processors of a server machine configured to perform the method for dynamically allocating, controlling, and dedicating storage, comprising:
- receiving, at the server machine, a request for access to a portion of shared storage situated in a cloud environment, the request that originates from a tenant and from the shared storage, services multiple other tenants from the cloud environment;
  
  instantiating, on the machine, a tenant storage machine (TSM) uniquely assigned to the tenant, the TSM instantiated on the machine as a Virtual Machine (VM) isolated from other instances of the TSM on the machine operating as other VMs, the other instances of the TSM servicing the multiple other tenants;
  
  dynamically allocating, on the server machine, operating system (OS) resources for the TSM based on service level assurance (SLA) policies for the tenant, the OS resources accessible from within the TSM, and the SLA policies provide guarantees to the tenant for security, performance, data protection, data availability, and data management, and where dynamically allocating further includes assigning predefined percentages of machine resources used by the OS resources based on the SLA policies, and where dynamically allocating further includes obtaining current processing and memory loads for the cloud environment from the SLA policies when assigning the predefined percentages; and
  
  processing, on the server machine, the request within the TSM using the OS resources and in accordance with the SLA policies providing the tenant access to the TSM.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1 further comprising, using, by the server machine, a TSM bus interface for all communication to and from the TSM.
  - 3. The method of claim 1 further comprising, executing, by the server machine, the OS resources within the TSM in a root access mode for the OS.
  - 4. The method of claim 1 further comprising, executing the method within a storage appliance which is the server machine.
  - 5. The method of claim 1, wherein instantiating further includes assigning a unique Internet Protocol (IP) address to the TSM.
  - 6. The method of claim 1, wherein processing further includes enforcing security restrictions defined with the SLA policies when processing the request within the TSM.

7. A method implemented in a non-transitory machine-readable storage medium and processed by one or more processors of a server machine configured to perform the method for dynamically allocating, controlling, and dedicating storage, comprising:
- encapsulating, on the server machine, a plurality of tenant storage machines (TSMs) within a tenant bus interface, each TSM uniquely assigned to a particular tenant having access to a particular portion of storage, the storage that is situated in a cloud environment and the storage, services multiple tenants, and each tenant is unaware of remaining ones of the tenants to appear to each tenant that processing occurs on that tenant'"'"'s own processing environment, each TSM encapsulated as a unique Virtual Machine (VM) isolated on the machine from the other TSMs, which are other VMs on the machine;
  
  dynamically allocating, on the server machine, storage resources to each TSM based on a particular request, a particular tenant, and particular service level assurance (SLA) policies, and where dynamically allocating further includes assigning the storage resources as operating system (OS) resources, processor resources, and memory resources, and where assigning further includes reserving a predefined access percentage to each storage resource within each TSM, and where reserving further includes determining each predefined access percentage based on a dynamic load resolved for the cloud environment and based on the SLA policies;
  
  controlling, on the server machine all communication to and from each TSM to ensure that all communication occurs via the tenant bus interface; and
  
  processing, on the server machine, each request from each tenant within that tenant'"'"'s TSM and in accordance with the SLA policies providing each tenant access to that tenant'"'"'s TSM.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The method of claim 7, wherein encapsulating further includes dynamically instantiating each TSM as each tenant is identified or as each request is made for storage.
  - 9. The method of claim 7, wherein encapsulating further includes generating a unique Internet Protocol (IP) address for each TSM for communication to and from the tenant bus interface with a particular TSM.
  - 10. The method of claim 7, wherein processing further includes enforcing custom security restrictions defined in the SLA policies when processing each request within each TSM.
  - 11. The method of claim 7 further comprising, embedding the method as a tenant-based storage controller within a storage appliance for the storage of the cloud environment.
  - 12. The method of claim 7 further comprising, dynamically de-allocating, by the server machine, one or more of the TSMs based on a dynamic detected event.

13. A system for segmented and dedicated storage controlled access, comprising:
- a cloud storage appliance having one or more hardware processors, memory, and storage, the cloud storage appliance situated in a cloud environment; and
  
  the memory configured with a tenant-based storage controller implemented as executable instructions that process on the one or more hardware processors of the cloud storage appliance;
  
  where the tenant-based storage controller is configured to dynamically instantiate a tenant storage machine (TSM) as a Virtual Machine (VM) for a tenant that request access to a portion of the storage, the TSM is configured to encapsulate storage resources used in processing a request for storage access and to enforce custom security policies against the TSM, the request is processed within the TSM and the TSM restricted to providing access to just the portion of the storage, the tenant-based storage controller configured to handle multiple requests and tenants accessing the storage, each request for each tenant handled by a uniquely instantiated TSM operating as a unique separate VM for that tenant and permitting each tenant controlled access to that tenant'"'"'s TSM, where the tenant-based storage controller is configured to establish a tenant bus interface that handles all communication to and from a particular TSM via the tenant bus interface, and where the tenant-based storage controller is configured to resolve;
  
  the storage resources, a percentage of allocated use for each storage resource, and the custom security policies via a service level assurance (SLA) policy repository.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Mayadata, Inc.
Original Assignee
Mayadata, Inc.
Inventors
Mukkara, Umasankar, Xavier, Felix, Balaram, Srivibhavan, Bam, Shailesh
Primary Examiner(s)
HOLDER, BRADLEY W

Application Number

US13/558,626
Publication Number

US 20130036449A1
Time in Patent Office

1,153 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/53 by executing in a restricte...

G06F 9/5072 Grid computing

Techniques for providing tenant based storage security and service level assurance in cloud storage environment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

43 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Techniques for providing tenant based storage security and service level assurance in cloud storage environment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

43 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links