Multi-tenant audit awareness in support of cloud environments
First Claim
1. A method of managing log data generated by resources hosted in a multi-tenant shared pool of configurable computing resources, comprising:
- aggregating and normalizing log information received from a plurality of the resources hosted in the multi-tenant shared pool of configurable computing resources, at least one of the configurable computing resources being a multi-tenant unaware resource that is shared among at least first and second tenants, the multi-tenant unaware resource generating log information that does not include any information that, by itself, can serve to distinguish which of the first and second tenants use the multi-tenant unaware resource, the log information being normalized by mapping data within the log information into one or more name/value pairs;
receiving input data as tenants carry out transactions in the multi-tenant shared pool of configurable computing resources, the input data being other than the generated log information generated by the multi-tenant unaware resource;
parsing the input data and the aggregated and normalized log information to identify a tenant associated with each of a set of transactions, wherein parsing compares an event pattern in a transaction against a set of filters; and
for each of the set of transactions, and based on the parsing identifying a match between an event pattern in a transaction against a filter in the set of filters, annotating log data associated with the tenant and the particular transaction to include a tenant-specific identifier;
wherein at least one of the aggregating, parsing and annotating operations is carried out in program code executing in a hardware element.
1 Assignment
0 Petitions
Accused Products
Abstract
A cloud enablement aggregation proxy (CEAP) receives and processes audit data from audited resources before such data is stored in a database. The CEAP manages log data for resources hosted in a multi-tenant shared pool of configurable computing resources (e.g., a compute cloud). A method for managing log data begins by the proxy aggregating and normalizing log information received from a plurality of the resources. The aggregated and normalized log information is then parsed to identify a tenant associated with each of a set of transactions. For each of the set of transactions, the CEAP annotates log data associated with the tenant and the particular transaction to include a tenant-specific identifier. An optional tenant separation proxy (TSP) separates the annotated log data on a per tenant basis prior to storage, and the tenant-specific log data may be stored in per tenant data structures or dedicated tenant log event databases to facilitate subsequent compliance or other analysis.
97 Citations
21 Claims
-
1. A method of managing log data generated by resources hosted in a multi-tenant shared pool of configurable computing resources, comprising:
-
aggregating and normalizing log information received from a plurality of the resources hosted in the multi-tenant shared pool of configurable computing resources, at least one of the configurable computing resources being a multi-tenant unaware resource that is shared among at least first and second tenants, the multi-tenant unaware resource generating log information that does not include any information that, by itself, can serve to distinguish which of the first and second tenants use the multi-tenant unaware resource, the log information being normalized by mapping data within the log information into one or more name/value pairs; receiving input data as tenants carry out transactions in the multi-tenant shared pool of configurable computing resources, the input data being other than the generated log information generated by the multi-tenant unaware resource; parsing the input data and the aggregated and normalized log information to identify a tenant associated with each of a set of transactions, wherein parsing compares an event pattern in a transaction against a set of filters; and for each of the set of transactions, and based on the parsing identifying a match between an event pattern in a transaction against a filter in the set of filters, annotating log data associated with the tenant and the particular transaction to include a tenant-specific identifier; wherein at least one of the aggregating, parsing and annotating operations is carried out in program code executing in a hardware element. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. Apparatus to manage log data generated by resources hosted in a multi-tenant shared pool of configurable computing resources, comprising:
-
a processor; computer memory holding computer program instructions executed by the processor to perform operations comprising; aggregating and normalizing log information received from a plurality of the resources hosted in the multi-tenant shared pool of configurable computing resources, at least one of the configurable computing resources being a multi-tenant unaware resource that is shared among at least first and second tenants, the multi-tenant unaware resource generating log information that does not include any information that, by itself, can serve to distinguish which of the first and second tenants use the multi-tenant unaware resource, the log information being normalized by mapping data within the log information into one or more name/value pairs; receiving input data as tenants carry out transactions in the multi-tenant shared pool of configurable computing resources, the input data being other than the generated log information generated by the multi-tenant unaware resource; parsing the input data and the aggregated and normalized log information to identify a tenant associated with each of a set of transactions, wherein parsing compares an event pattern in a transaction against a set of filters; and for each of the set of transactions, and based on the parsing identifying a match between an event pattern in a transaction against a filter in the set of filters, annotating log data associated with the tenant and the particular transaction to include a tenant-specific identifier. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A computer program product in a non-transitory computer readable medium for use in a data processing system to manage log data generated by resources hosted in a multi-tenant shared pool of configurable computing resources, the computer program product holding computer program instructions which, when executed by the data processing system, perform a method comprising:
-
aggregating and normalizing log information received from a plurality of the resources hosted in the multi-tenant shared pool of configurable computing resources, at least one of the configurable computing resources being a multi-tenant unaware resource that is shared among at least first and second tenants, the multi-tenant unaware resource generating log information that does not include any information that, by itself, can serve to distinguish which of the first and second tenants use the multi-tenant unaware resource, the log information being normalized by mapping data within the log information into one or more name/value pairs; receiving input data as tenants carry out transactions in the multi-tenant shared pool of configurable computing resources, the input data being other than the generated log information generated by the multi-tenant unaware resource; parsing the input data and the aggregated and normalized log information to identify a tenant associated with each of a set of transactions, wherein parsing compares an event pattern in a transaction against a set of filters; and for each of the set of transactions, and based on the parsing identifying a match between an event pattern in a transaction against a filter in the set of filters, annotating log data associated with the tenant and the particular transaction to include a tenant-specific identifier. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification