Hosted application gateway architecture with multi-level security policy and rule promulgations

US 9,747,466 B2
Filed: 11/06/2014
Issued: 08/29/2017
Est. Priority Date: 09/20/2013
Status: Active Grant

First Claim

Patent Images

1. A database system, comprising:

a plurality of database servers configured to provide a plurality of database shards, the plurality of database servers communicatively connected to a cloud-based application gateway server node over a network, the cloud-based application gateway server node configured for providing cloud-based gateway services to a plurality of client devices, the plurality of client devices associated with multiple tenants, the multiple tenants sharing the plurality of database shards, the plurality of database shards storing at least content data of the multiple tenants;

a server comprising a non-transitory memory, including instructions executable by a processor to provide a sharding manager to generate a relationship between or among database items across at least two database shards of the plurality of database shards, the database items associated with a tenant of the multiple tenants, wherein generating the relationship between or among the database items includes the sharding manager performing;

determining at least a first split relationship and a second split relationship of the relationship between or among the database items across the at least two database shards;

maintaining, in a first shard of the at least two database shards, a first split function data structure, the first split function data structure representing the first split relationship and identifying the first split relationship with a unique identifier, wherein the first split function data structure comprises a first split function database table keyed to a first database item in the first shard, and relating the first database item and a second database item across the at least two database shards; and

maintaining, in a second shard of the at least two database shards, a second split function data structure, the second split function data structure representing the second split relationship and identifying the first split relationship with the unique identifier, wherein the second split function data structure comprises a second split function database table keyed to a second database item in the second shard, and relating the second database item and the first database item across the at least two database shards.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A hosted application gateway server node may be communicatively coupled to backend systems, client devices, and database shards associated with database servers. Through the gateway server node, various services may be provided to managed containers running on client devices such that enterprise applications can be centrally managed. A sharding manager may manage relationships of database items across database shards. Each shard stores a copy of a table representing a split of a relationship. A shard ID mask is included in each item'"'"'s ID. At query time, the shard ID can be extracted and used to query the correct database. This query routing mechanism allows navigation from one shard to another when multiple items are in a relationship (e.g., share the same resource such as a document). As such, embodiments can eliminate the need for APIs to join in data that span multiple shards.

110 Citations

View as Search Results

25 Claims

1. A database system, comprising:
- a plurality of database servers configured to provide a plurality of database shards, the plurality of database servers communicatively connected to a cloud-based application gateway server node over a network, the cloud-based application gateway server node configured for providing cloud-based gateway services to a plurality of client devices, the plurality of client devices associated with multiple tenants, the multiple tenants sharing the plurality of database shards, the plurality of database shards storing at least content data of the multiple tenants;
  
  a server comprising a non-transitory memory, including instructions executable by a processor to provide a sharding manager to generate a relationship between or among database items across at least two database shards of the plurality of database shards, the database items associated with a tenant of the multiple tenants, wherein generating the relationship between or among the database items includes the sharding manager performing;
  
  determining at least a first split relationship and a second split relationship of the relationship between or among the database items across the at least two database shards;
  
  maintaining, in a first shard of the at least two database shards, a first split function data structure, the first split function data structure representing the first split relationship and identifying the first split relationship with a unique identifier, wherein the first split function data structure comprises a first split function database table keyed to a first database item in the first shard, and relating the first database item and a second database item across the at least two database shards; and
  
  maintaining, in a second shard of the at least two database shards, a second split function data structure, the second split function data structure representing the second split relationship and identifying the first split relationship with the unique identifier, wherein the second split function data structure comprises a second split function database table keyed to a second database item in the second shard, and relating the second database item and the first database item across the at least two database shards.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The database system of claim 1, wherein the relationship represents a resource lock and wherein the resource lock is defined by the first split function data structure stored in the first shard and the second split function data structure stored in the second shard.
  - 3. The database system of claim 1, wherein the first database item is associated with a user and wherein the second database item is associated with a document.
  - 4. The database system of claim 1, wherein the first shard is associated with a user and wherein the second shard is associated with a document.
  - 5. The database system of claim 1, wherein the first database item is associated with a first identifier encoded with a shard identification mask associated with the first shard.
  - 6. The database system of claim 1, wherein the relationship is shared among three or more database items in three or more shards and wherein the sharding manager is operable to store a data structure representing a portion of the relationship in each shard, the data structure containing a foreign key referencing an item in a different shard that shares the relationship.
  - 7. The database system of claim 6, wherein the relationship defines a document share.
  - 8. The database system of claim 1, wherein the unique identifier is a primary key comprising an identifier to the first database item and an identifier for the second database item.
  - 9. The database system of claim 1, wherein generating the relationship between or among the database items further includes the sharding manager performing:
    - generating the unique identifier for the relationship between the database items across the at least two database shards and storing the unique identifier in the first split function database table and the second split function database table.
  - 10. The database system of claim 9, wherein generating the relationship between or among the database items further includes the sharding manager performing:
    - storing the unique identifier as a primary key for the first split function database table and a primary key of the second split function database table.
  - 11. The database system of claim 1, wherein the first split function data structure includes a first identifier and a second identifier, wherein the second split function data structure includes a first identifier and a second identifier, wherein the second identifier of the split function first data structure is associated with a first foreign key referencing the second identifier of the second split function data structure, and wherein the first identifier of the second split function data structure is associated with a second foreign key referencing the first identifier of the first split function data structure.
  - 12. The database system of claim 11, wherein the first identifier of the first split function data structure and the first identifier of the second split function data structure are associated with a resource and wherein the second identifier of the first split function data structure and the second identifier of the second split function data structure identify an entity having a lock on the resource.

13. A system, comprising:
- an application gateway server node communicatively coupled to backend systems, client devices, and database shards operating on a plurality of database servers, the plurality of database servers communicatively connected to a cloud-based application gateway server node over a network, the cloud-based application gateway server node configured for providing cloud-based gateway services to a plurality of client devices, the plurality of client devices associated with multiple tenants, the multiple tenants sharing a plurality of database shards, the plurality of database shards storing at least content data of the multiple tenants; and
  
  a sharding manager embodied on non-transitory computer memory including instructions executable by a processor to generate a relationship between or among database items across at least two database shards of the plurality of database shards, the database items associated with a tenant of the multiple tenants, wherein generating the relationship between or among the database items includes the sharding manager performing;
  
  determining at least a first split relationship and a second split relationship of the relationship between or among the database items across the at least two database shards;
  
  maintaining, in a first shard of the at least two database shards, a first split function data structure, the first split function data structure representing the first split relationship and identifying the first split relationship with a unique identifier, wherein the first split function data structure comprises a first split function database table keyed to a first database item in the first shard, and relating the first database item and a second database item across the at least two database shards; and
  
  maintaining, in a second shard of the at least two database shards, a second split function data structure, the second split function data structure representing the second split relationship and identifying the first split relationship with the unique identifier, wherein the second split function data structure comprises a second split function database table keyed to the second database item in the second shard, and relating the first database item and the second database item across the at least two database shards.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 14. The system of claim 13, wherein the application gateway server node comprises a database manager and wherein the database manager comprises the sharding manager.
  - 15. The system of claim 13, wherein the relationship represents a resource lock and wherein the resource lock is defined by the first split function data structure stored in the first shard and the second split function data structure stored in the second shard.
  - 16. The system of claim 13, wherein the first database item is associated with a user and wherein the second database item is associated with a document.
  - 17. The system of claim 13, wherein the first shard is associated with a user and wherein the second shard is associated with a document.
  - 18. The system of claim 13, wherein the first database item is associated with a first identifier encoded with a shard identification mask associated with the first shard.
  - 19. The system of claim 13, wherein the unique identifier is a primary key comprising an identifier to the first database item and an identifier for the second database item.
  - 20. The system of claim 13, wherein generating the relationship between or among the database items further includes the sharding manager performing:
    - generating the unique identifier for the relationship between the database items across the at least two database shards and storing the unique identifier in the first split function database table and the second split function database table.
  - 21. The system of claim 20, wherein generating the relationship between or among the database items further includes the sharding manager performing:
    - storing the unique identifier as a primary key for the first split function database table and a primary key of the second split function database table.
  - 22. The system of claim 13, wherein the first split function data structure includes a first identifier and a second identifier, wherein the second split function data structure includes a first identifier and a second identifier, wherein the second identifier of the first split function data structure is associated with a first foreign key referencing the second identifier of the second split function data structure, and wherein the first identifier of the second split function data structure is associated with a second foreign key referencing the first identifier of the first split function data structure.
  - 23. The system of claim 22, wherein the first identifier of the first split function data structure and the first identifier of the second split function data structure are associated with a resource and wherein the second identifier of the first split function data structure and the second identifier of the second split function data structure identify an entity having a lock on the resource.
  - 24. The system of claim 13, wherein the relationship is shared among three or more database items in three or more shards and wherein the sharding manager is operable to store a data structure representing a portion of the relationship in each shard, the data structure containing a foreign key referencing an item in a different shard that shares the relationship.
  - 25. The system of claim 24, wherein the relationship defines a document share.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ip Ot Sub Ulc
Original Assignee
Open Text Sa Ulc (Open Text Corporation)
Inventors
Beckman, Gregory, Laird, Robert, Obbard, Geoffrey Michael
Primary Examiner(s)
SHAIFER HARRIMAN, DANT B

Application Number

US14/534,623
Publication Number

US 20150088934A1
Time in Patent Office

1,027 Days
Field of Search

713168
US Class Current
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/16   Program or content traceabi...

G06F 21/6218   to a system of files or obj...

G06F 21/6227   where protection concerns t...

G06F 2221/2143   Clearing memory, e.g. to pr...

G06F 3/04817   using icons graphical or vi...

G06F 8/65   Updates security arrangemen...

H04L 63/02   for separating internal fro...

H04L 63/0428   wherein the data content is...

H04L 63/10   for controlling access to d...

H04L 63/105   Multiple levels of security

H04L 63/20   for managing network securi...

H04L 67/01   Protocols

H04L 67/02   based on web technology, e....

H04L 67/10   in which an application is ...

H04L 67/56   Provisioning of proxy servi...

H04L 67/565   Conversion or adaptation of...

H04L 67/5683   Storage of data provided by...

H04L 9/40   Network security protocols

Hosted application gateway architecture with multi-level security policy and rule promulgations

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

110 Citations

25 Claims

Specification

Use Cases

Quick Links

Others

Hosted application gateway architecture with multi-level security policy and rule promulgations

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

110 Citations

25 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others