Moving a portion of a streaming application to a public cloud based on sensitive data
First Claim
Patent Images
1. An article of manufacture comprising software stored on a computer readable storage medium, the software comprising:
- a streaming application comprising a flow graph that includes a plurality of processing elements that process a plurality of data tuples;
a performance monitor that monitors performance of the plurality of processing elements in the flow graph;
a sensitive data monitor that identifies which of the plurality of processing elements in the flow graph process sensitive data;
at least one sensitive data split criterion that specifies how to split the flow graph based on sensitive data so at least a portion of the flow graph can be moved to a public cloud in a manner that assures the sensitive data is not in the public cloud, wherein the at least one sensitive data split criterion specifies to split a plurality of tuple attributes corresponding to a selected data tuple between a first set of the plurality of tuple attributes that include sensitive data and a second set of the plurality of tuple attributes that do not include sensitive data; and
a streams manager that manages the streaming application, the streams manager selecting based on the at least one sensitive data split criterion at least one portion of the flow graph to move to the public cloud when the performance monitor determines performance of the streaming application needs to be improved, and in response, the streams manager moves the selected at least one portion of the flow graph to the public cloud by creating at least one cloned portion of the flow graph in the public cloud, routes the first set of the plurality of tuple attributes to a portion of the flow graph in a secure system, routes the second set of the plurality of tuple attributes to the at least one cloned portion of the flow graph in the public cloud, and recombines the first set of the plurality of tuple attributes and the second set of the plurality of tuple attributes into the selected tuple in the secure system.
1 Assignment
0 Petitions
Accused Products
Abstract
A streams manager determines which portions of a streaming application process sensitive data, and when performance of the streaming application needs to be increased, selects based on the sensitive data which portion(s) of the streaming application can be moved to a public cloud. The streams manager then interacts with the public cloud manager to move the selected portion(s) of the streaming application to the public cloud. This may include cloning of processing elements or operators to a public cloud, then splitting tuple attributes so tuple attributes that do not include sensitive data can be processed in the public cloud while tuple attributes that include sensitive data are processed in a secure system. The tuple attributes are then recombined into full tuples in the secure system. The streams manager thus protects the integrity of sensitive data while still taking advantage of the additional resources available in a public cloud.
34 Citations
9 Claims
-
1. An article of manufacture comprising software stored on a computer readable storage medium, the software comprising:
-
a streaming application comprising a flow graph that includes a plurality of processing elements that process a plurality of data tuples; a performance monitor that monitors performance of the plurality of processing elements in the flow graph; a sensitive data monitor that identifies which of the plurality of processing elements in the flow graph process sensitive data; at least one sensitive data split criterion that specifies how to split the flow graph based on sensitive data so at least a portion of the flow graph can be moved to a public cloud in a manner that assures the sensitive data is not in the public cloud, wherein the at least one sensitive data split criterion specifies to split a plurality of tuple attributes corresponding to a selected data tuple between a first set of the plurality of tuple attributes that include sensitive data and a second set of the plurality of tuple attributes that do not include sensitive data; and a streams manager that manages the streaming application, the streams manager selecting based on the at least one sensitive data split criterion at least one portion of the flow graph to move to the public cloud when the performance monitor determines performance of the streaming application needs to be improved, and in response, the streams manager moves the selected at least one portion of the flow graph to the public cloud by creating at least one cloned portion of the flow graph in the public cloud, routes the first set of the plurality of tuple attributes to a portion of the flow graph in a secure system, routes the second set of the plurality of tuple attributes to the at least one cloned portion of the flow graph in the public cloud, and recombines the first set of the plurality of tuple attributes and the second set of the plurality of tuple attributes into the selected tuple in the secure system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. An article of manufacture comprising software stored on a computer readable storage medium, the software comprising:
-
a streaming application comprising a flow graph that includes a plurality of processing elements that process a plurality of data tuples; a performance monitor that monitors performance of the plurality of processing elements in the flow graph; a sensitive data monitor that identifies which of the plurality of processing elements in the flow graph process sensitive data; a plurality of sensitive data split criteria that specify how to split the flow graph based on sensitive data so at least a portion of the flow graph can be moved to a public cloud in a manner that assures the sensitive data is not in the public cloud, the sensitive split criteria including; specifying to move to the public cloud connected processing elements in the flow graph that do not process sensitive data; specifying to move to the public cloud individual processing elements in the flow graph that do not process sensitive data; specifying to move to the public cloud connected processing elements in the flow graph that process sensitive data that can have a data input encrypted and a data output decrypted; specifying to unfuse one of the plurality of processing elements into a plurality of operators so at least one of the plurality of operators that does not process sensitive data is moved to the public cloud while at least one of the plurality of operators that process sensitive data is not moved to the public cloud; and specifying to split a plurality of tuple attributes corresponding to a selected data tuple between a first set of the plurality or tuple attributes that include sensitive data and a second set of the plurality of tuple attributes that do not include sensitive data; a streams manager that selects based on the sensitive data split criteria at least one portion of the flow graph to move to the public cloud when the monitored performance indicates performance of the streaming application needs to be improved by comparing current performance of the streaming application to at least one performance threshold and by comparing current performance of the streaming application to historical performance of the streaming application, and moving the selected at least one portion of the flow graph to the public cloud by requesting a public cloud manager to provision at least one virtual machine with logic to implement the selected at least one portion of the flow graph, and when the public cloud manager provisions the at least one virtual machine, modifying the flow graph to include the at least one virtual machine in the flow graph of the streaming application, creating at least one cloned portion of the flow graph in the public cloud, routing the first set of the plurality of tuple attributes to a portion of the flow graph in a secure system, routing the second set of the plurality of tuple attributes to the at least one cloned portion of the flow graph in the public cloud, and recombining the first set of the plurality of tuple attributes and the second set of the plurality of tuple attributes into the selected tuple in the secure system.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeInternational Business Machines Corporation
-
Original AssigneeInternational Business Machines Corporation
-
InventorsBarsness, Eric L., Branson, Michael J., Santosuosso, John M.
-
Primary Examiner(s)ZAIDI, SYED A
-
Application NumberUS15/458,544Publication NumberTime in Patent Office350 DaysField of Search726 28US Class CurrentCPC Class CodesG06F 2009/45562 Creating, deleting, cloning...G06F 21/6245 Protecting personal data, e...G06F 21/6254 by anonymising data, e.g. d...G06F 9/455 Emulation; Interpretation; ...G06F 9/45558 Hypervisor-specific managem...G06F 9/50 Allocation of resources, e....G06F 9/5027 the resource being a machin...G06F 9/5072 Grid computingH04L 41/5025 by proactively reacting to ...H04L 41/5054 Automatic deployment of ser...H04L 41/509 wherein the managed service...H04L 43/04 Processing captured monitor...H04L 63/0428 wherein the data content is...H04L 65/61 for supporting one-way stre...H04L 67/10 in which an application is ...H04L 67/1095 Replication or mirroring of...H04L 67/75 Indicating network or usage...
