Multi-tenant audit awareness in support of cloud environments
First Claim
1. A method of managing log data generated by resources hosted in a multi-tenant shared pool of configurable computing resources, comprising:
- aggregating and normalizing log information received from a plurality of the resources;
parsing the aggregated and normalized log information to identify a tenant associated with each of a set of transactions; and
for each of the set of transactions, annotating log data associated with the tenant and the particular transaction to include a tenant-specific identifier.
1 Assignment
0 Petitions
Accused Products
Abstract
A cloud enablement aggregation proxy (CEAP) receives and processes audit data from audited resources before such data is stored in a database. The CEAP manages log data for resources hosted in a multi-tenant shared pool of configurable computing resources (e.g., a compute cloud). A method for managing log data begins by the proxy aggregating and normalizing log information received from a plurality of the resources. The aggregated and normalized log information is then parsed to identify a tenant associated with each of a set of transactions. For each of the set of transactions, the CEAP annotates log data associated with the tenant and the particular transaction to include a tenant-specific identifier. An optional tenant separation proxy (TSP) separates the annotated log data on a per tenant basis prior to storage, and the tenant-specific log data may be stored in per tenant data structures or dedicated tenant log event databases to facilitate subsequent compliance or other analysis.
227 Citations
25 Claims
-
1. A method of managing log data generated by resources hosted in a multi-tenant shared pool of configurable computing resources, comprising:
-
aggregating and normalizing log information received from a plurality of the resources; parsing the aggregated and normalized log information to identify a tenant associated with each of a set of transactions; and for each of the set of transactions, annotating log data associated with the tenant and the particular transaction to include a tenant-specific identifier. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 15, 16)
-
-
9. Apparatus to manage log data generated by resources hosted in a multi-tenant shared pool of configurable computing resources, comprising:
-
a processor; computer memory holding computer program instructions that when executed by the processor perform a method comprising; aggregating and normalizing log information received from a plurality of the resources; parsing the aggregated and normalized log information to identify a tenant associated with each of a set of transactions; and for each of the set of transactions, annotating log data associated with the tenant and the particular transaction to include a tenant-specific identifier. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
17. A computer program product in a computer readable medium for use in a data processing system to manage log data generated by resources hosted in a multi-tenant shared pool of configurable computing resources, the computer program product holding computer program instructions which, when executed by the data processing system, perform a method comprising:
-
aggregating and normalizing log information received from a plurality of the resources; parsing the aggregated and normalized log information to identify a tenant associated with each of a set of transactions; and for each of the set of transactions, annotating log data associated with the tenant and the particular transaction to include a tenant-specific identifier. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
-
25. A cloud enablement aggregation proxy, comprising:
-
a processor; computer memory holding computer program instructions executed by the processor to perform a method of managing logging data generated by resources hosted in a multi-tenant shared pool of configurable computing resources, the method comprising; aggregating log information received from a plurality of the resources, wherein at least one resource is a multi-tenant unaware resource; and processing the aggregated log information to identify, for each of a set of transactions, which of a set of multiple tenants was bound to the particular transaction that generated the log information.
-
Specification