Hybrid multi-tenancy cloud platform
First Claim
1. A method to provide a hybrid, multi-tenancy cloud platform, the method comprising:
- determining a desired security level for one or more applications of a tenant of a cloud service;
based on the desired security level of each of the one or more applications of the tenant, assigning each of the one or more applications to one of;
a first sub-cloud comprising separate data stores for each tenant, ora second sub-cloud comprising one or more shared data stores for a group of tenants and separate schemas for each tenant; and
in response to detecting a change of the desired security level of at least one of the one or more applications of the tenant, reassigning the at least one application to a different sub-cloud based on a new desired security level determined for the at least one application to address changing security needs of the at least one application, wherein the desired security level and the new desired security level are inferred from one or more tenant attributes that include at least one from a data recovery need, a data protection need, a deployment efficiency, and a number of prospective clients to access tenant data.
5 Assignments
0 Petitions
Accused Products
Abstract
Technologies are presented for a hybrid cloud-based service model combining separate database/separate schema, shared database/separate schema, and shared database/shared schema architectures suitable for serving multiple tenants while addressing varying security needs. Roles and security level needs of different tenants may be determined based on tenant declaration or inference from tenant attributes. Tenants may then be assigned to suitable clouds or sub-clouds based on their security level needs. In some examples, a claims-based access control authorization model such as federation may be employed to support interactions between the three different types of clouds or sub-clouds under the umbrella of a single cloud-based service provider while maintaining application and data security.
43 Citations
12 Claims
-
1. A method to provide a hybrid, multi-tenancy cloud platform, the method comprising:
-
determining a desired security level for one or more applications of a tenant of a cloud service; based on the desired security level of each of the one or more applications of the tenant, assigning each of the one or more applications to one of; a first sub-cloud comprising separate data stores for each tenant, or a second sub-cloud comprising one or more shared data stores for a group of tenants and separate schemas for each tenant; and in response to detecting a change of the desired security level of at least one of the one or more applications of the tenant, reassigning the at least one application to a different sub-cloud based on a new desired security level determined for the at least one application to address changing security needs of the at least one application, wherein the desired security level and the new desired security level are inferred from one or more tenant attributes that include at least one from a data recovery need, a data protection need, a deployment efficiency, and a number of prospective clients to access tenant data. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A cloud-based system configured to provide a hybrid, multi-tenancy cloud platform, the system comprising:
-
a management server configured to; determine a desired security level for one or more applications of a tenant of the cloud platform; based on the desired security level of each of the one or more applications of the tenant, assign each of the one or more applications to one of; a first sub-cloud comprising separate data stores for each tenant, or a second sub-cloud comprising one or more shared data stores for a group of tenants and separate schemas for each tenant; and in response to detecting a change of the desired security level of at least one of the one or more applications of the tenant, reassign the at least one application to a different sub-cloud based on a new desired security level determined for the at least one application to address changing security needs of the at least one application, wherein the desired security level and the new desired security level are inferred from one or more tenant attributes; and a federation server configured to; manage the first sub-cloud, the second sub-cloud, and a third sub-cloud through identity federation. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A non-transitory computer-readable storage medium having instructions stored thereon to provide hybrid, multi-tenancy cloud platforms, the instructions comprising:
-
determining a desired security level for one or more applications of a tenant of a cloud service; based on the desired security level of each of the one or more applications of the tenant, assigning each of the one or more applications to one of; a first sub-cloud comprising separate data stores for each tenant, and a second sub-cloud comprising one or more shared data stores for a group of tenants and separate schemas for each tenant; and in response to detecting a change of the desired security level of at least one of the one or more applications of the tenant, reassigning the at least one application to a different sub-cloud based on a new desired security level determined for the at least one application to address changing security needs of the at least one application, wherein the desired security level and the new desired security level are inferred from one or more tenant attributes. - View Dependent Claims (12)
-
Specification