Hybrid multi-tenancy cloud platform

US 9,003,502 B2
Filed: 03/19/2012
Issued: 04/07/2015
Est. Priority Date: 03/19/2012
Status: Active Grant

First Claim

Patent Images

1. A method to provide a hybrid, multi-tenancy cloud platform, the method comprising:

determining a desired security level for one or more applications of a tenant of a cloud service;

based on the desired security level of each of the one or more applications of the tenant, assigning each of the one or more applications to one of;

a first sub-cloud comprising separate data stores for each tenant, ora second sub-cloud comprising one or more shared data stores for a group of tenants and separate schemas for each tenant; and

in response to detecting a change of the desired security level of at least one of the one or more applications of the tenant, reassigning the at least one application to a different sub-cloud based on a new desired security level determined for the at least one application to address changing security needs of the at least one application, wherein the desired security level and the new desired security level are inferred from one or more tenant attributes that include at least one from a data recovery need, a data protection need, a deployment efficiency, and a number of prospective clients to access tenant data.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Technologies are presented for a hybrid cloud-based service model combining separate database/separate schema, shared database/separate schema, and shared database/shared schema architectures suitable for serving multiple tenants while addressing varying security needs. Roles and security level needs of different tenants may be determined based on tenant declaration or inference from tenant attributes. Tenants may then be assigned to suitable clouds or sub-clouds based on their security level needs. In some examples, a claims-based access control authorization model such as federation may be employed to support interactions between the three different types of clouds or sub-clouds under the umbrella of a single cloud-based service provider while maintaining application and data security.

43 Citations

View as Search Results

12 Claims

1. A method to provide a hybrid, multi-tenancy cloud platform, the method comprising:
- determining a desired security level for one or more applications of a tenant of a cloud service;
  
  based on the desired security level of each of the one or more applications of the tenant, assigning each of the one or more applications to one of;
  
  a first sub-cloud comprising separate data stores for each tenant, ora second sub-cloud comprising one or more shared data stores for a group of tenants and separate schemas for each tenant; and
  
  in response to detecting a change of the desired security level of at least one of the one or more applications of the tenant, reassigning the at least one application to a different sub-cloud based on a new desired security level determined for the at least one application to address changing security needs of the at least one application, wherein the desired security level and the new desired security level are inferred from one or more tenant attributes that include at least one from a data recovery need, a data protection need, a deployment efficiency, and a number of prospective clients to access tenant data.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method according to claim 1, further comprising:
    - based on the desired security level of each of the one or more applications of the tenant, assigning the one or more applications to a third sub-cloud comprising one or more shared data stores and one or more shared schemas for a group of tenants.
  - 3. The method according to claim 1, wherein the cloud platform provides a software as a service (SaaS).
  - 4. The method of claim 1, further comprising:
    - managing the first sub-cloud, the second sub-cloud, and a third sub-cloud through identity federation.
  - 5. The method according to claim 4, wherein managing the first sub-cloud, the second sub-cloud, and the third sub-cloud through identity federation includes a claim based authentication process establishing trust between the first sub-cloud, the second sub-cloud, and the third sub-cloud through a federation server.

6. A cloud-based system configured to provide a hybrid, multi-tenancy cloud platform, the system comprising:
- a management server configured to;
  
  determine a desired security level for one or more applications of a tenant of the cloud platform;
  
  based on the desired security level of each of the one or more applications of the tenant, assign each of the one or more applications to one of;
  
  a first sub-cloud comprising separate data stores for each tenant, ora second sub-cloud comprising one or more shared data stores for a group of tenants and separate schemas for each tenant; and
  
  in response to detecting a change of the desired security level of at least one of the one or more applications of the tenant, reassign the at least one application to a different sub-cloud based on a new desired security level determined for the at least one application to address changing security needs of the at least one application, wherein the desired security level and the new desired security level are inferred from one or more tenant attributes; and
  
  a federation server configured to;
  
  manage the first sub-cloud, the second sub-cloud, and a third sub-cloud through identity federation.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The system according to claim 6, wherein the management server is further configured to:
    - based on the desired security level of each of the one or more applications of the tenant, assign the one or more applications to the third sub-cloud comprising one or more shared data stores and one or more shared schemas for a group of tenants.
  - 8. The system according to claim 6, wherein the one or more tenant attributes include at least one a data recovery need, a data protection need, a deployment efficiency, and a number of prospective clients to access tenant data.
  - 9. The system according to claim 6, wherein the cloud platform provides a software as a service (SaaS).
  - 10. The system according to claim 6, wherein the federation server is configured to manage the first sub-cloud, the second sub-cloud, and the third sub-cloud through identity federation employing a claim based authentication process establishing trust between the first sub-cloud, the second sub-cloud, and the third sub-cloud.

11. A non-transitory computer-readable storage medium having instructions stored thereon to provide hybrid, multi-tenancy cloud platforms, the instructions comprising:
- determining a desired security level for one or more applications of a tenant of a cloud service;
  
  based on the desired security level of each of the one or more applications of the tenant, assigning each of the one or more applications to one of;
  
  a first sub-cloud comprising separate data stores for each tenant, anda second sub-cloud comprising one or more shared data stores for a group of tenants and separate schemas for each tenant; and
  
  in response to detecting a change of the desired security level of at least one of the one or more applications of the tenant, reassigning the at least one application to a different sub-cloud based on a new desired security level determined for the at least one application to address changing security needs of the at least one application, wherein the desired security level and the new desired security level are inferred from one or more tenant attributes.
- View Dependent Claims (12)
- - 12. The non-transitory computer-readable storage medium according to claim 11, wherein the instructions further comprise:
    - based on the desired security level of each of the one or more applications of the tenant, assigning the one or more applications to a third sub-cloud comprising one or more shared data stores and one or more shared schemas for a group of tenants.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Knapp Investment Company Limited
Original Assignee
Empire Technology Development LLC (Allied Inventors Management, LLC)
Inventors
Zhang, Fan, Cao, Junwei
Primary Examiner(s)
Schwartz, Darren B

Application Number

US13/819,715
Publication Number

US 20140040999A1
Time in Patent Office

1,114 Days
Field of Search

726 2- 10, 726 26- 30
US Class Current

726/5
CPC Class Codes

G06F 21/31   User authentication

H04L 67/10   in which an application is ...

H04W 4/60   Subscription-based services...

Hybrid multi-tenancy cloud platform

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

43 Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Hybrid multi-tenancy cloud platform

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

43 Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links