Creating and maintaining multi-tenant applications in a platform-as-a-service (PaaS) environment of a cloud computing system

US 9,720,668 B2
Filed: 02/29/2012
Issued: 08/01/2017
Est. Priority Date: 02/29/2012
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

receiving, by a processing device of a virtual machine (VM) executing on a computing device in a Platform as a Service (PaaS) environment of a cloud computing system, a request to start an application on the VM, wherein the VM executes a plurality of multi-tenant applications that are each different software applications and each correspond to application owners that are different than an application owner of the requested application;

in response to receiving the request to start the application, creating, by the VM, a plurality of unique kernel namespace directories for a respective plurality of owners of the application, wherein each unique kernel namespace directory of the plurality of the unique kernel namespace directories corresponds to a separate owner of the plurality of owners of the application, wherein the plurality of unique kernel namespace directories for the plurality of owners of the application correspond to directories of an OS of the VM, and wherein each of the unique kernel namespace directories is different than other unique namespace directories corresponding to the plurality of owners of the application;

isolating resources of the application to the corresponding unique kernel namespace directories of the application;

providing, by the processing device of the VM, identification of the created unique namespace directories to the application, wherein the application does not update code of the application to access the unique kernel namespace directories of the application;

receiving, by the VM from the application, an access request to one of the directories on the OS;

mapping, by the VM, the requested directory to a corresponding unique kernel namespace directory of the application;

directing, by the VM in response to the access request, the application to the corresponding unique kernel namespace directory; and

wherein when the application is executed on the VM, the plurality of unique namespace directories corresponding to the plurality of owners of the application cause resources of the application to be isolated from other owners of the plurality of multi-tenant applications executing on the VM.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A mechanism for creating and maintaining multi-tenant applications in a Platform-as-a-Service (PaaS) environment of a cloud computing system is disclosed. A method includes receiving, by a virtual machine (VM), a request to start an application on the VM, wherein the VM hosts multi-tenant applications associated with owners different than an owner of the requested application, creating unique kernel namespace directories for the application, wherein each unique kernel namespace directory corresponds to one of a plurality of standard directories on an OS of the VM, providing identification of the created unique namespace directories to the application, wherein the application does not update code of the application to access the unique kernel namespace directories, receiving an access request to one of the standard directories, mapping the requested standard directory to a corresponding unique kernel namespace directory of the application, and directing the application to the corresponding unique kernel namespace directory.

60 Citations

View as Search Results

20 Claims

1. A method, comprising:
- receiving, by a processing device of a virtual machine (VM) executing on a computing device in a Platform as a Service (PaaS) environment of a cloud computing system, a request to start an application on the VM, wherein the VM executes a plurality of multi-tenant applications that are each different software applications and each correspond to application owners that are different than an application owner of the requested application;
  
  in response to receiving the request to start the application, creating, by the VM, a plurality of unique kernel namespace directories for a respective plurality of owners of the application, wherein each unique kernel namespace directory of the plurality of the unique kernel namespace directories corresponds to a separate owner of the plurality of owners of the application, wherein the plurality of unique kernel namespace directories for the plurality of owners of the application correspond to directories of an OS of the VM, and wherein each of the unique kernel namespace directories is different than other unique namespace directories corresponding to the plurality of owners of the application;
  
  isolating resources of the application to the corresponding unique kernel namespace directories of the application;
  
  providing, by the processing device of the VM, identification of the created unique namespace directories to the application, wherein the application does not update code of the application to access the unique kernel namespace directories of the application;
  
  receiving, by the VM from the application, an access request to one of the directories on the OS;
  
  mapping, by the VM, the requested directory to a corresponding unique kernel namespace directory of the application;
  
  directing, by the VM in response to the access request, the application to the corresponding unique kernel namespace directory; and
  
  wherein when the application is executed on the VM, the plurality of unique namespace directories corresponding to the plurality of owners of the application cause resources of the application to be isolated from other owners of the plurality of multi-tenant applications executing on the VM.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein a pam_namespace module creates the plurality of unique kernel namespace directories.
  - 3. The method of claim 1, wherein a kernel namespace feature creates the plurality of unique kernel namespace directories.
  - 4. The method of claim 1, wherein one or more commands of a kernel of the OS of the VM comprising clone and unshare create the plurality of unique kernel namespace directories.
  - 5. The method of claim 1, wherein the plurality of unique kernel namespace directories is created as part of initializing the application on the VM.
  - 6. The method of claim 1, wherein the resources comprise configuration settings of the application, identifying information of the application, files of the application, and commands of the application.
  - 7. The method of claim 1, wherein the plurality of unique namespace directories for the application comprises a unique namespace directory for a configuration directory of the application, a unique namespace directory for identifying information of the application, a unique namespace directory for files of the application, and a unique namespace directory for commands of the application.

8. An apparatus, comprising:
- a memory;
  
  a processing device communicably coupled to the memory; and
  
  a virtual machine (VM), in a Platform as a Service (PaaS) environment of a cloud computing system, to virtualize resources of the memory and the processing device, the VM to;
  
  receive a request to start an application on the VM, wherein the VM executes a plurality of multi-tenant applications that are each different software applications and each correspond to application owners that are different than an application owner of the requested application;
  
  in response to receiving the request to start the application, create a plurality of unique kernel namespace directories for a respective plurality of owners of the application, wherein each unique kernel namespace directory of the plurality of the unique kernel namespace directories corresponds to a separate owner of the plurality of owners of the application, wherein the plurality of unique kernel namespace directories for the plurality of owners of the application correspond to directories of an operating system (OS) of the VM, and wherein each of the unique kernel namespace directories is different than other unique namespace directories corresponding to the plurality of owners of the application;
  
  isolate resources of the application to the corresponding unique kernel namespace directories of the application;
  
  provide identification of the created unique namespace directories to the application, wherein the application does not update code of the application to access the unique kernel namespace directories of the application;
  
  receive, from the application, an access request to one of the directories on the OS;
  
  map the requested directory to a corresponding unique kernel namespace directory of the application;
  
  direct, in response to the access request, the application to the corresponding unique kernel namespace directory; and
  
  wherein when the application is executed on the VM, the plurality of unique namespace directories corresponding to the plurality of owners of the application cause resources of the application to be isolated from other owners of the plurality of multi-tenant applications executing on the VM.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The apparatus of claim 8, wherein a pam_namespace module creates the plurality of unique kernel namespace directories.
  - 10. The apparatus of claim 8, wherein a kernel namespace feature creates the plurality of unique kernel namespace directories.
  - 11. The apparatus of claim 8, wherein one or more commands of the kernel comprising clone and unshare create the plurality of unique kernel namespace directories.
  - 12. The apparatus of claim 8, wherein the resources comprise configuration settings of the application, identifying information of the application, files of the application, and commands of the application.
  - 13. The apparatus of claim 8, wherein the plurality of unique namespace directories for the application comprises a unique namespace directory for a configuration directory of the application, a unique namespace directory for identifying information of the application, a unique namespace directory for files of the application, and a unique namespace directory for commands of the application.
  - 14. The apparatus of claim 8, wherein the plurality of unique kernel namespace directories is created as part of initializing the application on the VM.

15. A non-transitory machine-readable storage medium including instructions that, when accessed by a processing device, cause the processing device to:
- receive, by a virtual machine (VM) executing by the processing device on a computing device in a Platform as a Service (PaaS) environment of a cloud computing system, a request to start an application on the VM, wherein the VM executes a plurality of multi-tenant applications that are each different software applications and each correspond to application owners that are different than an application owner of the requested application;
  
  in response to receiving the request to start the application, create a plurality of unique kernel namespace directories for a respective plurality of owners of the application, wherein each unique kernel namespace directory of the plurality of the unique kernel namespace directories corresponds to a separate owner of the plurality of owners of the application, wherein the plurality of unique kernel namespace directories for the plurality of owners of the application correspond to directories of an operating system (OS) of the VM, and wherein each of the unique kernel namespace directories is different than other unique namespace directories corresponding to the plurality of owners of the application;
  
  isolate resources of the application to the corresponding unique kernel namespace directories of the application;
  
  provide, by the VM, identification of the created unique namespace directories to the application, wherein the application does not update code of the application to access the unique kernel namespace directories of the application;
  
  receive, by the VM from the application, an access request to one of the directories on the OS;
  
  map, by the VM, the requested directory to a corresponding unique kernel namespace directory of the application;
  
  direct, by the VM in response to the access request, the application to the corresponding unique kernel namespace directory; and
  
  wherein when the application is executed on the VM, the plurality of unique namespace directories corresponding to the plurality of owners of the application cause resources of the application to be isolated from other owners of the plurality of multi-tenant applications executing on the VM.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory machine-readable storage medium of claim 15, wherein at least one of a pam namespace module or a kernel namespace feature create the plurality of unique kernel namespace directories.
  - 17. The non-transitory machine-readable storage medium of claim 15, wherein the resources comprise configuration settings of the application, identifying information of the application, files of the application, and commands of the application.
  - 18. The non-transitory machine-readable storage medium of claim 15, wherein the plurality of unique namespace directories for the application comprises a unique namespace directory for a configuration directory of the application, a unique namespace directory for identifying information of the application, a unique namespace directory for files of the application, and a unique namespace directory for commands of the application.
  - 19. The non-transitory machine-readable storage medium of claim 15, wherein the plurality of unique kernel namespace directories is created as part of initializing the application on the VM.
  - 20. The non-transitory machine-readable storage medium of claim 15, wherein one or more commands of the kernel comprising clone and unshare create the plurality of unique kernel namespace directories.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Red Hat, Inc. (International Business Machines Corporation)
Original Assignee
Red Hat, Inc. (International Business Machines Corporation)
Inventors
McGrath, Michael P.
Primary Examiner(s)
KIM, DONG U

Application Number

US13/408,754
Publication Number

US 20130227563A1
Time in Patent Office

1,980 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 8/60 Software deployment

G06F 9/45533 Hypervisors; Virtual machin...

Creating and maintaining multi-tenant applications in a platform-as-a-service (PaaS) environment of a cloud computing system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

60 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Creating and maintaining multi-tenant applications in a platform-as-a-service (PaaS) environment of a cloud computing system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

60 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links