CN105577675A - Multi-tenant resource management method and device - Google Patents
Multi-tenant resource management method and device Download PDFInfo
- Publication number
- CN105577675A CN105577675A CN201511030381.9A CN201511030381A CN105577675A CN 105577675 A CN105577675 A CN 105577675A CN 201511030381 A CN201511030381 A CN 201511030381A CN 105577675 A CN105577675 A CN 105577675A
- Authority
- CN
- China
- Prior art keywords
- tenant
- data center
- node
- exclusive
- resource
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0209—Architectural arrangements, e.g. perimeter networks or demilitarized zones
- H04L63/0218—Distributed architectures, e.g. distributed firewalls
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention discloses a multi-tenant resource management method. The method comprises following steps: when there is a newly increased tenant, distributing a special data center node to the tenant, wherein the data center node provides all application systems demanded for processing services to the tenant; and distributing special physical resources to the data center node through a preset resource distribution algorithm. The invention also discloses a multi-tenant resource management device. According to the method and the device of the invention, different tenant data are in mutual independence; different tenants cannot invoke the data mutually; meanwhile, the technique complexity is reduced; and the stability is increased.
Description
Technical field
The present invention relates to distributed structure/architecture field, particularly relate to method and the device of many tenants resource management.
Background technology
Current cloud computing service is for the most basic isolation having two levels of the implementation of many tenants system: the isolation of computational resource layer between tenant, mainly through to physical source distributing and management, realize not sharing the identical computational resource such as physical server resource, data storage resource between tenant; The isolation of Internet resources layer between tenant, mainly through VPC (VirtualPrivateCloud, virtual privately owned cloud) technology, realize directly to carry out network communication between tenant, all communication strategy can management and control.
The publicly-owned cloud service provider of current majority is promoted gradually, is grasped VPC technology.Publicly-owned cloud service provider does not promote the physical resource isolation of computation layer.The cloud service provider that having a mind individually becomes financial cloud service provider starts test or exploitation computational resource isolation technology.
Completely isolated, user has a full autonomy network environment that what VPC was supplied to user is, in this network environment, user can oneself planning network, selects the network segment and self-defined route.A user can create multiple private network, and different private network gives tacit consent to not intercommunication.VPC private network supports that VPN (VirtualPrivateNetwork, virtual private networks) and special line two kinds of modes and subscriber data center are interconnected.The cloud main-machine communication of VPC private network inside, what handset sent out wraps on machine tool and can carry out routing addressing, find the machine tool address of destination handset, through GRE (GenericRoutingEncapsulation, generic route encapsulation) encapsulation, arrive opposite end machine tool, untie GRE and send to object handset again.Addressing information carrys out management maintenance by VPC, ensures between different VPC mutually isolated, guarantees safety, and meeting buffered in advance is to corresponding machine tool, promotes Packet forwarding efficiency.
If the cloud main frame of VPC private network inside needs extranet access ability, can directly buy outer net bandwidth, for have purchased cloud host assignment outer net IP (InternetProtocol of outer net bandwidth, the agreement interconnected between network), this outer net IP trustship is at gateway, all outer net flows, all through gateway, are forwarded to main frame after GRE encapsulation again.VPC private network can have machine room intercommunication by oneself by vpn gateway and user, and vpn gateway has active and standby, and the main frame machine of delaying can be switched to standby host in real time, supports IPSec (InternetProtocolSecurity, Internet protocol safety).Can configure bag routing policy based on destination address by the self-defined routing function of private network, the route realizing VPC network and user's machine room is got through.The routing policy configuration of VPC private network is interconnected similar with VPN, can configure which kind of flow walk special line by destination address.
Each private network VPC has unique ID, and routing configuration is managed by unique ID, and the route of different VPCID (VPCID, virtual private networks ID) is definitely independent, do not interfere with each other; The routing configuration of VPC change newly-increased/destroy main frame time occur, when VPC background system is unavailable, only can affect the network service of newly-increased main frame, storage main frame can proper communication; The VPC routing configuration of mistake causes main-machine communication in VPC unavailable, and has the probability piercing and isolate between VPC; The access of VPC background system has authentication to control, and has log recording to all requests, convenient tracking.The machine disposed, DB (Database, database) have permission control, but non-operation maintenance personnel can not obtain.
The computational resource Physical-separation Technology of the VPC technology that existing many tenants isolation technology mainly relies on publicly-owned cloud platform to start gradually to adopt and current not yet spread.These two technology have certain limitation: technology itself is too complicated, realizes cost higher, adds the complexity of O&M, and can lose efficacy under special scenes.
Summary of the invention
Main purpose of the present invention is the method and the device that provide a kind of many tenants resource management, and being intended to solve the isolation of many tenants computational resource, to realize cost high and realize the large technical problem of difficulty.
For achieving the above object, the invention provides a kind of method of many tenants resource management, the method of described tenant's resource management comprises the following steps: when there being newly-increased tenant, for described tenant distributes exclusive data center's node, described data center node provides the described tenant of process the application system that all Business Processing need; Be the exclusive physical resource of described data center peer distribution by default resource allocation algorithm.
Preferably, describedly to comprise by presetting after resource allocation algorithm is the step of the exclusive physical resource of described data center peer distribution:
Be the exclusive messaging bus of described data center peer distribution by the default communication of algorithms, described application system accesses described messaging bus and carries out communication.
Preferably, describedly to comprise by presetting after resource allocation algorithm is the step of the exclusive physical resource of described data center peer distribution:
By the data of described tenant by presetting many copies storage algorithm, be kept in the exclusive physical resource of described data center node.
Preferably, describedly to comprise by presetting after resource allocation algorithm is the step of the exclusive physical resource of described data center peer distribution:
When tenant exits, delete the data in the exclusive data center's node of described tenant;
Remove the membership between the exclusive data center's node of described tenant and the exclusive physical resource of described data center node;
Remove the membership between described tenant and the exclusive data center's node of described tenant.
In addition, for achieving the above object, the present invention also provides a kind of device of many tenants resource management, and the device of described tenant's resource management comprises:
Peer distribution module, for when there being newly-increased tenant, for described tenant distributes exclusive data center's node, described data center node provides the described tenant of process the application system that all Business Processing need;
Resource distribution module, for being the exclusive physical resource of described data center peer distribution by presetting resource allocation algorithm.
Preferably, the device of described many tenants resource management also comprises:
Messaging bus distribution module, for being the exclusive messaging bus of described data center peer distribution by presetting the communication of algorithms, described application system accesses described messaging bus and carries out communication.
Preferably, the device of described many tenants resource management also comprises:
Data memory module, for the data of described tenant being passed through to preset many copies storage algorithm, is kept in the exclusive physical resource of described data center node.
Preferably, the device of described many tenants resource management also comprises:
Data destroying module, for when tenant exits, deletes the data in the exclusive data center's node of described tenant;
Resource removes module, for removing the membership between the exclusive data center's node of described tenant and the exclusive physical resource of described data center node;
Node removes module, for removing the membership between described tenant and the exclusive data center's node of described tenant.
The method of a kind of many tenants resource management that the embodiment of the present invention proposes and device, by distributing exclusive physical resource and messaging bus for each tenant, realize the isolation of physical resource and communication between tenant, reduce the cost of tenant's resource isolation and realize difficulty, and resource isolation is more reliable.
Accompanying drawing explanation
Fig. 1 is a kind of possibility of the present invention application scenarios schematic diagram;
Fig. 2 is the schematic flow sheet of the first embodiment of the method for the present invention many tenants Resource Storage;
Fig. 3 is the schematic flow sheet of the second embodiment of the method for the present invention many tenants Resource Storage;
Fig. 4 is the schematic flow sheet of the 3rd embodiment of the method for the present invention many tenants Resource Storage;
Fig. 5 is the schematic flow sheet of the 4th embodiment of the method for the present invention many tenants Resource Storage;
Fig. 6 is the high-level schematic functional block diagram of the first embodiment of the device of the present invention many tenants Resource Storage;
Fig. 7 is the high-level schematic functional block diagram of the second embodiment of the device of the present invention many tenants Resource Storage;
Fig. 8 is the high-level schematic functional block diagram of the 3rd embodiment of the device of the present invention many tenants Resource Storage;
Fig. 9 is the high-level schematic functional block diagram of the 4th embodiment of the device of the present invention many tenants Resource Storage;
The realization of the object of the invention, functional characteristics and advantage will in conjunction with the embodiments, are described further with reference to accompanying drawing.
Embodiment
Should be appreciated that specific embodiment described herein only in order to explain the present invention, be not intended to limit the present invention.
The primary solutions of the embodiment of the present invention is: when there being newly-increased tenant, and for described tenant distributes exclusive data center's node, described data center node provides the described tenant of process the application system that all Business Processing need; Be the exclusive physical resource of described data center peer distribution by default resource allocation algorithm.
Because prior art uses VPC technology to realize tenant's resource isolation, tenant's resource isolation is realized, and cost is high and technical difficulty is large.
The invention provides a solution, by being the exclusive physical resource of tenant's Resourse Distribute and messaging bus, reduce the difficulty of tenant's resource isolation and realize cost, and due to the exclusive physical resource for tenant's Resourse Distribute, therefore the isolation of tenant's resource is more reliable.
As shown in Figure 1, for the general introduction of a kind of possible application scenarios of the present invention: in financial industry, independently the client of corporate entity and system of account are that independently application system, database and document storage system realize for the deploy of physical computing resources by monopolizing each legal person.Therefore, the core of many legal persons framework is the isolation of physical resource between legal person.Here physical resource isolation is including, but not limited to computation resource, message resource between database resource and application; The core principles of many legal persons framework: the data of different legal person must the system between separate, different legal person allow mutually to call, different legal person uses different physical resource ponds, the system of different legal person adopts the strategy disposed separately, stateless platform class service can be shared across legal person.
The present invention applies above-mentioned many legal persons framework and proposes following examples.
With reference to Fig. 2, be method first embodiment of the present invention many tenants resource management, the method for described many tenants resource management comprises:
Step S100, when there being newly-increased tenant, for described tenant distributes exclusive data center's node, described data center node provides the described tenant of process the application system that all Business Processing need;
When there being newly-increased tenant, by distributing exclusive data center's node for described tenant, ensure that a data Centroid only belongs to a tenant, all data of described tenant are all kept in described data center node, and described data center node provides the described tenant of process the application system that all Business Processing need, preferably, described data center node preserves multiple backups of tenant data simultaneously by presetting many copies storage algorithm.
Step S200 is the exclusive physical resource of described data center peer distribution by default resource allocation algorithm;
Be the exclusive physical resource of described data center peer distribution by default resource allocation algorithm, described physical resource at least comprises: application server, database server, distributed file system and messaging bus.By logic control, ensure that a physical server belongs to and only belongs to a data Centroid, each data center node has independently physical resource.
During concrete enforcement, for financial industry, described tenant is corporate organization, and described data center node is DCN, and the embodiment of the present embodiment is:
1, as the corporate organization that introducing one is new, for this corporate organization creates the DCN (Datacenternode required for it, data center's node), a DCN only belongs to a corporate organization, the all data of corporate organization are included in one or more DCN, preferably, can comprise multiple copies of data simultaneously, described data can comprise: deposit, loan, financing or fund, and DCN provides the single tenant of process the type the application system that all Business Processing need;
2, come for each DCN distributes physics server resource by resource management core system, pass through logic control, ensure that a physical server belongs to and only belongs to a DCN, physical resource is including, but not limited to application server, database server, distributed file system and messaging bus, rely on the physical resource independence between DCN, achieve the physical resource isolation between legal person.
In the present embodiment by controlling the source of Resourse Distribute during establishment tenant, data center's node is made to have independently physical resource, ensure the physical resource independence between each data center node, tenant's resource isolation is made not rely on the complex technology of run mode to realize, more succinct and stable.
Further, with reference to Fig. 3, the second embodiment of the method for the present invention many tenants resource management, based on the embodiment shown in above-mentioned Fig. 2, described step S200, comprises after being the exclusive physical resource of described data center peer distribution by default resource allocation algorithm:
Step S300, be the exclusive messaging bus of described data center peer distribution by the default communication of algorithms, described application system accesses described messaging bus and carries out communication.
Be the exclusive messaging bus of described data center peer distribution by the default communication of algorithms, the application system access that data center's node of different tenant provides different independent message bus in, a messaging bus only belongs to a tenant, further, the application system in a messaging bus can communicate with one another.
During concrete enforcement, divide messaging bus for VPN, the present embodiment is implemented as:
1, as the corporate organization that introducing one is new, for this corporate organization creates the DCN required for it, a DCN only belongs to a corporate organization, the all data of corporate organization are included in one or more DCN, preferably, can comprise multiple copies of data, described data can comprise simultaneously: deposit, loan, financing or fund, and DCN provides the single tenant of process the type the application system that all Business Processing need;
2, come for each DCN distributes physics server resource by resource management core system, pass through logic control, ensure that a physical server belongs to and only belongs to a DCN, physical resource is including, but not limited to application server, database server, distributed file system and messaging bus, rely on the physical resource independence between DCN, achieve the physical resource isolation between legal person;
3, be the messaging bus VPN that described data center peer distribution is exclusive, the application system that described data center node provides carries out communication by described messaging bus VPN, carries out Business Processing further;
4, due to the messaging bus VPN difference that different pieces of information Centroid distributes, therefore, between data center's node of different legal person, can not message be carried out, further, between data center's node of different legal person, can not Business Processing be carried out.
In the present embodiment, based on the advantage described in a upper embodiment, the present embodiment passes through as the exclusive messaging bus of data center's peer distribution, and the application system that described data center node provides only carries out communication by described exclusive messaging bus, achieves the communication isolation between different user.
Further, with reference to Fig. 4, the 3rd embodiment of the method for the present invention many tenants resource management, based on the embodiment shown in above-mentioned Fig. 3, described step S200, comprises after being the exclusive physical resource of described data center peer distribution by default resource allocation algorithm:
Step S400, when tenant exits, deletes the data in the exclusive data center's node of described tenant;
When tenant exits, delete the data of the preservation in the exclusive data center's node of described tenant, because all data of described tenant are all kept in described data center node, therefore, be applied to some Information Security and require high industry, the data storage medium in the exclusive data center's node of described tenant can be destroyed or transferred;
For this step, for financial industry, embodiment is:
Standard-required time retired for bank data according to regulator, carries out physical destroying to the data storage medium of computational resources all under legal person's item, is namely stored in the data in the exclusive data center's node of described tenant.
Step S500, removes the membership between the exclusive data center's node of described tenant and the exclusive physical resource of described data center node;
There is membership in the physical resource exclusive with it due to described data center node, and a corresponding data Centroid of physical resource, therefore, when tenant exits, the membership between the exclusive data center's node of described tenant and the exclusive physical resource of described data center node is removed.
Step S600, removes the membership between described tenant and the exclusive data center's node of described tenant;
There is membership in the data center node exclusive with it due to described tenant, and a corresponding tenant of data Centroid, when therefore tenant exits, remove the membership between the exclusive data center's node of described tenant and described tenant.
During concrete enforcement, for financial industry, described tenant is corporate organization, and described data center node is DCN, and the embodiment of the present embodiment is:
1, as the corporate organization that introducing one is new, for this corporate organization creates the DCN required for it, a DCN only belongs to a corporate organization, the all data of corporate organization are included in one or more DCN, preferably, can comprise multiple copies of data, described data can comprise simultaneously: deposit, loan, financing or fund, and DCN provides the single tenant of process the type the application system that all Business Processing need;
2, come for each DCN distributes physics server resource by resource management core system, pass through logic control, ensure that a physical server belongs to and only belongs to a DCN, physical resource is including, but not limited to application server, database server, distributed file system and messaging bus, rely on the physical resource independence between DCN, achieve the physical resource isolation between legal person;
3, be the messaging bus VPN that described data center peer distribution is exclusive, the application system that described data center node provides carries out communication by described messaging bus VPN, carries out Business Processing further;
4, due to the messaging bus VPN difference that different pieces of information Centroid distributes, therefore, between different pieces of information Centroid, can not message be carried out, further, between different pieces of information Centroid, can not Business Processing be carried out;
5, destroy or transfer all computational resources under legal person item data storage medium (physical destroying be current regulator retired for bank data time standard-required);
6, the membership between correlation computations resource and legal person DCN is removed;
7, the membership of legal person and associated DC N is removed;
8, legal person's state is set to exits.
In the present embodiment, based on the advantage described in a upper embodiment, when tenant exits, by removing between tenant and exclusive data center's node, the membership between data center's node and exclusive physical resource, and delete tenant data, after tenant is exited, there is not residual data to impact other tenants, further, improve the stability of tenant's resource isolation.
Further, with reference to Fig. 5, the 4th embodiment of the method for the present invention many tenants resource management, based on the embodiment shown in above-mentioned Fig. 2, described step S100, when there being newly-increased tenant, comprises for described tenant distributes exclusive data center's node:
Step S101, when described newly-increased tenant has newly-increased client, to be assigned to described newly-increased client by default Weighted random algorithm and to belong on different data center's node of this tenant;
When new tenant moves into, for described new tenant distributes exclusive data center's node, when described newly-increased client has newly-increased client by presetting Weighted random algorithm according to present node distribution condition, described newly-increased client is assigned on different data center's node of this tenant.
During concrete enforcement, the concrete implementation step of the present embodiment comprises:
1, when there being newly-increased legal person, directly for this legal person distributes exclusive data center's node, when there being newly-increased client, by default Weighted random algorithm assigns on different data center's nodes;
2, come for each DCN distributes physics server resource by resource management core system, pass through logic control, ensure that a physical server belongs to and only belongs to a DCN, physical resource is including, but not limited to application server, database server, distributed file system and messaging bus, rely on the physical resource independence between DCN, achieve the physical resource isolation between legal person.
In the present embodiment, based on the advantage described in a upper embodiment, the newly-increased client being new tenant by Weighted random algorithm distributes different data center's nodes, and data center's node that the newly-increased client into described new tenant is distributed is more reasonable accurately.
With reference to Fig. 6, be device first embodiment of the present invention many tenants resource management, the device of described many tenants resource management comprises:
Peer distribution module 100, for when there being newly-increased tenant, for described tenant distributes exclusive data center's node, described data center node provides the described tenant of process the application system that all Business Processing need;
When there being newly-increased tenant, by distributing exclusive data center's node for described tenant, ensure that a data Centroid only belongs to a tenant, all data of described tenant are all kept in described data center node, and described data center node provides the described tenant of process the application system that all Business Processing need, preferably, described data center node preserves multiple backups of tenant data simultaneously by presetting many copies storage algorithm.
Resource distribution module 200, for being the exclusive physical resource of described data center peer distribution by presetting resource allocation algorithm;
Be the exclusive physical resource of described data center peer distribution by default resource allocation algorithm, described physical resource at least comprises: application server, database server, distributed file system and messaging bus.By logic control, ensure that a physical server belongs to and only belongs to a data Centroid, each data center node has independently physical resource.
During concrete enforcement, for financial industry, described tenant is corporate organization, and described data center node is DCN, and the embodiment of the present embodiment is:
1, as the corporate organization that introducing one is new, for this corporate organization creates the DCN required for it, a DCN only belongs to a corporate organization, the all data of corporate organization are included in one or more DCN, preferably, can comprise multiple copies of data, described data can comprise simultaneously: deposit, loan, financing or fund, and DCN provides the single tenant of process the type the application system that all Business Processing need;
2, come for each DCN distributes physics server resource by resource management core system, pass through logic control, ensure that a physical server belongs to and only belongs to a DCN, physical resource is including, but not limited to application server, database server, distributed file system and messaging bus, rely on the physical resource independence between DCN, achieve the physical resource isolation between legal person.
In the present embodiment by controlling the source of Resourse Distribute during establishment tenant, data center's node is made to have independently physical resource, ensure the physical resource independence between each data center node, tenant's resource isolation is made not rely on the complex technology of run mode to realize, more succinct and stable.
Further, with reference to Fig. 7, the second embodiment of the device of the present invention many tenants resource management, based on the embodiment shown in above-mentioned Fig. 6, the device of described many tenants resource management comprises:
Messaging bus distribution module 300, for being the exclusive messaging bus of described data center peer distribution by presetting the communication of algorithms, described application system accesses described messaging bus and carries out communication.
Be the exclusive messaging bus of described data center peer distribution by the default communication of algorithms, the application system access that data center's node of different tenant provides different independent message bus in, a messaging bus only belongs to a tenant, further, the application system in a messaging bus can communicate with one another.
During concrete enforcement, divide messaging bus for VPN, the present embodiment is implemented as:
1, as the corporate organization that introducing one is new, for this corporate organization creates the DCN required for it, a DCN only belongs to a corporate organization, the all data of corporate organization are included in one or more DCN, preferably, can comprise multiple copies of data, described data can comprise simultaneously: deposit, loan, financing or fund, and DCN provides the single tenant of process the type the application system that all Business Processing need;
2, come for each DCN distributes physics server resource by resource management core system, pass through logic control, ensure that a physical server belongs to and only belongs to a DCN, physical resource is including, but not limited to application server, database server, distributed file system and messaging bus, rely on the physical resource independence between DCN, achieve the physical resource isolation between legal person;
3, be the messaging bus VPN that described data center peer distribution is exclusive, the application system that described data center node provides carries out communication by described messaging bus VPN, carries out Business Processing further;
4, due to the messaging bus VPN difference that different pieces of information Centroid distributes, therefore, between data center's node of different legal person, can not message be carried out, further, between data center's node of different legal person, can not Business Processing be carried out.
In the present embodiment, based on the advantage described in a upper embodiment, the present embodiment passes through as the exclusive messaging bus of data center's peer distribution, and the application system that described data center node provides only carries out communication by described exclusive messaging bus, achieves the communication isolation between different user.
Further, with reference to Fig. 8, the 3rd embodiment of the device of the present invention many tenants resource management, based on the embodiment shown in above-mentioned Fig. 7, the device of described many tenants resource management comprises:
Data destroying module 400, for when tenant exits, deletes the data in the exclusive data center's node of described tenant;
When tenant exits, delete the data of the preservation in the exclusive data center's node of described tenant, because all data of described tenant are all kept in described data center node, therefore, be applied to some Information Security and require high industry, the data storage medium in the exclusive data center's node of described tenant can be destroyed or transferred;
For this device, for financial industry, embodiment is:
Standard-required time retired for bank data according to regulator, carries out physical destroying to the data storage medium of computational resources all under legal person's item, is namely stored in the data in the exclusive data center's node of described tenant.
Resource removes module 500, for removing the membership between the exclusive data center's node of described tenant and the exclusive physical resource of described data center node;
There is membership in the physical resource exclusive with it due to described data center node, and a corresponding data Centroid of physical resource, therefore, when tenant exits, the membership between the exclusive data center's node of described tenant and the exclusive physical resource of described data center node is removed.
Node removes module 600, for removing the membership between described tenant and the exclusive data center's node of described tenant;
There is membership in the data center node exclusive with it due to described tenant, and a corresponding tenant of data Centroid, when therefore tenant exits, remove the membership between the exclusive data center's node of described tenant and described tenant.
During concrete enforcement, for financial industry, described tenant is corporate organization, and described data center node is DCN, and the embodiment of the present embodiment is:
1, as the corporate organization that introducing one is new, for this corporate organization creates the DCN required for it, a DCN only belongs to a corporate organization, the all data of corporate organization are included in one or more DCN, preferably, can comprise multiple copies of data, described data can comprise simultaneously: deposit, loan, financing or fund, and DCN provides the single tenant of process the type the application system that all Business Processing need;
2, come for each DCN distributes physics server resource by resource management core system, pass through logic control, ensure that a physical server belongs to and only belongs to a DCN, physical resource is including, but not limited to application server, database server, distributed file system and messaging bus, rely on the physical resource independence between DCN, achieve the physical resource isolation between legal person;
3, be the messaging bus VPN that described data center peer distribution is exclusive, the application system that described data center node provides carries out communication by described messaging bus VPN, carries out Business Processing further;
4, due to the messaging bus VPN difference that different pieces of information Centroid distributes, therefore, between different pieces of information Centroid, can not message be carried out, further, between different pieces of information Centroid, can not Business Processing be carried out;
5, destroy or transfer all computational resources under legal person item data storage medium (physical destroying be current regulator retired for bank data time standard-required);
6, the membership between correlation computations resource and legal person DCN is removed;
7, the membership of legal person and associated DC N is removed;
8, legal person's state is set to exits.
In the present embodiment, based on the advantage described in a upper embodiment, when tenant exits, by removing between tenant and exclusive data center's node, the membership between data center's node and exclusive physical resource, and delete tenant data, after tenant is exited, there is not residual data to impact other tenants, further, improve the stability of tenant's resource isolation.
Further, with reference to Fig. 9, the 4th embodiment of the device of the present invention many tenants resource management, based on the embodiment shown in above-mentioned Fig. 6, described peer distribution module 100 comprises:
Random node allocation units 101, for when described newly-increased tenant has newly-increased client, to be assigned to described newly-increased client by default Weighted random algorithm and to belong on different data center's node of this tenant;
When there being newly-increased tenant to move into, for described new tenant distributes exclusive data center's node, when described newly-increased client has newly-increased client by presetting Weighted random algorithm according to present node distribution condition, described newly-increased client is assigned on different data center's node of this tenant.
During concrete enforcement, the concrete implementation step of the present embodiment comprises:
1, when there being newly-increased legal person, directly for this legal person distributes exclusive data center's node, when there being newly-increased client, by default Weighted random algorithm assigns on different data center's nodes;
2, come for each DCN distributes physics server resource by resource management core system, pass through logic control, ensure that a physical server belongs to and only belongs to a DCN, physical resource is including, but not limited to application server, database server, distributed file system and messaging bus, rely on the physical resource independence between DCN, achieve the physical resource isolation between legal person.
In the present embodiment, based on the advantage described in a upper embodiment, the newly-increased client being new tenant by Weighted random algorithm distributes different data center's nodes, and data center's node that the newly-increased client into described new tenant is distributed is more reasonable accurately.
These are only the preferred embodiments of the present invention; not thereby the scope of the claims of the present invention is limited; every utilize specification of the present invention and accompanying drawing content to do equivalent structure or equivalent flow process conversion; or be directly or indirectly used in other relevant technical fields, be all in like manner included in scope of patent protection of the present invention.
Claims (8)
1. a method for the resource management of tenant more than, is characterized in that, the method for described many tenants resource management comprises the following steps:
When there being newly-increased tenant, for described tenant distributes exclusive data center's node, described data center node provides the process application system that described tenant's Business Processing needs;
Be the exclusive physical resource of described data center peer distribution by default resource allocation algorithm.
2. the method for claim 1, is characterized in that, describedly comprises by presetting after resource allocation algorithm is the step of the exclusive physical resource of described data center peer distribution:
Be the exclusive messaging bus of described data center peer distribution by the default communication of algorithms, described application system accesses described messaging bus and carries out communication.
3. the method for claim 1, is characterized in that, describedly comprises by presetting after resource allocation algorithm is the step of the exclusive physical resource of described data center peer distribution:
By the data of described tenant by presetting many copies storage algorithm, be kept in the exclusive physical resource of described data center node.
4. method as claimed in claim 3, is characterized in that, described by default resource allocation algorithm be the step of the exclusive physical resource of described data center peer distribution after comprise:
When tenant exits, delete the data in the exclusive data center's node of described tenant;
Remove the membership between the exclusive data center's node of described tenant and the exclusive physical resource of described data center node;
Remove the membership between described tenant and the exclusive data center's node of described tenant.
5. a device for the resource management of tenant more than, is characterized in that, the device of described many tenants resource management comprises:
Peer distribution module, for when there being newly-increased tenant, for described tenant distributes exclusive data center's node, described data center node provides the described tenant of process the application system that all Business Processing need;
Resource distribution module, for being the exclusive physical resource of described data center peer distribution by presetting resource allocation algorithm.
6. device as claimed in claim 5, it is characterized in that, the device of described many tenants resource management also comprises:
Messaging bus distribution module, for being the exclusive messaging bus of described data center peer distribution by presetting the communication of algorithms, described application system accesses described messaging bus and carries out communication.
7. device as claimed in claim 5, it is characterized in that, the device of described many tenants resource management also comprises:
Data memory module, for the data of described tenant being passed through to preset many copies storage algorithm, is kept in the exclusive physical resource of described data center node.
8. device as claimed in claim 7, it is characterized in that, the device of described many tenants resource management also comprises:
Data destroying module, for when tenant exits, deletes the data in the exclusive data center's node of described tenant;
Resource removes module, for removing the membership between the exclusive data center's node of described tenant and the exclusive physical resource of described data center node;
Node removes module, for removing the membership between described tenant and the exclusive data center's node of described tenant.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201511030381.9A CN105577675A (en) | 2015-12-31 | 2015-12-31 | Multi-tenant resource management method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201511030381.9A CN105577675A (en) | 2015-12-31 | 2015-12-31 | Multi-tenant resource management method and device |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN105577675A true CN105577675A (en) | 2016-05-11 |
Family
ID=55887332
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201511030381.9A Pending CN105577675A (en) | 2015-12-31 | 2015-12-31 | Multi-tenant resource management method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105577675A (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106354544A (en) * | 2016-08-24 | 2017-01-25 | 华为技术有限公司 | Virtual machine creating method and system and host |
| CN106385329A (en) * | 2016-08-31 | 2017-02-08 | 华为数字技术(成都)有限公司 | Processing method and device of resource pool and equipment |
| CN108268605A (en) * | 2017-12-27 | 2018-07-10 | 北京洪泰同创信息技术有限公司 | A kind of communal space method for managing resource and system |
| CN109151613A (en) * | 2017-06-16 | 2019-01-04 | 中兴通讯股份有限公司 | A kind of content distribution system and method |
| CN110225138A (en) * | 2019-06-25 | 2019-09-10 | 深圳前海微众银行股份有限公司 | A kind of distributed structure/architecture |
| CN111191279A (en) * | 2019-12-21 | 2020-05-22 | 河南中原云信信息技术有限公司 | Big data safe operation space implementation method and system oriented to data sharing service |
| CN111404951A (en) * | 2020-03-23 | 2020-07-10 | 星环信息科技(上海)有限公司 | Tenant creating method of cloud network, computer equipment and storage medium |
| CN113467817A (en) * | 2021-07-14 | 2021-10-01 | 广域铭岛数字科技有限公司 | Application management method, system, medium and electronic terminal |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102170457A (en) * | 2010-02-26 | 2011-08-31 | 国际商业机器公司 | Method and device for providing service for tenants of application |
| CN103544319A (en) * | 2013-11-06 | 2014-01-29 | 浪潮(北京)电子信息产业有限公司 | Multi-tenant database sharing method and multi-tenant database as-a-service system |
| CN103607430A (en) * | 2013-10-30 | 2014-02-26 | 中兴通讯股份有限公司 | Network processing method and system, and network control center |
| CN104348724A (en) * | 2013-07-31 | 2015-02-11 | 华为技术有限公司 | Multi-tenant supporting data forwarding method and device |
| WO2015119691A2 (en) * | 2013-11-11 | 2015-08-13 | Amazon Technologies, Inc. | Client-configurable security options for data streams |
| CN104881749A (en) * | 2015-06-01 | 2015-09-02 | 北京圆通慧达管理软件开发有限公司 | Data management method and data storage system for multiple tenants |
-
2015
- 2015-12-31 CN CN201511030381.9A patent/CN105577675A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102170457A (en) * | 2010-02-26 | 2011-08-31 | 国际商业机器公司 | Method and device for providing service for tenants of application |
| CN104348724A (en) * | 2013-07-31 | 2015-02-11 | 华为技术有限公司 | Multi-tenant supporting data forwarding method and device |
| CN103607430A (en) * | 2013-10-30 | 2014-02-26 | 中兴通讯股份有限公司 | Network processing method and system, and network control center |
| CN103544319A (en) * | 2013-11-06 | 2014-01-29 | 浪潮(北京)电子信息产业有限公司 | Multi-tenant database sharing method and multi-tenant database as-a-service system |
| WO2015119691A2 (en) * | 2013-11-11 | 2015-08-13 | Amazon Technologies, Inc. | Client-configurable security options for data streams |
| CN104881749A (en) * | 2015-06-01 | 2015-09-02 | 北京圆通慧达管理软件开发有限公司 | Data management method and data storage system for multiple tenants |
Cited By (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106354544A (en) * | 2016-08-24 | 2017-01-25 | 华为技术有限公司 | Virtual machine creating method and system and host |
| US11301303B2 (en) | 2016-08-31 | 2022-04-12 | Huawei Technologies Co., Ltd. | Resource pool processing to determine to create new virtual resource pools and storage devices based on currebt pools and devices not meeting SLA requirements |
| CN106385329A (en) * | 2016-08-31 | 2017-02-08 | 华为数字技术(成都)有限公司 | Processing method and device of resource pool and equipment |
| WO2018040525A1 (en) * | 2016-08-31 | 2018-03-08 | 华为技术有限公司 | Method, device, and equipment for processing resource pool |
| CN106385329B (en) * | 2016-08-31 | 2019-11-26 | 华为数字技术(成都)有限公司 | Processing method, device and the equipment of resource pool |
| CN109151613A (en) * | 2017-06-16 | 2019-01-04 | 中兴通讯股份有限公司 | A kind of content distribution system and method |
| CN109151613B (en) * | 2017-06-16 | 2022-12-02 | 中兴通讯股份有限公司 | Content distribution system and method |
| CN108268605A (en) * | 2017-12-27 | 2018-07-10 | 北京洪泰同创信息技术有限公司 | A kind of communal space method for managing resource and system |
| CN108268605B (en) * | 2017-12-27 | 2021-02-05 | 北京洪泰同创信息技术有限公司 | Shared space resource management method and system |
| CN110225138A (en) * | 2019-06-25 | 2019-09-10 | 深圳前海微众银行股份有限公司 | A kind of distributed structure/architecture |
| CN111191279A (en) * | 2019-12-21 | 2020-05-22 | 河南中原云信信息技术有限公司 | Big data safe operation space implementation method and system oriented to data sharing service |
| CN111404951A (en) * | 2020-03-23 | 2020-07-10 | 星环信息科技(上海)有限公司 | Tenant creating method of cloud network, computer equipment and storage medium |
| CN111404951B (en) * | 2020-03-23 | 2021-06-29 | 星环信息科技(上海)股份有限公司 | Tenant creating method of cloud network, computer equipment and storage medium |
| CN113467817A (en) * | 2021-07-14 | 2021-10-01 | 广域铭岛数字科技有限公司 | Application management method, system, medium and electronic terminal |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105577675A (en) | Multi-tenant resource management method and device | |
| US11962571B2 (en) | Ecosystem per distributed element security through virtual isolation networks | |
| CN108141456A (en) | Mixed cloud secure group | |
| CN104054321B (en) | For the safety management of cloud service | |
| CN112470436A (en) | Multi-cloud connectivity using SRV6 and BGP | |
| US10469461B1 (en) | Securing end-to-end virtual machine traffic | |
| Bays et al. | Security-aware optimal resource allocation for virtual network embedding | |
| Hu et al. | Anomaly detection system in secure cloud computing environment | |
| CN101461190A (en) | Managing communications between computing nodes | |
| CN105939240B (en) | Load-balancing method and device | |
| EP3529950B1 (en) | Method for managing data traffic within a network | |
| CN111612466A (en) | Consensus and resource transmission method, device and storage medium | |
| CN105224385A (en) | A kind of virtualization system based on cloud computing and method | |
| US8955099B1 (en) | Distributing and sharing licenses across network devices in a virtual private network (VPN) | |
| US20210143997A1 (en) | Deterministic distribution of rekeying procedures for a scaling virtual private network (vpn) | |
| CN105187380A (en) | Secure access method and system | |
| CN114448700A (en) | Data access method, data access system, computer device and storage medium | |
| CN109417556B (en) | System and method for secure service collaboration | |
| CN114157605A (en) | Communication method, system, electronic equipment and computer readable storage medium | |
| Shimahara et al. | Dataflow management platform for smart communities using an edge computing environment | |
| Hakiri et al. | A Blockchain architecture for SDN-enabled tamper-resistant IoT networks | |
| US8639741B2 (en) | Method for distributing requests to server computers | |
| Dayananda et al. | Architecture for inter-cloud services using IPsec VPN | |
| CN114915451B (en) | Fusion tunnel encryption transmission method based on enterprise-level router | |
| Nia et al. | A Novel Anonymous Cloud Architecture Design; Providing Secure Online Services and Electronic Payments |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20160511 |