CN103218175B - The cloud storage platform access control system of many tenants - Google Patents
The cloud storage platform access control system of many tenants Download PDFInfo
- Publication number
- CN103218175B CN103218175B CN201310110457.3A CN201310110457A CN103218175B CN 103218175 B CN103218175 B CN 103218175B CN 201310110457 A CN201310110457 A CN 201310110457A CN 103218175 B CN103218175 B CN 103218175B
- Authority
- CN
- China
- Prior art keywords
- file
- server group
- data
- tenant
- metadata
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 230000006870 function Effects 0.000 claims description 7
- 238000012544 monitoring process Methods 0.000 claims description 6
- 230000005012 migration Effects 0.000 claims description 3
- 238000013508 migration Methods 0.000 claims description 3
- 230000004048 modification Effects 0.000 claims description 3
- 238000012986 modification Methods 0.000 claims description 3
- 238000009826 distribution Methods 0.000 abstract description 4
- 238000012423 maintenance Methods 0.000 abstract description 3
- 230000008859 change Effects 0.000 abstract description 2
- 230000007423 decrease Effects 0.000 abstract description 2
- 238000012795 verification Methods 0.000 abstract description 2
- 238000005516 engineering process Methods 0.000 description 10
- 238000004891 communication Methods 0.000 description 3
- 230000008901 benefit Effects 0.000 description 2
- 238000002955 isolation Methods 0.000 description 2
- 241000338742 Erebia meta Species 0.000 description 1
- 108091027981 Response element Proteins 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007812 deficiency Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000035800 maturation Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000000034 method Methods 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 230000000630 rising effect Effects 0.000 description 1
- 238000013517 stratification Methods 0.000 description 1
Abstract
The invention discloses the cloud storage platform access control system of a kind of many tenants, comprise meta data server group and storage server group; Meta data server group controls bridge with storage server group by virtual store and communicates.By when the quantity of tenant and load thereof increase or reduce, system improves dirigibility by adding or deleting server, the system that achieves deals with the change of load to the distribution of resource between tenant, performance between tenant is avoided to influence each other, thus for each tenant provides safety guarantee while the resource utilization that maintenance is higher.Carry out safety verification by virtual storage controller to the request of many tenants, be provided with high-speed cache simultaneously, promote the Concurrency Access performance of metadata, the delay loading strategy of buffer memory decreases server failure release time.Thus reach improve many tenants visit data dirigibility, extendability, economical and efficient and security object.
Description
Technical field
The present invention relates to field of cloud calculation, particularly, relate to the cloud storage platform access control system of a kind of many tenants.
Background technology
Many tenants technology comes from generation nineteen sixty; many companies are in order to use more calculation resources; to the calculation resources of provider leases some holding mainframe (Mainframe); and these users often can use identical application program; the data that can input when login system with user at that time decide the account ID of user; based on this ID; the supplier of Mainframe can utilize this ID to carry out the resource use amount of calculation operations; comprise CPU; storer and floppy disk or tape etc., this practice is also used in the product line of its R/1 to R/3 by SAP company.To generation nineteen ninety, application program service supplier service (application service provider) pattern occurs, its practice and operating mode are identical with when renting mainframe, the resource of but renting is on software, the application program on it is also contains except operating system, the such as application such as ERP system or CRM, system may operate on several different machines, or share different database at identical main frame, to distinguish and to calculate the resource use amount of client, use the standard as charging, and this technology also effectively reduces the tangible machine cost (because can run the program process that multiple user rents on a computer) of supplier simultaneously.To the modern times, welcome consumer-oriented web application, if Hotmail or Gmail etc. is also to support all users with single application program platform, this has been the result of the natural evolvement of many tenants technology, and many tenants technology also can allow a part of user in client be customized their application program further.Under the maturation of virtual (virtualization) technology and the expansion of application, many tenants technology can control virtualized platform, more strengthens the isolation between user application and data, allows many tenants technology more can play its characteristic.But there is many deficiencies in the dirigibility of data access, extendability, economy and security in existing many tenants.
Summary of the invention
The object of the invention is to, for the problems referred to above, propose the cloud storage platform access control system of a kind of many tenants, to realize improving the advantage of the dirigibility of many tenants visit data, extendability, economical and efficient and security.
For achieving the above object, the technical solution used in the present invention is:
A many tenants' cloud storage platform access control system, comprises meta data server group and storage server group;
Described meta data server group: comprise control desk administration module, monitoring management module, authority management module, node administration module, metadata management module and remote call service module;
Described control desk administration module: carry out global configuration and management;
Described monitoring management module: the real-time load to meta data server group and fault are monitored, and carry out load migration and Backup and Restore, to reach high reliability and high availability by monitored results;
Described authority management module, is used for the authority of authentication of users and security;
Described node administration module: according to each slave node in the transparent growth of load or minimizing system;
Described metadata management module: more new metadata, comprises increase, deletes, rename;
Described remote call service module: called the function on storage server by RPC;
Described storage server group: provide block to store and object storage, according to different application scenarios choose reasonable storage modes, and duplicate of the document is managed and fault detect, store buffered data, improve access file efficiency, strengthen the availability of file system;
Above-mentioned meta data server group controls bridge with storage server group by virtual store and communicates.
According to a preferred embodiment of the invention, the opening operation of the file in described meta data server group and storage server group all will control bridge by virtual store, described storage server group only sends file data to the user through authorizing, in the physical store of file data and metadata, have employed object-based storage equipment, corresponding tenant's information and QoS information is comprised in data object, during user accesses data, must by the checking of the authority management module of meta data server group, then by index of metadata and multi-level hash(hash) function fashion in conjunction with locating file store information, use unified memory interface access file, otherwise return error message.
According to a preferred embodiment of the invention, metadata in described meta data server group is used for identifying the data block be stored on disk unit, file object corresponding to data of description block, have recorded the base attribute information of file and catalogue in the metadata, comprise file name, file size, parent directory, establishment and modification time, corresponding data block list, the owner and access rights, administer and maintain file data by the path fashion of tree hierarchy, the data access mode of file object level is provided.
Technical scheme of the present invention has following beneficial effect:
Technical scheme of the present invention by increase when the quantity of tenant and load thereof or minimizing time, system improves dirigibility by adding or deleting server, the system that achieves deals with the change of load to the distribution of resource between tenant, performance between tenant is avoided to influence each other, thus for each tenant provides safety guarantee while the resource utilization that maintenance is higher.Carry out safety verification by virtual storage controller to the request of many tenants, be provided with high-speed cache simultaneously, promote the Concurrency Access performance of metadata, the delay loading strategy of buffer memory decreases server failure release time.Thus reach improve many tenants visit data dirigibility, extendability, economical and efficient and security object.
Below by drawings and Examples, technical scheme of the present invention is described in further detail.
Accompanying drawing explanation
The cloud storage platform access control system structural representation that Fig. 1 is the many tenants described in the embodiment of the present invention;
Fig. 2 is SaaS application schematic diagram under the many tenants described in the embodiment of the present invention.
Embodiment
Below in conjunction with accompanying drawing, the preferred embodiments of the present invention are described, should be appreciated that preferred embodiment described herein is only for instruction and explanation of the present invention, is not intended to limit the present invention.
As shown in Figure 1, the cloud storage platform access control system of a kind of many tenants, comprises meta data server group and storage server group;
Meta data server group: comprise control desk administration module, monitoring management module, authority management module, node administration module, metadata management module and remote call service module;
Control desk administration module: carry out global configuration and management;
Monitoring management module: the real-time load to meta data server group and fault are monitored, and carry out load migration and Backup and Restore, to reach high reliability and high availability by monitored results;
Authority management module, is used for the authority of authentication of users and security;
Node administration module: according to each slave node in the transparent growth of load or minimizing system;
Metadata management module: more new metadata, comprises increase, deletes, rename;
Remote call service module: called the function on storage server by RPC;
Storage server group: provide block to store and object storage, according to different application scenarios choose reasonable storage modes, and duplicate of the document is managed and fault detect, store buffered data, improve access file efficiency, strengthen the availability of file system;
Meta data server group controls bridge with storage server group by virtual store and communicates.
Wherein, the opening operation of the file in meta data server group and storage server group all will control bridge by virtual store, storage server group only sends file data to the user through authorizing, in the physical store of file data and metadata, have employed object-based storage equipment, corresponding tenant's information and QoS information is comprised in data object, during user accesses data, must by the checking of the authority management module of meta data server group, then by index of metadata and multi-level hash(hash) function fashion in conjunction with locating file store information, use unified memory interface access file, otherwise return error message.
Metadata in meta data server group is used for identifying the data block be stored on disk unit, file object corresponding to data of description block, have recorded the base attribute information of file and catalogue in the metadata, comprise file name, file size, parent directory, establishment and modification time, corresponding data block list, the owner and access rights, administer and maintain file data by the path fashion of tree hierarchy, the data access mode of file object level is provided.
In mass storage system (MSS), storage server is made up of multiple hardware device, and along with the growth of server farms, the failure rate that a variety of causes causes, in rising, must consider the demand of reliability and high availability during system.Therefore, during system, take to set up two type server prescription case, i.e. meta data server group and storage server groups.
Two server groups control bridge by virtual store and communicate with one another, work in coordination, reflect current system conditions in real time, simultaneously the linear expansion of its also back-level server group, transparent to user, can be good meet fourth stage easily extensible configurable many tenants level storage scheme demand.
Consider the problem of data security, the opening operation of file all will control bridge by virtual store.Storage server only sends file data to the user through authorizing.In the physical store of file data and metadata, have employed object-based storage equipment, corresponding tenant's information and QoS information is comprised in data object, during user accesses data, must by the checking of the authority management module of meta data server group, be verified, combine (file directory hash and filename hash) locating file by index of metadata and multi-level hash mode and store information, then use unified memory interface access file, otherwise return error message.Simultaneously according to user's request, for user provides the deposit data mode of various ways to serve, the data of same tenant can be placed in a file system directories or subregion, reach physically-isolated demand.
In the storage system of many tenants, a memory device is shared use by multiple tenant, and the distribution situation of data on disk of tenant affects the performance of data access greatly.If adopt the partitioned mode of traditional file systems in SaaS application, the data block of same tenant by with discrete distributions on disk, when to file access, required seek time will increase greatly.Therefore adopt the multi-tenant data block storage administration scheme towards SaaS application, the data block of tenant is left on disk continuously, thus obtains good data access performance.
For magnanimity metadata, single server often can not meet the demand of performance, will carry out suitable division to the metadata of many tenants, by multiple server composition cluster managed together and maintenance
The function of metadata management also comprises rights management and access control, the connection session of each tenant will comprise a unique name ID, catalogue subtree corresponding to this tenant is searched by this ID, then virtual file system view is built, contain the operating right that this tenant has in file metadata, do not have the operation of authority to be rejected.
About two kinds of server group clusters: pass through Intel Virtualization Technology, these two kinds of server groups can be built in the physical machine of multiple stage better performances, for meta data server group, need larger memory headroom, processor requirement performance is not high, for storage server group, require that the performance of processor is higher, I/O performance is very high, must the fast request of response element data server and I/O fast, returns reading and writing data of user.Communication between meta data server group and storage server group controls bridge by virtual store to have come, and the communication mechanism that virtual store controls bridge mainly adopts middleware Technology, is communicated by RPC agreement.
In sum, the cloud storage platform access control system of many tenants of the present invention also has the advantage of versatility, dirigibility, level,
Versatility: no matter be publicly-owned cloud (Public Cloud), partner's cloud (Partner Cloud), all exists multi-tenant data isolation requirement, therefore security strategy requires general, can be applicable to different cloud environments.
Dirigibility: each application also exists self different demand for security, and therefore cloud Saving Safe Strategy should be flexibly, makes user can customize security strategy flexibly according to the demand for security of self, realizes respective Security Target.
Level: security strategy designs mainly for user, and the tissue of major applications divides and usually has certain level, thus the attribute of main body in strategy and resource object also requirement can embody the characteristic of this stratification of enterprise.
Metadata a: memory gate structure of the data file of user, mainly comprises: user ID, filename, file size, file access authority, positional information.Virtual store controls the communication protocol that bridge is meta data server group and storage server group, is a middleware.
Last it is noted that the foregoing is only the preferred embodiments of the present invention, be not limited to the present invention, although with reference to previous embodiment to invention has been detailed description, for a person skilled in the art, it still can be modified to the technical scheme described in foregoing embodiments, or carries out equivalent replacement to wherein portion of techniques feature.Within the spirit and principles in the present invention all, any amendment done, equivalent replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (3)
1. the cloud storage platform access control system of tenant more than, is characterized in that, comprises meta data server group and storage server group;
Described meta data server group: comprise control desk administration module, monitoring management module, authority management module, node administration module, metadata management module and remote call service module;
Described control desk administration module: carry out global configuration and management;
Described monitoring management module: the real-time load to meta data server group and fault are monitored, and carry out load migration and Backup and Restore, to reach high reliability and high availability by monitored results;
Described authority management module, is used for the authority of authentication of users and security;
Described node administration module: according to each slave node in the transparent growth of load or minimizing system;
Described metadata management module: more new metadata, comprises increase, deletes, rename;
Described remote call service module: called the function on storage server by RPC;
Described storage server group: provide block to store and object storage, according to different application scenarios choose reasonable storage modes, and duplicate of the document is managed and fault detect, store buffered data, improve access file efficiency, strengthen the availability of file system;
Above-mentioned meta data server group controls bridge with storage server group by virtual store and communicates;
Being used for the authority of authentication of users and security is specially: the connection session of each tenant will comprise a unique name ID, catalogue subtree corresponding to this tenant is searched by this ID, then virtual file system view is built, contain the operating right that this tenant has in file metadata, do not have the operation of authority to be rejected.
2. the cloud storage platform access control system of many tenants according to claim 1, it is characterized in that, the opening operation of the file in described meta data server group and storage server group all will control bridge by virtual store, described storage server group only sends file data to the user through authorizing, in the physical store of file data and metadata, have employed object-based storage equipment, corresponding tenant's information and QoS information is comprised in data object, during user accesses data, must by the checking of the authority management module of meta data server group, then by index of metadata and multi-level hash(hash) function fashion in conjunction with locating file store information, use unified memory interface access file, otherwise return error message.
3. the cloud storage platform access control system of many tenants according to claim 1 and 2, it is characterized in that, metadata in described meta data server group is used for identifying the data block be stored on disk unit, file object corresponding to data of description block, have recorded the base attribute information of file and catalogue in the metadata, comprise file name, file size, parent directory, create and modification time, corresponding data block list, the owner and access rights, file data is administered and maintained by the path fashion of tree hierarchy, the data access mode of file object level is provided.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310110457.3A CN103218175B (en) | 2013-04-01 | 2013-04-01 | The cloud storage platform access control system of many tenants |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310110457.3A CN103218175B (en) | 2013-04-01 | 2013-04-01 | The cloud storage platform access control system of many tenants |
Publications (2)
Publication Number | Publication Date |
---|---|
CN103218175A CN103218175A (en) | 2013-07-24 |
CN103218175B true CN103218175B (en) | 2015-10-28 |
Family
ID=48816029
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310110457.3A Expired - Fee Related CN103218175B (en) | 2013-04-01 | 2013-04-01 | The cloud storage platform access control system of many tenants |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN103218175B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109241178A (en) * | 2018-07-20 | 2019-01-18 | 华为技术有限公司 | The method and apparatus for managing memory space |
Families Citing this family (22)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103744960A (en) * | 2014-01-06 | 2014-04-23 | 河海大学 | Metadata indexing module and method based on cloud platform |
CN106293490A (en) * | 2015-05-12 | 2017-01-04 | 中兴通讯股份有限公司 | Data storage, the method read, Apparatus and system |
CN105159780B (en) * | 2015-08-21 | 2018-07-20 | 北京理工大学 | The high availability virtual network mapping method and device of oriented multilayer time cloud application |
CN105808240A (en) * | 2016-03-01 | 2016-07-27 | 北京量邦信息科技股份有限公司 | Method for realizing user isolation under online programming environment |
CN106446197B (en) * | 2016-09-30 | 2019-11-19 | 华为数字技术(成都)有限公司 | A kind of date storage method, apparatus and system |
US11290532B2 (en) | 2016-12-16 | 2022-03-29 | International Business Machines Corporation | Tape reconstruction from object storage |
US10430602B2 (en) * | 2016-12-16 | 2019-10-01 | International Business Machines Corporation | Tape processing offload to object storage |
CN107147728B (en) * | 2017-05-31 | 2020-10-09 | 中山大学 | Multi-tenant management method for object storage system |
CN107612763B (en) * | 2017-11-08 | 2020-10-02 | 浪潮通用软件有限公司 | Metadata management method, application server, service system, medium and controller |
CN107958159A (en) * | 2017-11-15 | 2018-04-24 | 广东电网有限责任公司电力调度控制中心 | A kind of method and system of big data migration |
CN110580127B (en) * | 2018-06-07 | 2020-10-16 | 华中科技大学 | Resource management method and resource management system based on multi-tenant cloud storage |
CN109165135B (en) * | 2018-07-18 | 2021-05-04 | 平安科技(深圳)有限公司 | Data management method, computer readable storage medium and terminal equipment |
CN109033444A (en) * | 2018-08-17 | 2018-12-18 | 广东技术师范学院 | The method and device across organizational boundary's data sharing is realized based on object storage technology |
CN109308193B (en) * | 2018-09-06 | 2019-08-09 | 广州市品高软件股份有限公司 | A kind of multi-tenant function calculates the concurrency control method of service |
CN109981649B (en) * | 2019-03-27 | 2021-07-20 | 山东超越数控电子股份有限公司 | Cloud storage security access method, system, terminal and storage medium based on security authentication gateway |
CN110769025B (en) * | 2019-09-06 | 2022-04-22 | 江苏中云科技有限公司 | Method for accelerating data index of multi-tenant-oriented cloud storage system |
CN110826055B (en) * | 2019-11-06 | 2021-07-30 | 中国移动通信集团广东有限公司 | Tenant safety automatic intelligent detection method and system based on service load |
CN111125024B (en) * | 2019-11-29 | 2022-05-24 | 浪潮电子信息产业股份有限公司 | Method, device, equipment and storage medium for deleting distributed system files |
CN112434321A (en) * | 2020-12-01 | 2021-03-02 | 武汉绿色网络信息服务有限责任公司 | Data storage method and device, computer equipment and storage medium |
CN112988062B (en) * | 2021-01-28 | 2023-02-14 | 腾讯科技(深圳)有限公司 | Metadata reading limiting method and device, electronic equipment and medium |
CN113923213B (en) * | 2021-08-26 | 2023-09-22 | 新华三大数据技术有限公司 | Directory-level service quality control method, system and access node |
CN115587390B (en) * | 2022-12-12 | 2023-03-10 | 杭州优云科技有限公司 | Method for realizing public cloud object storage |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN201726424U (en) * | 2009-08-18 | 2011-01-26 | 升东网络科技发展(上海)有限公司 | Distributed storage system |
CN101997884A (en) * | 2009-08-18 | 2011-03-30 | 升东网络科技发展(上海)有限公司 | Distributed storage system and method |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2012133630A (en) * | 2010-12-22 | 2012-07-12 | Nomura Research Institute Ltd | Storage resource control system, storage resource control program and storage resource control method |
-
2013
- 2013-04-01 CN CN201310110457.3A patent/CN103218175B/en not_active Expired - Fee Related
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN201726424U (en) * | 2009-08-18 | 2011-01-26 | 升东网络科技发展(上海)有限公司 | Distributed storage system |
CN101997884A (en) * | 2009-08-18 | 2011-03-30 | 升东网络科技发展(上海)有限公司 | Distributed storage system and method |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109241178A (en) * | 2018-07-20 | 2019-01-18 | 华为技术有限公司 | The method and apparatus for managing memory space |
Also Published As
Publication number | Publication date |
---|---|
CN103218175A (en) | 2013-07-24 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103218175B (en) | The cloud storage platform access control system of many tenants | |
US11249956B2 (en) | Scalable distributed storage architecture | |
CN108885582B (en) | Multi-tenant memory services for memory pool architecture | |
US9558207B1 (en) | Versioning of database partition maps | |
US10922303B1 (en) | Early detection of corrupt data partition exports | |
US9244958B1 (en) | Detecting and reconciling system resource metadata anomolies in a distributed storage system | |
US20150269239A1 (en) | Storage device selection for database partition replicas | |
Li | Alluxio: A virtual distributed file system | |
US10871911B2 (en) | Reducing data amplification when replicating objects across different sites | |
JP2016531349A (en) | Virtual disk blueprint for virtualized storage area networks | |
CN103595799B (en) | A kind of method realizing distributed shared data storehouse | |
CN109299056B (en) | A kind of method of data synchronization and device based on distributed file system | |
WO2021057108A1 (en) | Data reading method, data writing method, and server | |
CN103631894A (en) | Dynamic copy management method based on HDFS | |
WO2019109854A1 (en) | Data processing method and device for distributed database, storage medium, and electronic device | |
CN103593420A (en) | Method for constructing heterogeneous database clusters on same platform by sharing online logs | |
US20220358106A1 (en) | Proxy-based database scaling | |
US10558373B1 (en) | Scalable index store | |
US11409771B1 (en) | Splitting partitions across clusters in a time-series database | |
US10387384B1 (en) | Method and system for semantic metadata compression in a two-tier storage system using copy-on-write | |
US9898614B1 (en) | Implicit prioritization to rate-limit secondary index creation for an online table | |
US11366598B1 (en) | Dynamic lease assignments in a time-series database | |
US20180096010A1 (en) | Flexible in-memory column store placement | |
CN111708601A (en) | Cloud computing-oriented intelligent storage gateway, system and control method thereof | |
Avilés-González et al. | Scalable metadata management through OSD+ devices |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
TR01 | Transfer of patent right |
Effective date of registration: 20210120 Address after: No.2006 Xiyuan Avenue, Chengdu, Sichuan 611731 Patentee after: University of Electronic Science and technology of Sichuan foundation for education development Address before: Room 402, area a, Liye building, science and Technology Park, China sensor network university, Taike Park, New District, Wuxi City, Jiangsu Province, 214135 Patentee before: WUXI UESTC TECHNOLOGY DEVELOPMENT Co.,Ltd. |
|
TR01 | Transfer of patent right | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20151028 |