CN111814177B - Multi-tenant data processing method, device, equipment and system based on micro-service - Google Patents

Multi-tenant data processing method, device, equipment and system based on micro-service Download PDF

Info

Publication number
CN111814177B
CN111814177B CN202010594985.0A CN202010594985A CN111814177B CN 111814177 B CN111814177 B CN 111814177B CN 202010594985 A CN202010594985 A CN 202010594985A CN 111814177 B CN111814177 B CN 111814177B
Authority
CN
China
Prior art keywords
service
micro
different
tenants
list
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010594985.0A
Other languages
Chinese (zh)
Other versions
CN111814177A (en
Inventor
刘杰群
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CCB Finetech Co Ltd
Original Assignee
CCB Finetech Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CCB Finetech Co Ltd filed Critical CCB Finetech Co Ltd
Priority to CN202010594985.0A priority Critical patent/CN111814177B/en
Publication of CN111814177A publication Critical patent/CN111814177A/en
Application granted granted Critical
Publication of CN111814177B publication Critical patent/CN111814177B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/25Integrating or interfacing systems involving database management systems
    • G06F16/252Integrating or interfacing systems involving database management systems between a Database Management System and a front-end application
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Data Mining & Analysis (AREA)
  • Computing Systems (AREA)
  • Software Systems (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Medical Informatics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The specification provides a multi-tenant data processing method, device, equipment and system based on micro-service. The method comprises the steps of receiving service requests sent by a plurality of tenants; the service request comprises access paths corresponding to all tenants; acquiring a service list from a registry; forwarding the service request to a corresponding micro service according to the access path and the service list, so that the micro service completes the service corresponding to the service request according to a preset configuration mode; the preset configuration mode comprises the steps that sensitive data among different micro services call different databases, and non-sensitive data among different micro services call the same database. By using the embodiment of the specification, the effective isolation of data among tenants can be realized, so that the data security can be improved.

Description

Multi-tenant data processing method, device, equipment and system based on micro-service
Technical Field
The present disclosure relates to the field of internet technologies, and in particular, to a method, an apparatus, a device, and a system for processing multi-tenant data based on micro-services.
Background
The multi-tenant problem is an architecture design approach, which is equivalent to a Saas system running on one or a set of servers, that can serve multiple tenants.
The multi-tenant Saas deployment in the current micro-service architecture is mainly realized by adding tenant fields and single-instance multi-databases through a surface layer. The surface layer surface is added with tenant information fields, and the tenant information fields are mainly added as filtering conditions when query operation is carried out, so that the mode can not meet the requirement of multi-tenant on data security because all tenant data are stored in one table. In the single-instance multi-database, one tenant uses one database system alone, and all tenants share one application instance, so that all information of database connection is reserved by an application layer, and the information of each tenant can be seen mutually, so that the requirement of multi-tenant on data security cannot be met.
Therefore, a technical solution for solving the security of multi-tenant data is needed in the industry.
Disclosure of Invention
The embodiment of the specification provides a multi-tenant data processing method, device, equipment and system based on micro-service, which can realize effective isolation of data among tenants, thereby improving data security.
The method, the device, the equipment and the system for processing the multi-tenant data based on the micro-service are realized in the following manner.
The multi-tenant data processing method based on the micro-service comprises the following steps: receiving service requests sent by a plurality of tenants; the service request comprises access paths corresponding to all tenants, and the access paths correspond to micro services; acquiring a service list from a registry; the service list comprises a network protocol address and a port number corresponding to the micro service, and the registry is used for registering the service; forwarding the service request to a corresponding micro service according to the access path and the service list, so that the micro service completes the service corresponding to the service request according to a preset configuration mode; the preset configuration mode comprises the steps that sensitive data among different micro services call different databases, and non-sensitive data among different micro services call the same database.
The multi-tenant data processing method based on the micro-service comprises the following steps: the reverse proxy server receives service requests sent by a plurality of tenants and forwards the service requests to the gateway in a polling mode; the service request comprises access paths corresponding to all tenants, and the access paths correspond to micro services; the gateway acquires a service list from a registry; the service list comprises a network protocol address and a port number corresponding to the micro service, and the registry is used for registering the service; according to the access path and the service list, forwarding the service request route to a corresponding micro service; the micro-service obtains a service list from the registration center and obtains a micro-service configuration file from a centralized configuration center, wherein the micro-service configuration file comprises a micro-service name, a database name connected with the micro-service and other micro-service names required to be called by the micro-service; and completing the service corresponding to the service request according to the service list, the micro-service configuration file and a preset configuration mode.
A micro-service based multi-tenant data processing apparatus comprising: the first receiving module is used for receiving service requests sent by a plurality of tenants; the service request comprises access paths corresponding to all tenants, and the access paths correspond to micro services; the first acquisition module is used for acquiring a service list from the registration center; the service list comprises a network protocol address and a port number corresponding to the micro service, and the registry is used for registering the service; the first forwarding module is used for forwarding the service request to a corresponding micro service according to the access path and the service list so that the micro service can complete the service corresponding to the service request according to a preset configuration mode; the preset configuration mode comprises the steps that sensitive data among different micro services call different databases, and non-sensitive data among different micro services call the same database.
A micro-service based multi-tenant data processing apparatus comprising: the second receiving module is used for receiving service requests sent by a plurality of tenants by the reverse proxy server and forwarding the service requests to the gateway in a polling mode; the service request comprises access paths corresponding to all tenants, and the access paths correspond to micro services; the second acquisition module is used for acquiring a service list from a registry by the gateway; the service list comprises a network protocol address and a port number corresponding to the micro service, and the registry is used for registering the service; the second forwarding module is used for forwarding the service request route to the corresponding micro service according to the access path and the service list; the third acquisition module is used for acquiring a service list from the registry by the micro service and acquiring a micro service configuration file from the centralized configuration center, wherein the micro service configuration file comprises a micro service name, a database name connected with the micro service and other micro service names required to be called by the micro service; and the completion module is used for completing the service corresponding to the service request according to the service list, the micro service configuration file and a preset configuration mode.
A micro-service based multi-tenant data processing device comprising a processor and a memory for storing processor executable instructions that when executed by the processor implement the steps of: receiving service requests sent by a plurality of tenants; the service request comprises access paths corresponding to all tenants, and the access paths correspond to micro services; acquiring a service list from a registry; the service list comprises a network protocol address and a port number corresponding to the micro service, and the registry is used for registering the service; forwarding the service request to a corresponding micro service according to the access path and the service list, so that the micro service completes the service corresponding to the service request according to a preset configuration mode; the preset configuration mode comprises the steps that sensitive data among different micro services call different databases, and non-sensitive data among different micro services call the same database.
A micro-service based multi-tenant data processing device comprising a processor and a memory for storing processor executable instructions that when executed by the processor implement the steps of: the reverse proxy server receives service requests sent by a plurality of tenants and forwards the service requests to the gateway in a polling mode; the service request comprises access paths corresponding to all tenants, and the access paths correspond to micro services; the gateway acquires a service list from a registry; the service list comprises a network protocol address and a port number corresponding to the micro service, and the registry is used for registering the service; according to the access path and the service list, forwarding the service request route to a corresponding micro service; the micro-service obtains a service list from the registration center and obtains a micro-service configuration file from a centralized configuration center, wherein the micro-service configuration file comprises a micro-service name, a database name connected with the micro-service and other micro-service names required to be called by the micro-service; and completing the service corresponding to the service request according to the service list, the micro-service configuration file and a preset configuration mode.
A micro-service based multi-tenant data processing system comprising at least one processor and a memory storing computer executable instructions that when executed implement the steps of any of the method embodiments of the present specification.
The description provides a multi-tenant data processing method, device, equipment and system based on micro-services. In some embodiments, for the service of distinguishing the tenants, the service requests sent by different tenants are forwarded to different microservices, and different microservices call different databases, so that multi-user and multi-instance can be realized, and effective isolation of data among the tenants can be ensured and data security can be improved while different service requirements of different tenants are met. Aiming at the business of distinguishing tenants, service requests sent by different tenants are forwarded to the same micro service, and the same database is called, so that the multi-user single instance can be realized, resources can be saved, and the processing efficiency can be improved. By adopting the embodiment provided by the specification, effective isolation of data among tenants can be realized, so that the data security is improved.
Drawings
The accompanying drawings are included to provide a further understanding of the specification, and are incorporated in and constitute a part of this specification. In the drawings:
FIG. 1 is a schematic diagram of one scenario of the micro-service based multi-tenant data processing method provided herein;
FIG. 2 is a flow diagram of one embodiment of a micro-service based multi-tenant data processing method provided herein;
FIG. 3 is a flow diagram of another embodiment of a micro-service based multi-tenant data processing method provided herein;
FIG. 4 is a block diagram of one embodiment of a micro-service based multi-tenant data processing apparatus provided herein;
FIG. 5 is a block diagram of another embodiment of the micro-service based multi-tenant data processing apparatus provided herein;
figure 6 is a block diagram of a hardware architecture of one embodiment of a micro-service based multi-tenant data processing server provided herein.
Detailed Description
In order to make the technical solutions in the present specification better understood by those skilled in the art, the technical solutions in the embodiments of the present specification will be clearly and completely described below with reference to the drawings in the embodiments of the present specification, and it is obvious that the described embodiments are only some embodiments, but not all embodiments in the present specification. All other embodiments, which can be made by one or more embodiments of the present disclosure without inventive faculty, are intended to be within the scope of the embodiments of the present disclosure.
The micro service is to divide the business into different modules, each different module is responsible for a certain function in the business, the modules are called by the Http mode, and the data storage layers of the micro service modules are deployed independently and run independently. The key point of the multi-tenant architecture is the isolation of multiple tenants of data under the same set of programs. Because the tenant data are stored in a centralized way, the security of the data is realized, namely whether the isolation of the tenant data can be realized or not can be seen, and the tenant data are prevented from being obtained and tampered by carelessness or by others.
The existing solution to the problem of multi-tenant in the micro-service architecture is mainly that a tenant field is added on the surface layer and a single-instance multi-database is realized. The surface layer is added with all tenant data of tenant information fields and stored in one table, the isolation degree of the data layer is low, the data security requirement corresponding to multiple tenants cannot be met, and the application layer needs to encapsulate tenant information identifiers on each query, so that the tight coupling of services is increased. The single-instance multi-database provides an independent database for each tenant, and all tenants share an application instance. Therefore, based on security considerations, it is desirable to perform quarantine management on multi-tenant system data.
According to the multi-tenant data processing method, device, equipment and system based on the micro-service, different micro-services are instantiated for different tenants, different micro-service examples are connected with different databases, complete isolation and independent deployment of business logic and data storage can be achieved, each tenant corresponds to one set of examples to operate independently and do not interfere with each other, and therefore safety isolation of data among the multiple tenants can be guaranteed while dynamic demands of the tenants are met. In addition, by sharing the database for the common underlying data portion, resources can be effectively conserved.
In the embodiment of the present specification, a centralized configuration center may be set in advance. The centralized configuration center can perform unified centralized management on the configuration of each micro service, so that multi-instance deployment of the micro service can be achieved without changing service codes, and dynamic creation of micro service instances and dynamic addition of application tenants can be achieved. The centralized configuration center can perform unified management on the configuration of the gateway, the database and the like. In some implementations, a centralized configuration center may provide externalized configuration support for server-side and client-side in a distributed system. The centralized configuration center can centrally manage the externalized configuration of the application programs in all environments in one place. Gateway (Gateway) is also called Gateway, protocol converter, network connection device. The gateway realizes network interconnection above the network layer and is a complex network interconnection device used for network interconnection with two different higher-layer protocols. The gateway is a device with a routing function, and can realize routing and forwarding of service requests of different tenants to different micro-service embodiments. Micro-services may also be referred to as micro-service instances.
In some embodiments of the present description, a centralized configuration center may include a micro-service profile, a gateway profile, a configuration mode, and the like. The micro service configuration file may include a micro service name, a database name connected with the micro service, other micro service names that the micro service needs to call, a network protocol address and a port number of the micro service, and the like. The micro-service names may be used to distinguish between different micro-services. The gateway profile may include a correspondence of access paths and micro-services. Aiming at the business of distinguishing tenants, different access paths correspond to the same micro service; for the business of not distinguishing tenants, different access paths correspond to different micro-services. The configuration mode can comprise that sensitive data among different micro-services call different databases, and non-sensitive data among different micro-services call the same database.
In the embodiment of the specification, through presetting the centralized configuration center, different configuration files are selected to start different service instances when the service is deployed, and the service instances are connected with different databases, not only can the management of the configuration files according to the roles of users be realized and the management efficiency be improved, but also the safety of configuration information can be ensured because the information among all tenants in the centralized configuration center is mutually isolated.
In the embodiment of the present disclosure, the gateway may be registered in advance as one service in the registry, and each business micro-service may be registered in the registry. Thus, the gateway and the micro service can be identified through the registry, and the micro service can also be mutually identified through the registry. In some implementation scenarios, the gateway can identify all micro services through the registry, and further can forward different micro service embodiments according to tenant access paths. In some implementation scenarios, since each micro-service is registered in the registry, the micro-services can be mutually identified through the registry, so that the micro-services can be mutually called. For example, feign's Http call may be implemented between micro-services. Because the micro-services called by Feign support the configuration mode, the micro-services of different tenants can only call the micro-service examples belonging to the tenants through the configuration mode. It should be noted that, in some implementation scenarios, communication and mutual calling are performed between the gateway and the micro service and between the micro service and the micro service in a Http manner through the registry. Feign is a declarative, templated Http client that can use Http requests to access remote services just like invoking local methods.
In some embodiments of the present specification, the micro-service being registered in advance in the registry may include: acquiring a micro-service configuration file from a centralized configuration center; and registering the micro service to a registry according to the micro service name. Different micro service embodiments can be registered in the registry by configuring different micro service names, so that different instantiations of the service are realized.
In the embodiment of the present description, the gateway functions to forward the front-end request to the back-end service. By distributing different Http access paths to front-end tenants, after the gateway identifies the different access paths, the gateway forwards the different access paths to different micro services according to the gateway configuration file, so that different micro service embodiments correspond to different tenants.
The embodiments of the present specification can be applied to a server, a network connection device (gateway), and the like. As shown in fig. 1, fig. 1 is a schematic view of one scenario of the multi-tenant data processing method based on the micro service provided in the present specification. In this implementation scenario, the system has two micro service modules, namely a management module responsible for outbound and inbound service management and a basic information module responsible for data dictionary and picture server, the two tenants are tenant 1 and tenant 2, respectively, access path domain name/management instance 1 prefix and domain name/management instance 2 prefix can be allocated to tenant 1 and tenant 2 in advance, then tenant 1 and tenant 2 send service requests to the reverse proxy server nmginx through clients respectively, after nmginx receives the service requests, the service requests are forwarded to a gateway in a rotation training manner, the gateway obtains service lists from a registration center, obtains gateway configuration files from a centralized configuration center (cluster), and then forwards the service requests to a back-end micro service instance corresponding to each tenant (for example, the request sent by tenant 1 is forwarded to management module instance 1, and the request sent by tenant 2 is forwarded to management module instance 2), and the back-end micro service instance completes the service corresponding to each tenant service request by obtaining the service lists from the registration center. If the tenant accesses a management module of the in-out library service management, the gateway forwards the access path route of the tenant 1 to the management module instance 1, forwards the access path route of the tenant 2 to the management module instance 2, and if the tenant accesses a basic information service module, the gateway forwards both the access path of the tenant 1 and the access path of the tenant 2 to the basic information module. Thus, for the multi-tenant of tenant 1 and tenant 2, the basic information service modules are shared, but the business processing parts of the input and output warehouse are respectively processed by different examples. In addition, the basic information module is connected with the database cluster of the basic information module, the warehouse management module example 1 is connected with the database of the example 1, and the warehouse management module example 2 is connected with the database of the example 2, so that effective isolation of data can be achieved, and the requirement of tenants on data security is met.
In this implementation scenario, the gateway may be registered in advance as a service to the registry, and each business micro-service may also be registered to the registry, so that the gateway and the micro-service may be identified by the registry, and the micro-services may also be identified by the registry. Multiple gateways may form a gateway cluster, multiple registries may form a service registry cluster, and multiple databases may form a database cluster.
The following describes embodiments of the present disclosure by taking a specific application scenario as an example. In particular, fig. 2 is a flow diagram of one embodiment of a micro-service based multi-tenant data processing method provided herein. Although the description provides methods and apparatus structures as shown in the examples or figures described below, more or fewer steps or modular units may be included in the methods or apparatus, whether conventionally or without inventive effort. In the steps or the structures where there is no necessary causal relationship logically, the execution order of the steps or the module structure of the apparatus is not limited to the execution order or the module structure shown in the embodiments or the drawings of the present specification. The described methods or module structures may be implemented in a device, server or end product in practice, in a sequential or parallel fashion (e.g., parallel processor or multi-threaded processing environments, or even distributed processing, server cluster implementations) as shown in the embodiments or figures.
It should be noted that the following embodiments are described from the perspective of the network connection device, and do not limit the technical solutions in other scalable application scenarios based on the present description. In one embodiment of the micro-service based multi-tenant data processing method provided in the present specification, as illustrated in fig. 2, the method may include the following steps.
S0: receiving service requests sent by a plurality of tenants; the service request comprises access paths corresponding to all tenants, and the access paths correspond to the micro services.
In some embodiments of the present disclosure, a service request may be understood as a request issued by a tenant to a network connection device, a server, a system, etc. for implementing a certain type of service. A multi-tenant may be understood as at least one customer. The service request may include an access path, a tenant identifier, a service name to be accessed, and the like corresponding to each tenant. The access path corresponds to the micro-service, and the service request of the tenant can be forwarded to the corresponding micro-service according to the access path.
In one embodiment of the present disclosure, before receiving service requests sent by multiple tenants, an access path may be allocated to each tenant in advance, and then the multiple tenants send the access paths to the gateway along with the service requests.
In some embodiments of the present disclosure, access paths corresponding to different tenants are different. The access path may include a unique identifier corresponding to the tenant, and may further include a micro-service name. The unique identification may include numbers, letters, etc. The unique identification may be used to distinguish between different tenants.
In some embodiments of the present description, the access paths between different tenants may include the same domain name, different prefixes. For example, when assigning access paths to tenant 1 and tenant 2, access paths http:// hostname:// prefix1// xxx may be assigned to tenant 1 and access paths http:// hostname:// prefix2// xxx may be assigned to tenant 2. By enabling access paths of multiple tenants in the same system to share the same domain name and different prefixes, whether the tenants belong to the same system can be more easily identified.
In some embodiments of the present disclosure, a service request of a tenant may be forwarded to a corresponding micro-service according to an access path. For example, tenant 1 allocates an access path of http:// wxt1. Ley. Ccb.com/wms/1, according to which routing to the corresponding instantiation service wms-waschouse-1 can be implemented, tenant 2 allocates an access path of http:// wxt1. Ley. Ccb.com/wms/2, according to which routing to the corresponding instantiation service wms-waschouse-2 can be implemented.
In some embodiments of the present disclosure, the gateway may directly receive service requests sent by multiple tenants. In other embodiments, the service request sent by multiple tenants may be received by the nmginx reverse proxy, and then the nmginx forwards the service request to the gateway in a round robin manner to implement load balancing of the gateway. Where Nginx is a web server of an asynchronous framework, and may also be used as a reverse proxy, load balancer, and Http cache. Most Web servers use ng ix, typically as a load balancer.
According to the embodiment of the specification, by distributing one access path to each tenant and forwarding the access path to the corresponding micro service, the multi-tenant multi-instance can be realized, and meanwhile, the requirements of each tenant on different services can be met.
S2: acquiring a service list from a registry; the service list comprises network protocol addresses and port numbers corresponding to the micro services, and the registry is used for registering the services.
The registry may be understood as an "address book" in the micro-service architecture, which may record the mapping of services and service addresses. In the distributed architecture, a service is registered in a registry, and when the service needs to call other services, the service is called by finding the address of the service in the registry. In the embodiment of the present specification, the registry may be Eureka, zookeeper, consul or the like. Preferably, in the embodiment of the present specification, the registry is Eureka. In some implementations, the Eureka provides service registration services, and each node registers in the Eureka after being started, so that information of all available service nodes is stored in a service registry in the Eureka. The service list may include a network protocol address (Internet Protocol, IP) and a port number, etc. corresponding to the micro service. The service list may also be referred to as a service registry.
In some embodiments of the present disclosure, since the gateway is registered in advance as a service to the registry, and each business micro-service is also registered to the registry, after receiving service requests sent by multiple tenants, the gateway may obtain a service list from the registry accordingly, and further forward the service request of multiple tenants to the corresponding micro-service according to the access path included in the service request and the network protocol address and port number of the micro-service included in the service list.
In the embodiment of the present disclosure, since the micro service and the gateway are registered in the registry in advance, the gateway and the micro service may be identified by the registry, and the micro services may also be identified by the registry. Thus, after receiving the service request sent by the tenant, the service list can be correspondingly acquired from the registration center, the IP and the port of the micro service instance are identified, and a guarantee is provided for the follow-up accurate forwarding to the corresponding micro service.
S4: forwarding the service request to a corresponding micro service according to the access path and the service list, so that the micro service completes the service corresponding to the service request according to a preset configuration mode; the preset configuration mode comprises the steps that sensitive data among different micro services call different databases, and non-sensitive data among different micro services call the same database.
In one embodiment of the present disclosure, the preset configuration manner may include calling different databases for sensitive data between different microservices, and calling the same database for non-sensitive data between different microservices. The preset configuration mode can be managed in a centralized configuration center.
In some embodiments of the present disclosure, after receiving service requests sent by multiple tenants and obtaining a service list, the gateway may forward the service requests to corresponding micro services according to an access path and the service list included in the service requests.
In some embodiments, forwarding the service request to the corresponding micro service according to the access path and the service list may include: acquiring a gateway configuration file, wherein the gateway configuration file comprises a corresponding relation between an access path and a micro service; determining a micro-service network protocol address and a port number corresponding to the service request according to the access path and the service list; and forwarding the service request to the corresponding micro service according to the micro service network protocol address and the port number. For example, in some implementation scenarios, since the correspondence between the access path and the micro-service may be managed in the centralized configuration center in advance, the gateway configuration file may be obtained from the centralized configuration center, then the micro-service to be accessed is determined according to the access path, and finally the service request is forwarded to the corresponding micro-service according to the IP and the port number corresponding to the micro-service in the service list.
In some embodiments of the present disclosure, different access paths may correspond to the same micro service, or may correspond to different micro services, which may be managed in a centralized configuration center in advance according to a micro service implementation function. In some implementation scenarios, for the business module, data between tenants is isolated from each other. At this time, different access paths can be configured to correspond to different micro-service embodiments, and each embodiment is connected with different databases, so that effective isolation of data of each tenant can be ensured while multi-user and multi-embodiment is realized. In other implementation scenarios, sharing may be implemented between tenants for a base data module, such as provincial region data dictionary content. At this time, different access paths can be configured to correspond to the same micro service instance and be connected with the same database, so that the multi-user single instance can be realized, the memory space can be saved, and the processing efficiency can be improved.
In some embodiments of the present disclosure, service requests of different tenants may be forwarded to the same micro service or may be forwarded to different micro services according to access paths according to different functions implemented by the micro service. In some implementation scenarios, the micro service does not need to distinguish between different tenants, and at this time, service requests of different tenants can be forwarded to the same micro service instance according to the access path. In other implementation scenarios, the micro service needs to distinguish between different tenants, and at this time, service requests of different tenants may be forwarded to different micro service instances according to the access path. For example, if the micro-service implements a basic information service, service requests of different tenants may all be forwarded to the basic information service. If the micro-service realizes the in-out business management service, the service requests of different tenants can be forwarded to the corresponding in-out business management service.
In one implementation scenario, after receiving service requests sent by multiple tenants and obtaining a service list, the gateway may forward all/1/first requests to the micro service instance 1 of the registry and all/2/first requests to the micro service instance 2 of the registry. If the public basic data service does not want to distinguish between different tenants, only one micro-service embodiment is provided, so that only one micro-service embodiment registered in the registration center can be used for forwarding all received/1/beginning or/2/beginning requests to the same micro-service embodiment by the gateway. In another implementation scenario, the system is provided with two micro-service modules, namely a warehouse management module responsible for outbound and inbound business management and a data dictionary and picture server basic information service module, and the system is assumed to be faced with two tenants, namely a tenant 1 and a tenant 2, which share the same deployment domain name, but have different access path prefixes, wherein the access path corresponding to the tenant 1 is http:// hostname:// prefix1// xxx, the access path corresponding to the tenant 2 is http:// hostname:// prefix2// xxx; if the tenant accesses the basic information service, the gateway may forward prefix1, prefix2, to the basic information service. Therefore, for the multi-tenant of the tenant 1 and the tenant 2, the sharing of basic information service can be realized, and the business processing parts of the access library are respectively processed by different examples, so that the effective isolation of the application layers among the multi-tenant can be realized.
According to the embodiment of the specification, the mutual isolation of the sensitive information storage layers of the multiple tenants is realized through the hybrid deployment mode, the non-sensitive data are stored together, so that the application instances of the multiple tenants can meet the user customization requirement, and meanwhile, the application instances of the other tenants are not required to be changed, the complete independence of application logic is achieved, and the data security problem of the multiple tenants can be effectively solved.
In some embodiments of the present disclosure, after forwarding the service request to the corresponding micro service, the method further includes: the micro-service obtains a micro-service configuration file; according to the names of other micro services which need to be called by the micro services included in the micro service configuration file, network protocol addresses and port numbers corresponding to the other micro services which need to be called by the micro services are obtained from the service list; and calling other micro services according to the network protocol address and the port number. In some implementation scenarios, because the micro services and the micro services can be mutually called, at this time, a micro service configuration file can be obtained from the centralized configuration center, then according to other micro service names required to be called of the micro services included in the micro service configuration file, network protocol addresses and port numbers corresponding to the other micro services are obtained from the service list, and finally, other micro services are called according to the network protocol addresses and the port numbers.
In some embodiments of the present disclosure, when a service corresponding to a service request is completed, sensitive data between different micro services invokes different databases, and non-sensitive data between different micro services invokes the same database, so that different service instances can be connected to different databases for the sensitive data, and only one service instance can be instantiated for the non-sensitive data, that is, public basic data, and the same database to which the service instance is connected can be implemented.
For example, in one implementation scenario, there are two tenants, tenant 1 and tenant 2, respectively, that need to access a backend hosting service wms-wasehouse, which provides for the in-out management of the material, and only one hosting service wms-wasehouse application, which requires the hosting service wms-wasehouse material warehousing module to invoke the wms-eis module identification barcode function module. To achieve isolation of sensitive data between tenants, wms-warehouse and wms-eis should instantiate two applications for tenant 1 and tenant 2 to call, respectively. Wherein, in the centralized configuration center, the wms-warthouse-1 and wms-eis-1 instance call database cluster 1, the wms-warthouse-2 and wms-eis-2 instance call database cluster 2, and the wms-warthouse-1 call can only call the external service wms-eis-1. Specifically, the wms-warehouse-1, wms-warehouse-1 instance connection database cluster 1, wms-warehouse-2 instance connection database cluster 2, wms-eis-1 instance connection database cluster 1, wms-eis-2 instance connection database cluster 2, wms-warehouse-1 call wms-eis-1 may be instantiated via a micro-service profile and configuration. Routing to the corresponding instantiation service wms-warehouse-1 may be achieved by assigning access path http:// wmt 1. Ley.ccb.com/wms/1 to tenant 1, and routing to the corresponding instantiation service wms-warehouse-2 may be achieved by assigning access path http:// wmt 1. Ley.ccb.com/wms/2 to tenant 2. If the micro-service does not need to distinguish between different tenants, the paths http:// wxt1. Ley. Ccb. Com/wms/1, http:// wxt1. Ley. Ccb. Com/wms/2 may all be routed to the same service instance. Therefore, because different database clusters are connected, sensitive data among tenants can be isolated from each other, and the safety of the data of each tenant is ensured.
In the embodiment of the specification, different micro services are instantiated for different tenants, and different micro service embodiments are connected with different databases, so that data isolation of a database storage layer and business isolation of an application layer can be realized, and the safety isolation of data among tenants can be ensured while the dynamic requirements of the tenants are met.
It should be noted that, the above description is from the perspective of the network connection device, the embodiments of the present disclosure may also be applied to devices such as a server, and the specific embodiments are similar to the above embodiments applied to the network connection device, which are not repeated herein. If the service request is applied to a server, when receiving service requests sent by a plurality of tenants, the service requests can be directly received by the server or can be forwarded and received by a gateway. When the service list is acquired from the registry, the service list may be acquired through the gateway and then forwarded to the server. For example, in some implementations, a server or gateway may directly receive service requests sent by multiple tenants. In other implementation scenarios, after receiving a service request sent by multiple tenants, the gateway may forward the service request to a server for further processing, or may perform further processing through the gateway. In other implementation scenarios, the service request sent by the multi-tenant may be received by the nmginx reverse proxy, then the nmginx forwards the service request to the gateway in a round-robin manner, so as to implement load balancing of the gateway, and finally the gateway may perform the next processing, or may forward the service request to the server, so that the server performs the next processing.
As shown in fig. 3, fig. 3 is a flow chart illustrating another embodiment of the micro-service based multi-tenant data processing method provided in the present specification. The method may comprise the following steps.
S10: the reverse proxy server receives service requests sent by a plurality of tenants and forwards the service requests to the gateway in a polling mode; the service request comprises access paths corresponding to all tenants, and the access paths correspond to micro services;
s12: the gateway acquires a service list from a registry; the service list comprises a network protocol address and a port number corresponding to the micro service, and the registry is used for registering the service;
s14: according to the access path and the service list, forwarding the service request route to a corresponding micro service;
s16: the micro-service obtains a service list from the registration center and obtains a micro-service configuration file from a centralized configuration center, wherein the micro-service configuration file comprises a micro-service name, a database name connected with the micro-service and other micro-service names required to be called by the micro-service;
s18: and completing the service corresponding to the service request according to the service list, the micro-service configuration file and a preset configuration mode.
In this embodiment, the nmginx reverse proxy accepts the multi-tenant request, and then the nmginx forwards the request to the gateway in a round-robin manner, so as to implement load balancing of the gateway, and the gateway cluster forwards the user request to the corresponding back-end micro-service instance. Because both the gateway and the backend micro-service instance are registered with the registry, the gateway can identify the IP and port of the micro-service instance through the registry.
It should be noted that, all embodiments of the method are described in a progressive manner, and the same and similar parts of all embodiments participate in each other, and each embodiment is mainly described in a different way from other embodiments. For relevance, see the description of the method embodiments.
According to the multi-tenant data processing method based on the micro service, aiming at the service of distinguishing tenants, service requests sent by different tenants are forwarded to different micro services, and different databases are called by different micro services, so that multi-user and multi-instance can be realized, different service requirements of different tenants are met, meanwhile, effective isolation of data among the tenants is ensured, and therefore data security is improved. Aiming at the business of distinguishing tenants, service requests sent by different tenants are forwarded to the same micro service, and the same database is called, so that the multi-user single instance can be realized, the memory space is saved, and the processing efficiency is improved.
In the present specification, each embodiment of the method is described in a progressive manner, and the same and similar parts of each embodiment participate in each other, and each embodiment mainly describes differences from other embodiments. For relevance, see the description of the method embodiments.
Based on the multi-tenant data processing method based on the micro-service, one or more embodiments of the present disclosure further provide a multi-tenant data processing device based on the micro-service. The apparatus may include a system (including a distributed system), software (applications), modules, components, servers, clients, etc. that employ the methods described in the embodiments of the present specification in combination with the necessary apparatus to implement the hardware. Based on the same innovative concepts, the embodiments of the present description provide means in one or more embodiments as described in the following embodiments. Because the implementation scheme and the method for solving the problem by the device are similar, the implementation of the device in the embodiment of the present disclosure may refer to the implementation of the foregoing method, and the repetition is not repeated. As used below, the term "unit" or "module" may be a combination of software and/or hardware that implements the intended function. While the means described in the following embodiments are preferably implemented in software, implementation in hardware, or a combination of software and hardware, is also possible and contemplated.
In particular, fig. 4 is a schematic block diagram of an embodiment of the micro-service based multi-tenant data processing apparatus provided in the present specification, and as shown in fig. 4, the micro-service based multi-tenant data processing apparatus provided in the present specification may include: the first receiving module 120, the first obtaining module 122, and the first forwarding module 124.
The first receiving module 120 may be configured to receive service requests sent by multiple tenants; the service request comprises access paths corresponding to all tenants, and the access paths correspond to micro services;
a first obtaining module 122, configured to obtain a service list from a registry; the service list comprises a network protocol address and a port number corresponding to the micro service, and the registry is used for registering the service;
the first forwarding module 124 may be configured to forward the service request to a corresponding micro service according to the access path and the service list, so that the micro service completes a service corresponding to the service request according to a preset configuration manner; the preset configuration mode comprises the steps that sensitive data among different micro services call different databases, and non-sensitive data among different micro services call the same database.
FIG. 5 is a schematic block diagram illustrating another embodiment of the micro-service based multi-tenant data processing apparatus provided in the present specification, as shown in FIG. 5, the micro-service based multi-tenant data processing apparatus provided in the present specification may include: the second receiving module 210, the second obtaining module 212, the second forwarding module 214, the third obtaining module 216, and the completing module 218.
The second receiving module 210 may be configured to receive, by using a reverse proxy server, a service request sent by a plurality of tenants, and forward the service request to a gateway in a polling manner; the service request comprises access paths corresponding to all tenants, and the access paths correspond to micro services;
a second obtaining module 212, configured to obtain a service list from a registry by using the gateway; the service list comprises a network protocol address and a port number corresponding to the micro service, and the registry is used for registering the service;
a second forwarding module 214, configured to forward the service request route to a corresponding micro service according to the access path and the service list;
a third obtaining module 216, configured to obtain a service list from the registry by using the micro service, and obtain a micro service configuration file from a centralized configuration center, where the micro service configuration file includes a micro service name, a database name connected to the micro service, and other micro service names that need to be called by the micro service;
The completion module 218 may be configured to complete the service corresponding to the service request according to the service list, the micro service configuration file, and a preset configuration manner.
According to the multi-tenant data processing device based on the micro service, provided by the specification, aiming at the service of distinguishing tenants, service requests sent by different tenants are forwarded to different micro services, and different micro services call different databases, so that multi-user and multi-instance can be realized, different tenants can meet different service requirements, and meanwhile, effective isolation of data among the tenants is ensured, so that data security is improved. Aiming at the business of distinguishing tenants, service requests sent by different tenants are forwarded to the same micro service, and the same database is called, so that the multi-user single instance can be realized, the memory space is saved, and the processing efficiency is improved.
It should be noted that the description of the above apparatus according to the method embodiment may further include other embodiments, and specific implementation manner may refer to the description of the related method embodiment, which is not described herein in detail.
The present specification also provides embodiments of a micro-service based multi-tenant data processing device comprising a processor and a memory for storing processor executable instructions that when executed by the processor implement steps comprising: receiving service requests sent by a plurality of tenants; the service request comprises access paths corresponding to all tenants, and the access paths correspond to micro services; acquiring a service list from a registry; the service list comprises a network protocol address and a port number corresponding to the micro service, and the registry is used for registering the service; forwarding the service request to a corresponding micro service according to the access path and the service list, so that the micro service completes the service corresponding to the service request according to a preset configuration mode; the preset configuration mode comprises the steps that sensitive data among different micro services call different databases, and non-sensitive data among different micro services call the same database.
The present specification also provides another embodiment of a micro-service based multi-tenant data processing device, comprising a processor and a memory for storing processor executable instructions that when executed by the processor implement the steps comprising: the reverse proxy server receives service requests sent by a plurality of tenants and forwards the service requests to the gateway in a polling mode; the service request comprises access paths corresponding to all tenants, and the access paths correspond to micro services; the gateway acquires a service list from a registry; the service list comprises a network protocol address and a port number corresponding to the micro service, and the registry is used for registering the service; according to the access path and the service list, forwarding the service request route to a corresponding micro service; the micro-service obtains a service list from the registration center and obtains a micro-service configuration file from a centralized configuration center, wherein the micro-service configuration file comprises a micro-service name, a database name connected with the micro-service and other micro-service names required to be called by the micro-service; and completing the service corresponding to the service request according to the service list, the micro-service configuration file and a preset configuration mode.
It should be noted that the above description of the apparatus according to the method or device embodiments may also include other implementations. Specific implementation may refer to descriptions of related method embodiments, which are not described herein in detail.
The present specification also provides embodiments of a micro-service based multi-tenant data processing system comprising at least one processor and a memory storing computer executable instructions that when executed by the processor implement the steps of the method described in any one or more of the embodiments described above, for example comprising: receiving service requests sent by a plurality of tenants; the service request comprises access paths corresponding to all tenants, and the access paths correspond to micro services; acquiring a service list from a registry; the service list comprises a network protocol address and a port number corresponding to the micro service, and the registry is used for registering the service; forwarding the service request to a corresponding micro service according to the access path and the service list, so that the micro service completes the service corresponding to the service request according to a preset configuration mode; the preset configuration mode comprises the steps that sensitive data among different micro services call different databases, and non-sensitive data among different micro services call the same database. The system may be a stand-alone server or may include a server cluster, a system (including a distributed system), software (applications), an actual operating device, a logic gate device, a quantum computer, etc., using one or more of the methods or one or more of the embodiment devices of the present specification in combination with a terminal device that implements the necessary hardware.
The method embodiments provided in the present specification may be performed in a mobile terminal, a computer terminal, a server, or similar computing device. Taking the example of running on a server, fig. 6 is a hardware architecture block diagram of one embodiment of the micro-service based multi-tenant data processing server provided in the present specification, which may be the micro-service based multi-tenant data processing apparatus or the micro-service based multi-tenant data processing system in the above embodiment. As shown in fig. 6, the server 10 may include one or more (only one is shown in the figure) processors 100 (the processors 100 may include, but are not limited to, a microprocessor MCU, a processing device such as a programmable logic device FPGA), a memory 200 for storing data, and a transmission module 300 for communication functions. It will be appreciated by those of ordinary skill in the art that the configuration shown in fig. 6 is merely illustrative and is not intended to limit the configuration of the electronic device described above. For example, server 10 may also include more or fewer components than shown in FIG. 6, for example, may also include other processing hardware such as a database or multi-level cache, a GPU, or have a different configuration than that shown in FIG. 6.
The memory 200 may be used to store software programs and modules of application software, such as program instructions/modules corresponding to the micro-service based multi-tenant data processing method in the present embodiment, and the processor 100 executes the software programs and modules stored in the memory 200 to perform various functional applications and data processing. Memory 200 may include high-speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, memory 200 may further include memory located remotely from processor 100, which may be connected to the computer terminal via a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof.
The transmission module 300 is used to receive or transmit data via a network. Specific examples of the network described above may include a wireless network provided by a communication provider of a computer terminal. In one example, the transmission module 300 includes a network adapter (Network Interface Controller, NIC) that can connect to other network devices through a base station to communicate with the internet. In one example, the transmission module 300 may be a Radio Frequency (RF) module for communicating with the internet wirelessly.
The foregoing describes specific embodiments of the present disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims can be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing are also possible or may be advantageous.
The method or apparatus according to the above embodiments provided in the present specification may implement service logic by a computer program and be recorded on a storage medium, where the storage medium may be read and executed by a computer, to implement the effects of the schemes described in the embodiments of the present specification.
The storage medium may include physical means for storing information, typically by digitizing the information before storing it in an electronic, magnetic, or optical medium. The storage medium may include: means for storing information using electrical energy such as various memories, e.g., RAM, ROM, etc.; devices for storing information using magnetic energy such as hard disk, floppy disk, magnetic tape, magnetic core memory, bubble memory, and USB flash disk; devices for optically storing information, such as CDs or DVDs. Of course, there are other ways of readable storage medium, such as quantum memory, graphene memory, etc.
The embodiments of the foregoing micro-service-based multi-tenant data processing method or apparatus provided in the present disclosure may be implemented in a computer by executing corresponding program instructions by a processor, for example, implemented on a PC side using the c++ language of a windows operating system, implemented by a linux system, or implemented on an intelligent terminal using, for example, android, iOS system programming languages, and implemented by processing logic based on a quantum computer.
It should be noted that, the descriptions of the apparatus, the computer storage medium, and the system according to the related method embodiments described in the foregoing description may further include other implementations, and specific implementation manners may refer to descriptions of corresponding method embodiments, which are not described herein in detail.
All embodiments in the application are described in a progressive manner, and identical and similar parts of all embodiments are mutually referred, so that each embodiment mainly describes differences from other embodiments. In particular, for a hardware+program class embodiment, the description is relatively simple, as it is substantially similar to the method embodiment, as relevant see the partial description of the method embodiment.
Embodiments of the present description are not limited to situations in which industry communication standards, standard computer data processing and data storage rules are required or described in one or more embodiments of the present description. Some industry standards or embodiments modified slightly based on the implementation described by the custom manner or examples can also realize the same, equivalent or similar or predictable implementation effect after modification of the above examples. Examples of data acquisition, storage, judgment, processing, etc., using these modifications or variations may still fall within the scope of alternative implementations of the examples of this specification.
In the 90 s of the 20 th century, improvements to one technology could clearly be distinguished as improvements in hardware (e.g., improvements to circuit structures such as diodes, transistors, switches, etc.) or software (improvements to the process flow). However, with the development of technology, many improvements of the current method flows can be regarded as direct improvements of hardware circuit structures. Designers almost always obtain corresponding hardware circuit structures by programming improved method flows into hardware circuits. Therefore, an improvement of a method flow cannot be said to be realized by a hardware entity module. For example, a programmable logic device (Programmable Logic Device, PLD) (e.g., field programmable gate array (Field Programmable Gate Array, FPGA)) is an integrated circuit whose logic function is determined by the programming of the device by a user. A designer programs to "integrate" a digital system onto a PLD without requiring the chip manufacturer to design and fabricate application-specific integrated circuit chips. Moreover, nowadays, instead of manually manufacturing integrated circuit chips, such programming is mostly implemented by using "logic compiler" software, which is similar to the software compiler used in program development and writing, and the original code before the compiling is also written in a specific programming language, which is called hardware description language (Hardware Description Language, HDL), but not just one of the hdds, but a plurality of kinds, such as ABEL (Advanced Boolean Expression Language), AHDL (Altera Hardware Description Language), confluence, CUPL (Cornell University Programming Language), HDCal, JHDL (Java Hardware Description Language), lava, lola, myHDL, PALASM, RHDL (Ruby Hardware Description Language), etc., VHDL (Very-High-Speed Integrated Circuit Hardware Description Language) and Verilog are currently most commonly used. It will also be apparent to those skilled in the art that a hardware circuit implementing the logic method flow can be readily obtained by merely slightly programming the method flow into an integrated circuit using several of the hardware description languages described above.
The controller may be implemented in any suitable manner, for example, the controller may take the form of, for example, a microprocessor or processor and a computer readable medium storing computer readable program code (e.g., software or firmware) executable by the (micro) processor, logic gates, switches, application specific integrated circuits (Application Specific Integrated Circuit, ASIC), programmable logic controllers, and embedded microcontrollers, examples of which include, but are not limited to, the following microcontrollers: ARC 625D, atmel AT91SAM, microchip PIC18F26K20, and Silicone Labs C8051F320, the memory controller may also be implemented as part of the control logic of the memory. Those skilled in the art will also appreciate that, in addition to implementing the controller in a pure computer readable program code, it is well possible to implement the same functionality by logically programming the method steps such that the controller is in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers, etc. Such a controller may thus be regarded as a kind of hardware component, and means for performing various functions included therein may also be regarded as structures within the hardware component. Or even means for achieving the various functions may be regarded as either software modules implementing the methods or structures within hardware components.
Portions of the systems, apparatuses, devices, and modules illustrated in the above embodiments may be implemented by a computer chip or entity, or by a product having some function.
Although one or more embodiments of the present description provide method operational steps as described in the embodiments or flowcharts, more or fewer operational steps may be included based on conventional or non-inventive means. The order of steps recited in the embodiments is merely one way of performing the order of steps and does not represent a unique order of execution. When implemented in an actual device or end product, the instructions may be executed sequentially or in parallel (e.g., in a parallel processor or multi-threaded processing environment, or even in a distributed data processing environment) as illustrated by the embodiments or by the figures. The terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, it is not excluded that additional identical or equivalent elements may be present in a process, method, article, or apparatus that comprises a described element. The terms first, second, etc. are used to denote a name, but not any particular order.
For convenience of description, the above devices are described as being functionally divided into various modules, respectively. Of course, when one or more of the present description is implemented, the functions of some of the modules may be implemented in the same piece or pieces of software and/or hardware, or the modules that implement the same function may be implemented by a plurality of sub-modules or a combination of sub-units, or the like. The device embodiments described above are merely illustrative.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks. These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks. These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process.
In one typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory. The memory may include volatile memory in a computer-readable medium, random Access Memory (RAM) and/or nonvolatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of computer-readable media. Computer readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of storage media for a computer include, but are not limited to, static Random Access Memory (SRAM), dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), read Only Memory (ROM), and the like, that can be accessed by a computing device.
One skilled in the relevant art will recognize that one or more embodiments of the present description may be provided as a method, system, or computer program product. Accordingly, one or more embodiments of the present description may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Moreover, one or more embodiments of the present description can take the form of a computer program product on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.
In this specification, each embodiment is described in a progressive manner, and identical and similar parts of each embodiment are all referred to each other, and each embodiment mainly describes differences from other embodiments. In particular, for system embodiments, since they are substantially similar to method embodiments, the description is relatively simple, as relevant to see a section of the description of method embodiments. In the description of the present specification, a description referring to terms "one embodiment," "some embodiments," "examples," "specific examples," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the present specification. In this specification, schematic representations of the above terms are not necessarily directed to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, the different embodiments or examples described in this specification and the features of the different embodiments or examples may be combined and combined by those skilled in the art without contradiction.
The foregoing is merely an example of one or more embodiments of the present specification and is not intended to limit the one or more embodiments of the present specification. Various modifications and alterations to one or more embodiments of this description will be apparent to those skilled in the art. Any modifications, equivalent substitutions, improvements, etc. which are within the spirit and principles of the present application are intended to be included within the scope of the claims.

Claims (11)

1. The multi-tenant data processing method based on the micro-service is characterized by comprising the following steps of:
receiving service requests sent by a plurality of tenants; the service request comprises access paths corresponding to all tenants, and the access paths correspond to micro services; the corresponding relation between the access path and the micro-service comprises the following steps: aiming at the business of not distinguishing tenants, different access paths correspond to the same micro service; or, for the service of distinguishing the tenants, different access paths correspond to different micro services;
acquiring a service list from a registry; the service list comprises a network protocol address and a port number corresponding to the micro service, and the registry is used for registering the service;
forwarding the service request to a corresponding micro service according to the access path and the service list, so that the micro service completes the service corresponding to the service request according to a preset configuration mode; the preset configuration mode comprises the steps that sensitive data among different micro services call different databases, and non-sensitive data among different micro services call the same database.
2. The method of claim 1, wherein the microservice is pre-registered with a registry; the micro service is registered in a registry in advance, and comprises the following steps:
acquiring a micro-service configuration file, wherein the micro-service configuration file comprises a micro-service name, a database name connected with the micro-service and other micro-service names required to be called by the micro-service;
and registering the micro service to a registry according to the micro service name.
3. The method of claim 1, wherein forwarding the service request to the corresponding micro-service according to the access path and the service list comprises:
acquiring a gateway configuration file, wherein the gateway configuration file comprises a corresponding relation between an access path and a micro service;
determining a micro-service network protocol address and a port number corresponding to the service request according to the access path and the service list;
and forwarding the service request to the corresponding micro service according to the micro service network protocol address and the port number.
4. The method of claim 1, wherein said forwarding said service request to a corresponding micro-service further comprises:
Acquiring a micro-service configuration file;
according to the names of other micro services which need to be called by the micro services included in the micro service configuration file, network protocol addresses and port numbers corresponding to the other micro services which need to be called by the micro services are obtained from the service list;
and calling other micro services according to the network protocol address and the port number.
5. The multi-tenant data processing method based on the micro-service is characterized by comprising the following steps of:
the reverse proxy server receives service requests sent by a plurality of tenants and forwards the service requests to the gateway in a polling mode; the service request comprises access paths corresponding to all tenants, and the access paths correspond to micro services; the corresponding relation between the access path and the micro-service comprises the following steps: aiming at the business of not distinguishing tenants, different access paths correspond to the same micro service; or, for the service of distinguishing the tenants, different access paths correspond to different micro services;
the gateway acquires a service list from a registry; the service list comprises a network protocol address and a port number corresponding to the micro service, and the registry is used for registering the service;
according to the access path and the service list, forwarding the service request route to a corresponding micro service;
The micro-service obtains a service list from the registration center and obtains a micro-service configuration file from a centralized configuration center, wherein the micro-service configuration file comprises a micro-service name, a database name connected with the micro-service and other micro-service names required to be called by the micro-service;
completing the service corresponding to the service request according to the service list, the micro-service configuration file and a preset configuration mode; the preset configuration mode comprises the steps that sensitive data among different micro services call different databases, and non-sensitive data among different micro services call the same database.
6. The method of claim 5, wherein completing the service corresponding to the service request according to the service list, the micro service configuration file, and a preset configuration mode comprises:
according to the names of other micro services which need to be called by the micro services included in the micro service configuration file, network protocol addresses and port numbers corresponding to the other micro services which need to be called by the micro services are obtained from the service list;
calling other micro services according to the network protocol address and the port number;
and completing the service corresponding to the service request according to a preset configuration mode.
7. A micro-service based multi-tenant data processing apparatus, comprising:
the first receiving module is used for receiving service requests sent by a plurality of tenants; the service request comprises access paths corresponding to all tenants, and the access paths correspond to micro services; the corresponding relation between the access path and the micro-service comprises the following steps: aiming at the business of not distinguishing tenants, different access paths correspond to the same micro service; or, for the service of distinguishing the tenants, different access paths correspond to different micro services;
the first acquisition module is used for acquiring a service list from the registration center; the service list comprises a network protocol address and a port number corresponding to the micro service, and the registry is used for registering the service;
the first forwarding module is used for forwarding the service request to a corresponding micro service according to the access path and the service list so that the micro service can complete the service corresponding to the service request according to a preset configuration mode; the preset configuration mode comprises the steps that sensitive data among different micro services call different databases, and non-sensitive data among different micro services call the same database.
8. A micro-service based multi-tenant data processing apparatus, comprising:
The second receiving module is used for receiving service requests sent by a plurality of tenants by the reverse proxy server and forwarding the service requests to the gateway in a polling mode; the service request comprises access paths corresponding to all tenants, and the access paths correspond to micro services; the corresponding relation between the access path and the micro-service comprises the following steps: aiming at the business of not distinguishing tenants, different access paths correspond to the same micro service; or, for the service of distinguishing the tenants, different access paths correspond to different micro services;
the second acquisition module is used for acquiring a service list from a registry by the gateway; the service list comprises a network protocol address and a port number corresponding to the micro service, and the registry is used for registering the service;
the second forwarding module is used for forwarding the service request route to the corresponding micro service according to the access path and the service list;
the third acquisition module is used for acquiring a service list from the registry by the micro service and acquiring a micro service configuration file from the centralized configuration center, wherein the micro service configuration file comprises a micro service name, a database name connected with the micro service and other micro service names required to be called by the micro service;
The completion module is used for completing the service corresponding to the service request according to the service list, the micro service configuration file and a preset configuration mode; the preset configuration mode comprises the steps that sensitive data among different micro services call different databases, and non-sensitive data among different micro services call the same database.
9. A micro-service based multi-tenant data processing device comprising a processor and a memory for storing processor executable instructions that when executed by the processor implement steps comprising:
receiving service requests sent by a plurality of tenants; the service request comprises access paths corresponding to all tenants, and the access paths correspond to micro services; the corresponding relation between the access path and the micro-service comprises the following steps: aiming at the business of not distinguishing tenants, different access paths correspond to the same micro service; or, for the service of distinguishing the tenants, different access paths correspond to different micro services;
acquiring a service list from a registry; the service list comprises a network protocol address and a port number corresponding to the micro service, and the registry is used for registering the service;
forwarding the service request to a corresponding micro service according to the access path and the service list, so that the micro service completes the service corresponding to the service request according to a preset configuration mode; the preset configuration mode comprises the steps that sensitive data among different micro services call different databases, and non-sensitive data among different micro services call the same database.
10. A micro-service based multi-tenant data processing device comprising a processor and a memory for storing processor executable instructions that when executed by the processor implement steps comprising:
the reverse proxy server receives service requests sent by a plurality of tenants and forwards the service requests to the gateway in a polling mode; the service request comprises access paths corresponding to all tenants, and the access paths correspond to micro services; the corresponding relation between the access path and the micro-service comprises the following steps: aiming at the business of not distinguishing tenants, different access paths correspond to the same micro service; or, for the service of distinguishing the tenants, different access paths correspond to different micro services;
the gateway acquires a service list from a registry; the service list comprises a network protocol address and a port number corresponding to the micro service, and the registry is used for registering the service;
according to the access path and the service list, forwarding the service request route to a corresponding micro service;
the micro-service obtains a service list from the registration center and obtains a micro-service configuration file from a centralized configuration center, wherein the micro-service configuration file comprises a micro-service name, a database name connected with the micro-service and other micro-service names required to be called by the micro-service;
Completing the service corresponding to the service request according to the service list, the micro-service configuration file and a preset configuration mode; the preset configuration mode comprises the steps that sensitive data among different micro services call different databases, and non-sensitive data among different micro services call the same database.
11. A micro-service based multi-tenant data processing system comprising at least one processor and a memory storing computer executable instructions, which when executed by the processor implement the steps of the method of any of claims 1-6.
CN202010594985.0A 2020-06-28 2020-06-28 Multi-tenant data processing method, device, equipment and system based on micro-service Active CN111814177B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010594985.0A CN111814177B (en) 2020-06-28 2020-06-28 Multi-tenant data processing method, device, equipment and system based on micro-service

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010594985.0A CN111814177B (en) 2020-06-28 2020-06-28 Multi-tenant data processing method, device, equipment and system based on micro-service

Publications (2)

Publication Number Publication Date
CN111814177A CN111814177A (en) 2020-10-23
CN111814177B true CN111814177B (en) 2023-06-09

Family

ID=72855774

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010594985.0A Active CN111814177B (en) 2020-06-28 2020-06-28 Multi-tenant data processing method, device, equipment and system based on micro-service

Country Status (1)

Country Link
CN (1) CN111814177B (en)

Families Citing this family (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112187958A (en) * 2020-11-11 2021-01-05 北京金和网络股份有限公司 Method and device for registering, discovering and forwarding microservice
CN112468340A (en) * 2020-11-24 2021-03-09 上海浦东发展银行股份有限公司 Pre-audit business data configuration system for multiple tenants
CN112653665A (en) * 2020-11-25 2021-04-13 航天信息股份有限公司广州航天软件分公司 Data isolation interaction method and system based on cloud service
CN112953771A (en) * 2021-02-22 2021-06-11 安徽兆尹信息科技股份有限公司 Financial asset management system based on micro-service and decoupling method
CN113259407B (en) * 2021-03-25 2023-02-03 上海卓悠网络科技有限公司 Data interaction method and device based on application market architecture
CN113407967B (en) * 2021-06-25 2023-02-07 上海卓悠网络科技有限公司 Service security method and device based on application market architecture
CN113612798A (en) * 2021-08-24 2021-11-05 京东科技控股股份有限公司 Service data processing method, device, equipment and medium
CN113742100B (en) * 2021-08-27 2024-05-31 欧电云信息科技(江苏)有限公司 Service calling method, system, equipment and medium based on micro-service architecture
CN114363254B (en) * 2021-12-24 2024-07-23 北京字节跳动网络技术有限公司 Tenant isolation method and device and electronic equipment
CN114327949A (en) * 2021-12-29 2022-04-12 商派软件有限公司 Service processing system and method for using same
CN114138375A (en) * 2021-12-30 2022-03-04 高新兴智联科技有限公司 Internet of things service cloud architecture and radio frequency test system applying same
CN117997774A (en) * 2022-01-07 2024-05-07 支付宝(杭州)信息技术有限公司 Service registration processing method and device
CN114765630B (en) * 2022-02-16 2024-04-26 杭州湖畔网络技术有限公司 Data access method of multi-tenant platform, multi-tenant platform and server
CN114416224B (en) * 2022-03-25 2022-07-12 共道网络科技有限公司 Method and device for calling micro service under multi-micro service environment
CN114827248A (en) * 2022-03-31 2022-07-29 浙江西图盟数字科技有限公司 Micro-service resource allocation method and device, electronic equipment and storage medium
CN114785861B (en) * 2022-06-22 2022-12-13 飞狐信息技术(天津)有限公司 Service request forwarding system, method, computer equipment and storage medium
CN115297158A (en) * 2022-08-02 2022-11-04 成都市吉祥锐意科技有限公司 Multi-tenant method and system based on service and flow dyeing
CN116319505A (en) * 2023-02-10 2023-06-23 安芯网盾(北京)科技有限公司 Route distribution method and device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109862051A (en) * 2017-11-30 2019-06-07 亿阳信通股份有限公司 The realization method and system of multi-tenant under a kind of micro services framework
CN110209719A (en) * 2019-05-20 2019-09-06 华南理工大学 A kind of multitype database based on micro services framework uniformly accesses system and method
CN110716811A (en) * 2019-08-14 2020-01-21 中国平安财产保险股份有限公司 Database calling method and device and computer equipment

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109862051A (en) * 2017-11-30 2019-06-07 亿阳信通股份有限公司 The realization method and system of multi-tenant under a kind of micro services framework
CN110209719A (en) * 2019-05-20 2019-09-06 华南理工大学 A kind of multitype database based on micro services framework uniformly accesses system and method
CN110716811A (en) * 2019-08-14 2020-01-21 中国平安财产保险股份有限公司 Database calling method and device and computer equipment

Also Published As

Publication number Publication date
CN111814177A (en) 2020-10-23

Similar Documents

Publication Publication Date Title
CN111814177B (en) Multi-tenant data processing method, device, equipment and system based on micro-service
CN113746887B (en) Cross-cluster data request processing method, device and storage medium
JP7085565B2 (en) Intelligent thread management across isolated network stacks
CN108370391B (en) Shared multi-tenant Domain Name System (DNS) server for virtual networks
US20190140895A1 (en) Api gateway for network policy and configuration management with public cloud
CN110381163B (en) Method for forwarding service request by gateway node and gateway node
WO2019042110A1 (en) Subscription publication method, and server
EP3723325B1 (en) Network service management method, related device and system
CN111857873A (en) Method for realizing cloud native container network
CN112925647A (en) Cloud edge coordination system, and control method and device of cluster resources
CN112104499B (en) Container network model construction method, device, equipment and medium
CN110413845B (en) Resource storage method and device based on Internet of things operating system
CN111355816B (en) Server selection method, device, equipment and distributed service system
CN111756629B (en) Method, device, equipment, network and medium for accessing equipment to overlay network and communication
CN112995247A (en) Method, device and system for transmitting or processing data
CN110365743B (en) Zookeeper-based implementation method of load balancer supporting multiple customizable load algorithms
CN111600833B (en) Network operating system and message forwarding method
CN114363254B (en) Tenant isolation method and device and electronic equipment
US9992638B1 (en) System and method of facilitating management of common channel based services
US20040199643A1 (en) Distributed service component systems
CN115004657B (en) Addressing method, addressing system and addressing device
CN115776493A (en) Resource request method, system, device, equipment and storage medium
CN112866351A (en) Data interaction method, device, server and storage medium
Rodriguez-Natal et al. Global state, local decisions: decentralized NFV for ISPs via enhanced SDN
CN112910939A (en) Data processing method and related device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
TA01 Transfer of patent application right

Effective date of registration: 20220928

Address after: 12 / F, 15 / F, 99 Yincheng Road, Pudong New Area pilot Free Trade Zone, Shanghai, 200120

Applicant after: Jianxin Financial Science and Technology Co.,Ltd.

Address before: 25 Financial Street, Xicheng District, Beijing 100033

Applicant before: CHINA CONSTRUCTION BANK Corp.

Applicant before: Jianxin Financial Science and Technology Co.,Ltd.

TA01 Transfer of patent application right
GR01 Patent grant
GR01 Patent grant