CN112596857A - Method, device, equipment and medium for isolating SaaS multi-tenant data - Google Patents
Method, device, equipment and medium for isolating SaaS multi-tenant data Download PDFInfo
- Publication number
- CN112596857A CN112596857A CN202011563870.1A CN202011563870A CN112596857A CN 112596857 A CN112596857 A CN 112596857A CN 202011563870 A CN202011563870 A CN 202011563870A CN 112596857 A CN112596857 A CN 112596857A
- Authority
- CN
- China
- Prior art keywords
- tenant
- current
- data
- entity
- terminal page
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 64
- 238000002955 isolation Methods 0.000 claims abstract description 58
- 238000003860 storage Methods 0.000 claims abstract description 8
- 230000008569 process Effects 0.000 claims description 12
- 238000012544 monitoring process Methods 0.000 claims description 9
- 238000004590 computer program Methods 0.000 claims description 5
- 238000012423 maintenance Methods 0.000 description 9
- 239000000243 solution Substances 0.000 description 8
- 238000011161 development Methods 0.000 description 6
- 238000010586 diagram Methods 0.000 description 5
- 238000004458 analytical method Methods 0.000 description 4
- 238000004891 communication Methods 0.000 description 4
- 238000012545 processing Methods 0.000 description 4
- 230000002159 abnormal effect Effects 0.000 description 3
- 230000008901 benefit Effects 0.000 description 3
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 238000007726 management method Methods 0.000 description 3
- 230000008520 organization Effects 0.000 description 3
- 238000004806 packaging method and process Methods 0.000 description 3
- 239000000047 product Substances 0.000 description 3
- 238000012550 audit Methods 0.000 description 2
- 239000000306 component Substances 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000013515 script Methods 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 239000008358 core component Substances 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 238000005538 encapsulation Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000007613 environmental effect Effects 0.000 description 1
- 238000002347 injection Methods 0.000 description 1
- 239000007924 injection Substances 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 238000005457 optimization Methods 0.000 description 1
- 238000012858 packaging process Methods 0.000 description 1
- 230000008439 repair process Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 239000013589 supplement Substances 0.000 description 1
- 238000012384 transportation and delivery Methods 0.000 description 1
- 239000002699 waste material Substances 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45587—Isolation or security of virtual machine instances
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45595—Network integration; Enabling network access in virtual machine instances
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Bioethics (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Automation & Control Theory (AREA)
- Storage Device Security (AREA)
Abstract
The application provides a method, a device, equipment and a medium for isolating SaaS multi-tenant data, wherein the method comprises the following steps: acquiring a data operation request sent by a current tenant through a terminal page; the data operation request carries a tenant identification and a data operation instruction of a current tenant; judging whether the current tenant is the entity tenant or not according to the tenant identification of each entity tenant and the tenant identification of the current tenant in the entity tenant list; if the current tenant is an entity tenant, operating the data in an encrypted data table corresponding to the tenant identification of the current tenant according to the data operation instruction to obtain a first operation result, and sending the first operation result to a terminal page; if the current tenant is a non-entity tenant, the data is operated in the general data table according to the data operation instruction to obtain a second operation result, and the second operation result is sent to the terminal page, so that the isolation of the multi-tenant data in storage and operation is realized, and the security of the multi-tenant data isolation is improved.
Description
Technical Field
The present application relates to the field of computer technologies, and in particular, to a method, an apparatus, a device, and a medium for SaaS multi-tenant data isolation.
Background
Software as a Service (SaaS) is a Software application mode, that is, Software services are provided through the internet, tenants rent as needed, generally, one Software can serve multiple tenants at the same time, and by reducing the cost of each tenant of the multiple tenants, the Service delivery and operation and maintenance costs can be greatly reduced, and the maximum benefit can be realized. Multi-tenant refers to a server running a single application, but serving multiple enterprises at the same time. The applications used by the users of each enterprise are self-tailored versions. However, in the multi-tenant mode, since the software stack is shared, the generated and used data is also shared by multiple tenants, so that the data between the multiple tenants can interfere with each other, thereby causing a problem of service errors. Therefore, secure isolation of multi-tenant data is required. A qualified SaaS multi-tenant system needs to provide services for a plurality of different tenants and simultaneously needs to ensure that data among the tenants are isolated from each other, and system resources are independent and do not influence each other.
Most of the existing SaaS multi-tenant systems based on micro-service can only meet the isolation in the aspect of data and resources, if the same instance and table are adopted for isolation in the existing data isolation scheme, the data of a plurality of tenants are actually stored in the same table of one database instance and are distinguished through one tenant ID, and the method has certain potential safety hazard; if a plurality of database instances are adopted for data isolation, the system cost and the operation and maintenance deployment difficulty are indirectly increased, and the expansion in a large data scene system is difficult.
Disclosure of Invention
In view of this, an object of the present application is to provide a method, an apparatus, a device, and a medium for data isolation of a SaaS multi-tenant, which solve the problems in the prior art that data isolation has certain potential safety hazards, system cost and difficulty in operation and maintenance deployment are high, and expansion in a large data scenario system is difficult.
In a first aspect, an embodiment of the present application provides a method for data isolation of SaaS multiple tenants, where the method includes:
acquiring a data operation request sent by a current tenant through a terminal page; the data operation request carries a tenant identification and a data operation instruction of the current tenant;
judging whether the current tenant is an entity tenant or not according to the tenant identification of each entity tenant in the entity tenant list and the tenant identification of the current tenant;
if the current tenant is the entity tenant, operating data in an encrypted data table corresponding to the tenant identification of the current tenant according to the data operation instruction to obtain a first operation result, and sending the first operation result to the terminal page;
and if the current tenant is a non-entity tenant, operating data in a general data table according to the data operation instruction to obtain a second operation result, and sending the second operation result to the terminal page.
Optionally, before the determining whether the current tenant is the entity tenant according to the tenant identifier of each entity tenant in the entity tenant list and the tenant identifier of the current tenant, the method further includes:
and intercepting the data operation request sent by the current tenant through the terminal page.
Optionally, if the current tenant is the entity tenant, operating data in an encrypted data table corresponding to the tenant identifier of the current tenant according to the data operation instruction to obtain a first operation result, and sending the first operation result to the terminal page, where the method includes:
analyzing the data operation instruction to obtain a data operation statement corresponding to the data operation instruction;
adding the tenant identification into the data operation statement to obtain an identification addition statement;
and determining an encrypted data table corresponding to the tenant identification of the current tenant according to the identification addition statement, operating the encrypted data table according to the identification addition statement to obtain the first operation result, and sending the first operation result to the terminal page.
Optionally, before the obtaining of the data operation request sent by the current tenant through the terminal page, the method further includes:
acquiring an opening request of the current tenant, wherein the opening request carries tenant information of the current tenant;
auditing the tenant information, and if the auditing is correct, generating environment configuration information corresponding to the current tenant according to the tenant information;
and configuring corresponding resources based on the environment configuration information corresponding to the current tenant and starting a corresponding terminal page for the current tenant.
Optionally, the configuring, based on the environment configuration information corresponding to the current tenant, a corresponding resource and starting a corresponding terminal page for the current tenant include:
compiling the environment configuration information corresponding to the current tenant into a service image corresponding to the current tenant;
and generating a corresponding instance based on the service object, and starting a terminal page corresponding to the current tenant according to the instance corresponding to the service image, wherein the terminal page at least comprises one instance corresponding to the service image.
Optionally, the tenant information includes any one or more of the following information:
the system comprises a tenant enterprise name, a tenant account, a tenant contact, a tenant mailbox, a tenant contact telephone and the like.
Optionally, the method further includes:
in the process of starting the corresponding terminal page for the current tenant, detecting whether the terminal page is started normally through an online page;
and after the corresponding terminal page is started for the current tenant, monitoring and early warning the service state through the online page.
In a second aspect, an embodiment of the present application further provides a device for data isolation of SaaS multi-tenancy, including:
the acquisition module is used for acquiring a data operation request sent by a current tenant through a terminal page; the data operation request carries a tenant identification and a data operation instruction of a current tenant;
the judging module is used for judging whether the current tenant is the entity tenant or not according to the tenant identification of each entity tenant in the entity tenant list and the tenant identification of the current tenant;
the first sending module is used for operating data in an encrypted data table corresponding to a tenant identifier of the current tenant according to a data operation instruction to obtain a first operation result if the current tenant is an entity tenant, and sending the first operation result to the terminal page;
and the second sending module is used for operating the data in the general data table according to the data operation instruction to obtain a second operation result if the current tenant is a non-entity tenant, and sending the second operation result to the terminal page.
In a third aspect, an embodiment of the present application provides an electronic device, including a processor, a memory and a bus, where the memory stores machine-readable instructions executable by the processor, and when the electronic device runs, the processor and the memory communicate with each other through the bus, and the machine-readable instructions are executed by the processor to perform the steps of the above method.
In a fourth aspect, the present application provides a computer-readable storage medium, on which a computer program is stored, and the computer program, when executed by a processor, performs the steps of the above method.
The method for isolating the SaaS multi-tenant data comprises the following steps of firstly, acquiring a data operation request sent by a current tenant through a terminal page; the data operation request carries a tenant identification and a data operation instruction of the current tenant; then, judging whether the current tenant is an entity tenant according to the tenant identification of each entity tenant in the entity tenant list and the tenant identification of the current tenant; finally, if the current tenant is the entity tenant, operating data in an encrypted data table corresponding to the tenant identification of the current tenant according to the data operation instruction to obtain a first operation result, and sending the first operation result to the terminal page; and if the current tenant is a non-entity tenant, operating data in a general data table according to the data operation instruction to obtain a second operation result, and sending the second operation result to the terminal page.
The method provided by the embodiment of the application can acquire the data operation request sent by the current tenant through the terminal page, compare the tenant identification in the data operation request with the tenant identification in the entity tenant list, operate the data in the encrypted data table corresponding to the tenant identification of the current tenant when the tenant is judged to be the entity tenant, and operate the data in the general data table when the tenant is judged to be the non-entity tenant. The method for isolating the same database and different data tables is realized in the aspect of data isolation, and the requirement of sharing the public data of a plurality of tenants in a big data application scene is utilized to the maximum extent, so that the resource waste is reduced, the development efficiency of SaaS products is improved, and the operation and maintenance cost is reduced.
In order to make the aforementioned objects, features and advantages of the present application more comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained from the drawings without inventive effort.
Fig. 1 is a basic flowchart diagram of a method for SaaS multi-tenant data isolation according to an embodiment of the present disclosure;
fig. 2 is a schematic flowchart of a detailed SaaS multi-tenant data isolation method according to an embodiment of the present disclosure;
fig. 3 is a schematic flowchart of another detailed SaaS multi-tenant data isolation method according to an embodiment of the present disclosure;
fig. 4 is a schematic structural diagram of a SaaS multi-tenant data isolation apparatus according to an embodiment of the present disclosure;
fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all the embodiments. The components of the embodiments of the present application, generally described and illustrated in the figures herein, can be arranged and designed in a wide variety of different configurations. Thus, the following detailed description of the embodiments of the present application, presented in the accompanying drawings, is not intended to limit the scope of the claimed application, but is merely representative of selected embodiments of the application. Every other embodiment that can be obtained by a person skilled in the art without making creative efforts based on the embodiments of the present application falls within the protection scope of the present application.
SaaS (Software as a Service), that is, Software Service is provided through the internet. Today's enterprise-level applications face an increasing challenge in SaaS-enabled multi-tenant scenarios, especially in financial software services. Research shows that most of the existing micro-service-based SaaS multi-tenant systems can only meet the data isolation of the micro-service-based SaaS multi-tenant systems in terms of data and resources, and the used methods are mainly divided into two types: one is that a plurality of tenants share a database instance and a table, data isolation is realized through a tenant ID, and a plurality of tenant data are stored in the same table; the second is that each tenant uses a separate database instance, and various sets of data isolation are achieved through different databases.
The following main aspects of existing schemes are not enough: in the existing data isolation scheme, if the same instance and table are used for isolation, the scheme actually stores data of a plurality of tenants in the same table of one database instance and distinguishes the data through one tenant ID. The method has certain potential safety hazard, and if a malicious user guesses the ID of other tenants to perform injection attack, the data of the other tenants can be obtained, so the method is absolutely not allowed in a financial scene. The second scheme fundamentally solves the security problem and realizes physical isolation of data of each tenant, because multiple database instances are used, each instance needs to use an independent service, and the system cost and the operation and maintenance deployment difficulty are indirectly increased. And the method is difficult to expand in a big data scene system, and the development cost can be greatly increased if multi-instance isolation is realized based on a plurality of different databases.
In the existing scheme, a tenant isolation method integrating data and resources is lacked, most of the existing schemes can only meet one of the data and the resources, and the traditional scheme is difficult to meet the SaaS requirements of financial enterprise-level customers.
Based on this, the embodiment of the application provides a method for isolating SaaS multi-tenant data, and solves the problem of unified isolation of data and resources in a micro-service SaaS scene.
Referring to fig. 1, fig. 1 is a basic flowchart of a SaaS multi-tenant data isolation method according to an embodiment of the present disclosure. As shown in fig. 1, a method for SaaS multi-tenant data isolation provided in an embodiment of the present application includes:
s101, acquiring a data operation request sent by a current tenant through a terminal page; the data operation request carries the tenant identification of the current tenant and the data operation instruction.
In step S101, the tenant refers to a customer who uses a system or a computer computing resource, and orders, as needed, an enterprise organization or a group that uses the SaaS application. The current tenant refers to a tenant accessing and operating the SaaS service. The terminal page refers to a page capable of receiving a data operation request input by a tenant to a computer and returning a processing result output by the computer, in this embodiment, the terminal page may be a micro service, the micro service refers to a solution of the SaaS multi-tenant data isolation method, the micro service may be configured in a browser, and the tenant accesses a related micro service through the browser. The device for displaying the terminal page can be an electronic device such as a computer, a notebook computer, a tablet computer, a mobile phone and the like, and can access SaaS services provided on related microservices through a browser. The data operation request refers to a request corresponding to operations of adding, deleting, modifying, checking and the like of a tenant on data, wherein the data operation request comprises a tenant identification of the current tenant and a data operation instruction, the tenant identification refers to the tenant identification corresponding to the current tenant, the tenant identification can be automatically generated for the tenant when the tenant accesses respective terminal pages, each tenant corresponds to a unique tenant identification, and the data operation instruction refers to an instruction corresponding to the operation of the tenant on a database.
In specific implementation, the tenant may access the respective terminal page according to the independent domain name corresponding to each tenant, for example, the tenant a accesses the terminal page of the tenant a according to "tenant a.
S102, judging whether the current tenant is the entity tenant according to the tenant identification of each entity tenant and the tenant identification of the current tenant in the entity tenant list.
In step S102, the entity tenant list refers to a list including tenant identities of all tenants, the entity tenant refers to a tenant that has already made an opening application, and the tenant identity of the tenant is in the entity tenant list. And comparing the tenant identification of the current tenant with the tenant identification of each entity tenant in the entity tenant list, and if the tenant identification of the current tenant is in the entity tenant list, judging that the current tenant is the entity tenant.
In specific implementation, when a tenant performs an opening application and passes the application, an independent access domain name is generated for the tenant, the tenant is an entity tenant, and the tenant identifications of all the tenants performing the opening application are added to an entity tenant list.
S103, if the current tenant is an entity tenant, operating the data in the encrypted data table corresponding to the tenant identification of the current tenant according to the data operation instruction to obtain a first operation result, and sending the first operation result to the terminal page.
In step S103, the encrypted data table refers to a data table specific to each tenant, and is allocated to a tenant to store only the encrypted data table of the tenant data, and the encrypted data table can only be accessed by the tenant to which the tenant belongs, so as to isolate the tenant data to ensure the security of the tenant data. The first operation result refers to an operation result obtained after data operation is performed on the encrypted data table of the entity tenant.
In specific implementation, when the current tenant is judged to be the entity tenant, the corresponding encrypted data table is found according to the tenant identification of the entity tenant, the data in the encrypted data table is operated according to the data operation instruction, and the operated result is sent to the terminal page of the entity tenant.
And S104, if the current tenant is a non-entity tenant, operating the data in the general data table according to the data operation instruction to obtain a second operation result, and sending the second operation result to the terminal page.
In step S104, the non-entity tenant refers to an entity that has not performed the provisioning application and has no tenant identification, the data table that the entity can access is a general data table, and the general data table refers to a data table in which all entities can operate, and the general data table can be accessed by all entities. The second operation result refers to an operation result obtained after data operation is performed on the general data table.
In specific implementation, when the current tenant is judged to be a non-entity tenant, the data in the general data table is operated according to the data operation instruction, and the operated result is sent to a terminal page of the non-entity tenant.
Through the four steps, when a data operation request containing a tenant identification and a data operation instruction sent by a current tenant through a terminal page is received, whether the current tenant is an entity tenant is judged according to the comparison between the tenant identification and the tenant identification in an entity tenant list, an encrypted data table corresponding to the tenant identification of the entity tenant is determined, and data operation is performed on the encrypted data table, so that data operation is performed on the encrypted data table corresponding to each tenant identification during data operation, isolation of multi-tenant data in data storage and data operation is achieved, the security of multi-tenant data isolation is improved, data isolation is performed in different data tables of the same database, only one database instance is used, the development efficiency of SaaS products is improved, and the operation and maintenance cost is reduced.
In specific implementation, the method further includes isolating resource environments among tenants, and the resource environment isolation is performed as a resource isolation core component based on tenant namespace resource environment isolation, and is implemented based on a namespace of kubernets (a compatible basic service), where the namespace (namespace) can be understood as a combination of the following two cases:
transverse isolation between tenants: the horizontal isolation can be understood as that a plurality of software firewall strategies are added among all tenants, and the process, the network communication and the user independence of service among all tenants is ensured. One namespace contains a group of micro-services, and each service realizes resource isolation based on Linux CGroups (Linux Control Groups, physical resource isolation mechanism).
Single service resource isolation CGroups: the single-service resource isolation provides CGroups support based on a Linux kernel, the CGroups support a CPU, an internal memory, a disk, network resources and the like, and a program performs image mirror image encapsulation based on an interface provided by a bottom layer to realize resource limitation on single services.
Before comparing the tenant identities, in order to make the judgment of whether the tenant entity is a tenant entity quicker and more accurate without omitting any data operation request, before judging whether the current tenant is an entity tenant according to the tenant identity of each entity tenant in the entity tenant list and the tenant identity of the current tenant, the method further comprises:
and intercepting a data operation request sent by a current tenant through a terminal page.
In specific implementation, the framework interceptor intercepts all data operation requests sent by a terminal page in the process of program operation, and the framework interceptor mainly has the functions of intercepting the data operation requests of tenants and performing corresponding judgment to judge whether the tenant identification of the current tenant is the tenant identification in the tenant entity table. Due to the fact that the framework interceptor intercepts the data operation request, the operation of the data operation request on data directly is reduced, further security verification is conducted on the data operation request after the interception, and the security of the data is improved. And the judgment of the tenant identification of the current tenant can be more accurate by intercepting the data operation request of the tenant, and the safety of multi-tenant data isolation is improved.
Referring to fig. 2, fig. 2 is a flowchart illustrating a detailed SaaS multi-tenant data isolation method according to an embodiment of the present disclosure. As shown in fig. 2, includes:
s201, analyzing the data operation instruction to obtain a data operation statement corresponding to the data operation instruction.
In step S201, the data operation statement refers to an SQL (Structured Query Language) statement corresponding to the data operation instruction, and each data operation instruction has a corresponding data operation statement. In specific implementation, the SQL parser parses the received data operation instruction to obtain an SQL statement corresponding to the data operation instruction. The SQL parser refers to a database management tool in a database management system, and is mainly divided into lexical analysis, syntactic analysis and semantic analysis, optimization and execution code generation, and parsed codes can generate a syntax tree.
S202, adding the tenant identification into the data operation statement to obtain an identification adding statement.
S203, determining an encrypted data table corresponding to the tenant identification of the current tenant according to the identification addition statement, operating the encrypted data table according to the identification addition statement to obtain a first operation result, and sending the first operation result to the terminal page.
In the above step S202 and step S203, the tenant identifier of the current tenant is added to the data operation statement parsed by the SQL parser, and the value of the tenant identifier is spliced to the data operation statement to obtain an added identifier addition statement. Determining an encrypted data table corresponding to the tenant identification of the current tenant according to the added identification adding statement, converting the conventional data operation statement into an operation statement corresponding to the multi-tenant, converting the conventional data operation into an operation mode corresponding to the multi-tenant, performing data operation in the encrypted data table corresponding to the current tenant according to the operation instruction to obtain a first operation result, and sending the first operation result to a terminal page corresponding to the current user.
Referring to fig. 3, fig. 3 is a flowchart illustrating another detailed SaaS multi-tenant data isolation method according to an embodiment of the present disclosure. As shown in fig. 3, in order to implement data isolation of multiple tenants, before performing data isolation, a tenant needs to open resources and start a corresponding terminal page for the tenant. Optionally, in the method for data isolation of SaaS multi-tenant provided in the embodiment of the present application, before acquiring a data operation request sent by a current tenant through a terminal page, the method further includes:
s301, obtaining an opening request of the current tenant, wherein the opening request carries tenant information of the current tenant.
And S302, auditing the tenant information, and if the audit is correct, generating the environment configuration information corresponding to the current tenant according to the tenant information.
In the above step S301 and step S302, the provisioning request refers to a provisioning application submitted by the tenant in the tenant management system, and is used for provisioning the corresponding SaaS service for the tenant. The tenant information refers to basic information, contact information and the like of the tenant included in the provisioning request of the tenant. The method includes the steps of auditing tenant information after the submitted tenant information is obtained, generating environment configuration information corresponding to the tenant according to the tenant information after the audit is passed, wherein the environment configuration information refers to some parameters of an operating environment of the current tenant in a current terminal page, and includes tenant identification of the current tenant and configuration information of the current tenant, for example, parameter information of the current tenant and software environment information of the current tenant, namely, computational resource configuration of the current tenant, such as: a Central Processing Unit (CPU), a memory, a disk, and a network card; network type parameter configuration, such as: interface rate, routing information, mapping relationships, etc.; configuration of software environment, etc. And if the tenant information does not pass the verification, returning the tenant information to a terminal page of the tenant, and sending the opening request through the terminal page after the tenant supplements the tenant information.
In specific implementation, the tenant information includes any one or more of the following information:
the system comprises a tenant enterprise name, a tenant account, a tenant contact, a tenant mailbox, a tenant contact telephone and the like.
The tenant enterprise name refers to the name of an enterprise organization or group which uses the SaaS application and orders on demand; the tenant account refers to an account of a tenant submitting an opening application and is used for logging in a SaaS application corresponding to the tenant; the tenant contact refers to the name of the tenant submitting the opening application; the tenant mailbox refers to a mailbox to which the tenant contact belongs; the tenant contact telephone refers to a contact telephone to which a tenant contact belongs, and in specific implementation, the contact telephone can be a mobile phone number of the tenant or a landline number of the enterprise organization or group.
S303, configuring corresponding resources based on the environment configuration information corresponding to the current tenant and starting a corresponding terminal page for the current tenant.
In step S303, the corresponding resources are configured for the tenant based on the generated environment configuration information corresponding to the current tenant, resources such as a container memory, a CPU, a hard disk, and the like are configured according to the minimum requirement of the tenant, and a corresponding terminal page is started for the current tenant based on the configured resources.
In specific implementation, after the opening request of the tenant passes, a domain name which can be independently accessed by the tenant is generated according to the tenant identification in the tenant environment configuration information, the generated domain name is verified and tested, and after the domain name is verified and tested, an account and a password for accessing the domain name are generated into a corresponding mail according to a template and sent to a tenant mailbox in tenant information. The tenants can access the respective microservices through the respective independent domain names.
In step S303, the configuring, based on the environment configuration information corresponding to the current tenant, a corresponding resource and starting a corresponding terminal page for the current tenant includes:
step 3031, compiling the environment configuration information corresponding to the current tenant into a service image corresponding to the current tenant.
In step 3031, the service image refers to a carrier of the service, including a system environment on which the service runs, a server or a disk template including software and necessary configuration, and an operating system or service data. Compiling the environment configuration information corresponding to the current tenant into service images, wherein the data compiled by the service images of each tenant are different, and the service images comprise resources, environments and systems depended by the current tenant and the environment configuration information corresponding to the current tenant.
Before compiling the service image, the method further comprises a development process:
a developer writes a Dockerfile in a development stage, wherein the Dockerfile is a text file used for constructing an image, the text content comprises a piece of instruction and description required for constructing the image, and the file describes a basic image and environment configuration on which a current service depends, and the Dockerfile roughly comprises the following sentences:
introducing a basic mirror image FROM mirror image address through an FROM syntax mode;
MAINTAINER, for describing current mirror maintenance personnel;
the EVN is used for setting an environment mirror image character set and an environment variable;
ADD, for adding external file resources to the current mirror image;
the RUN is used for mirroring scripts required to be executed in the packaging process;
and the CMD is used for mirroring the scripts required to be executed in the container starting process.
After the Dockerfile file is written, the Dockerfile file is submitted to a corresponding code library, and the code library triggers an automatic construction program to start packaging the service mirror image after capturing a submission event.
Developers submit code to the library of Git versions, Git being an open-source distributed version control system for expeditiously and efficiently processing any large or small project. And capturing a push event sent by a developer by the Git version library, monitoring the push event of the appointed branch of the code library by a program, and calling a packaging service after triggering the event. The code library is provided with a plurality of branches, such as development branches, production branches, repair branches and the like, and when a push event submitted by a certain branch is captured, the changed code is packaged and compiled. And the compiling and packaging server starts to compile the code package through the pre-configuration, informs developers of positioning problems through mails if the compiling fails, and submits the code after modifying the code again. And finally, uploading the compiled mirror image file to a mirror image server for subsequent service arrangement and use.
Step 3032, generating a corresponding instance based on the service image, and starting a terminal page corresponding to the current tenant according to the instance corresponding to the service image, wherein the terminal page at least comprises one instance corresponding to the service image.
In this step 3032, the instance corresponding to the service image refers to a copy, which can be used for running the program, corresponding to each service image, each different service image corresponds to a different instance for the tenant to perform data operation, and each terminal page may include at least one instance. After the service image is compiled, the service image corresponding to the current tenant is obtained according to the tenant identification of the current tenant, and a minimum service unit configuration file is generated according to the environment configuration information in the service image. The configuration file may be generated by:
timeoutSeconds:1
resources:
limits:
cpu:1500m
memory:1500Mi
requests:
cpu:200m
memory:300Mi
replicas:2
the CPU configuration specifies the maximum CPU required by the current service, the memory configuration specifies the maximum memory resource required by the current service, the CPU configuration specifies the minimum required CPU, the memory configuration specifies the minimum required memory resource, the applications specifies the number of instances of the service mirror image, and the virtualization platform can automatically expand and contract the capacity according to the size of the service access pressure.
In specific implementation, if the service access pressure of the current tenant is too high, the instance is copied according to the service image corresponding to the current tenant. The service access pressure refers to a user accessing a terminal page corresponding to a current tenant, the user refers to a user directly using the SaaS service, and one tenant may include a plurality of users, for example, if enterprise a subscribes to use the SaaS service, enterprise a is a tenant of the SaaS service, and employees of enterprise a may become users using the SaaS service. When the number of users accessing the terminal page corresponding to the current tenant is too many and the service access pressure is too high, the underlying cluster can copy the instance in the terminal page according to the service image corresponding to the current tenant so as to deal with the access pressure of the terminal page. In specific implementation, the maximum number of instances copied may be set as an upper limit according to the size of the basic resource pool, and since the entire bottom-layer cluster needs to be kept stable and cannot be copied and expanded indefinitely, the upper limit of the number of instances copied may be set according to the size of the basic resource pool, for example, 5 instances are copied, and the copying is stopped after 5 instances are copied.
Optionally, when starting the corresponding terminal page for the current tenant, in order to ensure that the terminal page of the current tenant can be started normally and ensure that the SaaS data isolation method can operate normally, the method further includes:
step 3033, in the process of starting the corresponding terminal page for the current tenant, detecting whether the terminal page is started normally through an online page.
3034, after the corresponding terminal page is started for the current tenant, monitoring and early warning are carried out on the service state through the online page.
In the step 3033 and the step 3034, during specific implementation, an online page detects the starting of the terminal page, and a node is detected through the online page, so that the method for isolating the SaaS multi-tenant data can be ensured to run normally. Whether the starting details of the terminal page are normal or not can be known in the online page through monitoring the starting log, if the node is abnormal when being started, the code corresponding to the node in the online page is changed into red, and the terminal page is automatically restarted until the node is normal. And if serious configuration problems occur, manual intervention is needed, developers are informed of the positions of the abnormal nodes through mails, and the developers start the terminal page for the current tenant after adjustment. After the terminal page is normally started, a monitoring program is implanted into the service mirror image in the normal operation process, index information of the service mirror image in the operation process can be obtained in real time, all the index information is put into the same database through collection of the index information, the index information is displayed on the monitoring page, and the index information of which tenant is abnormal can be displayed on the monitoring page.
Referring to fig. 4, fig. 4 is a schematic structural diagram of an SaaS multi-tenant data isolation apparatus according to an embodiment of the present disclosure. As shown in fig. 4, the apparatus includes:
an obtaining module 401, configured to obtain a data operation request sent by a current tenant through a terminal page; the data operation request carries a tenant identification and a data operation instruction of a current tenant;
a determining module 402, configured to determine whether a current tenant is an entity tenant according to a tenant identifier of each entity tenant in the entity tenant list and a tenant identifier of the current tenant;
a first sending module 403, configured to, if the current tenant is an entity tenant, operate data in an encrypted data table corresponding to a tenant identifier of the current tenant according to a data operation instruction to obtain a first operation result, and send the first operation result to the terminal page;
a second sending module 404, configured to, if the current tenant is a non-entity tenant, operate data in the general data table according to the data operation instruction to obtain a second operation result, and send the second operation result to the terminal page.
Optionally, before the determining module 402 determines whether the current tenant is the entity tenant according to the tenant identifier of each entity tenant in the entity tenant list and the tenant identifier of the current tenant, the method further includes:
and the intercepting module is used for intercepting the data operation request sent by the current tenant through the terminal page.
Optionally, the first sending module 403 includes:
the analysis unit is used for analyzing the data operation instruction to obtain a data operation statement corresponding to the data operation instruction;
the adding unit is used for adding the tenant identification to the data operation statement to obtain an identification adding statement;
and the determining unit is used for determining an encrypted data table corresponding to the tenant identification of the current tenant according to the identification appending sentence, operating the encrypted data table according to the identification appending sentence to obtain a first operation result, and sending the first operation result to the terminal page.
Optionally, before the obtaining module 401 obtains the data operation request sent by the current tenant through the terminal page, the method further includes:
the information acquisition module is used for acquiring an opening request of the current tenant, wherein the opening request carries tenant information of the current tenant;
the auditing module is used for auditing the tenant information, and if the auditing is correct, the environmental configuration information corresponding to the current tenant is generated according to the tenant information;
and the configuration module is used for configuring corresponding resources based on the environment configuration information corresponding to the current tenant and starting a corresponding terminal page for the current tenant.
Optionally, the configuration module includes:
the compiling unit is used for compiling the environment configuration information corresponding to the current tenant into a service image corresponding to the current tenant;
and the starting unit is used for starting a terminal page corresponding to the current tenant according to the environment configuration information and the instance corresponding to the service image, wherein the terminal page at least comprises one instance corresponding to the service image.
Optionally, the tenant information includes any one or more of the following information:
the system comprises a tenant enterprise name, a tenant account, a tenant contact, a tenant mailbox, a tenant contact telephone and the like.
Optionally, the apparatus for data isolation of SaaS multi-tenant further includes:
the detection module is used for detecting whether the terminal page is started normally through an online page in the process of starting the corresponding terminal page for the current tenant;
and the monitoring and early warning module is used for monitoring and early warning the service state through the online page after the corresponding terminal page is started for the current tenant.
Referring to fig. 5, fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present disclosure. As shown in fig. 5, the electronic device 500 includes a processor 510, a memory 520, and a bus 530.
The memory 520 stores machine-readable instructions executable by the processor 510, when the electronic device 500 runs, the processor 510 communicates with the memory 520 through a bus 530, and when the machine-readable instructions are executed by the processor 510, the steps of the SaaS multi-tenant data isolation method in the embodiment of the method shown in fig. 1 can be performed, so that the problems that in the prior art, data isolation has a certain potential safety hazard, system cost and operation and maintenance deployment difficulty are high, and expansion in a large data scene system is difficult are solved.
An embodiment of the present application further provides a computer-readable storage medium, where a computer program is stored on the computer-readable storage medium, and when the computer program is executed by a processor, the steps of the SaaS multi-tenant data isolation method in the embodiment of the method shown in fig. 1 may be executed, so as to solve the problems in the prior art that data isolation has a certain potential safety hazard, system cost and operation and maintenance deployment difficulty are high, and expansion is difficult in a large data scenario system.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
In the several embodiments provided in the present application, it should be understood that the disclosed system, apparatus and method may be implemented in other ways. The above-described embodiments of the apparatus are merely illustrative, and for example, the division of the units is only one logical division, and there may be other divisions when actually implemented, and for example, a plurality of units or components may be combined or integrated into another system, or some features may be omitted, or not executed. In addition, the shown or discussed mutual coupling or direct coupling or communication connection may be an indirect coupling or communication connection of devices or units through some communication interfaces, and may be in an electrical, mechanical or other form.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, functional units in the embodiments of the present application may be integrated into one processing unit, or each unit may exist alone physically, or two or more units are integrated into one unit.
The functions, if implemented in the form of software functional units and sold or used as a stand-alone product, may be stored in a non-volatile computer-readable storage medium executable by a processor. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus once an item is defined in one figure, it need not be further defined and explained in subsequent figures, and moreover, the terms "first", "second", "third", etc. are used merely to distinguish one description from another and are not to be construed as indicating or implying relative importance.
Finally, it should be noted that: the above-mentioned embodiments are only specific embodiments of the present application, and are used for illustrating the technical solutions of the present application, but not limiting the same, and the scope of the present application is not limited thereto, and although the present application is described in detail with reference to the foregoing embodiments, those skilled in the art should understand that: any person skilled in the art can modify or easily conceive the technical solutions described in the foregoing embodiments or equivalent substitutes for some technical features within the technical scope disclosed in the present application; such modifications, changes or substitutions do not depart from the spirit and scope of the exemplary embodiments of the present application, and are intended to be covered by the scope of the present application. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
Claims (10)
1. A method for SaaS multi-tenant data isolation, the method comprising:
acquiring a data operation request sent by a current tenant through a terminal page; the data operation request carries a tenant identification and a data operation instruction of the current tenant;
judging whether the current tenant is an entity tenant or not according to the tenant identification of each entity tenant in the entity tenant list and the tenant identification of the current tenant;
if the current tenant is the entity tenant, operating data in an encrypted data table corresponding to the tenant identification of the current tenant according to the data operation instruction to obtain a first operation result, and sending the first operation result to the terminal page;
and if the current tenant is a non-entity tenant, operating data in a general data table according to the data operation instruction to obtain a second operation result, and sending the second operation result to the terminal page.
2. The method according to claim 1, wherein before the determining whether the current tenant is an entity tenant according to the tenant identity of each entity tenant in the entity tenant list and the tenant identity of the current tenant, the method further comprises:
and intercepting the data operation request sent by the current tenant through the terminal page.
3. The method according to claim 1, wherein if the current tenant is the entity tenant, the data is operated according to the data operation instruction in an encrypted data table corresponding to a tenant identifier of the current tenant to obtain a first operation result, and the first operation result is sent to the terminal page, including:
analyzing the data operation instruction to obtain a data operation statement corresponding to the data operation instruction;
adding the tenant identification into the data operation statement to obtain an identification addition statement;
and determining an encrypted data table corresponding to the tenant identification of the current tenant according to the identification addition statement, operating the encrypted data table according to the identification addition statement to obtain the first operation result, and sending the first operation result to the terminal page.
4. The method according to claim 1, wherein before the obtaining of the data operation request sent by the current tenant through the terminal page, the method further comprises:
acquiring an opening request of the current tenant, wherein the opening request carries tenant information of the current tenant;
auditing the tenant information, and if the auditing is correct, generating environment configuration information corresponding to the current tenant according to the tenant information;
and configuring corresponding resources based on the environment configuration information corresponding to the current tenant and starting a corresponding terminal page for the current tenant.
5. The method according to claim 4, wherein the configuring the corresponding resource based on the environment configuration information corresponding to the current tenant and starting the corresponding terminal page for the current tenant comprises:
compiling the environment configuration information corresponding to the current tenant into a service image corresponding to the current tenant;
generating a corresponding instance based on the service image, and starting a terminal page corresponding to the current tenant according to the instance corresponding to the service image, wherein the terminal page at least comprises one instance corresponding to the service image.
6. The method of claim 4, wherein the tenant information comprises any one or more of the following:
the system comprises a tenant enterprise name, a tenant account, a tenant contact, a tenant mailbox, a tenant contact telephone and the like.
7. The method of claim 4, further comprising:
in the process of starting the corresponding terminal page for the current tenant, detecting whether the terminal page is started normally through an online page;
and after the corresponding terminal page is started for the current tenant, monitoring and early warning the service state through the online page.
8. An apparatus for SaaS multi-tenant data isolation, comprising:
the acquisition module is used for acquiring a data operation request sent by a current tenant through a terminal page; the data operation request carries a tenant identification and a data operation instruction of a current tenant;
the judging module is used for judging whether the current tenant is the entity tenant or not according to the tenant identification of each entity tenant in the entity tenant list and the tenant identification of the current tenant;
the first sending module is used for operating data in an encrypted data table corresponding to a tenant identifier of the current tenant according to a data operation instruction to obtain a first operation result if the current tenant is an entity tenant, and sending the first operation result to the terminal page;
and the second sending module is used for operating the data in the general data table according to the data operation instruction to obtain a second operation result if the current tenant is a non-entity tenant, and sending the second operation result to the terminal page.
9. An electronic device, comprising: a processor, a memory and a bus, the memory storing machine readable instructions executable by the processor, the processor and the memory communicating over the bus when an electronic device is operating, the machine readable instructions when executed by the processor performing the steps of a method of SaaS multi-tenant data isolation as claimed in any of claims 1 to 7.
10. A computer-readable storage medium, having stored thereon a computer program which, when executed by a processor, performs the steps of a method of SaaS multi-tenant data isolation as claimed in any of claims 1 to 7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011563870.1A CN112596857A (en) | 2020-12-25 | 2020-12-25 | Method, device, equipment and medium for isolating SaaS multi-tenant data |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011563870.1A CN112596857A (en) | 2020-12-25 | 2020-12-25 | Method, device, equipment and medium for isolating SaaS multi-tenant data |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112596857A true CN112596857A (en) | 2021-04-02 |
Family
ID=75202204
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011563870.1A Pending CN112596857A (en) | 2020-12-25 | 2020-12-25 | Method, device, equipment and medium for isolating SaaS multi-tenant data |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112596857A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113378026A (en) * | 2021-06-30 | 2021-09-10 | 特赞(上海)信息科技有限公司 | Method and device for managing search engine indexes in multi-tenant system and electronic equipment |
| CN114745443A (en) * | 2022-05-09 | 2022-07-12 | 中国工商银行股份有限公司 | Service calling method, service calling device, computer equipment, storage medium and program product |
| CN115544784A (en) * | 2022-10-19 | 2022-12-30 | 泰科信(北京)科技有限公司 | Multi-tenant virtual test method and device, electronic equipment and storage medium |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107122364A (en) * | 2016-02-25 | 2017-09-01 | 华为技术有限公司 | Data manipulation method and data management server |
| CN107133243A (en) * | 2016-02-29 | 2017-09-05 | 华为技术有限公司 | A kind of data processing method and server |
| CN110399368A (en) * | 2018-04-23 | 2019-11-01 | 华为技术有限公司 | A kind of data manipulation method and device |
| CN111367887A (en) * | 2020-03-03 | 2020-07-03 | 威海新北洋数码科技有限公司 | Multi-tenant data sharing system, management method thereof and database deployment method |
| CN111478961A (en) * | 2020-04-03 | 2020-07-31 | 中国建设银行股份有限公司 | Multi-tenant service calling method and device |
| CN111582773A (en) * | 2020-06-22 | 2020-08-25 | 南京德睿能源研究院有限公司 | Multi-tenant technology-based micro-grid energy cloud model control method and system |
-
2020
- 2020-12-25 CN CN202011563870.1A patent/CN112596857A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107122364A (en) * | 2016-02-25 | 2017-09-01 | 华为技术有限公司 | Data manipulation method and data management server |
| CN107133243A (en) * | 2016-02-29 | 2017-09-05 | 华为技术有限公司 | A kind of data processing method and server |
| CN110399368A (en) * | 2018-04-23 | 2019-11-01 | 华为技术有限公司 | A kind of data manipulation method and device |
| CN111367887A (en) * | 2020-03-03 | 2020-07-03 | 威海新北洋数码科技有限公司 | Multi-tenant data sharing system, management method thereof and database deployment method |
| CN111478961A (en) * | 2020-04-03 | 2020-07-31 | 中国建设银行股份有限公司 | Multi-tenant service calling method and device |
| CN111582773A (en) * | 2020-06-22 | 2020-08-25 | 南京德睿能源研究院有限公司 | Multi-tenant technology-based micro-grid energy cloud model control method and system |
Non-Patent Citations (1)
| Title |
|---|
| 陈启斗: "面向多租户的业务模型管理平台研究", 《中国知网硕士电子期刊网》, no. 7, 15 July 2013 (2013-07-15), pages 5 * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113378026A (en) * | 2021-06-30 | 2021-09-10 | 特赞(上海)信息科技有限公司 | Method and device for managing search engine indexes in multi-tenant system and electronic equipment |
| CN113378026B (en) * | 2021-06-30 | 2022-07-26 | 特赞(上海)信息科技有限公司 | Method and device for managing search engine index in multi-tenant system and electronic equipment |
| CN114745443A (en) * | 2022-05-09 | 2022-07-12 | 中国工商银行股份有限公司 | Service calling method, service calling device, computer equipment, storage medium and program product |
| CN115544784A (en) * | 2022-10-19 | 2022-12-30 | 泰科信(北京)科技有限公司 | Multi-tenant virtual test method and device, electronic equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10565077B2 (en) | Using cognitive technologies to identify and resolve issues in a distributed infrastructure | |
| CN108027833B (en) | Method for creating structured data language query | |
| CN112596857A (en) | Method, device, equipment and medium for isolating SaaS multi-tenant data | |
| US11106820B2 (en) | Data anonymization | |
| CN108958744B (en) | Deployment method, device, medium and electronic equipment of big data distributed cluster | |
| CN110955409B (en) | Method and device for creating resources on cloud platform | |
| US20210157716A1 (en) | Pre-populating continuous delivery test cases | |
| US20230325377A1 (en) | Generation of inconsistent testing data | |
| US20230259358A1 (en) | Documentation enforcement during compilation | |
| US11829278B2 (en) | Secure debugging in multitenant cloud environment | |
| US11803429B2 (en) | Managing alert messages for applications and access permissions | |
| CN110347573B (en) | Application program analysis method, device, electronic equipment and computer readable medium | |
| US11783049B2 (en) | Automated code analysis tool | |
| CN117032634A (en) | Component processing method and system | |
| CN114895879B (en) | Management system design scheme determining method, device, equipment and storage medium | |
| US20230086564A1 (en) | System and method for automatic discovery of candidate application programming interfaces and dependencies to be published | |
| CN114490892A (en) | Data transmission method and device based on datax | |
| Paz | Microsoft Azure Cosmos DB Revealed: A Multi-Model Database Designed for the Cloud | |
| Guthrie et al. | Building Cloud Apps with Microsoft Azure: Best practices for DevOps, data storage, high availability, and more | |
| CN115827589A (en) | Authority verification method and device, electronic equipment and storage medium | |
| US10303579B2 (en) | Debug session analysis for related work item discovery | |
| US20200334333A1 (en) | Form-based transactional conversation system design | |
| CN105610908B (en) | A kind of samba service implementing method and system based on Android device | |
| US11645136B2 (en) | Capturing referenced information in a report to resolve a computer problem | |
| CN114253852A (en) | Automatic testing method, device, equipment and medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |