CN112596897A - Method and system for multi-tenant isolation - Google Patents
Method and system for multi-tenant isolation Download PDFInfo
- Publication number
- CN112596897A CN112596897A CN202011479899.1A CN202011479899A CN112596897A CN 112596897 A CN112596897 A CN 112596897A CN 202011479899 A CN202011479899 A CN 202011479899A CN 112596897 A CN112596897 A CN 112596897A
- Authority
- CN
- China
- Prior art keywords
- processing units
- tag
- database
- acquisition end
- data center
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/46—Multiprogramming arrangements
- G06F9/50—Allocation of resources, e.g. of the central processing unit [CPU]
- G06F9/5083—Techniques for rebalancing the load in a distributed system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/22—Indexing; Data structures therefor; Storage structures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/27—Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
Abstract
The invention discloses a method and a system for multi-tenant isolation, and relates to the technical field of computers. One embodiment of the method comprises: writing a tag at the acquisition end; transmitting, by a load balancer, the tag to one of a plurality of processing units; and storing the label and the data in a database corresponding to the acquisition end according to the written label. The implementation method solves the technical problems that the operation and maintenance cost of the server is too high due to the fact that an independent processing unit is configured in each region, and resources are wasted due to uneven load caused by the fact that each set of processing units independently operate, achieves the purposes of achieving isolation of tenants and dynamically expanding the capacity of the processing units according to the traffic, and achieves the technical effects of reducing the operation and maintenance cost and optimizing the resource configuration.
Description
Technical Field
The invention relates to the technical field of computers, in particular to a method and a system for multi-tenant isolation.
Background
The multi-tenant technology is an architecture which realizes that multiple users use the same system or program components in a multi-user environment and simultaneously ensures data isolation among the multiple users. Through multi-tenant isolation, data independence among multiple tenants using the same system or program component can be ensured, and therefore data safety is guaranteed.
The national security protection standard recommends that security protection data of different regions are stored in different databases, and multi-tenant mutual isolation is realized. Each machine room or network point corresponds to a set of processing unit, and each processing unit is independently connected with a database. When the security protection facilities in a certain region fail, other security protection regions can work normally.
In the process of implementing the invention, the inventor finds that at least the following problems exist in the prior art:
when computer room network points in different regions are expanded, the processing unit is newly added, the database is newly added, and the whole machine room network point expansion method is used. The traditional longitudinal expansion architecture is simple in structure, and a machine room is newly built during expansion, and a processing unit and a database corresponding to the machine room are required to be newly built in a matched manner. The net points and the machine rooms at the edge end are distributed in different regions and are connected with different acquisition devices, so that the net points and the machine rooms can not be shared for use. When the number of local areas is large and the number of machine room network points is large, the number of processing units corresponding to the data center is large, and the operation and maintenance cost is increased.
With the diversification and development of network services, the traffic volumes of different regions are different, and the traffic volume of the same region in different time periods is different. This results in uneven load of different processing units, some processing units with too high load, some processing units with too low load, which results in resource waste and can not be coordinated uniformly.
The method and the device aim to realize multi-tenant isolation by expanding different regions, realize elastic extension of the processing unit and realize multi-tenant isolation while optimizing resource allocation.
Disclosure of Invention
In view of this, embodiments of the present invention provide a method for multi-tenant isolation, which can implement multi-tenant isolation when extending across different regions, and implement elastic scalability of a processing unit, thereby optimizing configuration of resources.
To achieve the above object, according to an aspect of an embodiment of the present invention, a method for multi-tenant isolation is provided.
The method for multi-tenant isolation of the embodiment of the invention comprises the following steps:
writing a tag at the acquisition end;
transmitting, by a load balancer, the tag to one of a plurality of processing units; and
and storing the label and the data in a database corresponding to the acquisition end according to the written label.
Optionally, the collection end is in the same territory as the database.
Optionally, the tag is used to identify the tenant, and the tag is transmitted randomly to one of the plurality of processing units.
Optionally, the plurality of processing units and the database are comprised in a data center.
Optionally, each of the plurality of processors comprises: foreground server, background server and router.
Optionally, the data center further comprises one or more common service modules.
Optionally, the common service module comprises one or more of a cache, message middleware.
Optionally, the common service module is shared by the plurality of processing units.
Optionally, the plurality of processing units are of a stateless design and are flexibly expandable and elastically stretchable.
Optionally, according to the label, the background server is connected to different databases through the router to complete data persistence.
Optionally, the router connects all databases.
To achieve the above object, according to still another aspect of the embodiments of the present invention, there is provided a system for multi-tenant isolation.
A system for multi-tenant isolation of an embodiment of the invention includes an edge peer and a data center. The edge terminal comprises one or more acquisition terminals, and the data center comprises one or more processing units, one or more public service modules, one or more databases and a load balancer.
The acquisition end is configured to receive written tags, the load balancer is configured to transmit the tags to one of the plurality of processing units, and the database is configured to store the tags and data according to the written tags, the database corresponding to the acquisition end.
Optionally, the collection end is in the same territory as the database.
Optionally, the tag is used to identify the tenant, and the tag is transmitted randomly to one of the plurality of processing units.
Optionally, each of the plurality of processors comprises: foreground server, background server and router.
Optionally, the common service module comprises one or more of a cache, message middleware.
Optionally, the common service module is shared by the plurality of processing units.
Optionally, the plurality of processing units are of a stateless design and are flexibly expandable and elastically stretchable.
Optionally, the method further comprises: and according to the label, the background server is connected to different databases through the router to complete data persistence.
Optionally, the router connects all databases.
To achieve the above object, according to still another aspect of the embodiments of the present invention, there is provided an apparatus for multi-tenant isolation.
An apparatus for multi-tenant isolation according to an embodiment of the present invention includes: one or more processors; a storage device to store one or more programs that, when executed by the one or more processors, cause the one or more processors to implement a method for multi-tenant isolation of an embodiment of the invention.
To achieve the above object, according to still another aspect of embodiments of the present invention, there is provided a computer-readable storage medium.
A computer-readable storage medium of an embodiment of the present invention has stored thereon a computer program that, when executed by a processor, implements a method for multi-tenant isolation of an embodiment of the present invention.
One embodiment of the above invention has the following advantages or benefits: by adopting the technical means of writing the label at the acquisition end, transmitting the label to one of the processing units through the load balancer and storing the multi-tenant isolation of the label in the database corresponding to the acquisition end, the technical problems that the operation and maintenance cost of the server is too high due to the fact that the processing units are arranged independently in each region and the resources are wasted due to uneven loads caused by independent operation among each set of processing units are solved, and dynamic capacity expansion is carried out on the processing units according to the traffic while tenant isolation is realized, so that the technical effects of reducing the operation and maintenance cost and optimizing the resource allocation are achieved.
Further effects of the above-mentioned non-conventional alternatives will be described below in connection with the embodiments.
Drawings
The drawings are included to provide a better understanding of the invention and are not to be construed as unduly limiting the invention. Wherein:
FIG. 1 is a schematic diagram of a multi-tenant isolation architecture;
FIG. 2 is a flow diagram of a method for multi-tenant isolation according to an embodiment of the invention;
FIG. 3 is a schematic diagram of an architecture for multi-tenant isolation according to an embodiment of the present invention;
FIG. 4 is a schematic diagram of a system for multi-tenant isolation according to an embodiment of the present invention;
FIG. 5 is an exemplary system architecture diagram in which embodiments of the present invention may be employed;
fig. 6 is a schematic structural diagram of a computer system suitable for implementing a terminal acquisition end device or a server according to an embodiment of the present invention.
Detailed Description
Exemplary embodiments of the present invention are described below with reference to the accompanying drawings, in which various details of embodiments of the invention are included to assist understanding, and which are to be considered as merely exemplary. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the invention. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.
For a traditional security scheme, a complete set of acquisition terminal, processing unit, database, etc. is usually deployed in different regions.
As shown in fig. 1, the edge terminal 110 includes a plurality of acquisition terminals 111, 112, 113 at different regions. The acquisition end can be a machine room or a network point. As shown, the collecting end 111 may be a computer room, the collecting end 112 may be a website, and the collecting end 113 may be a computer room. Acquisition ends 111, 112, 113 may be used as access ports for edge end 110. Although the edge terminal 110 illustrated in fig. 1 includes only three acquisition terminals 111, 112, 113, the present invention is not limited thereto. Edge terminals 110 may include any number of acquisition terminals. In addition, the collection side may be any one of a machine room or a network point for storing a server or providing a corresponding service, and the present invention is not limited thereto.
As shown, the acquisition ends 111, 112, 113 may each include an access server 114. The access server may be a device access server da (device adapter) for connecting various devices. The device access server is used to send request data relating to the device to the processing unit located in the data center 120. Although it is illustrated in fig. 1 that each acquisition end includes only one access server, the present invention is not limited thereto. The acquisition end may include any number of access servers.
As shown, the data center 120 includes processing units 121, 122, 123. Although the data center 120 is illustrated in fig. 1 as including only three processing units 121, 122, 123, the present invention is not limited thereto. Data center 120 may include any number of processing units.
As shown, each of the processing units 121, 122, 123 includes a foreground server 124, a background server 125, and a cache server 126. Although each of the processing units 121, 122, 123 illustrated in fig. 1 includes only one foreground server 124, one background server 125, and one cache server 126, respectively, the invention is not limited thereto. The processing units may include any number of foreground servers 124, background servers 125, and cache servers 126.
As shown, the data center 120 may also include databases 131, 132, 133. The database may be used to store data that needs to be persisted. Although the data center 120 is illustrated in fig. 1 as including only three databases 131, 132, 133, the present invention is not so limited. Data center 120 may include any number of databases.
As shown, data is stored in the corresponding database 131 from the acquisition end 111 of the edge end 110 via the processing unit 121 corresponding to the edge end 110. The acquisition end 111, the processing unit 121 and the database 131 belong to the same region 101. The collection end 112, the processing unit 122 and the database 132 belong to the same region 102. Similarly, the acquisition terminal 113, the processing unit 123 and the database 133 belong to the same region 103. The regions 101, 102, and 103 are different regions from each other.
The regions 101, 102 and 103 are not communicated with each other, and the processing unit in each region is independently connected with a database, so that the mutual isolation of multiple tenants is realized. For example, if the database 131 in the region 101 fails, the database 132 in the region 102 and the database 133 in the region 103 are not affected. Therefore, the national standard of security protection is met, and isolation of multiple tenants is realized.
When the inter-domain independent architecture is expanded, the inter-domain independent architecture needs to be expanded longitudinally, and the expansion states of the acquisition end, the processing unit and the database need to be kept consistent. When the acquisition terminals in different regions are expanded, for example, when a machine room or a network point is expanded, the corresponding processing unit and the corresponding database in the data center also need to be newly added. In reality, the number of the acquisition ends is often very large, so that a large number of processing units and databases need to be configured, which leads to the increase of operation and maintenance cost. And the load among a large number of processing units tends to be unbalanced, which results in a waste of resources.
Fig. 2 shows a flow diagram of a method for multi-tenant isolation according to an embodiment of the present invention, which is improved based on the multi-user isolation architecture shown in fig. 1.
As shown in fig. 2, a method for multi-tenant isolation according to an embodiment of the present invention includes the following steps:
step S201: the tag is written at the acquisition end.
Step S202: the tag is transmitted to one of a plurality of processing elements through a load balancer.
Step S203: and storing the label and the data in a database corresponding to the acquisition end according to the written label.
Fig. 3 shows a schematic diagram of an architecture for multi-tenant isolation according to an embodiment of the present invention, which is improved based on the multi-user isolation architecture shown in fig. 1.
As shown in fig. 3, the edge terminal 310 includes a plurality of acquisition terminals 311, 312, 313 at different regions. The acquisition end can be a machine room or a network point. As shown, the collecting terminal 311 may be a computer room, the collecting terminal 312 may be a website, and the collecting terminal 313 may be a computer room. Acquisition terminals 311, 312, 313 may be used as access ports for edge terminal 310. Although the edge end 310 illustrated in fig. 3 includes only three acquisition ends 311, 312, 313, the present invention is not limited thereto. The edge terminals 310 may include any number of acquisition terminals. In addition, the collection side may be any one of a machine room or a network point for storing a server or providing a corresponding service, and the present invention is not limited thereto.
As shown, the acquisition terminals 311, 312, 313 may respectively include an access server 314. The access server may be a device access server da (device adapter) for connecting various devices. The device access server is used to send request data relating to the device to the processing unit located in the data center 320. Although it is illustrated in fig. 3 that each acquisition end includes only one access server, the present invention is not limited thereto. The acquisition end may include any number of access servers.
As shown, the data center 320 includes processing units 321, 322. Although the data center 320 is illustrated in fig. 3 as including only two processing units 321, 322, the invention is not so limited. Data center 320 may include any number of processing units.
The data center 320 may further include a database a 331, a database B332, and a database C333. The database may be used to store data that needs to be persisted. Although the data center 320 illustrated in fig. 3 includes only three databases 131, 132, 133, the present invention is not limited thereto. Data center 120 may include any number of databases. The database can be realized by using the same cluster to create a plurality of databases, or by sharing a part of the database in each cluster of the plurality of clusters.
As shown, each of the processing units 321, 322 may include a foreground server 324, a background server 325, and a router 327. Although each of the processing units 321, 322 is illustrated in fig. 3 as including only one foreground server 324, one background server 325, and one router 327, respectively, the invention is not limited thereto. The processing units may include any number of foreground servers 324, background servers 325, and routers 327. The router 327 of each of the processing units 321, 322 may be coupled to each of a plurality of databases a 331, B332, C333 in the data center 320.
As shown, the data center 320 may include a load balancer 328. Load balancer 328 may be configured to couple to each of processing units 321, 322. In particular, the load balancer 328 may be configured as a foreground server 324 coupled to each of the processors 321, 322. Although data center 320 is illustrated in fig. 3 as including only one load balancer 328, the invention is not so limited. Data center 320 may include any number of load balancers 328. The load balancer 328 may also be configured to be coupled to each of the acquisition terminals 311, 312, 313.
As shown, the data center 320 may include one or more common service modules 326. In particular, the common services module 326 may be one or more of a cache, message middleware, or the like. The common services module 326 may be coupled to a foreground server 324 and a background server 325 of each of the plurality of processing units 321, 322 in the data center 320. That is, the common service module 326 may be shared by multiple processing units. In particular, the public service module 326 may be shared by servers within the processing unit (e.g., foreground server 324 and background server 325).
As shown, data enters the data center 320 from the acquisition end of the edge end via the load balancer 328. The load balancer 328 is configured to randomly transmit data from the acquisition terminals 311, 312, 313 of the edge terminal 310 to the processing units of the data center 320 according to the load condition between the processing units 321, 322.
Specifically, at the acquisition ends 311, 312, 313 of the edge end 310, the tags are written in advance. For example, at the acquisition end 311, tag a 341 is written; at the acquisition end 312, tag B342 is written; tag C343 is written at the acquisition end 313. Subsequently, tag A341, tag B342, and tag C343 will be randomly transmitted to the processing elements of data center 320 via load balancer 328. The processing unit at this point may be a stateless design. The processing unit can realize flexible expansion along with the increase of the scale of the data center, and can also realize elastic expansion by using a container technology according to different service volumes in different time periods. The written tags can be streamed with the data throughout the system. The processing unit may store the data in the corresponding database through the router 327 according to the tag, thereby completing the data persistence. Each router 327 in each processing unit may be connected to all databases a 331, B332, C333. Specifically, since the acquisition end 311 corresponds to the database a 331, the router in the processing unit may store data in the database a 331 according to the tag a 341 written at the acquisition end a 311; and so on.
Fig. 4 is a schematic diagram of a system 400 for multi-tenant isolation, according to an embodiment of the invention. System 400 may include an edge terminal 410 and a data center 420. Edge terminal 410 may include one or more acquisition terminals 411, and data center 420 may include one or more processing units 421, one or more common service modules 422, one or more databases 423, and a load balancer 424. The harvesting terminal 411 may be configured to receive written tags, the load balancer may be configured to transmit written tags to one of the plurality of processing units, and the database may be configured to store the tags and data according to written tags, the database may correspond to the harvesting terminal according to written tags.
Fig. 5 illustrates an exemplary system architecture 500 for a method or system for multi-tenant isolation to which embodiments of the present invention may be applied.
As shown in fig. 5, the system architecture 500 may include terminal acquisition end devices 501, 502, a network 504, a server 505, and a database 506. The network 504 serves to provide a medium for communication links between the terminal acquisition side devices 501, 502 and the server 505 and between the server 505 and the database 506. Network 504 may include various connection types, such as wired, wireless communication links, or fiber optic cables, to name a few.
The user may use the terminal acquisition end devices 501, 502 to interact with the server 505 over the network 504 to receive or transmit data or the like. The terminal acquisition side devices 501 and 502 may have access servers thereon for interacting with various client applications.
The server 505 may be a server providing various services, such as a background management server (for example only) for processing and managing data input by the user using the terminal acquisition end device 501, 502. The background management server may analyze and process the received data such as the information, and feed back the processing result to the terminal acquisition end device or store the processing result in the database 506.
It should be understood that the number of terminal acquisition side devices, networks, servers, and databases in fig. 5 are merely illustrative. Any number of terminal acquisition end devices, networks, servers and databases may be provided as desired for implementation.
Referring now to FIG. 6, a block diagram of a computer system 600 suitable for implementing a terminal acquisition-side device is shown. The terminal acquisition end device shown in fig. 6 is only an example, and should not bring any limitation to the functions and the application scope of the embodiment of the present invention.
As shown in fig. 6, the computer system 600 includes a Central Processing Unit (CPU)601 that can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM)602 or a program loaded from a storage section 608 into a Random Access Memory (RAM) 603. In the RAM 603, various programs and data necessary for the operation of the system 600 are also stored. The CPU 601, ROM 602, and RAM 603 are connected to each other via a bus 604. An input/output (I/O) interface 605 is also connected to bus 604.
The following components are connected to the I/O interface 605: an input portion 606 including a keyboard, a mouse, and the like; an output portion 607 including a display such as a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, and a speaker; a storage section 608 including a hard disk and the like; and a communication section 609 including a network interface card such as a LAN card, a modem, or the like. The communication section 609 performs communication processing via a network such as the internet. The driver 610 is also connected to the I/O interface 605 as needed. A removable medium 611 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 610 as necessary, so that a computer program read out therefrom is mounted in the storage section 608 as necessary.
In particular, according to the embodiments of the present disclosure, the processes described above with reference to the flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method illustrated in the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network through the communication section 609, and/or installed from the removable medium 611. The computer program performs the above-described functions defined in the system of the present invention when executed by the Central Processing Unit (CPU) 601.
It should be noted that the computer readable medium shown in the present invention can be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present invention, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In the present invention, however, a computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, RF, etc., or any suitable combination of the foregoing.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The units or modules or other components described in the embodiments of the present invention may be implemented by software, or may be implemented by hardware. The described units or modules and components such as "acquisition side", "load balancer" and the like may also be provided in the processor, and may be described as: a processor includes an acquisition end, a processor includes a load balancer, and the like. The names of these components do not in some cases form a limitation on the unit itself, for example, the acquisition end may also be described as "a part for acquiring information and data"; the load balancer may also be described as a "means for balancing load".
As another aspect, the present invention also provides a computer-readable medium, which may be contained in the apparatus or system described in the above embodiments; or may exist alone without being assembled into the device or system. The computer readable medium carries one or more programs which, when executed by a device, cause the method to:
writing a tag at the acquisition end;
transmitting, by a load balancer, the tag to one of a plurality of processing units; and
and storing the label and the data in a database corresponding to the acquisition end according to the written label.
According to the technical scheme of the embodiment of the invention, by adopting the technical means of writing the label at the acquisition end, transmitting the label to one of the processing units through the load balancer and storing the multi-tenant isolation of the label in the database corresponding to the acquisition end, the technical problems that the operation and maintenance cost of the server is too high due to the fact that the processing units are arranged independently in each region and the resources are wasted due to uneven load caused by independent operation among each set of processing units are solved, and dynamic capacity expansion is carried out on the processing units according to the traffic while tenant isolation is realized, so that the technical effects of reducing the operation and maintenance cost and optimizing the resource allocation are achieved.
The above-described embodiments should not be construed as limiting the scope of the invention. Those skilled in the art will appreciate that various modifications, combinations, sub-combinations, and substitutions can occur, depending on design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (15)
1. A method for multi-tenant isolation, comprising:
writing a tag at the acquisition end;
transmitting, by a load balancer, the tag to one of a plurality of processing units; and
and storing the label and the data in a database corresponding to the acquisition end according to the written label.
2. The method of claim 1, wherein the collection end is in the same domain as the database.
3. The method of claim 1, wherein the tag is used to identify a tenant.
4. The method of claim 1, wherein the tag is randomly transmitted to one of a plurality of processing units.
5. The method of claim 1, wherein the plurality of processing units and the database are included in a data center.
6. The method of claim 1, each of the plurality of processors comprising: foreground server, background server and router.
7. The method of claim 5, wherein the data center further comprises one or more common service modules.
8. The method of claim 7, wherein the common service module comprises one or more of a cache, message middleware.
9. The method of claim 7, wherein the common service module is shared by the plurality of processing units.
10. The method of claim 1, wherein the plurality of processing units are of a stateless design and are flexibly expandable, elastically scalable.
11. The method of claim 1, further comprising: and according to the label, the background server is connected to different databases through the router to complete data persistence.
12. The method of claim 11, wherein the router connects all databases.
13. A system for multi-tenant isolation, comprising an edge and a data center, wherein the edge comprises one or more acquisition ends, the data center comprises one or more processing units, one or more common service modules, one or more databases, and a load balancer, wherein the acquisition end is configured to receive a written tag, the load balancer is configured to transmit the tag to one of the processing units, and the database is configured to store the tag and data according to the written tag, and the database corresponds to the acquisition end.
14. An apparatus for multi-tenant isolation, comprising:
one or more processors;
a storage device for storing one or more programs,
when executed by the one or more processors, cause the one or more processors to implement the method of any one of claims 1-12.
15. A computer-readable medium, on which a computer program is stored, which, when being executed by a processor, carries out the method according to any one of claims 1-12.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011479899.1A CN112596897A (en) | 2020-12-15 | 2020-12-15 | Method and system for multi-tenant isolation |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011479899.1A CN112596897A (en) | 2020-12-15 | 2020-12-15 | Method and system for multi-tenant isolation |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN112596897A true CN112596897A (en) | 2021-04-02 |
Family
ID=75195828
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011479899.1A Pending CN112596897A (en) | 2020-12-15 | 2020-12-15 | Method and system for multi-tenant isolation |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112596897A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113377784A (en) * | 2021-08-13 | 2021-09-10 | 成都市维思凡科技有限公司 | Data processing method, system and storage medium based on middleware |
| CN115866062A (en) * | 2023-02-07 | 2023-03-28 | 长沙市中智信息技术开发有限公司 | Method and device for collecting and storing big data in real time in multi-tenant architecture |
-
2020
- 2020-12-15 CN CN202011479899.1A patent/CN112596897A/en active Pending
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113377784A (en) * | 2021-08-13 | 2021-09-10 | 成都市维思凡科技有限公司 | Data processing method, system and storage medium based on middleware |
| CN113377784B (en) * | 2021-08-13 | 2021-12-03 | 成都市维思凡科技有限公司 | Data processing method, system and storage medium based on middleware |
| CN115866062A (en) * | 2023-02-07 | 2023-03-28 | 长沙市中智信息技术开发有限公司 | Method and device for collecting and storing big data in real time in multi-tenant architecture |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107590001B (en) | Load balancing method and device, storage medium and electronic equipment | |
| CN109274731B (en) | Method and device for deploying and calling web service based on multi-tenant technology | |
| CN113495921B (en) | Routing method and device for database cluster | |
| CN110389826B (en) | Method, apparatus and computer program product for processing a computing task | |
| CN110881007B (en) | Container cluster network access method and device | |
| CN112860451A (en) | Multi-tenant data processing method and device based on SaaS | |
| CN109151025B (en) | Load balancing method and device based on URL, computer storage medium and equipment | |
| CN114244717B (en) | Configuration method and device of virtual network card resources, computer equipment and medium | |
| CN112596897A (en) | Method and system for multi-tenant isolation | |
| US10341181B2 (en) | Method and apparatus to allow dynamic changes of a replica network configuration in distributed systems | |
| CN110609656B (en) | Storage management method, electronic device, and computer program product | |
| CN109729110B (en) | Method, apparatus and computer readable medium for managing dedicated processing resources | |
| US11381665B2 (en) | Tracking client sessions in publish and subscribe systems using a shared repository | |
| US10880360B2 (en) | File transmission in a cluster | |
| US10554324B1 (en) | Dynamic wavelength allocation in optical networks | |
| US10601881B1 (en) | Idempotent processing of data streams | |
| US11595471B1 (en) | Method and system for electing a master in a cloud based distributed system using a serverless framework | |
| CN108810130B (en) | Method and device for planning distribution request | |
| US20150212834A1 (en) | Interoperation method of newtork device performed by computing device including cloud operating system in could environment | |
| CN115328609A (en) | Cloud desktop data processing method and system | |
| CN111435329A (en) | Automatic testing method and device | |
| CN112559001B (en) | Method and device for updating application | |
| CN114070889A (en) | Configuration method, traffic forwarding method, device, storage medium, and program product | |
| US11102258B2 (en) | Stream processing without central transportation planning | |
| CN109962963B (en) | Message processing method and device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |