EP3365779A1 - System and method for multitenant execution of os programs invoked from a multitenant middleware application - Google Patents

System and method for multitenant execution of os programs invoked from a multitenant middleware application

Info

Publication number
EP3365779A1
EP3365779A1 EP16770612.6A EP16770612A EP3365779A1 EP 3365779 A1 EP3365779 A1 EP 3365779A1 EP 16770612 A EP16770612 A EP 16770612A EP 3365779 A1 EP3365779 A1 EP 3365779A1
Authority
EP
European Patent Office
Prior art keywords
tenant
calling
application
unaware
partition
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
EP16770612.6A
Other languages
German (de)
French (fr)
Inventor
Vijay Kyathanahalli Nanjundaswamy
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Oracle International Corp
Original Assignee
Oracle International Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US15/059,193 external-priority patent/US9811386B2/en
Priority claimed from US15/059,872 external-priority patent/US9819609B2/en
Application filed by Oracle International Corp filed Critical Oracle International Corp
Publication of EP3365779A1 publication Critical patent/EP3365779A1/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/50Allocation of resources, e.g. of the central processing unit [CPU]
    • G06F9/5061Partitioning or combining of resources
    • G06F9/5077Logical partitioning of resources; Management or configuration of virtualized resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/70Admission control; Resource allocation
    • H04L47/78Architectures of resource allocation
    • H04L47/783Distributed allocation of resources, e.g. bandwidth brokers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/60Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources

Definitions

  • Embodiments of the invention are generally related to application servers and cloud environments, and are particularly related to a system and method for supporting applications invoked from a multitenant middleware platform.
  • WLS Web Server
  • Glassfish generally provide a managed environment for running enterprise software applications.
  • technologies have also been developed for use in cloud environments, which allow users or tenants to develop and run their applications within the cloud environment, and to take advantage of distributed resources provided by the environment. Summary:
  • An exemplary method can provide a plurality of partitions, and a plurality of tenant-aware programs, wherein each of the plurality of tenant-aware programs is associated with a partition.
  • the method can associate each of the plurality of partitions and the plurality of tenant-aware programs with a tenant of a plurality of tenants.
  • the method can invoke the tenant-unaware process from a calling partition of the plurality of partitions, the calling partition being associated with a calling tenant of the plurality of tenants.
  • the method can collect tenancy information about the calling tenant. And, based upon the collected tenancy information, the method can scope execution of the tenant-unaware process to the calling tenant by setting up a process execution environment and resources.
  • the scoped execution can support runtime isolation of a tenant-unaware process from other tenants of the multitenant middleware environment, resulting in multitenant operation of the OS application program.
  • Figure 1 illustrates a system for supporting multi-tenancy in an application server, cloud, or other environment, in accordance with an embodiment.
  • Figure 2 further illustrates a system for supporting multi-tenancy in an application server, cloud, or other environment, in accordance with an embodiment.
  • Figure 3 further illustrates a system for supporting multi-tenancy in an application server, cloud, or other environment, in accordance with an embodiment.
  • Figure 4 illustrates a domain configuration for use with an exemplary multitenant environment, in accordance with an embodiment.
  • Figure 5 further illustrates an exemplary multitenant environment, in accordance an embodiment.
  • Figure 6 illustrates a system for tenant scoped execution of a tenant-unaware process, in accordance with an embodiment.
  • Figure 7 illustrates a system for tenant scoped execution of a tenant-unaware process, in accordance with an embodiment.
  • Figure 8 illustrates a system for tenant scoped execution of a tenant-unaware process, in accordance with an embodiment.
  • Figure 9 is a flow chart of an exemplary method for creating environment and resources for tenant scoped execution of a tenant-unaware process, in accordance with an embodiment.
  • Figure 10 is a flow chart of an exemplary method for creating and configuring a process builder, in accordance with an embodiment.
  • FIG 11 is a flow chart of an exemplary method for multitenant execution of a tenant-unaware OS application from a MT middleware application (e.g., JEE application), in accordance with an embodiment.
  • MT middleware application e.g., JEE application
  • Figure 12 is a flow chart of an exemplary method for supporting tenant scoped execution of a tenant-unaware process invoked from a multitenant middleware application
  • An exemplary method can provide a plurality of partitions, and a plurality of tenant-aware (also referred to herein variously as “tenant aware") programs, wherein each of the plurality of tenant-aware programs is associated with a partition.
  • the method can associate each of the plurality of partitions and the plurality of tenant-aware programs with a tenant of a plurality of tenants.
  • the method can invoke the tenant-unaware process from a calling partition of the plurality of partitions, the calling partition being associated with a calling tenant of the plurality of tenants.
  • the method can collect tenancy information about the calling tenant. And, based upon the collected tenancy information, the method can scope execution of the tenant- unaware process to the calling tenant by setting up a process execution environment and resources.
  • tenant aware JEE applications e.g., SaaS applications
  • non- Java components running as native programs/processes on operating systems
  • tenant scoped manner making the complete application (end-to-end) multitenant aware and isolated. That is, the multi-tenancy support provided within a multitenant application server environment can be supported outside of the MT application server environment on a native OS, and not be restricted to components/programs running within the MT application server environment (e.g., WebLogic MT).
  • Application Server e.g., MultiTenant, MT
  • Figure 1 illustrates a system for supporting multi-tenancy in an application server, cloud, or other environment, in accordance with an embodiment.
  • an application server e.g., multitenant, MT
  • MT multitenant
  • an application server environment 100 or other computing environment which enables the deployment and execution of software applications, can be configured to include and operate according to a domain 102 configuration that is used at runtime to define an application server domain.
  • the application server can include one or more partitions 104 that are defined for use at runtime.
  • Each partition can be associated with a globally unique partition identifier (ID) and partition configuration, and can further include one or more resource groups 124, together with a reference to a resource group template 126 and/or partition-specific applications or resources 128.
  • Domain-level resource groups, applications and/or resources 140 can also be defined at the domain level, optionally with a reference to a resource group template.
  • Each resource group template 160 can define one or more applications A 162, B 164, resources A 166, B 168, and/or other deployable applications or resources 170, and can be referenced by a resource group.
  • resource group 124 in partition 104 can reference 190 resource group template 160.
  • a system administrator can define partitions, domain-level resource groups and resource group templates, and security realms; while a partition administrator can define aspects of their own partition, for example, by creating partition-level resource groups, deploying applications to the partition, or referencing specific realms for the partition.
  • Figure 2 further illustrates a system for supporting multi-tenancy in an application server, cloud, or other environment, in accordance with an embodiment.
  • a partition 202 can include, for example, a resource group 205 which includes a reference 206 to a resource group template 210, a virtual target (e.g., virtual host) information 207, and a pluggable database (PDB) information 208.
  • a resource group template (e.g., 210) can define, for example, a plurality of applications A 21 1 and B 212, together with resources such as a Java Message Server (JMS) server 213, store-and-forward (SAF) agent 215, mail session component 216, or Java Database Connectivity (JDBC) resource 217.
  • JMS Java Message Server
  • SAF store-and-forward
  • JDBC Java Database Connectivity
  • the resource group template illustrated in Figure 2 is provided by way of example; in accordance with other embodiments, different types of resource group templates and elements can be provided.
  • a resource group within a partition references 220 a particular resource group template (e.g., 210)
  • information associated with a particular partition can be used in combination with the referenced resource group template, to indicate a partition-specific information 230, for example a partition-specific PDB information.
  • the partition-specific information can then be used by the application server to configure resources, for example a PDB resource, for use by the partition.
  • partition-specific PDB information associated with partition 202 can be used, by the application server, to configure 232 a container database (CDB) 236 with an appropriate PDB 238, for use by that partition.
  • CDB container database
  • a virtual target information associated with a particular partition can be used to define 239 a partition-specific virtual target 240, for use by the partition, e.g., baylandurgentcare.com, which can then be made accessible via a uniform resource locator (URL), e.g., http://baylandurgentcare.com.
  • a uniform resource locator URL
  • Figure 3 further illustrates a system for supporting multi-tenancy in an application server, cloud, or other environment, in accordance with an embodiment.
  • a system configuration such as a config.xml configuration file, is used to define a partition, including configuration elements for resource groups associated with that partition, and/or other partition properties. Values can be specified per-partition using property name/value pairs.
  • a plurality of partitions can be executed within a managed server / cluster 242, or a similar environment which can provide access to a CDB 243, and which are accessible via a web tier 244. This allows, for example, a domain or partition to be associated with one or more of the PDBs (of the CDB).
  • each of the plurality of partitions in this example partition A 250 and partition B 260, can be configured to include a plurality of resources associated with that partition.
  • partition A can be configured to include a resource group 251 which contains an application A1 252, application A2 254, and JMS A 256, together with a datasource A 257 associated with PDB A 259, wherein the partition is accessible via a virtual target A 258.
  • partition B 260 can be configured to include a resource group 261 which contains an application B1 262, application B2 264, and JMS B 266, together with a datasource B 267 associated with PDB B 269, wherein the partition is accessible via a virtual target B 268.
  • a resource is a system resource, application, or other resource or object that can be deployed to a domain of the environment.
  • a resource can be an application, JMS, JDBC, JavaMail, WLDF, data source, or other system resource or other type of object that can be deployed to a server, cluster, or other application server target.
  • a partition is a runtime and administrative subdivision or slice of a domain that can be associated with a partition identifier (ID) and configuration, and can contain applications and/or refer to domain-wide resources through the use of resource groups and resource group templates.
  • ID partition identifier
  • a partition can contain its own applications, refer to domain wide applications via resource group templates, and have its own configuration.
  • Partitionable entities can include resources, for example JMS, JDBC, JavaMail, WLDF resources, and other components, such as JNDI namespace, network traffic, work managers, and security policies and realms.
  • the system can be configured to provide tenant access to the administrative and runtime aspects of partitions associated with a tenant.
  • each resource group within a partition can optionally reference a resource group template.
  • a partition can have multiple resource groups, and each of them can reference a resource group template.
  • Each partition can define properties for configuration data that is not specified in the resource group templates to which the partition's resource groups refer. This enables the partition to act as a binding of deployable resources defined in a resource group template, to specific values for use with that partition. In some cases, a partition can override configuration information specified by a resource group template.
  • a partition configuration as defined for example by a config.xml configuration file, can include a plurality of configuration elements, for example: "partition”, which contains the attributes and child elements that define the partition; "resource-group”, which contains the applications and resources deployed to the partition; “resource-group-template”, which contains applications and resources defined by that template; "jdbc-system-resource-override”, which contains a database-specific service name, user name, and password; and "partition-properties”, which contains property key values that can be used for macro replacement in resource group templates.
  • partition which contains the attributes and child elements that define the partition
  • “resource-group” which contains the applications and resources deployed to the partition
  • “resource-group-template” which contains applications and resources defined by that template
  • jdbc-system-resource-override which contains a database-specific service name, user name, and password
  • partition-properties which contains property key values that can be used for macro replacement in resource group templates.
  • the system can use the information provided by the configuration file to generate partition-specific configuration elements for each resource, from the resource group template.
  • a resource group is a named, fully-qualified collection of deployable resources that can be defined either at a domain or partition level, and can reference a resource group template.
  • the resources in a resource group are considered fully-qualified in that the administrator has provided all of the information needed to start or connect to those resources, for example the credentials for connecting to a data source, or the targeting information for an application.
  • a system administrator can declare resource groups at the domain level, or at the partition level. At the domain level, a resource group provides a convenient way to group related resources.
  • the system can manage resources declared in a domain-level resource group the same as ungrouped resources, so that the resources can be started during system start-up, and stopped during system shut-down.
  • An administrator can also stop, start, or remove a resource in a group individually, and can act on all the resources in a group implicitly by operating on the group. For example, stopping a resource group stops all of the resources in the group that are not already stopped; starting the resource group starts any resources in the group that are not already started; and removing the resource group removes all of the resources contained in the group.
  • partition-level resource groups can refer to domain-level resource group templates; while in a PaaS use case, partition-level resource groups can be created that do not refer to resource group templates, but instead represent applications and their related resources that are to be made available within that partition only.
  • resource grouping can be used to group together applications and the resources they use as a distinct administrative unit within the domain.
  • a resource grouping defines the MedRec application and its resources.
  • Multiple partitions can run the same MedRec resource group, each using a partition-specific configuration information, such that the applications that are part of each MedRec instance are made specific to each partition.
  • a resource group template is a collection of deployable resources that are defined at a domain level, that can be referenced from a resource group, and some of the information required to activate its resources may not be stored as part of the template itself, such that it supports the specification of partition level configuration.
  • a domain can contain any number of resource group templates, each of which can include, for example, one or more related Java applications and the resources on which those applications depend. Some of the information about such resources may be the same across all partitions, while other information may vary from one partition to the next. Not all configuration need be specified at the domain level - partition level configuration can instead be specified in the resource group template through the use of macros, or property name/value pairs.
  • a particular resource group template can be referenced by one or more resource groups.
  • a resource group template can be referenced by one resource group at a time, i.e., not simultaneously by multiple resource groups within the same partition; however, it can be referenced at the same time by another resource group in a different partition.
  • the object containing the resource group e.g., the domain or partition, can use property name/value assignments to set the value of any tokens in the resource group template.
  • the system activates a resource group template using a referencing resource group, it can replace those tokens with values set in the resource group's containing object.
  • the system can also use statically-configured resource group templates and partitions to generate runtime configuration for each partition/template combination.
  • the system can activate the same applications and resources multiple times, including once for each partition that will use them.
  • an administrator defines a resource group template they can use tokens to represent the information that will be supplied elsewhere.
  • the username to use in connecting to a CRM-related data resource can be indicated in the resource group template as ⁇ $ ⁇ CRMDataUsername ⁇ .
  • a tenant in a multitenant environment, such as a multitenant (MT) application server environment, is an entity that can be represented by, or otherwise associated with, one or more partitions and/or one or more tenant-aware applications.
  • MT multitenant
  • tenants can represent distinct user organizations, such as different external companies, or different departments within a particular enterprise (e.g., HR and Finance departments), each of which can be associated with a different partition.
  • a tenant globally unique identity (tenant ID) is the association of a particular user, at a particular moment in time, with a particular tenant.
  • the system can derive which tenant a particular user belongs to from the user identity, for example by referring to a user identity store.
  • the user identity enables the system to enforce those actions that a user is authorized to perform, including, but not limited to, which tenant the user may belong.
  • the system enables isolation of the administration and runtime of different tenants from each other.
  • tenants can configure some behaviors of their applications, and resources to which they have access.
  • the system can ensure that a particular tenant cannot administer artifacts belonging to another tenant; and, at runtime, that the applications working on behalf of a particular tenant refer only to resources associated with that tenant, and not to resources associated with other tenants.
  • a tenant - unaware application is one that contains no logic dealing with tenants explicitly, such that any resources that the application uses may be accessible regardless of what user submitted a request to which the application is responding.
  • a tenant-aware application includes logic that explicitly deals with tenants. For example, based on a user's identity the application can derive the tenant to which the user belongs and use that information to access tenant - specific resources.
  • the system enables users to deploy applications that are explicitly written to be tenant-aware, so that application developers can obtain the tenant ID of a current tenant.
  • the tenant-aware application can then use the tenant ID to handle multiple tenants that are using a single instance of the application.
  • the MedRec application which supports a single doctor's office or hospital, can be exposed to two different partitions or tenants, e.g., a Bayland Urgent Care tenant, and a Valley Health tenant, each of which is able to access separate tenant-specific resources, such as separate PDBs, without changing the underlying application code.
  • applications can be deployed to a resource group template at the domain level, or to a resource group that is scoped to a partition or scoped to the domain.
  • Application configuration can be overridden using deployment plans specified per-application, or per-partition.
  • Figure 4 illustrates a domain configuration for use with an exemplary multitenant environment, in accordance with an embodiment.
  • the system when the system starts a partition, it creates virtual targets (e.g., virtual hosts) and connection pools, including one for each partition, to respective database instances, according to the provided configuration.
  • virtual targets e.g., virtual hosts
  • connection pools including one for each partition
  • each resource group template can include one or more related applications and the resources on which those applications depend.
  • Each partition can provide configuration data that is not specified in the resource group templates to which it refers, by providing a binding of the deployable resources in resource group templates to specific values associated with the partition; including, in some cases, overriding certain configuration information specified by the resource group template. This enables the system to activate an application represented by a resource group template differently for each partition, using the property values each partition has defined.
  • a partition may contain resource groups that do not refer to resource group templates, or that directly define their own partition-scoped deployable resources. Applications and data sources that are defined within a partition are generally available only to that partition. Resources can be deployed so that they can be accessed from across partitions using partition: ⁇ partitionName>/ ⁇ resource JNDI name>, or domain: ⁇ resource JNDI name>.
  • a MedRec application can include a plurality of Java applications, a data source, a JMS server, and a mail session.
  • the system administrator can define a single MedRec resource group template 286, declaring those deployable resources in the template.
  • the deployable resources declared in a resource group template may not be fully configured in the template, or cannot be activated as-is, since they lack some configuration information.
  • the MedRec resource group template may declare a data source used by the applications, but it may not specify a URL for connecting to the database.
  • Partitions associated with different tenants for example, partition BUC-A 290 (Bayland Urgent Care, BUC) and partition VH-A 292 (Valley Health, VH) can reference one or more resource group templates, by each including a MedRec resource group 293, 294 that references 296, 297 the MedRec resource group template.
  • the reference can then be used to create 302, 306, the virtual targets / virtual hosts for each tenant, including a virtual host baylandurgentcare.com 304 associated with the BUC-A partition, for use by the Bayland Urgent Care tenant; and a virtual host valleyhealth.com 308 associated with the VH-A partition, for use by the Valley Health tenant.
  • a virtual host baylandurgentcare.com 304 associated with the BUC-A partition, for use by the Bayland Urgent Care tenant
  • a virtual host valleyhealth.com 308 associated with the VH-A partition, for use by the Valley Health tenant.
  • Figure 5 further illustrates an exemplary multitenant environment, in accordance with an embodiment.
  • a servlet engine 310 can be used to support a plurality of tenant environments, in this example a Bayland Urgent Care Physician tenant environment 320, and a Valley Health Physician tenant environment 330.
  • each partition 321 , 331 can define a different virtual target on which to accept incoming traffic for that tenant environment, and a different URL 322, 332 for connecting to the partition and to its resources 324, 334, including in this example either a Bayland Urgent Care database, or a Valley Health database respectively.
  • the database instances can use compatible schemas, since the same application code will execute against both databases. When the system starts the partitions, it can create the virtual targets and connection pools to the respective database instances.
  • the methods and systems described herein can support tenant scoped execution of OS (i.e., tenant-unaware) programs, applications, and processes (variously referred to herein after as “OS programs”, “OS applications”, “OS processes”, “non-tenant aware programs”, “non-tenant aware applications”, and “non-tenant aware processes”).
  • OS i.e., tenant-unaware
  • OS processes variousously referred to herein after as “OS programs”, “OS applications”, “OS processes”, “non-tenant aware programs”, “non-tenant aware applications”, and “non-tenant aware processes”).
  • the applications are tenant scoped, meaning that the libraries and resources accessed by the tenant aware programs are isolated from, for example, other tenants within the MT environment.
  • a tenant aware program operating in an MT environment calls a tenant-unaware application (e.g., C, C++, Perl . . . etc.) operating on a native OS
  • a tenant-unaware application e.g., C, C++, Perl . . . etc.
  • a general purpose operating system has no notion of tenancy and is unaware of tenancy (i.e., tenancy information associated with the originating call from the MT application) associated with the MT application (i.e., JEE application).
  • OS programs within a common environment and using shared OS resources (e.g., files, processes, databases), which in turn can lead to loss of tenant context as well as runtime separation/isolation, when separate tenant applications call an outside OS application (e.g., tenant unaware application).
  • shared OS resources e.g., files, processes, databases
  • FIG. 6 illustrates a system for tenant scoped execution of a tenant-unaware process, in accordance with an embodiment.
  • a Multitenant Application Server Environment 600 e.g., WebLogic Multitenant
  • tenant 1 partition and tenant 2 partition can be associated with an application, such as a JEE application 602, 606, respectively, which are associated with a datasource 603, 607, respectively, which allows access to each tenant's respective database 604, 608, respectively.
  • an application such as a JEE application 602, 606, respectively, which are associated with a datasource 603, 607, respectively, which allows access to each tenant's respective database 604, 608, respectively.
  • an application such as a JEE application associated with tenant 2
  • the JEE application associated with tenant 2 runs in a MT environment and has tenant context associated at runtime.
  • a MT application e.g., a JEE application
  • an OS program/application i.e., process 620
  • the MT application can set up a number of variables 625 (i.e., environment variables) in order to extend/propagate the tenant context that is available to the JEE application.
  • variables 625 i.e., environment variables
  • These variables can include a tenant ID, a tenant name; a tenant filesystem (TFS) root; a process work directory, under TFS, with input and output sub-directories; a tenant DB connect string, and a tenant LDAP (lightweight directory access protocol) directory URL.
  • the MT application server can manage a virtual tenant filesystem 630 for each tenant that has been on-boarded into the MT application server environment 600.
  • This virtual tenant filesystem can be created/set up as part of an application server administration when a tenant is on-boarded.
  • the virtual tenant filesystems are part of the OS 610, with one virtual tenant filesystem for each tenant currently active in the MT application server environment.
  • the MT application when an MT application (e.g., JEE application) invokes an OS process (i.e., tenant unaware process), the MT application can additionally create a temporary process work directory under the tenant's virtual filesystem. If more than one OS process is invoked by an MT application, the MT application can create one temporary work directory for each OS process invoked.
  • the MT application in creating the temporary work directory under the virtual filesystem, can additionally create (for each OS process invoked) subdirectories under the temporary work directory for input, output, error and database directories. These subdirectories can accept redirected stdin (input stream), stdout (output stream) and stderr (error stream) of the invoked OS process.
  • Each input subdirectory can be set up with process input files.
  • Each output subdirectory can be responsible for capturing process output files.
  • Each error subdirectory can be responsible for capturing process error (e.g., stderr) messages.
  • the virtual tenant-specific filesystems can be associated with a native storage, such as OS storage 640.
  • a process builder can comprise an API (e.g., Java ProcessBuilder API) that allows a client to specify a command line for an OS program/application to execute, configure environment variables to set up in the process environment, configure a process work directory, and redirect the process input, output, and error streams to files on a file system.
  • the process builder can allow certain process characteristics to be set up or configured before a process (i.e., OS process) is started, such as a process environment, a process working directory, and process input stream/output stream/error stream re-direction.
  • a MT application when a MT application invokes an OS process, it can create and utilize a process builder (e.g., process builder instance).
  • the tenancy context from the MT application can be propagated as part of the process builder API invocation, including setting environmental variables and creating and configuring the process work directory.
  • the process builder can be configured in order to assign resources (environment variables, process work directory, redirected input/out files, a database connect descriptor, LDAP directory, wallet) that allows the tenant unaware process (e.g. OS process) to be scoped/confined in its execution within the tenancy context.
  • the tenant unaware process e.g., OS process
  • the tenant unaware process is assigned a tenant-specific folder under the OS file-system for redirected process I/O streams, connects to the database associated with the tenant using tenant-specific access credentials, and uses tenant LDAP directory.
  • a tenant-specific database connect string/descriptor can allow programs to transparently work with the tenant database.
  • Tenant-specific credentials can be configured in a wallet set up under a database subdirectory of the process work directory in the tenant's virtual filesystem.
  • the streams e.g., input stream, output stream, error stream
  • the streams can be redirected to the respective input, output and error subdirectories under the process work directory in the tenant's virtual filesystem.
  • the tenancy context, environment and data associated with separate tenants invoking OS programs can be kept discrete and separated from each other, thus allowing for scoped processing of an OS application (tenant unaware) executing based upon a call from inside of a MT container (e.g., from a JEE program executing on behalf of a partition within the MT container).
  • the MT application running in the MT application server environment can retrieve the process output and clean up the process work directory.
  • the MT application can get the process exitValue status code (e.g., from java Process object exitValue() method) to find if the program executed successfully. It can also retrieve the redirected stdout and stderr files under the output and error sub-folders, to examine if the process execution was successful.
  • the results updated in the tenant database can be directly accessed from the database by the MT application running in the partition, once the tenant unaware process execution completes.
  • the MT application can also delete the process work directory and its sub-folders, which cleans up the output files and the db files, such as the wallet.
  • the environment variables configured at the MT application that calls the OS program can comprise: a tenant ID, a tenant name; a tenant filesystem (TFS) root; a process work directory, under TFS, with input, output, and error sub-directories; a tenant DB connect string, and a tenant LDAP (lightweight directory access protocol) directory URL.
  • a tenant ID a tenant name
  • a tenant filesystem (TFS) root a tenant filesystem (TFS) root
  • a process work directory under TFS, with input, output, and error sub-directories
  • a tenant DB connect string
  • LDAP lightweight directory access protocol
  • a tenant-unaware OS program can be assigned resources (environment variables, process work directory, redirected input/output files, a DB connect descriptor, LDAP directory, and wallet) that scope/confine its execution within a tenant context.
  • the methods and systems described herein can support multitenant execution of tenant unaware processes (i.e., OS processes) by using a containerized application to provide tenant isolation at runtime.
  • tenant unaware processes i.e., OS processes
  • the present disclosure can utilize containerized applications to provide tenant isolation during runtime of tenant unaware processes.
  • a containerized application or process is an application that is packaged as a container and comprises the necessary information for the application to run, such as OS base image, application executables, and libraries.
  • a containerized application can be a portable application that can be shared among Linux distributions using the same Linux kernel, such a Linux kernel 750.
  • a containerized application can be created such that if a developer creates a portable/containerized application and shares the image, and assuming the same linux kernel, the system that the containerized application was shared with can download the containerized application image from a container image registry or repository and spin off a container to run the containerized application.
  • the application will be available on the destination host isolated from other containers and from the OS, and it can still be available with the required libraries (e.g., the same versions of the libraries that the developer of the application/process intended). Then, there can be another containerized application instance that uses the same versions of the libraries, but it will run separately. Docker is an example of such a container framework/infrastructure.
  • Figure 7 illustrates a system for multitenant execution of a tenant-unaware process, in accordance with an embodiment.
  • Figure 7 depicts multitenant execution of OS programs, called from a MT application, using containerized OS applications executing in an OS that supports software containers.
  • a MT application server environment 600 can comprises a number of tenant partitions, such as tenant 1 partition 601 and tenant 2 partition 605. Both tenant 1 partition and tenant 2 partition can be associated with an application, such as a JEE application 602, 606, respectively, which are associated with a datasource 603, 607, respectively, which allows access to each tenant's respective database 604, 608, respectively.
  • tenant partitions such as tenant 1 partition 601 and tenant 2 partition 605.
  • tenant 1 partition and tenant 2 partition can be associated with an application, such as a JEE application 602, 606, respectively, which are associated with a datasource 603, 607, respectively, which allows access to each tenant's respective database 604, 608, respectively.
  • a MT application e.g., a JEE application
  • a tenant unaware application e.g., as a containerized application
  • the MT application can set up a number of variables (i.e., environment variables) in order to extend/propagate the tenant context that is available to the JEE application.
  • variables can include a tenant ID, a tenant name; a tenant filesystem (TFS) root; a process work directory, under TFS, with input, output, and error sub-directories; a tenant DB connect string, and a tenant LDAP (lightweight directory access protocol) directory URL.
  • the MT application server can manage a virtual tenant filesystem 735 for each tenant that has been on-boarded into the MT application server environment 600.
  • This virtual tenant filesystem can be created/set up as part of an application server administration when a tenant is on-boarded.
  • the virtual tenant filesystems are part of the OS 610, with one virtual tenant filesystem for each tenant currently active in the MT application server environment.
  • the MT application when an MT application (e.g., JEE application) invokes a tenant unaware application, the MT application can additionally create a temporary process work directory (also referred to herein as "process work directory") under the tenant's virtual filesystem. If more than one tenant unaware application is invoked by an MT application, the MT application can create one process work directory for each tenant unaware application invoked. The MT application, in creating the process work directory under the virtual filesystem, can additionally create (for each tenant unaware application invoked) subdirectories under the process work directory for input, output, error and database directories.
  • a temporary process work directory also referred to herein as "process work directory”
  • These subdirectories can accept redirected stdin (input stream), stdout (output stream) and stderr (error stream) of the invoked OS process.
  • Each input subdirectory can set up with process input files.
  • Each output subdirectory can be responsible for capturing process output files.
  • Each error subdirectory can be responsible for capturing process error (e.g., stderr) messages.
  • the virtual tenant-specific filesystems can be associated with a native storage, such as OS storage 736.
  • a process builder which can be utilized by an MT application, can comprise an API (e.g., Java ProcessBuilder API) that allows a client to specify a command line for a tenant unaware application to execute, configure environment variables to set up in the process environment, configure a process work directory, and redirect the process input, output, and error streams to files on a file system.
  • the process builder can allow certain process characteristics to be set up or configured before a process (i.e., tenant unaware application) is started, such as a process environment, a process working directory, and process input stream/output stream/error stream redirection.
  • a MT application when invokes a tenant unaware application, it can create and utilize a process builder (e.g., process builder instance).
  • the tenancy context from the MT application can be propagated as part of the process builder API invocation, including setting environmental variables and creating the temporary process work directory.
  • the process builder can be configured in order to assign resources (environment variables, process work directory, redirected input/output/error streams, a database connect descriptor, LDAP directory, wallet) that allows the tenant unaware application to be scoped/confined in its execution within the tenancy context.
  • resources environment variables, process work directory, redirected input/output/error streams, a database connect descriptor, LDAP directory, wallet
  • the tenant unaware application gets a work directory that is specific to the invoking tenant and under the tenant designated virtual filesystem and isolated from the files created or owned by other tenants of the MT application server environment 600.
  • the tenant unaware application is assigned a tenant-specific folder under the OS file-system for redirected process I/O streams, connects to the database associated with the tenant using tenant-specific access credentials, and uses tenant-specific LDAP directory.
  • a tenant-specific database connect string/descriptor can allow programs to transparently work with the tenant database.
  • Tenant- specific credentials can be configured in a wallet set up under the database subdirectory under the process work directory in the tenant's virtual filesystem.
  • the streams e.g., input stream, output stream, error stream
  • the tenant unaware application e.g., containerized application
  • the tenant unaware application (which is invoked from an MT application, such as a JEE application calling from tenant 2's partition) can be packaged as a containerized application.
  • a MT application can invoke an OS program.
  • a process builder e.g., Java ProcessBuilder
  • Container frameworks provide a lightweight container virtualization technology.
  • One such container framework is Docker.
  • the container runtime such as Docker
  • the system can create an application container image that includes a base OS (e.g., Ubuntu) along with a layered filesystem that contains the application binaries and required libraries and components.
  • the image can be self-contained and portable allowing it to run the application, without any dependencies on the host, when the containerized application is launched.
  • a MT application i.e., JEE application 606
  • a tenant unaware application by launching a container process (e.g., Docker or Rocket).
  • a container client 720 such as a Docket Client, be invoked by an MT Application using the Process Builder (e.g., a JEE application 606 running in tenant 2's partition 605) to launch an OS (tenant unaware) application with the tenancy context from the originator of the request (i.e., the JEE application).
  • the container client can invoke a container daemon 725, such as a Docker daemon.
  • the container daemon can then download and launch an application image 740 of the requested containerized application from the JEE application.
  • the application image 740 can comprise a base OS (e.g., Ubuntu) along with a layered filesystem that contains the application binaries and required libraries and components.
  • the application image can be self-contained and portable, allowing it to run an application without any dependencies on the host.
  • the containerized application can run as isolated instances.
  • the containerized applications run on the same OS, but execute in isolation, meaning that two or more tenants can run different instances of the same application in isolation as separate containers.
  • the containerized application 730 can communicate (I/O) with tenant's virtual tenant filesystem 735 (based upon the tenant context, for example, tenant 2's partition, which in turn can communicate with the OS storage 736).
  • a containerized application operating on behalf of a tenant can access the tenant's database 608 with the necessary credentials.
  • the MT application can get the process exitValue status code (e.g., from java Process object exitValue() method) to find if the program executed successfully. It can also retrieve the redirected stdout and stderr files under the output and error sub-folders, to examine if the process execution was successful.
  • the results updated in the tenant database can be directly accessed from the database by the MT application running in the partition, once the tenant unaware containerized application execution completes.
  • the MT application can also delete the process work directory and its sub-folders, which cleans up the output files and the db files, such as the wallet.
  • Figure 8 illustrates a system for multitenant execution of a tenant-unaware process, in accordance with an embodiment.
  • Figure 8 depicts multitenant execution of OS programs, called from a MT application, using containerized OS applications executing in containers.
  • a MT application server environment 600 can comprises a number of tenant partitions, such as tenant 1 partition 601 and tenant 2 partition 605. Both tenant 1 partition and tenant 2 partition can be associated with an application, such as a JEE application 602, 606, respectively, which are associated with a datasource 603, 607, respectively, which allows access to each tenant's respective database 604, 608, respectively.
  • tenant partitions such as tenant 1 partition 601 and tenant 2 partition 605.
  • tenant 1 partition and tenant 2 partition can be associated with an application, such as a JEE application 602, 606, respectively, which are associated with a datasource 603, 607, respectively, which allows access to each tenant's respective database 604, 608, respectively.
  • a MT application e.g., a JEE application
  • a tenant unaware application e.g., as a containerized application
  • the MT application can set up a number of variables (i.e., environment variables) in order to extend/propagate the tenant context that is available to the JEE application.
  • variables can include a tenant ID, a tenant name; a tenant filesystem (TFS) root; a process work directory, under TFS, with input and output sub-directories; a tenant DB connect string, and a tenant LDAP (lightweight directory access protocol) directory URL.
  • the MT application server can manage a virtual tenant filesystem 735 for each tenant that has been on-boarded into the MT application server environment 600.
  • This virtual tenant filesystem can be created/set up as part of an application server administration when a tenant is on-boarded.
  • the virtual tenant filesystems are part of the OS 610, with one virtual tenant filesystem for each tenant currently active in the MT application server environment.
  • the MT application when an MT application (e.g., JEE application) invokes a tenant unaware application, the MT application can additionally create a temporary process work directory under the tenant's virtual filesystem. If more than one tenant unaware application is invoked by an MT application, the MT application can create one process work directory for each tenant unaware application invoked.
  • the MT application in creating the process work directory under the virtual filesystem, can additionally create (for each tenant unaware application invoked) subdirectories under the process work directory for input, output, error and database directories. These subdirectories can accept redirected (stdin) input streams, (stdout) output streams and (stderr) error streams. Each input subdirectory can be responsible for set up with process input files.
  • Each output subdirectory can be responsible for capturing process output files.
  • Each error subdirectory can be responsible for capturing process error (e.g., stderr) messages.
  • the virtual tenant-specific filesystems can be associated with a native storage, such as OS storage 736.
  • a process builder can comprise an API (e.g., Java ProcessBuilder API) that allows a client to specify a command line for a tenant unaware application to execute, configure environment variables to set up in the process environment, configure a process work directory, and redirect the process input, output, and error streams to files on a file system.
  • the process builder can allow certain process characteristics to be set up or configured before a process (i.e., tenant unaware application) is started, such as a process environment, a process working directory, and process input stream/output stream/error stream re-direction.
  • a MT application when invokes a tenant unaware application, it can create and utilize a process builder (e.g., process builder instance).
  • the tenancy context from the MT application can be propagated as part of the process builder API invocation, including setting environmental variables.
  • the MT application can create a process work directory and sub-directories (input, output, error, and database) under the VTFS (virtual tenant filesystem).
  • the MT application can then use the process builder API to configure the environment variables, process work directory with the temp process work directory path, redirected streams.
  • the process builder can be configured in order to assign resources (environment variables, process work directory, redirected input/out files, a database connect descriptor, LDAP directory, wallet) that allows the tenant unaware application to be scoped/confined in its execution within the tenancy context.
  • resources environment variables, process work directory, redirected input/out files, a database connect descriptor, LDAP directory, wallet
  • the tenant unaware application gets a work directory that is specific to the invoking tenant and under the tenant designated virtual filesystem and isolated from the files created or owned by other tenants of the MT application server environment 600.
  • the tenant unaware application uses a tenant-specific folder under the OS file-system for I/O operations, connects to the database associated with the tenant using tenant-specific access credentials, and uses tenant LDAP directory.
  • a tenant-specific database connect string/descriptor can allow programs to transparently work with the tenant database.
  • Tenant-specific credentials can be configured in a wallet set up under the database subdirectory within the process work directory in the tenant's virtual filesystem.
  • the streams e.g., input stream, output stream, error stream
  • the tenant unaware application e.g., containerized application
  • the tenant unaware application (which is called from an MT application, such as a JEE application calling from tenant 2's partition) can be packaged as a containerized application.
  • a MT application can invoke an OS program.
  • the process builder API is configured by the MT application to invoke a container process.
  • container framework/infrastructure is Docker.
  • the container framework/infrastructure such as Docker
  • the system can download a previously created container image 815 from an application image library 810.
  • the application image 815 can include a base OS (e.g., Ubuntu) along with a layered filesystem that contains the application binaries and required libraries and components.
  • the image can be self-contained and portable allowing it to run the application, without any dependencies on the host, when the container is created and application launched within it.
  • the application image library 815 can be set up on a host local file system, and can include a number of containerized application images (e.g., .tar files) for desired programs and applications that can be invoked from applications running within a MT application server.
  • containerized application images e.g., .tar files
  • Such application images can include, for example, commonly requested OS programs and applications.
  • a MT application i.e., JEE application 606
  • a tenant unaware application by launching a container process (e.g., Docker or Rocket).
  • a container client 720 such as a Docket Client, can be invoked by the MT Application using the Process Builder (e.g., a JEE application 606 running in tenant 2's partition 605) to launch an OS (tenant unaware) application with the tenancy context from the originator of the request (i.e., the JEE application).
  • the container client can invoke a container daemon 725, such as a Docker daemon.
  • the container daemon can then download and launch an application image 740 of the requested containerized application from the JEE application.
  • the application image 740 can comprise a base OS (e.g., Ubuntu) along with a layered filesystem that contains the application binaries and required libraries and components.
  • the application image can be self-contained and portable, allowing it to run an application without any dependencies on the host.
  • the containerized application can run as isolated instances.
  • the containerized applications run on the same OS, but execute in isolation, meaning that two or more tenants can run different instances of the same application in isolation as separate containers.
  • the container repository 810 can be populated with a number of application images 815. These application images can pre- populated into the application image library, or, can also be saved into the application image library after the container process of Figure 8 creates an application image.
  • the application when a container is created (by the container daemon), and an application image is loaded into the container to run the containerized application 730, the application can then be run without any dependencies on the host.
  • the containerized application 730 can communicate (I/O) with tenant's virtual tenant filesystem 735 (based upon the tenant context, for example, tenant 2's partition, which in turn can communicate with the OS storage 736).
  • a containerized application operating on behalf of a tenant can access the tenant's database 608 with the necessary credentials.
  • the MT application can get the process exitValue status code (e.g., from java Process object exitValue() method) to find if the program executed successfully. It can also retrieve the redirected stdout and stderr files under the output and error sub-folders, to examine if the process execution was successful.
  • the results updated in the tenant database can be directly accessed from the database by the MT application running in the partition, once the tenant unaware containerized application execution completes.
  • the MT application can also delete the process work directory and its sub-folders, which cleans up the output files and the db files, such as the wallet.
  • FIG. 9 is a flow chart of an exemplary method for creating environment and resources for tenant scoped execution of a tenant unaware process, in accordance with an embodiment.
  • a process work directory can be created under a tenant file system (e.g., the virtual tenant filesystem).
  • subdirectories under the process work directory can be created for input, output, error and database folders.
  • the input folder can be set up with data files.
  • the database folder can be set up with tenant database configuration files and credentials (e.g., a wallet).
  • the environment can be finalized for the tenant unaware applications (e.g., OS applications/processes) to execute based on tenant context.
  • the tenant unaware applications e.g., OS applications/processes
  • FIG. 10 is a flow chart of an exemplary method for creating and configuring a process builder to launch a containerized application, in accordance with an embodiment.
  • a process builder instance e.g., Java ProcessBuilder API
  • the process environment can be configured (e.g., with tenant context).
  • the process work directory can be configured.
  • the method can configure an executable command line to launch a containerized application.
  • streams from the containerized application such as input stream, output stream, and error stream, can be redirected to the input, output, and error subdirectories of the process work directory.
  • FIG 11 is a flow chart of an exemplary method for multitenant execution of a tenant unaware OS application from a MT middleware application (e.g., JEE application), in accordance with an embodiment.
  • an OS application i.e., the OS application meant to be invoked from the MT application server environment
  • a containerized application e.g., containerized application image
  • a process environment and resources for tenant scoped execution can be created, as identified by the flow chart in Figure 9.
  • a process builder e.g., Java ProcessBuilder API instance
  • the method can invoke the containerized OS application process using the process builder start method. This step creates the configured tenant-specific execution environment and starts the container process.
  • the containerized application can run with the tenant-specific environment and resources, with runtime isolation from other containers & OS processes, enforced by the container runtime.
  • the method can wait for the containerized application process execution to complete.
  • the method can delete and clean up the process work directory and its contents.
  • Figure 12 is a flow chart of an exemplary method for supporting tenant scoped execution of a tenant-unaware process invoked from a multitenant middleware application.
  • the method can provide, at one or more computers, including an application server environment executing thereon, a plurality of partitions, wherein each partition provides an administrative and runtime subdivision of a domain, and a plurality of tenant-aware programs, wherein each of the plurality of tenant-aware programs is associated with a partition of the plurality of partitions.
  • the method can associate each of the plurality of partitions and the plurality of tenant-aware programs with a tenant of a plurality of tenants, for use by the tenant.
  • the method can invoke the tenant-unaware process from a calling partition of the plurality of partitions, the calling partition being associated with a calling tenant of the plurality of tenants.
  • the method can collect tenancy information about the calling tenant.
  • the method can, based upon the collected tenancy information, scope execution of the tenant-unaware process to the calling tenant, wherein scoping execution allows for isolation of the execution of the tenant-unaware process scoped to the calling tenant from other tenants of the multitenant middleware environment.
  • the present invention may be conveniently implemented using one or more conventional general purpose or specialized digital computer, computing device, machine, or microprocessor, including one or more processors, memory and/or computer readable storage media programmed according to the teachings of the present disclosure.
  • Appropriate software coding can readily be prepared by skilled programmers based on the teachings of the present disclosure, as will be apparent to those skilled in the software art.
  • the present invention includes a computer program product which is a non-transitory storage medium or computer readable medium (media) having instructions stored thereon/in which can be used to program a computer to perform any of the processes of the present invention.
  • the storage medium can include, but is not limited to, any type of disk including floppy disks, optical discs, DVD, CD-ROMs, microdrive, and magneto-optical disks, ROMs, RAMs, EPROMs, EEPROMs, DRAMs, VRAMs, flash memory devices, magnetic or optical cards, nanosystems (including molecular memory ICs), or any type of media or device suitable for storing instructions and/or data.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Stored Programmes (AREA)
  • Storage Device Security (AREA)

Abstract

In accordance with an embodiment, described herein is a system and method for supporting multitenant execution of a tenant-unaware program invoked from a multitenant middleware application. An exemplary method can provide a plurality of partitions, and a plurality of tenant-aware programs, wherein each of the plurality of tenant-aware programs is associated with a partition. The method can associate each of the plurality of partitions and the plurality of tenant-aware programs with a tenant of a plurality of tenants. The method can invoke the tenant-unaware process from a calling partition of the plurality of partitions, the calling partition being associated with a calling tenant of the plurality of tenants. The method can collect tenancy information about the calling tenant. And, based upon the collected tenancy information, the method can scope execution of the tenant-unaware process to the calling tenant by setting up a process execution environment and resources.

Description

SYSTEM AND METHOD FOR MULTITENANT EXECUTION OF OS PROGRAMS INVOKED FROM A MULTITENANT MIDDLEWARE APPLICATION
COPYRIGHT NOTICE
A portion of the disclosure of this patent document contains material which is subject to copyright protection. The copyright owner has no objection to the facsimile reproduction by anyone of the patent document or the patent disclosure, as it appears in the Patent and Trademark Office patent file or records, but otherwise reserves all copyright rights whatsoever.
Field of Invention:
[0001] Embodiments of the invention are generally related to application servers and cloud environments, and are particularly related to a system and method for supporting applications invoked from a multitenant middleware platform.
Background:
[0002] Software application servers, examples of which include Oracle WebLogic
Server (WLS) and Glassfish, generally provide a managed environment for running enterprise software applications. Recently, technologies have also been developed for use in cloud environments, which allow users or tenants to develop and run their applications within the cloud environment, and to take advantage of distributed resources provided by the environment. Summary:
[0003] In accordance with an embodiment, described herein is a system and method for supporting multitenant execution of a tenant-unaware program invoked from a multitenant middleware application. An exemplary method can provide a plurality of partitions, and a plurality of tenant-aware programs, wherein each of the plurality of tenant-aware programs is associated with a partition. The method can associate each of the plurality of partitions and the plurality of tenant-aware programs with a tenant of a plurality of tenants. The method can invoke the tenant-unaware process from a calling partition of the plurality of partitions, the calling partition being associated with a calling tenant of the plurality of tenants. The method can collect tenancy information about the calling tenant. And, based upon the collected tenancy information, the method can scope execution of the tenant-unaware process to the calling tenant by setting up a process execution environment and resources.
[0004] In accordance with an embodiment, using containerized applications, the scoped execution can support runtime isolation of a tenant-unaware process from other tenants of the multitenant middleware environment, resulting in multitenant operation of the OS application program. Description of the Figures:
[0005] Figure 1 illustrates a system for supporting multi-tenancy in an application server, cloud, or other environment, in accordance with an embodiment.
[0006] Figure 2 further illustrates a system for supporting multi-tenancy in an application server, cloud, or other environment, in accordance with an embodiment.
[0007] Figure 3 further illustrates a system for supporting multi-tenancy in an application server, cloud, or other environment, in accordance with an embodiment.
[0008] Figure 4 illustrates a domain configuration for use with an exemplary multitenant environment, in accordance with an embodiment.
[0009] Figure 5 further illustrates an exemplary multitenant environment, in accordance an embodiment.
[00010] Figure 6 illustrates a system for tenant scoped execution of a tenant-unaware process, in accordance with an embodiment.
[00011] Figure 7 illustrates a system for tenant scoped execution of a tenant-unaware process, in accordance with an embodiment.
[00012] Figure 8 illustrates a system for tenant scoped execution of a tenant-unaware process, in accordance with an embodiment.
[00013] Figure 9 is a flow chart of an exemplary method for creating environment and resources for tenant scoped execution of a tenant-unaware process, in accordance with an embodiment.
[00014] Figure 10 is a flow chart of an exemplary method for creating and configuring a process builder, in accordance with an embodiment.
[00015] Figure 11 is a flow chart of an exemplary method for multitenant execution of a tenant-unaware OS application from a MT middleware application (e.g., JEE application), in accordance with an embodiment.
[00016] Figure 12 is a flow chart of an exemplary method for supporting tenant scoped execution of a tenant-unaware process invoked from a multitenant middleware application
Detailed Description:
[00017] In accordance with an embodiment, described herein is a system and method for supporting tenant scoped execution (also referred to herein variously as "multitenant execution") of a tenant-unaware (also referred to herein variously as "tenant unaware") process invoked from a multitenant middleware application. An exemplary method can provide a plurality of partitions, and a plurality of tenant-aware (also referred to herein variously as "tenant aware") programs, wherein each of the plurality of tenant-aware programs is associated with a partition. The method can associate each of the plurality of partitions and the plurality of tenant-aware programs with a tenant of a plurality of tenants. The method can invoke the tenant-unaware process from a calling partition of the plurality of partitions, the calling partition being associated with a calling tenant of the plurality of tenants. The method can collect tenancy information about the calling tenant. And, based upon the collected tenancy information, the method can scope execution of the tenant- unaware process to the calling tenant by setting up a process execution environment and resources.
[00018] By using the described systems and methods herein, in accordance with an embodiment, tenant aware JEE applications (e.g., SaaS applications), which include non- Java components running as native programs/processes on operating systems can work in a tenant scoped manner, making the complete application (end-to-end) multitenant aware and isolated. That is, the multi-tenancy support provided within a multitenant application server environment can be supported outside of the MT application server environment on a native OS, and not be restricted to components/programs running within the MT application server environment (e.g., WebLogic MT).
Application Server (e.g., MultiTenant, MT) Environment
[00019] Figure 1 illustrates a system for supporting multi-tenancy in an application server, cloud, or other environment, in accordance with an embodiment.
[00020] As illustrated in Figure 1 , in accordance with an embodiment, an application server (e.g., multitenant, MT) environment 100, or other computing environment which enables the deployment and execution of software applications, can be configured to include and operate according to a domain 102 configuration that is used at runtime to define an application server domain.
[00021] In accordance with an embodiment, the application server can include one or more partitions 104 that are defined for use at runtime. Each partition can be associated with a globally unique partition identifier (ID) and partition configuration, and can further include one or more resource groups 124, together with a reference to a resource group template 126 and/or partition-specific applications or resources 128. Domain-level resource groups, applications and/or resources 140 can also be defined at the domain level, optionally with a reference to a resource group template.
[00022] Each resource group template 160 can define one or more applications A 162, B 164, resources A 166, B 168, and/or other deployable applications or resources 170, and can be referenced by a resource group. For example, as illustrated in Figure 1 , resource group 124 in partition 104 can reference 190 resource group template 160.
[00023] Generally, a system administrator can define partitions, domain-level resource groups and resource group templates, and security realms; while a partition administrator can define aspects of their own partition, for example, by creating partition-level resource groups, deploying applications to the partition, or referencing specific realms for the partition.
[00024] Figure 2 further illustrates a system for supporting multi-tenancy in an application server, cloud, or other environment, in accordance with an embodiment.
[00025] As illustrated in Figure 2, in accordance with an embodiment, a partition 202 can include, for example, a resource group 205 which includes a reference 206 to a resource group template 210, a virtual target (e.g., virtual host) information 207, and a pluggable database (PDB) information 208. A resource group template (e.g., 210) can define, for example, a plurality of applications A 21 1 and B 212, together with resources such as a Java Message Server (JMS) server 213, store-and-forward (SAF) agent 215, mail session component 216, or Java Database Connectivity (JDBC) resource 217.
[00026] The resource group template illustrated in Figure 2 is provided by way of example; in accordance with other embodiments, different types of resource group templates and elements can be provided.
[00027] In accordance with an embodiment, when a resource group within a partition (e.g., 202) references 220 a particular resource group template (e.g., 210), information associated with a particular partition can be used in combination with the referenced resource group template, to indicate a partition-specific information 230, for example a partition-specific PDB information. The partition-specific information can then be used by the application server to configure resources, for example a PDB resource, for use by the partition. For example, partition-specific PDB information associated with partition 202 can be used, by the application server, to configure 232 a container database (CDB) 236 with an appropriate PDB 238, for use by that partition.
[00028] Similarly, in accordance with an embodiment, a virtual target information associated with a particular partition can be used to define 239 a partition-specific virtual target 240, for use by the partition, e.g., baylandurgentcare.com, which can then be made accessible via a uniform resource locator (URL), e.g., http://baylandurgentcare.com.
[00029] Figure 3 further illustrates a system for supporting multi-tenancy in an application server, cloud, or other environment, in accordance with an embodiment.
[00030] In accordance with an embodiment, a system configuration such as a config.xml configuration file, is used to define a partition, including configuration elements for resource groups associated with that partition, and/or other partition properties. Values can be specified per-partition using property name/value pairs. [00031] In accordance with an embodiment, a plurality of partitions can be executed within a managed server / cluster 242, or a similar environment which can provide access to a CDB 243, and which are accessible via a web tier 244. This allows, for example, a domain or partition to be associated with one or more of the PDBs (of the CDB).
[00032] In accordance with an embodiment, each of the plurality of partitions, in this example partition A 250 and partition B 260, can be configured to include a plurality of resources associated with that partition. For example, partition A can be configured to include a resource group 251 which contains an application A1 252, application A2 254, and JMS A 256, together with a datasource A 257 associated with PDB A 259, wherein the partition is accessible via a virtual target A 258. Similarly, partition B 260 can be configured to include a resource group 261 which contains an application B1 262, application B2 264, and JMS B 266, together with a datasource B 267 associated with PDB B 269, wherein the partition is accessible via a virtual target B 268.
[00033] While several of the above examples illustrate use of CDB and PDBs, in accordance with other embodiments, other types of multitenant or non-multitenant databases can be supported, wherein a particular configuration can be provided for each partition, for example through the use of schemas, or the use of different databases.
Resources
[00034] In accordance with an embodiment, a resource is a system resource, application, or other resource or object that can be deployed to a domain of the environment. For example, in accordance with an embodiment, a resource can be an application, JMS, JDBC, JavaMail, WLDF, data source, or other system resource or other type of object that can be deployed to a server, cluster, or other application server target.
Partitions
[00035] In accordance with an embodiment, a partition is a runtime and administrative subdivision or slice of a domain that can be associated with a partition identifier (ID) and configuration, and can contain applications and/or refer to domain-wide resources through the use of resource groups and resource group templates.
[00036] Generally, a partition can contain its own applications, refer to domain wide applications via resource group templates, and have its own configuration. Partitionable entities can include resources, for example JMS, JDBC, JavaMail, WLDF resources, and other components, such as JNDI namespace, network traffic, work managers, and security policies and realms. In the context of a multitenant environment, the system can be configured to provide tenant access to the administrative and runtime aspects of partitions associated with a tenant. [00037] In accordance with an embodiment, each resource group within a partition can optionally reference a resource group template. A partition can have multiple resource groups, and each of them can reference a resource group template. Each partition can define properties for configuration data that is not specified in the resource group templates to which the partition's resource groups refer. This enables the partition to act as a binding of deployable resources defined in a resource group template, to specific values for use with that partition. In some cases, a partition can override configuration information specified by a resource group template.
[00038] In accordance with an embodiment, a partition configuration, as defined for example by a config.xml configuration file, can include a plurality of configuration elements, for example: "partition", which contains the attributes and child elements that define the partition; "resource-group", which contains the applications and resources deployed to the partition; "resource-group-template", which contains applications and resources defined by that template; "jdbc-system-resource-override", which contains a database-specific service name, user name, and password; and "partition-properties", which contains property key values that can be used for macro replacement in resource group templates.
[00039] Upon startup, the system can use the information provided by the configuration file to generate partition-specific configuration elements for each resource, from the resource group template.
Resource Groups
[00040] In accordance with an embodiment, a resource group is a named, fully- qualified collection of deployable resources that can be defined either at a domain or partition level, and can reference a resource group template. The resources in a resource group are considered fully-qualified in that the administrator has provided all of the information needed to start or connect to those resources, for example the credentials for connecting to a data source, or the targeting information for an application.
[00041] A system administrator can declare resource groups at the domain level, or at the partition level. At the domain level, a resource group provides a convenient way to group related resources. The system can manage resources declared in a domain-level resource group the same as ungrouped resources, so that the resources can be started during system start-up, and stopped during system shut-down. An administrator can also stop, start, or remove a resource in a group individually, and can act on all the resources in a group implicitly by operating on the group. For example, stopping a resource group stops all of the resources in the group that are not already stopped; starting the resource group starts any resources in the group that are not already started; and removing the resource group removes all of the resources contained in the group. [00042] At the partition level, a system or partition administrator can configure zero or more resource groups in a partition, subject to any security restrictions. For example, in a SaaS use case, various partition-level resource groups can refer to domain-level resource group templates; while in a PaaS use case, partition-level resource groups can be created that do not refer to resource group templates, but instead represent applications and their related resources that are to be made available within that partition only.
[00043] In accordance with an embodiment, resource grouping can be used to group together applications and the resources they use as a distinct administrative unit within the domain. For example, in the medical records (MedRec) application described below, a resource grouping defines the MedRec application and its resources. Multiple partitions can run the same MedRec resource group, each using a partition-specific configuration information, such that the applications that are part of each MedRec instance are made specific to each partition. Resource Group Templates
[00044] In accordance with an embodiment, a resource group template is a collection of deployable resources that are defined at a domain level, that can be referenced from a resource group, and some of the information required to activate its resources may not be stored as part of the template itself, such that it supports the specification of partition level configuration. A domain can contain any number of resource group templates, each of which can include, for example, one or more related Java applications and the resources on which those applications depend. Some of the information about such resources may be the same across all partitions, while other information may vary from one partition to the next. Not all configuration need be specified at the domain level - partition level configuration can instead be specified in the resource group template through the use of macros, or property name/value pairs.
[00045] In accordance with an embodiment, a particular resource group template can be referenced by one or more resource groups. Generally, within any given partition, a resource group template can be referenced by one resource group at a time, i.e., not simultaneously by multiple resource groups within the same partition; however, it can be referenced at the same time by another resource group in a different partition. The object containing the resource group, e.g., the domain or partition, can use property name/value assignments to set the value of any tokens in the resource group template. When the system activates a resource group template using a referencing resource group, it can replace those tokens with values set in the resource group's containing object. In some cases, the system can also use statically-configured resource group templates and partitions to generate runtime configuration for each partition/template combination. [00046] For example, in a SaaS use case, the system can activate the same applications and resources multiple times, including once for each partition that will use them. When an administrator defines a resource group template they can use tokens to represent the information that will be supplied elsewhere. For example, the username to use in connecting to a CRM-related data resource can be indicated in the resource group template as \${CRMDataUsername}.
Tenants
[00047] In accordance with an embodiment, in a multitenant environment, such as a multitenant (MT) application server environment, a tenant is an entity that can be represented by, or otherwise associated with, one or more partitions and/or one or more tenant-aware applications.
[00048] For example, tenants can represent distinct user organizations, such as different external companies, or different departments within a particular enterprise (e.g., HR and Finance departments), each of which can be associated with a different partition. A tenant globally unique identity (tenant ID) is the association of a particular user, at a particular moment in time, with a particular tenant. The system can derive which tenant a particular user belongs to from the user identity, for example by referring to a user identity store. The user identity enables the system to enforce those actions that a user is authorized to perform, including, but not limited to, which tenant the user may belong.
[00049] In accordance with an embodiment, the system enables isolation of the administration and runtime of different tenants from each other. For example, tenants can configure some behaviors of their applications, and resources to which they have access. The system can ensure that a particular tenant cannot administer artifacts belonging to another tenant; and, at runtime, that the applications working on behalf of a particular tenant refer only to resources associated with that tenant, and not to resources associated with other tenants.
[00050] In accordance with an embodiment, a tenant - unaware application is one that contains no logic dealing with tenants explicitly, such that any resources that the application uses may be accessible regardless of what user submitted a request to which the application is responding. In contrast, a tenant-aware application includes logic that explicitly deals with tenants. For example, based on a user's identity the application can derive the tenant to which the user belongs and use that information to access tenant - specific resources.
[00051] In accordance with an embodiment, the system enables users to deploy applications that are explicitly written to be tenant-aware, so that application developers can obtain the tenant ID of a current tenant. The tenant-aware application can then use the tenant ID to handle multiple tenants that are using a single instance of the application. [00052] For example, the MedRec application, which supports a single doctor's office or hospital, can be exposed to two different partitions or tenants, e.g., a Bayland Urgent Care tenant, and a Valley Health tenant, each of which is able to access separate tenant-specific resources, such as separate PDBs, without changing the underlying application code.
Exemplary Domain Configuration and MultiTenant Environment
[00053] In accordance with an embodiment, applications can be deployed to a resource group template at the domain level, or to a resource group that is scoped to a partition or scoped to the domain. Application configuration can be overridden using deployment plans specified per-application, or per-partition.
[00054] Figure 4 illustrates a domain configuration for use with an exemplary multitenant environment, in accordance with an embodiment.
[00055] In accordance with an embodiment, when the system starts a partition, it creates virtual targets (e.g., virtual hosts) and connection pools, including one for each partition, to respective database instances, according to the provided configuration.
[00056] Typically, each resource group template can include one or more related applications and the resources on which those applications depend. Each partition can provide configuration data that is not specified in the resource group templates to which it refers, by providing a binding of the deployable resources in resource group templates to specific values associated with the partition; including, in some cases, overriding certain configuration information specified by the resource group template. This enables the system to activate an application represented by a resource group template differently for each partition, using the property values each partition has defined.
[00057] In some instances, a partition may contain resource groups that do not refer to resource group templates, or that directly define their own partition-scoped deployable resources. Applications and data sources that are defined within a partition are generally available only to that partition. Resources can be deployed so that they can be accessed from across partitions using partition:<partitionName>/<resource JNDI name>, or domain:<resource JNDI name>.
[00058] For example, a MedRec application can include a plurality of Java applications, a data source, a JMS server, and a mail session. To run the MedRec application for multiple tenants, the system administrator can define a single MedRec resource group template 286, declaring those deployable resources in the template.
[00059] In contrast to domain-level deployable resources, the deployable resources declared in a resource group template may not be fully configured in the template, or cannot be activated as-is, since they lack some configuration information.
[00060] For example, the MedRec resource group template may declare a data source used by the applications, but it may not specify a URL for connecting to the database. Partitions associated with different tenants, for example, partition BUC-A 290 (Bayland Urgent Care, BUC) and partition VH-A 292 (Valley Health, VH) can reference one or more resource group templates, by each including a MedRec resource group 293, 294 that references 296, 297 the MedRec resource group template. The reference can then be used to create 302, 306, the virtual targets / virtual hosts for each tenant, including a virtual host baylandurgentcare.com 304 associated with the BUC-A partition, for use by the Bayland Urgent Care tenant; and a virtual host valleyhealth.com 308 associated with the VH-A partition, for use by the Valley Health tenant.
[00061] Figure 5 further illustrates an exemplary multitenant environment, in accordance with an embodiment. As illustrated in Figure 5, and continuing the example from above, in which two partitions reference the MedRec resource group template, in accordance with an embodiment, a servlet engine 310 can be used to support a plurality of tenant environments, in this example a Bayland Urgent Care Physician tenant environment 320, and a Valley Health Physician tenant environment 330.
[00062] In accordance with an embodiment, each partition 321 , 331 can define a different virtual target on which to accept incoming traffic for that tenant environment, and a different URL 322, 332 for connecting to the partition and to its resources 324, 334, including in this example either a Bayland Urgent Care database, or a Valley Health database respectively. The database instances can use compatible schemas, since the same application code will execute against both databases. When the system starts the partitions, it can create the virtual targets and connection pools to the respective database instances.
Tenant Scoped Execution of OS Programs
[00063] In accordance with an embodiment, the methods and systems described herein can support tenant scoped execution of OS (i.e., tenant-unaware) programs, applications, and processes (variously referred to herein after as "OS programs", "OS applications", "OS processes", "non-tenant aware programs", "non-tenant aware applications", and "non-tenant aware processes").
[00064] Typically, when applications are executed within a MT environment, the applications are tenant scoped, meaning that the libraries and resources accessed by the tenant aware programs are isolated from, for example, other tenants within the MT environment.
[00065] However, when a tenant aware program operating in an MT environment calls a tenant-unaware application (e.g., C, C++, Perl . . . etc.) operating on a native OS, an issue can arise in that there is little or no isolation between these programs operating on the OS. That is, a general purpose operating system has no notion of tenancy and is unaware of tenancy (i.e., tenancy information associated with the originating call from the MT application) associated with the MT application (i.e., JEE application). This can lead to execution of OS programs within a common environment and using shared OS resources (e.g., files, processes, databases), which in turn can lead to loss of tenant context as well as runtime separation/isolation, when separate tenant applications call an outside OS application (e.g., tenant unaware application).
[00066] Figure 6 illustrates a system for tenant scoped execution of a tenant-unaware process, in accordance with an embodiment. As shown in Figure 6, a Multitenant Application Server Environment 600 (e.g., WebLogic Multitenant) can comprises a number of tenant partitions, such as tenant 1 partition 601 and tenant 2 partition 605. Both tenant 1 partition and tenant 2 partition can be associated with an application, such as a JEE application 602, 606, respectively, which are associated with a datasource 603, 607, respectively, which allows access to each tenant's respective database 604, 608, respectively.
[00067] In accordance with an embodiment, an application, such as a JEE application associated with tenant 2, can invoke an OS program (invoke process) that is located outside of a Multitenant Application Server in, for example, a native OS 610. This can occur, for example, when there are components of MT applications that are not confined to the MT application server (e.g., Perl script, C programs...etc.). Such applications (i.e., those MT applications that also rely external OS components that run outside of the MT application server to perform) can be referred to as composite applications. The JEE application associated with tenant 2 runs in a MT environment and has tenant context associated at runtime.
[00068] In accordance with an embodiment, when a MT application (e.g., a JEE application), invokes an OS program/application (i.e., process 620), the MT application can set up a number of variables 625 (i.e., environment variables) in order to extend/propagate the tenant context that is available to the JEE application. These variables can include a tenant ID, a tenant name; a tenant filesystem (TFS) root; a process work directory, under TFS, with input and output sub-directories; a tenant DB connect string, and a tenant LDAP (lightweight directory access protocol) directory URL.
[00069] In accordance with an embodiment, the MT application server can manage a virtual tenant filesystem 630 for each tenant that has been on-boarded into the MT application server environment 600. This virtual tenant filesystem can be created/set up as part of an application server administration when a tenant is on-boarded. The virtual tenant filesystems are part of the OS 610, with one virtual tenant filesystem for each tenant currently active in the MT application server environment.
[00070] In accordance with an embodiment, when an MT application (e.g., JEE application) invokes an OS process (i.e., tenant unaware process), the MT application can additionally create a temporary process work directory under the tenant's virtual filesystem. If more than one OS process is invoked by an MT application, the MT application can create one temporary work directory for each OS process invoked. The MT application, in creating the temporary work directory under the virtual filesystem, can additionally create (for each OS process invoked) subdirectories under the temporary work directory for input, output, error and database directories. These subdirectories can accept redirected stdin (input stream), stdout (output stream) and stderr (error stream) of the invoked OS process. Each input subdirectory can be set up with process input files. Each output subdirectory can be responsible for capturing process output files. Each error subdirectory can be responsible for capturing process error (e.g., stderr) messages. The virtual tenant-specific filesystems can be associated with a native storage, such as OS storage 640.
[00071] In accordance with an embodiment, a process builder can comprise an API (e.g., Java ProcessBuilder API) that allows a client to specify a command line for an OS program/application to execute, configure environment variables to set up in the process environment, configure a process work directory, and redirect the process input, output, and error streams to files on a file system. The process builder can allow certain process characteristics to be set up or configured before a process (i.e., OS process) is started, such as a process environment, a process working directory, and process input stream/output stream/error stream re-direction.
[00072] In accordance with an embodiment, when a MT application invokes an OS process, it can create and utilize a process builder (e.g., process builder instance). The tenancy context from the MT application can be propagated as part of the process builder API invocation, including setting environmental variables and creating and configuring the process work directory. By utilizing the environment variables along with the process work directory, the process builder can be configured in order to assign resources (environment variables, process work directory, redirected input/out files, a database connect descriptor, LDAP directory, wallet) that allows the tenant unaware process (e.g. OS process) to be scoped/confined in its execution within the tenancy context. In this way, the tenant unaware process (e.g., OS process) gets a work directory that is specific to the invoking tenant and under the tenant designated virtual filesystem and isolated from the files and resources created or owned by other tenants of the MT application server environment 600.
[00073] In accordance with an embodiment, the tenant unaware process is assigned a tenant-specific folder under the OS file-system for redirected process I/O streams, connects to the database associated with the tenant using tenant-specific access credentials, and uses tenant LDAP directory. A tenant-specific database connect string/descriptor can allow programs to transparently work with the tenant database. Tenant-specific credentials can be configured in a wallet set up under a database subdirectory of the process work directory in the tenant's virtual filesystem.
[00074] In accordance with an embodiment, after a virtual tenant filesystem has been created for the calling MT application from a calling partition (associated with a tenant, sometimes referred to as a "calling tenant"), the streams (e.g., input stream, output stream, error stream) associated with the tenant unaware process can be redirected to the respective input, output and error subdirectories under the process work directory in the tenant's virtual filesystem.
[00075] In this way, the tenancy context, environment and data associated with separate tenants invoking OS programs can be kept discrete and separated from each other, thus allowing for scoped processing of an OS application (tenant unaware) executing based upon a call from inside of a MT container (e.g., from a JEE program executing on behalf of a partition within the MT container).
[00076] In accordance with an embodiment, once the tenant unaware process completes execution, the MT application running in the MT application server environment can retrieve the process output and clean up the process work directory.
[00077] In accordance with an embodiment, the MT application can get the process exitValue status code (e.g., from java Process object exitValue() method) to find if the program executed successfully. It can also retrieve the redirected stdout and stderr files under the output and error sub-folders, to examine if the process execution was successful. The results updated in the tenant database can be directly accessed from the database by the MT application running in the partition, once the tenant unaware process execution completes.
[00078] In accordance with an embodiment, the MT application can also delete the process work directory and its sub-folders, which cleans up the output files and the db files, such as the wallet.
[00079] In accordance with an embodiment, the environment variables configured at the MT application that calls the OS program can comprise: a tenant ID, a tenant name; a tenant filesystem (TFS) root; a process work directory, under TFS, with input, output, and error sub-directories; a tenant DB connect string, and a tenant LDAP (lightweight directory access protocol) directory URL.
[00080] In accordance with an embodiment, using a process builder configuration, a tenant-unaware OS program can be assigned resources (environment variables, process work directory, redirected input/output files, a DB connect descriptor, LDAP directory, and wallet) that scope/confine its execution within a tenant context.
Multitenant Execution of OS Programs - Containerized Applications
[00081] In accordance with an embodiment, the methods and systems described herein can support multitenant execution of tenant unaware processes (i.e., OS processes) by using a containerized application to provide tenant isolation at runtime.
[00082] In accordance with an embodiment, the present disclosure can utilize containerized applications to provide tenant isolation during runtime of tenant unaware processes.
[00083] In accordance with an embodiment, a containerized application or process is an application that is packaged as a container and comprises the necessary information for the application to run, such as OS base image, application executables, and libraries. A containerized application can be a portable application that can be shared among Linux distributions using the same Linux kernel, such a Linux kernel 750. A containerized application can be created such that if a developer creates a portable/containerized application and shares the image, and assuming the same linux kernel, the system that the containerized application was shared with can download the containerized application image from a container image registry or repository and spin off a container to run the containerized application. At this point, the application will be available on the destination host isolated from other containers and from the OS, and it can still be available with the required libraries (e.g., the same versions of the libraries that the developer of the application/process intended). Then, there can be another containerized application instance that uses the same versions of the libraries, but it will run separately. Docker is an example of such a container framework/infrastructure.
[00084] Figure 7 illustrates a system for multitenant execution of a tenant-unaware process, in accordance with an embodiment. Figure 7 depicts multitenant execution of OS programs, called from a MT application, using containerized OS applications executing in an OS that supports software containers.
[00085] As shown in Figure 7, a MT application server environment 600 (e.g., WebLogic Multitenant) can comprises a number of tenant partitions, such as tenant 1 partition 601 and tenant 2 partition 605. Both tenant 1 partition and tenant 2 partition can be associated with an application, such as a JEE application 602, 606, respectively, which are associated with a datasource 603, 607, respectively, which allows access to each tenant's respective database 604, 608, respectively.
[00086] In accordance with an embodiment, when a MT application (e.g., a JEE application), invokes a tenant unaware application (e.g., as a containerized application), the MT application can set up a number of variables (i.e., environment variables) in order to extend/propagate the tenant context that is available to the JEE application. These variables can include a tenant ID, a tenant name; a tenant filesystem (TFS) root; a process work directory, under TFS, with input, output, and error sub-directories; a tenant DB connect string, and a tenant LDAP (lightweight directory access protocol) directory URL. [00087] In accordance with an embodiment, the MT application server can manage a virtual tenant filesystem 735 for each tenant that has been on-boarded into the MT application server environment 600. This virtual tenant filesystem can be created/set up as part of an application server administration when a tenant is on-boarded. The virtual tenant filesystems are part of the OS 610, with one virtual tenant filesystem for each tenant currently active in the MT application server environment.
[00088] In accordance with an embodiment, when an MT application (e.g., JEE application) invokes a tenant unaware application, the MT application can additionally create a temporary process work directory (also referred to herein as "process work directory") under the tenant's virtual filesystem. If more than one tenant unaware application is invoked by an MT application, the MT application can create one process work directory for each tenant unaware application invoked. The MT application, in creating the process work directory under the virtual filesystem, can additionally create (for each tenant unaware application invoked) subdirectories under the process work directory for input, output, error and database directories. These subdirectories can accept redirected stdin (input stream), stdout (output stream) and stderr (error stream) of the invoked OS process. Each input subdirectory can set up with process input files. Each output subdirectory can be responsible for capturing process output files. Each error subdirectory can be responsible for capturing process error (e.g., stderr) messages. The virtual tenant-specific filesystems can be associated with a native storage, such as OS storage 736.
[00089] In accordance with an embodiment, a process builder, which can be utilized by an MT application, can comprise an API (e.g., Java ProcessBuilder API) that allows a client to specify a command line for a tenant unaware application to execute, configure environment variables to set up in the process environment, configure a process work directory, and redirect the process input, output, and error streams to files on a file system. The process builder can allow certain process characteristics to be set up or configured before a process (i.e., tenant unaware application) is started, such as a process environment, a process working directory, and process input stream/output stream/error stream redirection.
[00090] In accordance with an embodiment, when a MT application invokes a tenant unaware application, it can create and utilize a process builder (e.g., process builder instance). The tenancy context from the MT application can be propagated as part of the process builder API invocation, including setting environmental variables and creating the temporary process work directory. By utilizing the environment variables along with the temporary process work directory, the process builder can be configured in order to assign resources (environment variables, process work directory, redirected input/output/error streams, a database connect descriptor, LDAP directory, wallet) that allows the tenant unaware application to be scoped/confined in its execution within the tenancy context. In this way, the tenant unaware application gets a work directory that is specific to the invoking tenant and under the tenant designated virtual filesystem and isolated from the files created or owned by other tenants of the MT application server environment 600.
[00091] In accordance with an embodiment, the tenant unaware application is assigned a tenant-specific folder under the OS file-system for redirected process I/O streams, connects to the database associated with the tenant using tenant-specific access credentials, and uses tenant-specific LDAP directory. A tenant-specific database connect string/descriptor can allow programs to transparently work with the tenant database. Tenant- specific credentials can be configured in a wallet set up under the database subdirectory under the process work directory in the tenant's virtual filesystem.
[00092] In accordance with an embodiment, after a virtual tenant filesystem has been created for the calling MT application from a calling partition (associated with a tenant, sometimes referred to as a "calling tenant"), the streams (e.g., input stream, output stream, error stream) associated with the tenant unaware application (e.g., containerized application) can be redirected to the respective input, output and error subdirectories under the process work directory in the tenant's virtual filesystem.
[00093] In accordance with an embodiment, the tenant unaware application (which is invoked from an MT application, such as a JEE application calling from tenant 2's partition) can be packaged as a containerized application. In an exemplary process, a MT application can invoke an OS program. In such a case, a process builder (e.g., Java ProcessBuilder) can invoke the containerized application. Container frameworks provide a lightweight container virtualization technology. One such container framework is Docker.
[00094] In accordance with an embodiment, the container runtime, such as Docker, defines a format for packaging an application and all of the application's dependencies into a single image. This image can be transferred to any Docker-enabled machine, where it can be executed with the guarantee that the execution environment exposed to the application will be the same.
[00095] Using an OS with a container framework, such as Docker, the system can create an application container image that includes a base OS (e.g., Ubuntu) along with a layered filesystem that contains the application binaries and required libraries and components. The image can be self-contained and portable allowing it to run the application, without any dependencies on the host, when the containerized application is launched.
[00096] In accordance with an embodiment, a MT application (i.e., JEE application 606) can invoke a tenant unaware application by launching a container process (e.g., Docker or Rocket). A container client 720, such as a Docket Client, be invoked by an MT Application using the Process Builder (e.g., a JEE application 606 running in tenant 2's partition 605) to launch an OS (tenant unaware) application with the tenancy context from the originator of the request (i.e., the JEE application). The container client can invoke a container daemon 725, such as a Docker daemon. The container daemon can then download and launch an application image 740 of the requested containerized application from the JEE application. The application image 740 can comprise a base OS (e.g., Ubuntu) along with a layered filesystem that contains the application binaries and required libraries and components. The application image can be self-contained and portable, allowing it to run an application without any dependencies on the host. In addition, the containerized application can run as isolated instances. The containerized applications run on the same OS, but execute in isolation, meaning that two or more tenants can run different instances of the same application in isolation as separate containers.
[00097] In accordance with an embodiment, when a container is created (by the container daemon), and an application image is loaded into the container to run the containerized application 730, the application can then be run without any dependencies on the host.
[00098] In accordance with an embodiment, the containerized application 730 can communicate (I/O) with tenant's virtual tenant filesystem 735 (based upon the tenant context, for example, tenant 2's partition, which in turn can communicate with the OS storage 736).
[00099] In accordance with an embodiment, a containerized application operating on behalf of a tenant, e.g., tenant 2, can access the tenant's database 608 with the necessary credentials.
[000100] In accordance with an embodiment, the MT application can get the process exitValue status code (e.g., from java Process object exitValue() method) to find if the program executed successfully. It can also retrieve the redirected stdout and stderr files under the output and error sub-folders, to examine if the process execution was successful. The results updated in the tenant database can be directly accessed from the database by the MT application running in the partition, once the tenant unaware containerized application execution completes.
[000101] In accordance with an embodiment, the MT application can also delete the process work directory and its sub-folders, which cleans up the output files and the db files, such as the wallet.
[000102] Figure 8 illustrates a system for multitenant execution of a tenant-unaware process, in accordance with an embodiment. Figure 8 depicts multitenant execution of OS programs, called from a MT application, using containerized OS applications executing in containers.
[000103] As shown in Figure 8, a MT application server environment 600 (e.g., WebLogic Multitenant) can comprises a number of tenant partitions, such as tenant 1 partition 601 and tenant 2 partition 605. Both tenant 1 partition and tenant 2 partition can be associated with an application, such as a JEE application 602, 606, respectively, which are associated with a datasource 603, 607, respectively, which allows access to each tenant's respective database 604, 608, respectively.
[000104] In accordance with an embodiment, when a MT application (e.g., a JEE application), invokes a tenant unaware application (e.g., as a containerized application), the MT application can set up a number of variables (i.e., environment variables) in order to extend/propagate the tenant context that is available to the JEE application. These variables can include a tenant ID, a tenant name; a tenant filesystem (TFS) root; a process work directory, under TFS, with input and output sub-directories; a tenant DB connect string, and a tenant LDAP (lightweight directory access protocol) directory URL.
[000105] In accordance with an embodiment, the MT application server can manage a virtual tenant filesystem 735 for each tenant that has been on-boarded into the MT application server environment 600. This virtual tenant filesystem can be created/set up as part of an application server administration when a tenant is on-boarded. The virtual tenant filesystems are part of the OS 610, with one virtual tenant filesystem for each tenant currently active in the MT application server environment.
[000106] In accordance with an embodiment, when an MT application (e.g., JEE application) invokes a tenant unaware application, the MT application can additionally create a temporary process work directory under the tenant's virtual filesystem. If more than one tenant unaware application is invoked by an MT application, the MT application can create one process work directory for each tenant unaware application invoked. The MT application, in creating the process work directory under the virtual filesystem, can additionally create (for each tenant unaware application invoked) subdirectories under the process work directory for input, output, error and database directories. These subdirectories can accept redirected (stdin) input streams, (stdout) output streams and (stderr) error streams. Each input subdirectory can be responsible for set up with process input files. Each output subdirectory can be responsible for capturing process output files. Each error subdirectory can be responsible for capturing process error (e.g., stderr) messages. The virtual tenant-specific filesystems can be associated with a native storage, such as OS storage 736.
[000107] In accordance with an embodiment, a process builder can comprise an API (e.g., Java ProcessBuilder API) that allows a client to specify a command line for a tenant unaware application to execute, configure environment variables to set up in the process environment, configure a process work directory, and redirect the process input, output, and error streams to files on a file system. The process builder can allow certain process characteristics to be set up or configured before a process (i.e., tenant unaware application) is started, such as a process environment, a process working directory, and process input stream/output stream/error stream re-direction.
[000108] In accordance with an embodiment, when a MT application invokes a tenant unaware application, it can create and utilize a process builder (e.g., process builder instance). The tenancy context from the MT application can be propagated as part of the process builder API invocation, including setting environmental variables. The MT application can create a process work directory and sub-directories (input, output, error, and database) under the VTFS (virtual tenant filesystem). The MT application can then use the process builder API to configure the environment variables, process work directory with the temp process work directory path, redirected streams. By utilizing the environment variables along with the process work directory, the process builder can be configured in order to assign resources (environment variables, process work directory, redirected input/out files, a database connect descriptor, LDAP directory, wallet) that allows the tenant unaware application to be scoped/confined in its execution within the tenancy context. In this way, the tenant unaware application gets a work directory that is specific to the invoking tenant and under the tenant designated virtual filesystem and isolated from the files created or owned by other tenants of the MT application server environment 600.
[000109] In accordance with an embodiment, the tenant unaware application uses a tenant-specific folder under the OS file-system for I/O operations, connects to the database associated with the tenant using tenant-specific access credentials, and uses tenant LDAP directory. A tenant-specific database connect string/descriptor can allow programs to transparently work with the tenant database. Tenant-specific credentials can be configured in a wallet set up under the database subdirectory within the process work directory in the tenant's virtual filesystem.
[000110] In accordance with an embodiment, after a virtual tenant filesystem has been created for the calling MT application from a calling partition (associated with a tenant, sometimes referred to as a "calling tenant"), the streams (e.g., input stream, output stream, error stream) associated with the tenant unaware application (e.g., containerized application) can be redirected to the respective sub-folders under the process work directory in the tenant's virtual filesystem.
[000111] In accordance with an embodiment, the tenant unaware application (which is called from an MT application, such as a JEE application calling from tenant 2's partition) can be packaged as a containerized application. In an exemplary process, a MT application can invoke an OS program. In such a case, the process builder API is configured by the MT application to invoke a container process. One such container framework/infrastructure is Docker.
[000112] In accordance with an embodiment, the container framework/infrastructure, such as Docker, can define a format for packing an application and all its dependencies into a single image. This image can be uploaded to a Docker hub/repository, from where it can be downloaded and executed with the guarantee that the execution environment exposed to the application will be the same.
[000113] In accordance with an embodiment, using a container framework, such as Docker, the system can download a previously created container image 815 from an application image library 810. The application image 815 can include a base OS (e.g., Ubuntu) along with a layered filesystem that contains the application binaries and required libraries and components. The image can be self-contained and portable allowing it to run the application, without any dependencies on the host, when the container is created and application launched within it.
[000114] In accordance with an embodiment, the application image library 815 can be set up on a host local file system, and can include a number of containerized application images (e.g., .tar files) for desired programs and applications that can be invoked from applications running within a MT application server. Such application images can include, for example, commonly requested OS programs and applications.
[000115] In accordance with an embodiment, a MT application (i.e., JEE application 606) can invoke a tenant unaware application by launching a container process (e.g., Docker or Rocket). A container client 720, such as a Docket Client, can be invoked by the MT Application using the Process Builder (e.g., a JEE application 606 running in tenant 2's partition 605) to launch an OS (tenant unaware) application with the tenancy context from the originator of the request (i.e., the JEE application). The container client can invoke a container daemon 725, such as a Docker daemon. The container daemon can then download and launch an application image 740 of the requested containerized application from the JEE application. The application image 740 can comprise a base OS (e.g., Ubuntu) along with a layered filesystem that contains the application binaries and required libraries and components. The application image can be self-contained and portable, allowing it to run an application without any dependencies on the host. In addition, the containerized application can run as isolated instances. The containerized applications run on the same OS, but execute in isolation, meaning that two or more tenants can run different instances of the same application in isolation as separate containers.
[000116] In accordance with an embodiment, the container repository 810 can be populated with a number of application images 815. These application images can pre- populated into the application image library, or, can also be saved into the application image library after the container process of Figure 8 creates an application image.
[000117] In accordance with an embodiment, when a container is created (by the container daemon), and an application image is loaded into the container to run the containerized application 730, the application can then be run without any dependencies on the host.
[000118] In accordance with an embodiment, the containerized application 730 can communicate (I/O) with tenant's virtual tenant filesystem 735 (based upon the tenant context, for example, tenant 2's partition, which in turn can communicate with the OS storage 736).
[000119] In accordance with an embodiment, a containerized application operating on behalf of a tenant, e.g., tenant 2, can access the tenant's database 608 with the necessary credentials.
[000120] In accordance with an embodiment, the MT application can get the process exitValue status code (e.g., from java Process object exitValue() method) to find if the program executed successfully. It can also retrieve the redirected stdout and stderr files under the output and error sub-folders, to examine if the process execution was successful. The results updated in the tenant database can be directly accessed from the database by the MT application running in the partition, once the tenant unaware containerized application execution completes.
[000121] In accordance with an embodiment, the MT application can also delete the process work directory and its sub-folders, which cleans up the output files and the db files, such as the wallet.
[000122] Figure 9 is a flow chart of an exemplary method for creating environment and resources for tenant scoped execution of a tenant unaware process, in accordance with an embodiment. At step 910, a process work directory can be created under a tenant file system (e.g., the virtual tenant filesystem). At step 920, subdirectories under the process work directory can be created for input, output, error and database folders. At step 930, the input folder can be set up with data files. At step 940, the database folder can be set up with tenant database configuration files and credentials (e.g., a wallet). At step 950, the environment can be finalized for the tenant unaware applications (e.g., OS applications/processes) to execute based on tenant context.
[000123] Figure 10 is a flow chart of an exemplary method for creating and configuring a process builder to launch a containerized application, in accordance with an embodiment. At step 1010, a process builder instance (e.g., Java ProcessBuilder API) can be created. At step 1020, the process environment can be configured (e.g., with tenant context). At step 1030, the process work directory can be configured. At step 1040, the method can configure an executable command line to launch a containerized application. At step 1050, streams from the containerized application, such as input stream, output stream, and error stream, can be redirected to the input, output, and error subdirectories of the process work directory.
[000124] Figure 11 is a flow chart of an exemplary method for multitenant execution of a tenant unaware OS application from a MT middleware application (e.g., JEE application), in accordance with an embodiment. As a prerequisite to this exemplary method, an OS application (i.e., the OS application meant to be invoked from the MT application server environment) can be packaged as a containerized application (e.g., containerized application image). At step 1 110, a process environment and resources for tenant scoped execution can be created, as identified by the flow chart in Figure 9. At step 1120, a process builder (e.g., Java ProcessBuilder API instance) can be created and configured, as identified by the flow chart in Figure 10. At step 1130, the method can invoke the containerized OS application process using the process builder start method. This step creates the configured tenant-specific execution environment and starts the container process. The containerized application can run with the tenant-specific environment and resources, with runtime isolation from other containers & OS processes, enforced by the container runtime. At step 1140, the method can wait for the containerized application process execution to complete. At step 1150, retrieve the process output from the stdout file of the process work directory as well as the process output from the tenant database, perform any necessary post processing, and update a tenant-specific database with results. At step 1160, the method can delete and clean up the process work directory and its contents.
[000125] Figure 12 is a flow chart of an exemplary method for supporting tenant scoped execution of a tenant-unaware process invoked from a multitenant middleware application. At step 1210, the method can provide, at one or more computers, including an application server environment executing thereon, a plurality of partitions, wherein each partition provides an administrative and runtime subdivision of a domain, and a plurality of tenant-aware programs, wherein each of the plurality of tenant-aware programs is associated with a partition of the plurality of partitions.
[000126] At step 1220, the method can associate each of the plurality of partitions and the plurality of tenant-aware programs with a tenant of a plurality of tenants, for use by the tenant.
[000127] At step 1230, the method can invoke the tenant-unaware process from a calling partition of the plurality of partitions, the calling partition being associated with a calling tenant of the plurality of tenants.
[000128] At step 1240, the method can collect tenancy information about the calling tenant.
[000129] At step 1250, the method can, based upon the collected tenancy information, scope execution of the tenant-unaware process to the calling tenant, wherein scoping execution allows for isolation of the execution of the tenant-unaware process scoped to the calling tenant from other tenants of the multitenant middleware environment.
[000130] The present invention may be conveniently implemented using one or more conventional general purpose or specialized digital computer, computing device, machine, or microprocessor, including one or more processors, memory and/or computer readable storage media programmed according to the teachings of the present disclosure. Appropriate software coding can readily be prepared by skilled programmers based on the teachings of the present disclosure, as will be apparent to those skilled in the software art.
[000131] In some embodiments, the present invention includes a computer program product which is a non-transitory storage medium or computer readable medium (media) having instructions stored thereon/in which can be used to program a computer to perform any of the processes of the present invention. The storage medium can include, but is not limited to, any type of disk including floppy disks, optical discs, DVD, CD-ROMs, microdrive, and magneto-optical disks, ROMs, RAMs, EPROMs, EEPROMs, DRAMs, VRAMs, flash memory devices, magnetic or optical cards, nanosystems (including molecular memory ICs), or any type of media or device suitable for storing instructions and/or data.
[000132] The foregoing description of the present invention has been provided for the purposes of illustration and description. It is not intended to be exhaustive or to limit the invention to the precise forms disclosed. Many modifications and variations will be apparent to the practitioner skilled in the art. The modifications and variations include any relevant combination of the disclosed features. The embodiments were chosen and described in order to best explain the principles of the invention and its practical application, thereby enabling others skilled in the art to understand the invention for various embodiments and with various modifications that are suited to the particular use contemplated. It is intended that the scope of the invention be defined by the following claims and their equivalents.

Claims

Claims:
What is claimed is: 1. A method for supporting tenant scoped execution of a tenant-unaware process invoked from a multitenant middleware application, comprising:
providing, at one or more computers, including an application server environment executing thereon:
a plurality of partitions, wherein each partition provides an administrative and runtime subdivision of a domain, and
a plurality of tenant-aware programs, wherein each of the plurality of tenant- aware programs is associated with a partition of the plurality of partitions;
associating each of the plurality of partitions and each of the plurality of tenant-aware programs with a tenant of a plurality of tenants, for use by the tenant;
invoking the tenant-unaware process from a calling partition of the plurality of partitions, the calling partition being associated with a calling tenant of the plurality of tenants;
collecting tenancy information about the calling tenant;
creating, based upon the collected tenancy information about the calling tenant, a tenant-specific virtual filesystem; and
based upon the collected tenancy information, scoping execution of the tenant- unaware process to the calling tenant by setting up a process execution environment and resources, wherein scoping execution of the tenant-unaware process to the calling tenant comprises:
redirecting streams of the tenant-unaware process to the tenant-specific virtual filesystem, wherein streams of the tenant-unaware process comprise at least one of an input stream, an output stream, and an error stream;
wherein scoping execution allows for isolation of the execution of the tenant-unaware process scoped to the calling tenant from other tenants of the multitenant middleware environment.
2. The method of claim 1 , wherein the multitenant middleware application is associated with the calling partition of the plurality of partitions, and wherein the multitenant middleware application passes the tenancy information in connection with invoking the tenant-unaware process.
3. The method of claim 1 or 2, further comprising: creating a process work directory under the tenant-specific virtual filesystem, wherein the process work directory comprises an input subdirectory, an output subdirectory, a database subdirectory, and an error subdirectory.
4. The method of claim 3, further comprising:
setting up the input subdirectory with at least one data file; and
setting up the database subdirectory with a wallet, the wallet comprising configuration files and credentials associated with the calling tenant.
5. The method of claim 4, further comprising:
after completion of the tenant-unaware process, accessing, by the tenant-unaware process, a tenant-specific database, wherein access is granted via the wallet; and
after completion of the tenant-unaware process and accessing, by the tenant- unaware process, a tenant-specific database, cleaning up the tenant-specific virtual filesystem, wherein cleaning up the tenant-specific virtual filesystem comprises deleting the process work directory.
6. The method of any of claims 3 to 5, wherein the streams of the tenant-unaware process are respectively redirected to the input subdirectory, output subdirectory, and error subdirectory of the process work directory.
7. The method of any preceding claim, wherein the tenant-unaware process invoked from the calling partition of the plurality of partitions is part of a composite application, the composite application further comprising a tenant-aware application running in the context of the calling partition of the plurality of partitions.
8. A system for supporting tenant scoped execution of a tenant-unaware process invoked from a multitenant middleware application, comprising:
one or more computers, including an application server environment executing thereon, together with:
a plurality of partitions, wherein each partition provides an administrative and runtime subdivision of a domain, and
a plurality of tenant-aware programs, wherein each tenant-aware program is associated with one of the plurality of partitions,
wherein each of the plurality of partitions and each of the plurality of tenant- aware programs are associated with a tenant of a plurality of tenants, for use by the tenant; and wherein a calling partition of the plurality of partitions invokes the tenant-unaware process, the calling partition being associated with a calling tenant of the plurality of tenants; wherein tenancy information about the calling tenant is collected;
wherein a tenant-specific virtual filesystem is created based upon the collected tenancy information about the calling tenant,
wherein, based upon the collected tenancy information, execution of the tenant- unaware process is scoped to the tenant by setting up a process execution environment and resources, wherein scoping execution of the tenant-unaware process to the calling tenant comprises:
redirecting streams of the tenant-unaware process to the tenant-specific virtual filesystem, wherein streams of the tenant-unaware process comprise at least one of an input stream, an output stream, and an error stream; and
wherein scoping execution of the tenant-unaware process allows for isolation of the execution of the tenant-unaware process scoped to the calling tenant from other tenants of the multitenant middleware environment.
9. The system of claim 8, wherein the multitenant middleware application is associated with the calling partition of the plurality of partitions, and wherein the multitenant middleware application passes the tenancy information in connection with invoking the tenant-unaware process.
10. The system of claim 8 or 9, wherein a work process directory is created under the tenant-specific virtual filesystem, and wherein the process work directory comprises an input subdirectory, an output subdirectory, a database subdirectory, and an error subdirectory.
11. The system of claim 10, wherein the input subdirectory is set up with at least one data file, and wherein the database subdirectory is set up with a wallet, the wallet comprising configuration files and credentials associated with the calling tenant.
12. The system of claim 11 , wherein after completion of the tenant-unaware process, accessing, by the tenant-unaware process, a tenant-specific database using the wallet, and wherein the tenant-specific virtual filesystem is cleaned up after completion of the tenant- unaware process, wherein cleaning up the tenant-specific virtual filesystem comprises deleting the process work directory.
13. The system of any of claims 10 to 12, wherein the streams of the tenant-unaware process are respectively redirected to the input subdirectory, output subdirectory, and error subdirectory of the process work directory.
14. The system of any of claims 8 to 13, wherein the tenant-unaware process invoked from the calling partition of the plurality of partitions is part of a composite application, the composite application further comprising a tenant-aware application running in the context of the calling partition of the plurality of partitions.
15. A non-transitory computer readable storage medium, including instructions stored thereon for supporting tenant scoped execution of a tenant-unaware process invoked from a multitenant middleware application, wherein the instructions when read and executed by one or more computers cause the one or more computers to perform steps comprising:
providing, at one or more computers, including an application server environment executing thereon:
a plurality of partitions, wherein each partition provides an administrative and runtime subdivision of a domain, and
a plurality of tenant-aware programs, wherein each of the plurality of tenant- aware programs is associated with a partition of the plurality of partitions;
associating each of the plurality of partitions and each of the plurality of tenant-aware programs with a tenant of a plurality of tenants, for use by the tenant;
invoking the tenant-unaware process from a calling partition of the plurality of partitions, the calling partition being associated with a calling tenant of the plurality of tenants;
collecting tenancy information about the calling tenant;
creating, based upon the collected tenancy information about the calling tenant, a tenant-specific virtual filesystem; and
based upon the collected tenancy information, scoping execution of the tenant- unaware process to the calling tenant by setting up a process execution environment and resources, wherein scoping execution of the tenant-unaware process to the calling tenant comprises:
redirecting streams of the tenant-unaware process to the tenant-specific virtual filesystem, wherein streams of the tenant-unaware process comprise at least one of an input stream, an output stream, and an error stream;
wherein scoping execution allows for isolation of the execution of the tenant-unaware process scoped to the calling tenant from other tenants of the multitenant middleware environment.
16. The non-transitory computer readable storage medium of claim 15, wherein the multitenant middleware application is associated with the calling partition of the plurality of partitions, and wherein the multitenant middleware application passes the tenancy information in connection with invoking the tenant-unaware process.
17. The non-transitory computer readable storage medium of claim 15 or 16, the steps further comprising:
creating a process work directory under the tenant-specific virtual filesystem, wherein the process work directory comprises an input subdirectory, an output subdirectory, a database subdirectory, and an error subdirectory.
18. The non-transitory computer readable storage medium of claim 17, the steps further comprising:
setting up the input subdirectory with at least one data file; and
setting up the database subdirectory with a wallet, the wallet comprising configuration files and credentials associated with the calling tenant.
19. The non-transitory computer readable storage medium of claim 18, the steps further comprising:
after completion of the tenant-unaware process, accessing, by the tenant-unaware process, a tenant-specific database, wherein access is granted via the wallet; and
after completion of the tenant-unaware process and accessing, by the tenant- unaware process, a tenant-specific database, cleaning up the tenant-specific virtual filesystem, wherein cleaning up the tenant-specific virtual filesystem comprises deleting the process work directory.
20. The non-transitory computer readable storage medium of any of claims 17 to 19, wherein the streams of the tenant-unaware process are respectively redirected to the input subdirectory, output subdirectory, and error subdirectory of the process work directory.
21. The non-transitory computer readable storage medium of any of claims 15 to 20, wherein the tenant-unaware process invoked from the calling partition of the plurality of partitions is part of a composite application, the composite application further comprising a tenant-aware application running in the context of the calling partition of the plurality of partitions.
22. A method for supporting tenant scoped execution of a tenant-unaware process invoked from a multitenant middleware application, comprising: providing, at one or more computers, including an application server environment executing thereon:
a plurality of partitions, wherein each partition provides an administrative and runtime subdivision of a domain, and
a plurality of tenant-aware programs, wherein each of the plurality of tenant- aware programs is associated with a partition of the plurality of partitions;
associating each of the plurality of partitions and each of the plurality of tenant-aware programs with a tenant of a plurality of tenants, for use by the tenant;
invoking the tenant-unaware process from a calling partition of the plurality of partitions, the calling partition being associated with a calling tenant of the plurality of tenants;
collecting tenancy information about the calling tenant;
based upon the collected tenancy information, scoping execution of the tenant- unaware process to the calling tenant by setting up a process execution environment and resources, wherein scoping execution of the tenant-unaware process to the calling tenant comprises:
launching the tenant-unaware process as a containerized process, the containerized process comprising libraries and executables associated with the tenant-unaware process;
wherein the containerized process is a standalone process capable of isolating execution of the tenant-unaware process for the calling tenant from other tenants of the multitenant middleware environment.
23. The method of claim 22, further comprising:
creating, based upon the collected tenancy information about the calling tenant, a tenant-specific virtual filesystem, wherein the tenant-specific virtual filesystem comprises an input subdirectory, an output subdirectory, a database subdirectory, and an error subdirectory.
24. The method of claim 22 or 23, further comprising:
after completion of the tenant-unaware process, accessing, by the tenant-unaware process, a tenant-specific database;
wherein the tenant-unaware process accesses the tenant-specific database using a wallet.
25. The method of any of claims 22 to 24, wherein launching the tenant-unaware process as a containerized process comprises: accessing, by a container daemon, an application image, the application image being associated with the tenant-unaware process;
creating a container associated with the tenant; and
launching the application image in the container.
26. The method of claim 25, wherein the accessed application image is stored in an application image repository.
27. The method of claim 25 or 26, wherein streams of the application image are redirected to the tenant-specific virtual filesystem, wherein streams of the application image comprise at least one of an input stream, an output stream, and an error stream.
28. The method of any of claims 22 to 27, wherein the tenant-unaware process invoked from the calling partition of the plurality of partitions is part of a composite application, the composite application further comprising a tenant-aware application running in the context of the calling partition of the plurality of partitions.
29. A system for supporting tenant scoped execution of a tenant-unaware process invoked from a multitenant middleware application, comprising:
one or more computers, including an application server environment executing thereon, together with:
a plurality of partitions, wherein each partition provides an administrative and runtime subdivision of a domain, and
a plurality of tenant-aware programs, wherein each tenant-aware program is associated with one of the plurality of partitions,
wherein each of the plurality of partitions and each of the plurality of tenant- aware programs are associated with a tenant of a plurality of tenants, for use by the tenant; and
wherein a calling partition of the plurality of partitions invokes the tenant-unaware process, the calling partition being associated with a calling tenant of the plurality of tenants; wherein tenancy information about the calling tenant is collected;
wherein, based upon the collected tenancy information, execution of the tenant- unaware process is scoped to the tenant by setting up a process execution environment and resources;
wherein scoping execution of the tenant-unaware process to the calling tenant comprises:
launching the tenant-unaware process as a containerized process, the containerized process comprising libraries and executables associated with the tenant-unaware process;
wherein the containerized process is a standalone process capable of isolating execution of the tenant-unaware process for the calling tenant from other tenants of the multitenant middleware environment.
30. The system of claim 29, wherein, based upon the collected tenancy information about the calling tenant, a tenant-specific virtual filesystem is created, wherein the tenant-specific virtual filesystem comprises an input subdirectory, an output subdirectory, a database subdirectory, and an error subdirectory.
31. The system of claim 29 or 30, wherein after completion of the tenant-unaware process, the tenant-unaware process accesses a tenant-specific database using a wallet.
32. The system of any of claims 29 to 31 , wherein launching the tenant-unaware process as a containerized process comprises:
accessing, from a container daemon, an application image, the application image being associated with the tenant-unaware process;
creating a container associated with the tenant; and
launching the application image in the container.
33. The system of claim 32, wherein the accessed application image is stored in an application image repository.
34. The system of claim 32 or 33, wherein streams of the application image are redirected to the tenant-specific virtual filesystem, wherein streams of the application image comprise at least one of an input stream, an output stream, and an error stream.
35. The system of any of claims 29 to 34, wherein the tenant-unaware process invoked from the calling partition of the plurality of partitions is part of a composite application, the composite application further comprising a tenant-aware application running in the context of the calling partition of the plurality of partitions.
36. A non-transitory computer readable storage medium, including instructions stored thereon for supporting tenant scoped execution of a tenant-unaware process invoked from a multitenant middleware application, wherein the instructions when read and executed by one or more computers cause the one or more computers to perform steps comprising: providing, at one or more computers, including an application server environment executing thereon:
a plurality of partitions, wherein each partition provides an administrative and runtime subdivision of a domain, and
a plurality of tenant-aware programs, wherein each of the plurality of tenant- aware programs is associated with a partition of the plurality of partitions;
associating each of the plurality of partitions and each of the plurality of tenant-aware programs with a tenant of a plurality of tenants, for use by the tenant;
invoking the tenant-unaware process from a calling partition of the plurality of partitions, the calling partition being associated with a calling tenant of the plurality of tenants;
collecting tenancy information about the calling tenant;
based upon the collected tenancy information, scoping execution of the tenant- unaware process to the calling tenant by setting up a process execution environment and resources, wherein scoping execution of the tenant-unaware process to the calling tenant comprises:
launching the tenant-unaware process as a containerized process, the containerized process comprising libraries and executables associated with the tenant-unaware process;
wherein the containerized process is a standalone process capable of isolating execution of the tenant-unaware process for the calling tenant from other tenants of the multitenant middleware environment.
37. The non-transitory computer readable storage medium of claim 36, the steps further comprising:
creating, based upon the collected tenancy information about the calling tenant, a tenant-specific virtual filesystem, wherein the tenant-specific virtual filesystem comprises an input subdirectory, an output subdirectory, a database subdirectory, and an error subdirectory
38. The non-transitory computer readable storage medium of claim 36 or 37, the steps further comprising:
after completion of the tenant-unaware process, accessing, by the tenant-unaware process, a tenant-specific database;
wherein the tenant-unaware process accesses the tenant-specific database using a wallet.
39. The non-transitory computer readable storage medium of any of claims 36 to 38, wherein launching the tenant-unaware process as a containerized process comprises:
accessing, by a container daemon, an application image, the application image being associated with the tenant-unaware process; and
creating a container associated with the tenant; and
launching the application image in the container;
wherein the accessed application image is stored in an application image repository.
40. The non-transitory computer readable storage medium of claim 39, wherein streams of the application image are redirected to the tenant-specific virtual filesystem, wherein streams of the application image comprise at least one of an input stream, an output stream, and an error stream.
41. The non-transitory computer readable storage medium of any of claims 36 to 40, wherein the tenant-unaware process invoked from the calling partition of the plurality of partitions is part of a composite application, the composite application further comprising a tenant-aware application running in the context of the calling partition of the plurality of partitions.
42. A computer program comprising program instructions that when executed by one or more computer system, cause the one or more computer systems to perform the method of any of claims 1 to 7 and 22 to 28.
43. A non-transitory computer storage medium having the computer program of claim 42 stored therein.
44. A system configured to perform both the method of any of claims 1 to 7 and also the method of any of claims 22 to 28.
EP16770612.6A 2015-10-23 2016-09-09 System and method for multitenant execution of os programs invoked from a multitenant middleware application Withdrawn EP3365779A1 (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US201562245611P 2015-10-23 2015-10-23
US15/059,193 US9811386B2 (en) 2015-10-23 2016-03-02 System and method for multitenant execution of OS programs invoked from a multitenant middleware application
US15/059,872 US9819609B2 (en) 2015-10-23 2016-03-03 System and method for multitenant execution of OS programs invoked from a multitenant middleware application
PCT/US2016/051099 WO2017069864A1 (en) 2015-10-23 2016-09-09 System and method for multitenant execution of os programs invoked from a multitenant middleware application

Publications (1)

Publication Number Publication Date
EP3365779A1 true EP3365779A1 (en) 2018-08-29

Family

ID=60765562

Family Applications (1)

Application Number Title Priority Date Filing Date
EP16770612.6A Withdrawn EP3365779A1 (en) 2015-10-23 2016-09-09 System and method for multitenant execution of os programs invoked from a multitenant middleware application

Country Status (4)

Country Link
EP (1) EP3365779A1 (en)
JP (1) JP6866307B2 (en)
KR (1) KR102559507B1 (en)
CN (1) CN107533485B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113536295A (en) * 2020-04-15 2021-10-22 支付宝实验室(新加坡)有限公司 Applet launching method, computer storage medium and computer program product
CN113448593B (en) * 2020-07-31 2024-07-16 心医国际数字医疗系统(大连)有限公司 Automatic deployment method and device for diagnosis and treatment system platform application and electronic equipment
CN114490393A (en) * 2022-01-27 2022-05-13 上海金融期货信息技术有限公司 Single-cluster multi-tenant management system

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140304299A1 (en) * 2013-03-15 2014-10-09 Emc Corporation Data management in a multi-tenant distributive environment

Family Cites Families (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AU2011289318B2 (en) * 2010-08-11 2016-02-25 Security First Corp. Systems and methods for secure multi-tenant data storage
WO2012063301A1 (en) * 2010-11-08 2012-05-18 株式会社日立製作所 Computer system, multitenant control method, and multitenant control program
US9460169B2 (en) * 2011-01-12 2016-10-04 International Business Machines Corporation Multi-tenant audit awareness in support of cloud environments
CN102333115A (en) * 2011-09-01 2012-01-25 杭州湾云计算技术有限公司 Method and device for transforming existing Web application into SaaS multi-tenant application
US9003477B2 (en) * 2012-06-27 2015-04-07 Microsoft Technology Licensing, Llc Model for managing hosted resources using logical scopes
EP2870541A4 (en) * 2012-07-03 2016-03-16 Hewlett Packard Development Co Managing a multitenant cloud service
US9509553B2 (en) * 2012-08-13 2016-11-29 Intigua, Inc. System and methods for management virtualization
US9838370B2 (en) * 2012-09-07 2017-12-05 Oracle International Corporation Business attribute driven sizing algorithms
JP2014096675A (en) * 2012-11-08 2014-05-22 Hitachi Ltd Communication apparatus and setting method
US10216758B2 (en) * 2013-10-24 2019-02-26 Vmware, Inc. Multi-tenant production and test deployments of Hadoop
US10642800B2 (en) * 2013-10-25 2020-05-05 Vmware, Inc. Multi-tenant distributed computing and database
EP3097481B1 (en) * 2014-01-21 2022-11-30 Oracle International Corporation System and method for supporting multi-tenancy in an application server, cloud, or other environment
CN104104513A (en) * 2014-07-22 2014-10-15 浪潮电子信息产业股份有限公司 Safety isolation method for cloud side multi-tenant data storage
CN104598249B (en) * 2015-02-05 2017-09-01 浙江天正信息科技有限公司 Software personalisation customization and dispositions method that multi-tenant is perceived

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140304299A1 (en) * 2013-03-15 2014-10-09 Emc Corporation Data management in a multi-tenant distributive environment

Also Published As

Publication number Publication date
CN107533485B (en) 2021-01-12
JP6866307B2 (en) 2021-04-28
CN107533485A (en) 2018-01-02
KR102559507B1 (en) 2023-07-25
JP2018536206A (en) 2018-12-06
KR20180072593A (en) 2018-06-29

Similar Documents

Publication Publication Date Title
US9811386B2 (en) System and method for multitenant execution of OS programs invoked from a multitenant middleware application
US9819609B2 (en) System and method for multitenant execution of OS programs invoked from a multitenant middleware application
US10356161B2 (en) System and method for classloading in a multitenant application server environment
CN106575242B (en) System and method for namespace support in a multi-tenant application server environment
JP6599448B2 (en) System and method for providing an end-to-end lifecycle in a multi-tenant application server environment
KR102464337B1 (en) System and method for determination of partition identifiers in a multitenant application server environment
JP6611798B2 (en) System and method for using global runtime in a multi-tenant application server environment
US9973384B2 (en) System and method for enterprise java bean support in a multitenant application server environment
JP6461167B2 (en) System and method for supporting multi-tenancy in an application server, cloud or other environment
US10467061B2 (en) System and method for resource overriding in a multitenant application server environment
US10635491B2 (en) System and method for use of a multi-tenant application server with a multitasking virtual machine
US10084843B2 (en) System and method for web container partitions in a multitenant application server environment
US10051043B2 (en) System and method for JMX support in a multitenant application server environment
EP3158443B1 (en) System and method for portable partitions in a multitenant application server environment
US11075799B2 (en) System and method for provisioning in a multi-tenant application server environment
KR102559507B1 (en) System and method for multi-tenant execution of OS programs called from multi-tenant middleware applications

Legal Events

Date Code Title Description
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE INTERNATIONAL PUBLICATION HAS BEEN MADE

PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: REQUEST FOR EXAMINATION WAS MADE

17P Request for examination filed

Effective date: 20180523

AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

AX Request for extension of the european patent

Extension state: BA ME

DAV Request for validation of the european patent (deleted)
DAX Request for extension of the european patent (deleted)
STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: EXAMINATION IS IN PROGRESS

17Q First examination report despatched

Effective date: 20190614

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: EXAMINATION IS IN PROGRESS

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: THE APPLICATION HAS BEEN WITHDRAWN

18W Application withdrawn

Effective date: 20210601