Browse Prior Art Database

MULTI TENANCY ARCHITECTURE TO ISOLATE TENANT DATABASES IN A NETWORK SECURITY MANAGEMENT SYSTEM

IP.com Disclosure Number: IPCOM000243708D
Publication Date: 2015-Oct-14
Document File: 7 page(s) / 363K

Publishing Venue

The IP.com Prior Art Database

Related People

Denis Knjazihhin: AUTHOR [+5]

Abstract

Presented herein is a cloud based multi tenancy architecture system provides network security management and supports separate connections to different tenant databases for added security and isolation between tenants

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 29% of the total text.

Page 01 of 7

MULTI-TENANCY ARCHITECTURE TO ISOLATE TENANT DATABASES IN A

NETWORK SECURITY MANAGEMENT SYSTEM

AUTHORS:

Denis Knjazihhin
Doron Levari
Christopher Duane

Yedidya Dotan

Jay Perry

CISCO SYSTEMS, INC.

ABSTRACT

    Presented herein is a cloud-based multi-tenancy architecture/system provides network security management and supports separate connections to different tenant databases for added security and isolation between tenants.

DETAILED DESCRIPTION

     A multi-tenant cloud service that provides network security management generally provides a point-of-entry into the service for different tenants (e.g., Company 1, Company 2, Company 3, and so on). Each tenant has different login credentials. A problem with multitenancy arises from conflicting requirements to share resources and thereby reduce cost and increase efficiency, while maintaining privacy or isolation between tenant databases. In other words, once logged in, each tenant should not be able to see/access information of the other tenant(s). Consider a storage database for storing network security device (NSD) configuration files for different NSDs and tenants. A conventional storage approach may provide a single connection to the database that stores the multi-tenant information and through which access to the information of each tenant is provided using tenant credentials. Current malicious attack techniques can gain access to all of the multi-tenant information through the one connection (once access through the one connection is permitted).

    Presented herein is a cloud-based multi-tenancy architecture/system provides network security management and supports separate connections to different tenant databases for added security and isolation between tenants.

Copyright 2015 Cisco Systems, Inc.

1


Page 02 of 7

    FIG. 1 below is a block diagram of an example cloud-based multi-tenancy architecture/system that provides network security management and supports separate connections to different tenant databases for added security and isolation. At the bottom of FIG. 1, the multi-tenancy system includes a database for storing NSD device configuration files in a store for tenant 1 and a store for tenant 2. The database may be a MongoDB, for example, that supports separate connections, each to a corresponding one of the tenant databased stores. A MongoDB is an open-source database that is commercially available. For example, the database supports connections 1, 2, to separate stores Tenant 1, Tenant 2. A "connection" means a connection between network security management services and a store in the database based on several items of information, including (i) a location of the database store, (ii) an identity of the store (i.e., what is the connection to in the database), (iii) and login credentials (e.g., an X509Cert).

FIG. 1

Copyright 2015 Cisco Systems, Inc.

2


Page 03 of 7

    The multi-tenancy system further includes a Database Service which provides the separate connections 1, 2, to the database stor...