Browse Prior Art Database

System and method for multi-tenant resource management in a shared data center network

IP.com Disclosure Number: IPCOM000244448D
Publication Date: 2015-Dec-13

Publishing Venue

The IP.com Prior Art Database

Abstract

A system and method is provided for managing resource ownership by labeling of a physical or a virtual resource for the purpose of multitenant support in a shared data center network. A resource owned by a tenant is only accessible to the tenant and other tenants are not allowed to access these resources. Support for tenant resource isolation, resource locking and resource protection in a shared data center network is presented. Additionally, a system and method is provided for automatic discovery of resource ownership in a shared data center network. The method further includes mapping of a single tenant label to multiple tenants when a resource is shared by multiple tenants.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 24% of the total text.

Page 01 of 10

System and method for multi

System and method for multi-

1


1.

Background

Background

In a traditional data center network environment, the network is usually being shared by multiple applications, multiple business units, and multiple users. From a data plane perspective, these different applications or business units are segregated by various networking virtualization technology in the control plane, such as VLANs (virtual local area network or 802.1q) and VRFs (virtual routing forwarding table), meaning the forwarding of the data packets of these applications can be separated from each other and independent of each other by design. As such network virtualization technology can be used to support multi-tenant requirements to a shared data center network.

Typically, each of these network devices has one single running configuration instance that contains all the configurable components for these applications and business units. From a management plane perspective there is no way to separate the configurable components by applications or by tenants. One network administrator have access to all configurable components in the single running configuration instance, and may erroneously modify or delete the configurable components belonging to one tenant while working on the configurable components for another tenant.

In a cloud enabled data center, the management of such configurable components become even more difficult. The configuration components created by one network administrator for one tenant are in the same running instance as all the other configuration components created by another network administrator. In a cloud environment, this issue becomes more complicated, because there may be multiple software components or multiple tenants trying to manage their own virtualized network resources on the same data center network, and trying to edit the same instance of the running configuration at the same time.

Therefore it is necessary to have a system and method to manage the network configuration so that simultaneous requests coming from the various tenants to change the network configurable components can be validated and executed in a controlled fashion.

The most commonly adopted solution to avoid such contention issue is to authorize only one team of network administrators to manage all these configurations, and rely on out-of-band communication methods (such as emails, phones, spreadsheets, etc) between these network administrators to avoid potential problems.

..

--tenant resource management in a shared data center network

tenant resource management in a shared data center network

1


Page 02 of 10

Another approach to avoid this issue is to rely on manual embedded description within the configuration that describes the purpose and the usage of the configurable components in a free format to the best of the knowledge of the network administrators. Such approach is unreliable and unpredictable, and error-prone due to individual...