This application is based upon and claims the benefit of priority from the corresponding Japanese Patent Application No. 2021-074658 filed on Apr. 27, 2021, the entire contents of which are incorporated herein by reference.
The present disclosure relates to a tenant management system for managing tenants in a solution built on a public cloud.
Conventionally, there is known a tenant management system of multitenant model for dividing the environment and data for each client based on identification information of each tenant.
A tenant management system according to an aspect of the present disclosure includes an application management portion and a tenant management portion. The application management portion terminates a request from a user at a tenant specific application that is an application prepared for a tenant in a solution that is built on a public cloud. The tenant management portion manages a subdomain as identification information of the tenant. Upon receiving, from the user, a query including FQDN of a server name of the tenant, the tenant management portion calls the tenant specific application for the tenant that is identified by the subdomain in the FQDN.
This Summary is provided to introduce a selection of concepts in a simplified form that are further described below in the Detailed Description with reference where appropriate to the accompanying drawings. This Summary is not intended to identify key features or essential features of the claimed subject matter, nor is it intended to be used to limit the scope of the claimed subject matter. Furthermore, the claimed subject matter is not limited to implementations that solve any or all disadvantages noted in any part of this disclosure.
The following describes an embodiment of the present disclosure with reference to the accompanying drawings.
First, a configuration of a tenant management system according to the embodiment of the present disclosure is described.
As shown in
The provider of the solution 12 can lease at least a part of the solution 12 to others. A unit to which the provider of the solution 12 leases at least a part of the solution 12 is referred to as a tenant. There is a plurality of tenants, including a tenant 13, in the solution 12.
There is a plurality of users, including a user 14, in the tenant 13. The tenants other than the tenant 13 have the same configuration as the tenant 13.
As shown in
A plurality of tenant specific applications may be prepared for one tenant. Any of various types of applications, such as a document management application, a schedule book application, and a chat tool, may be adopted as the tenant specific applications.
The database service 29 stores a management table 29a and an APL management master table 29b as the data tables that are required to manage the tenants, wherein the management table 29a is used to manage the tenants, and the APL management master table 29b is used to manage the tenant specific applications.
As shown in
Each of the external access point system 41, the external load balancer system 42, the database service system 44, and the DNS service system 45 is realized by at least one computer.
The web server group 43 realizes the connection request receiving portion 23, the request processing portion 24, the application management portion 25, the tenant specific applications 26, the tenant management portion 27, and the server resource management portion 28. At least one of the connection request receiving portion 23, the request processing portion 24, the application management portion 25, the tenant specific applications 26, the tenant management portion 27, and the server resource management portion 28 may be realized by only one web server, or may be realized by a plurality of web servers. At least one web server of the web server group 43 may realize at least two of the connection request receiving portion 23, the request processing portion 24, the application management portion 25, the tenant specific applications 26, the tenant management portion 27, and the server resource management portion 28.
The management table 29a shown in
The APL management master table 29b shown in
The consumption resource unit may be calculated as shown in
As shown in
Subsequently, the consumption resource unit is calculated by normalizing the total of the four use rates measured in S101, with maximum 100 and minimum 0 based on the following formula in Math 1 (S102).
In the above formula in Math 1, X denotes the total of the four use rates measured in S101, and Y denotes the consumption resource unit, wherein the consumption resource unit is obtained by first dividing X by 4 and then rounding up the part below a decimal point of the result of the division.
For example, when the use rates of the CPU, the memory, the storage, and the network band of the virtual machine measured when one user uses a tenant specific application that is a target of calculating the consumption resource unit, are 40%, 50%, 30%, and 50%, respectively, the total of the use rates is 170%, and thus the consumption resource unit is 43%.
The required consumption resource may be calculated by, for example, multiplying the number of users who are assured to use a target tenant specific application simultaneously, by the consumption resource unit of the tenant specific application.
Next, operations of the tenant management system 20 is described.
First, an operation of the tenant management system 20 to register a tenant is described.
A manager of the tenant management system 20 transmits an instruction to start registration of a tenant to the tenant management portion 27 via a computer (not shown: hereinafter referred to as a “manager's computer”) when the manager desires to register a new tenant. The manager's computer is realized by a computer such as a PC (Personal Computer). Upon receiving the instruction to start registration of a tenant, the tenant management portion 27 starts the operation shown in
As shown in
As shown in
The manager inputs values in the text boxes 61, 62a, 62b, 63, 64, 65, 66, and 67 via the operation portion of the manager's computer. It is noted that any one of the APIDs that are stored in the APL management master table 29b, can be input in the text box 64.
The manager presses the cancel button 68 and the registration button 69 via the operation portion of the manager's computer.
As shown in
Upon determining in S122 that the cancel button 68 has been pressed, the tenant management portion 27 causes the manager's computer to stop displaying the management screen 60 (S123), and ends the operation shown in
Upon determining in S122 that the cancel button 68 has not been pressed, the tenant management portion 27 determines whether or not the registration button 69 has been pressed (S124).
Upon determining in S124 that the registration button 69 has not been pressed, the tenant management portion 27 executes the process of S122.
Upon determining in S124 that the registration button 69 has been pressed, the tenant management portion 27 causes the manager's computer to stop displaying the management screen 60 (S125).
Subsequently, the tenant management portion 27 determines whether or not a subdomain that had been input in the text box 65 when the registration button 69 was pressed, is stored in the management table 29a (S126).
Upon determining in S126 that the subdomain that had been input in the text box 65 when the registration button 69 was pressed, is stored in the management table 29a, the tenant management portion 27 causes the manager's computer to display an error screen (not shown) by transmitting data for displaying the error screen to the manager's computer (S127), and ends the operation shown in
Upon determining in S126 that the subdomain that had been input in the text box 65 when the registration button 69 was pressed, is not stored in the management table 29a, the tenant management portion 27 registers values that had been input on the management screen 60 when the registration button 69 was pressed, in the management table 29a (S128). That is, the tenant management portion 27 registers, in the management table 29a, a combination of an address that had been input in the text box 61 when the registration button 69 was pressed, a surname that had been input in the text box 62a when the registration button 69 was pressed, a name that had been input in the text box 62b when the registration button 69 was pressed, a mail address that had been input in the text box 63 when the registration button 69 was pressed, an APID that had been input in the text box 64 when the registration button 69 was pressed, a subdomain that had been input in the text box 65 when the registration button 69 was pressed, a user ID that had been input in the text box 66 when the registration button 69 was pressed, and a password that had been input in the text box 67 when the registration button 69 was pressed.
After the process of S128, the server resource management portion 28 provisions, in the APL management master table 29b, as much particular resource as the required consumption resource that is associated with an APID that was registered in the management table 29a in S128, as resource of a tenant specific application identified by the APID, for a tenant that was registered in the management table 29a in S128 (S129). It is noted that types of resource to be provisioned and an amount of each of the types of resource are preliminarily determined for each of the tenant specific applications.
After the process of S129, the server resource management portion 28 ends the operation shown in
Next, an operation of the tenant management system 20 to newly register a tenant specific application for a tenant is described.
When the manager desires to newly register a particular tenant specific application (hereinafter, referred to as a “target tenant specific application” in the description of the operation shown in
As shown in
After the process of S141, the server resource management portion 28 provisions, in the APL management master table 29b, as much particular resource as the required consumption resource that is associated with the APID of the target tenant specific application, as resource of the target tenant specific application for the target tenant (S142). It is noted that types of resource to be provisioned and an amount of each of the types of resource are preliminarily determined for each of the tenant specific applications.
After the process of S142, the server resource management portion 28 ends the operation shown in
Next, an operation of the tenant management system 20 to newly register a user for a particular tenant specific application for a tenant is described.
When the manager desires to newly register a user for a particular tenant specific application (hereinafter, referred to as a “target tenant specific application” in the description of the operation shown in
As shown in
After the process of S161, the server resource management portion 28 acquires the number of users who are registered in the management table 29a in association with the target tenant specific application for the target tenant (S162).
Subsequently, the server resource management portion 28 acquires, from the APL management master table 29b, a consumption resource unit associated with the APID of the target tenant specific application (S163).
Subsequently, the server resource management portion 28 determines whether or not a value obtained by multiplying the consumption resource unit acquired in S163 by the number of users acquired in S162 has exceeded a current amount of resource of the target tenant specific application for the target tenant (S164).
Upon determining in S164 that the value obtained by multiplying the consumption resource unit acquired in S163 by the number of users acquired in S162 has exceeded the current amount of resource of the target tenant specific application for the target tenant, the server resource management portion 28 additionally provisions a particular amount of particular resource as resource of the target tenant specific application for the target tenant (S165). It is noted that the amount of resource to be provisioned may be, for example, an amount that is obtained by subtracting the current amount of resource of the target tenant specific application for the target tenant from the value obtained by multiplying the consumption resource unit acquired in S163 by the number of users acquired in S162. In addition, the types of resource to be provisioned and an amount of each of the types of resource may be preliminarily determined for each of the tenant specific applications.
Upon determining in S164 that the value obtained by multiplying the consumption resource unit acquired in S163 by the number of users acquired in S162 has not exceeded the current amount of resource of the target tenant specific application for the target tenant, or upon completion of the process of S165, the server resource management portion 28 ends the operation shown in
Next, an operation of the tenant management system 20 when a user uses a tenant specific application is described.
When a user desires to use a tenant specific application, the user instructs a computer (not shown: hereinafter, referred to as a “client”) to use the tenant specific application. The client is realized by a computer such as a PC.
In the following description, suppose that a service name, namely, the name of the solution 12, is “service.com”. In addition, the domain name of the external access point 21 is supposed to be “cloud.app”. Furthermore, the subdomain of a tenant (hereinafter, referred to as a “target tenant” in the description of the operation shown in
As shown in
After the process of S181, upon receiving, as a response, a server name of the target tenant from the DNS service 30, the client connects with the external access point 21 by using the received server name (in this case, “aapl.cloud.app”) (S182).
After the process of S182, upon being connected with the external access point 21, the client transmits an HTTP/HTTPS connection request to the external access point 21 (S183).
Upon receiving the HTTP/HTTPS connection request that was transmitted from the client in S183, the external access point 21 transfers the received HTTP/HTTPS connection request to the external load balancer 22 (S184).
Upon receiving the HTTP/HTTPS connection request that was transferred from the external access point 21 in S184, the external load balancer 22 establishes an HTTP/HTTPS connection with the client, and transfers the connection request received from the external access point 21 to the connection request receiving portion 23 (S185). It is noted that for an HTTPS connection, the external load balancer 22 terminates the SSL (Secure Sockets Layer).
Upon receiving the connection request that was transferred from the external load balancer 22 in S185, the connection request receiving portion 23 transfers the request received from the external access point 21 to the request processing portion 24 (S186).
Upon receiving the request that was transferred from the connection request receiving portion 23 in S186, the request processing portion 24 processes an authentication request with the client based on a combination of a user ID and a password included in the request received from the connection request receiving portion 23, acquires a subdomain included in the request received from the connection request receiving portion 23, and calls the application management portion 25 (S187). Here, in the request received from the connection request receiving portion 23, for example, a subdomain is shown in “Host” of HTTP request headers.
Upon being called by the request processing portion 24 in S187, the application management portion 25 calls, among tenant specific applications that are, in the management table 29a, associated with the subdomain acquired by the request processing portion 24 and a user ID of a user who was successfully authenticated by the request processing portion 24, a tenant specific application that is specified in the request from the client (S188). This allows the tenant specific application specified in the request from the client to execute an operation corresponding to the request from the client.
Conventional tenant management systems do not disclose how a user specifies a tenant.
On the other hand, the tenant management system 20 according to the embodiment of the present disclosure is configured to facilitate the user to specify a tenant.
Specifically, as described above, upon receiving, from a user, a query including the FQDN of a server name of a tenant (S181), the tenant management system 20 calls a tenant specific application that is associated with a tenant that is identified by a subdomain in the FQDN (S188). This facilitates the user to specify a tenant.
When a subdomain that has already been registered (YES at S126) is specified during a registration of a tenant, the tenant management system 20 stops the registration of the tenant (S127). With this configuration, it is possible to associate a tenant with a subdomain appropriately.
It is to be understood that the embodiments herein are illustrative and not restrictive, since the scope of the disclosure is defined by the appended claims rather than by the description preceding them, and all changes that fall within metes and bounds of the claims, or equivalence of such metes and bounds thereof are therefore intended to be embraced by the claims.
Number | Date | Country | Kind |
---|---|---|---|
2021-074658 | Apr 2021 | JP | national |