Isolating tenants executing in multi-tenant software containers

摘要

Technologies are described herein for isolating tenants executing in a multi-tenant software container. Mechanisms for resource isolation allow tenants executing in a multi-tenant software container to be isolated in order to prevent resource starvation by one or more of the tenants. Mechanisms for dependency isolation may be utilized to prevent one tenant executing in a multi-tenant software container from using another tenant in the same container in a manner that requires co-tenancy. Mechanisms for security isolation may be utilized to prevent one tenant in a multi-tenant software container from accessing protected data or functionality of another tenant. Mechanisms for fault isolation may be utilized to prevent tenants in a multi-tenant software container from causing faults or other types of errors that affect other tenants executing in the same software container.

主权项

1. A non-transitory computer-readable storage medium having computer-executable instructions stored thereupon which, when executed by a computer, cause the computer to:
execute a plurality of tenants in a multi-tenant software container; and implement one or more mechanisms for preventing a fault caused by one of the tenants of the multi-tenant software container from impacting another tenant of the multi-tenant software container, the mechanisms comprising one or more of
preventing the tenants that issue a shutdown request from shutting down the software container, a virtual machine, an operating system, or a host computer,limiting a number of versions of individual ones of the tenants executing in the software container,preventing two of the plurality of tenants in the multi-tenant software container from utilizing the same identifier, ormaking objects passed between the tenants immutable.