Multi-tenancy refers to a technology wherein a single storage appliance (e.g., a Purpose Built Backup Appliance) is deployed to serve multiple customers, each customer using the same storage appliance for their protection storage requirements. A storage system which supports multi-tenancy must satisfy the security and isolation requirements. Here, the “security and isolation requirements” refer to the requirements that each customer's dataset must be secured and isolated from the other customers on the storage appliance. The security and isolation requirements apply to data access. For example, a customer must not be able to read or write to datasets that belong to another customer. The security and isolation requirements can also refer to control access. For example, an administrator of one customer must not be able to perform system configuration, monitoring, etc., of the datasets that belong to another customer. Thus, although the customers may share the same storage appliance for backup, restore, or replicating their datasets, none of the customers can be aware of the presence of other customers in the storage appliance.
Other than the security and isolation requirements, there were some other obvious problems in deploying multi-tenancy on a single storage appliance. For example, a conventional PBBA does not include a mechanism in its Operating System through which the system administrator could track the system resources allocation and usage for each customer. Deploying multi-tenancy on a PBBA, especially in a service provider (SP) environment also presents a problem of administrative scaling. For example, if tens or hundreds of customers are deployed in the same PBBA, and if none of these customers' own administrators could perform self-administration, then for each and every administrative requirement, the customers would be dependent on the system administrator. Thus, the system administrator would face a problem as the number of customers increase.
A conventional storage appliance does not natively support multi-tenancy in such a manner that satisfies the security and isolation requirements. As illustrated in FIG. 1, Purpose Built Backup Appliance (PBBA) 101 has been deployed with two customers, i.e., customer A and customer B. PBBA 101 includes file system management objects (FSMOs) 110-113. FSMOs 110-111 are allocated to customer A, and FSMOs 112-113 are allocated to customer B. Conventional PBBA 101, however, does not natively provide a mechanism in which FSMOs 110-111 are securely isolated from customer B, and FSMOs 112-113 securely isolated from customer A. Further, conventional PBBA 101 does not provide a mechanism for each customer to have its own administrator who can only administer objects belonging only to the customer. Thus, all administration must be performed by a single system administrator. In order for customer A and customer B to manage their respective allocated FSMOs, the credentials of system administrator 102 must be provided to both customer A and customer B. In such a scenario, each customer would be able to access and manage datasets that belong to the other customer. Alternatively, all system configuration and management can be performed by a third party, without providing the credentials of system administrator 102 to customer A and customer B. This approach, however, is not feasible in cases where the PBBA is deployed to many customers. Thus, there is a need for a storage system to natively support multi-tenancy by providing mechanisms within its operating system to secure and isolate the datasets of each customer.