A system and method for providing multi-layered reporting within a cloud environment realm.

Abstract

The system and method provide a stepwise assessment of service usage in a cloud environment. The Operator Cloud Environment, running on one or more computers including microprocessors, is deployed within a first realm owned by the Operator Tenant of the Realm. The Operator Cloud Environment includes a set of software products provided to the first realm by the Cloud Infrastructure Provider of the Cloud Environment as vendor cloud services for access by multiple end-users via the first realm, and instrumentation services. Usage data recording service usage within the realm includes identification data associating user entities with service usage and is provided to the Operator Tenant associated with control of the realm. A second set of data is generated by processing the usage data to remove or transform the identification data and is provided to the Cloud Infrastructure Provider associated with control of the Cloud Environment.

Description

【Technical Field】 【0001】 Copyright Information Part of the disclosure of this patent document contains materials subject to copyright protection. The copyright owner reserves all copyrights, notwithstanding any objection to the full reproduction of the patent document or patent disclosure by others, when it appears in the patent file or patent records of the Patent and Trademark Office. 【0002】 Claims of Priority and Cross-References to Related Applications This application relates to U.S. Patent Provisional Application No. 63 / 462,878, “SYSTEM AND METHOD FOR PROVIDING DEDICATED CLOUD ENVIRONMENTS FOR USE WITH A CLOUD COMPUTING INFRASTRUCTURE,” filed on April 28, 2023, U.S. Patent Provisional Application No. 63 / 462,868, “SYSTEM AND METHOD FOR PROVIDING DEDICATED CLOUD ENVIRONMENTS FOR USE WITH A CLOUD COMPUTING INFRASTRUCTURE,” and U.S. Patent Provisional Application No. 63 / 462,875, “SYSTEM AND METHOD FOR PROVIDING DEDICATED CLOUD ENVIRONMENTS FOR USE WITH A CLOUD COMPUTING U.S. Patent Provisional Application No. 63 / 462,880, filed on April 28, 2023, "SYSTEM AND METHOD FOR PROVIDING DEDICATED CLOUD ENVIRONMENTS FOR USE WITH A CLOUD COMPUTING INFRASTRUCTURE", U.S. Patent Provisional Application No. 63 / 462,882, filed on April 28, 2023, "SYSTEM AND METHOD FOR PROVIDING DEDICATED CLOUD ENVIRONMENTS FOR USE WITH A CLOUD COMPUTING INFRASTRUCTURE", U.S. Patent Provisional Application No. 63 / 462,885, filed on April 28, 2023, "SYSTEM AND METHOD FOR PROVIDING DEDICATED CLOUD ENVIRONMENTS FOR USE WITH A CLOUD COMPUTING "INFRASTRUCTURE," and U.S. Patent Application No. 18 / 639 filed on April 18, 2024.Claiming priority to Patent No. 806, "SYSTEM AND METHOD FOR PROVIDING MULTI-TIERED REPORTING IN A REALM OF A CLOUD ENVORONMENT," each of the above applications and their contents are incorporated herein by reference. 【0003】 Technical field Embodiments described herein generally relate to systems and methods for providing a cloud environment for use by tenants of a cloud infrastructure environment in accessing software products, services, or other offerings related to the cloud environment, including providing a multi-layer module for multi-layer usage reporting in one or more realms of the cloud environment. [Background technology] 【0004】 background Cloud computing environments can be used to provide access to a variety of complementary cloud-based components, such as software applications or services, enabling organizations or enterprise customers to operate applications and services within a highly available hosted environment. 【0005】 The benefits for organizations in migrating their application and service needs to a cloud environment include reducing the cost and complexity of designing, building, operating, and maintaining their own on-premises data centers, software application frameworks, or other information technology infrastructure, allowing them to instead focus on managing their day-to-day business. [Overview of the Initiative] [Problems that the invention aims to solve] 【0006】 overview Embodiments described herein generally relate to systems and methods for providing cloud environments, such as dedicated or private label cloud (PLC) environments, for use by tenants of a cloud infrastructure environment to access environment-related software products, services, or other offerings, including, for example, providing multi-tier modules in a cloud environment realm. 【0007】 According to one embodiment, the system may include a system that provides a stepwise evaluation of the use of a service in a cloud environment. 【0008】 According to one embodiment, a system that provides a hierarchical evaluation of service usage in a cloud environment may include one or more computers having one or more microprocessors, and an operator cloud environment running on one or more computers, wherein the operator cloud environment is deployed within a first realm owned by an operator tenant of the realm, and may include a set of software products provided to the first realm from the cloud infrastructure provider of the cloud environment as vendor cloud services for access by multiple end users through the first realm, and instrumentation services. 【0009】 According to the embodiment, the method provides multiple services deployed within one or more realms of a cloud environment. A multi-layer reporting service is provided within a first realm, and the multi-layer reporting service is operable to monitor the usage of services within the first realm. Usage data is received by the multi-layer reporting service, and the usage data records the usage of multiple services by user entities within the first realm. The usage data includes identification data that associates user entities with the usage of services within the first realm. The usage data is provided as a first set of data to a first entity associated with control of the first realm, and the multi-layer reporting service generates a second set of data by processing the usage data and removing or transforming the identification data. Furthermore, in this method, the second set of data is provided to a second entity associated with control of the cloud environment. 【0010】 According to the embodiment, the measurement service of a system that provides a stepwise evaluation of service usage in a cloud environment may be configured to receive end-user consumption information from a vendor cloud service, the end-user consumption information representing usage by each of several end users of the vendor cloud service, deliver first end-user consumption information representing usage by a first end user of the vendor cloud service to a first end user, deliver second end-user consumption information representing usage by a second end user of the vendor cloud service to a second end user, aggregate the first and second end-user consumption information as aggregated end-user consumption information, and deliver the aggregated end-user consumption information to a cloud infrastructure provider. [Brief explanation of the drawing] 【0011】 [Figure 1] This figure shows a system for providing a cloud infrastructure environment according to an embodiment. [Figure 2]This figure further illustrates how a cloud infrastructure environment may be used to provide cloud-based applications or services according to the embodiment. [Figure 3] This figure shows an exemplary cloud infrastructure architecture according to an embodiment. [Figure 4] This figure shows another example of a cloud infrastructure architecture according to an embodiment. [Figure 5] This figure shows another example of a cloud infrastructure architecture according to an embodiment. [Figure 6] This figure shows another example of a cloud infrastructure architecture according to an embodiment. [Figure 7] This figure shows a system that provides a dedicated label cloud environment or private label cloud environment for use by tenants or customers of a cloud infrastructure environment, according to an embodiment. [Figure 8] This figure further illustrates the use of a cloud realm for use by a tenant or customer of a cloud infrastructure environment, according to an embodiment. [Figure 9] This figure further illustrates the use of a cloud realm for use by a tenant or customer of a cloud infrastructure environment, according to an embodiment. [Figure 10] This figure shows a system for providing access to software products or services in a cloud computing environment or other computing environment, according to an embodiment. [Figure 11] This figure shows a system for providing a step-by-step evaluation of the use of a software product or service in a cloud computing environment or other computing environment, according to an embodiment. [Figure 12] This flowchart illustrates a method for providing a stepwise evaluation of the use of a software product or service in a cloud computing environment or other computing environment, according to an embodiment. [Figure 13] A further flowchart showing a method for providing a staged evaluation of the use of a software product or service in a cloud computing environment or other computing environment according to an embodiment. [Figure 14] A further flowchart showing a method for providing a staged evaluation of the use of a software product or service in a cloud computing environment or other computing environment according to an embodiment. [Figure 15] A further flowchart showing a method for providing a staged evaluation of the use of a software product or service in a cloud computing environment or other computing environment according to an embodiment. [Figure 16] A further flowchart showing a method for providing a staged evaluation of the use of a software product or service in a cloud computing environment or other computing environment according to an embodiment. **DETAILED DESCRIPTION OF THE INVENTION** 【0012】 Detailed Description A cloud computing or cloud infrastructure environment can be used to provide access to various complementary cloud-based components, such as software applications or services, that enable an organization or enterprise's customers to operate applications and services within a highly available hosted environment. 【0013】 The benefits to an organization in migrating the need for applications and services to a cloud infrastructure environment include reducing the cost and complexity of designing, building, operating, and maintaining its own on-premises data center, software application framework, or other information technology infrastructure, and instead enabling the organization to focus on managing its day-to-day business. 【0014】 Cloud Infrastructure Environment Figures 1 and 2 show a system for providing a cloud infrastructure environment according to an embodiment. 【0015】 According to an embodiment, the components and processes shown in FIG. 1 and further described herein with respect to various embodiments can be provided as software or program code executable by a computer system or other type of processing device, such as a cloud computing system. 【0016】 The example shown is provided for the purpose of illustrating a computing environment that can be used to provide a dedicated label cloud environment or a private label cloud environment for use by a tenant of a cloud infrastructure in accessing subscription-based software products, services, or other offerings related to the cloud infrastructure environment. According to other embodiments, the various components, processes, and features described herein can be used with other types of cloud computing environments. 【0017】 As shown in FIG. 1, according to an embodiment, a cloud infrastructure environment 100 can operate on a cloud computing infrastructure 102 that includes hardware (e.g., a processor, memory), software resources, and one or more cloud interfaces 104 or other application program interfaces (APIs) that provide access to shared cloud resources via one or more load balancers 106. 【0018】 According to the embodiment, the cloud infrastructure environment supports the use of availability domains, such as availability domains A180 and B182, which enables customers to create and access cloud networks 184 and 186 and run cloud instances A192 and B194. 【0019】 According to the embodiment, tenancies can be created for each cloud tenant / customer, for example, tenants A142, B144, thereby providing secure, isolated partitions within a cloud infrastructure environment where customers can create, organize, and manage cloud resources. Cloud tenants / customers can access each of their cloud instances by accessing availability domains and cloud networks. 【0020】 According to the embodiment, for example, a client device such as a computing device 160 having device hardware 162 (e.g., a processor, memory) and a graphical user interface 166 may enable administrators, other users, etc., to communicate with a cloud infrastructure environment via a network such as a wide area network, a local area network, or the internet to create or update cloud services. 【0021】 According to one embodiment, the cloud infrastructure environment provides access to shared cloud resources 140, for example, via a compute resource layer 150, a network resource layer 164, and / or a storage resource layer 170. Customers can launch cloud instances as needed to meet their compute and application requirements. After the customer provisions and launches the cloud instances, the provisioned cloud instances can be accessed, for example, from client devices. 【0022】 According to the embodiment, the compute resource layer may include resources such as, for example, bare metal cloud instances 152, virtual machines 154, graphical processing unit (GPU) compute cloud instances 156, and / or containers 158. The compute resource layer may be used, for example, to provision and manage bare metal compute cloud instances, as in an on-premises data center, or to provision cloud instances as needed to deploy and run applications. 【0023】 For example, according to one embodiment, the cloud infrastructure environment can provide control over physical host (bare metal) machines in the compute resource layer that run directly as compute cloud instances on bare metal servers without using a hypervisor. 【0024】 According to one embodiment, the cloud infrastructure environment may also provide control over virtual machines in a compute resource tier that can be launched from an image, for example, and the type and amount of resources available to a virtual machine cloud instance may be determined based on the image from which the virtual machine was launched. 【0025】 According to one embodiment, the network resource layer may include multiple network-related resources, such as a virtual cloud network (VCN) 165, a load balancer 167, an edge service 168, and / or connectivity service 169. 【0026】 According to one embodiment, the storage resource layer may include multiple resources, such as a data / block volume 172, file storage 174, object storage 176, and / or local storage 178. 【0027】 As shown in Figure 2, according to the embodiment, the cloud infrastructure environment may include various complementary cloud-based components as cloud infrastructure applications and services 200, for example, enabling customers of an organization or enterprise to operate applications and services in a highly available hosted environment. 【0028】 For example, according to the embodiment, a self-contained cloud region can be provided as a complete, for example, Oracle Cloud Infrastructure (OCI)-dedicated region within an organization's data center, providing data center operators with the agility, scalability, and cost-effectiveness of the public cloud while maintaining complete control over data and applications to meet security, regulatory, or data residency requirements. 【0029】 For example, according to one embodiment, such an environment may include racks physically managed by the cloud infrastructure provider, customer racks, access for cloud operators for configuration and hardware support, power and cooling for the customer's data center, customer floor space, area for customer data center personnel, and physical access cages. 【0030】 According to the embodiment, a dedicated region provides tenants / customers with the same set of IaaS (infrastructure-as-a-service), PaaS (platform-as-a-service), and SaaS (software-as-a-service) products or services available within the cloud infrastructure provider's public cloud region, such as ERP, Financials, HCM, and SCM. Customers can seamlessly upscale and shift their traditional workloads using the cloud infrastructure provider's services (e.g., bare metal computing, VMs, and GPUs), database services (e.g., autonomous databases), or container-based services (e.g., Kubernetes container engines). 【0031】 According to one embodiment, the cloud infrastructure environment can operate according to an IaaS (infrastructure-as-a-service) model that enables the environment to provide virtualized computing resources over a public network (e.g., the internet). 【0032】 In the IaaS model, a cloud infrastructure provider can host infrastructure components (e.g., servers, storage devices, network nodes (e.g., hardware), deployment software, platform virtualization (e.g., hypervisor layer)). In some cases, the cloud infrastructure provider may also provide various services that accompany those infrastructure components (examples of services include billing software, monitoring software, logging software, load balancing software, or clustering software). Therefore, since these services can be policy-driven, IaaS users may implement policies to drive load balancing and maintain application availability and performance. 【0033】 According to the embodiment, an IaaS customer may access resources and services via a wide area network (WAN), such as the internet, and install the remaining elements of their application stack using the services of a cloud infrastructure provider. For example, a user can log into an IaaS platform, create virtual machines (VMs), install operating systems (OS) on each VM, deploy middleware such as databases, create storage buckets for workloads and backups, and also install enterprise software on those VMs. The customer can then use the provider's services to perform a variety of functions, including balancing network traffic, troubleshooting application issues, monitoring performance, or managing disaster recovery. 【0034】 In some embodiments, the cloud infrastructure provider may, but does not have to be, a third-party service specializing in providing IaaS (e.g., providing, leasing, selling). The entity may also choose to deploy a private cloud and become its own provider of infrastructure services. 【0035】 In one embodiment, IaaS deployment is the process of placing a new application or a new version of an application onto a prepared application server, etc. This process may also include the process of preparing the server (e.g., installing libraries or daemons). This process is often managed by the cloud infrastructure provider under the hypervisor layer (e.g., servers, storage, network hardware, and virtualization). Thus, the customer may be responsible for handling the deployment of the OS, middleware, and / or applications (e.g., on self-service virtual machines, etc., which can be spun up on demand). 【0036】 In some embodiments, IaaS provisioning may also refer to acquiring computers or virtual hosts for use and installing any necessary libraries or services on those computers or virtual hosts. In most cases, deployment does not include provisioning, and provisioning may need to be performed first. 【0037】 Depending on the embodiment, the challenges of IaaS provisioning include the first challenge of provisioning an initial set of infrastructure before anything is done. Secondly, there is the challenge of developing the existing infrastructure after everything has been provisioned (e.g., adding new services, modifying services, or removing services). In some cases, these two challenges may be addressed by allowing the configuration of the infrastructure to be defined declaratively. In other words, the infrastructure (e.g., which components are needed and how those components interact) can be defined by one or more configuration files. In this way, the entire topology of the infrastructure (e.g., which resources depend on which resources and how each of those resources works together) can be described declaratively. In some cases, after the topology is defined, a workflow may be generated to create and / or manage the various components described in the configuration files. 【0038】 In some embodiments, the cloud infrastructure may include many interconnected elements. For example, there may be one or more virtual private clouds (VPCs), also known as core networks (e.g., configurable and / or shared computing resources, possibly on-demand pools). In some examples, there may also be one or more inbound / outbound traffic group rules provisioned to define how inbound and / or outbound traffic on the network is configured, as well as one or more virtual machines (VMs). Other infrastructure elements such as load balancers and databases may also be provisioned. The infrastructure can evolve gradually as more infrastructure elements are desired and / or added. 【0039】 In some embodiments, continuous deployment techniques may be employed to enable the deployment of infrastructure code across various virtual computing environments. Furthermore, the techniques described can enable infrastructure management within these environments. In some examples, a service team may write code that is desirable to be deployed to one or more, but often many, different production environments (e.g., across various geographical locations). However, in some examples, the infrastructure to which the code is deployed must be configured first. In some cases, provisioning may be performed manually, and provisioning tools may be used to provision resources and / or deployment tools may be used to deploy the code after the infrastructure has been provisioned. 【0040】 Figure 3 shows an exemplary cloud infrastructure architecture according to an embodiment. 【0041】 As shown in Figure 3, according to the embodiment, the service operator 202 can be communicably coupled to a secure host tenancy 204 which may include a virtual cloud network (VCN) 206 and a secure host subnet 208. 【0042】 In some cases, a service operator may use one or more client computing devices, which may be portable handheld devices (e.g., telephones, computing tablets, personal digital assistants (PDAs)) or wearable devices (e.g., head-mounted displays) with the Internet, email, short message service (SMS), or other communication protocols enabled, running software such as Microsoft Windows® and / or various mobile operating systems such as iOS® and Android®. Alternatively, a client computing device may be a general-purpose personal computer, including, for example, personal computers and / or laptop computers running various versions of the Microsoft Windows, Apple Macintosh®, and / or Linux® operating systems. A client computing device may also be a workstation computer running any of the various commercially available UNIX® or UNIX-like operating systems, including, but not limited to, various GNU / Linux operating systems such as Chrome®. Alternatively or additionally, the client computing device may be any other electronic device, such as a thin client computer, an internet-enabled gaming system (e.g., a Microsoft Xbox® game console), and / or a personal messaging device, that can communicate over a network and / or the Internet that has access to the VCN. 【0043】 According to one embodiment, the VCN may include a local peering gateway (LPG) 210 that can be communicatively coupled to a secure shell (SSH) VCN 212 via an LPG included in the SSH VCN. The SSH VCN may include an SSH subnet 214, and the SSH VCN may be communicatively coupled to a control plane VCN 216 via an LPG included in the control plane VCN. The SSH VCN may also be communicatively coupled to a data plane VCN 218 via an LPG. The control plane VCN and the data plane VCN may be included in a service tenancy 219 that may be owned and / or operated by a cloud infrastructure provider. 【0044】 According to the embodiment, the control plane VCN may include a control plane demilitarized zone (DMZ) layer 220 that functions as a perimeter network (e.g., part of the corporate network between the corporate intranet and the external network). Servers based on the DMZ may have limited responsibilities that help contain potential breaches. Furthermore, the DMZ layer may include a control plane application layer 224 that may include one or more load balancer (LB) subnets 222 and application subnets 226, and a control plane data layer 228 that may include database (DB) subnets 230 (e.g., a front-end DB subnet and / or a back-end DB subnet). The LB subnets included in the control plane DMZ layer may be communicably coupled to application subnets and an internet gateway 234 included in the control plane application layer which may be included in the control plane VCN, and the application subnets may be communicably coupled to DB subnets included in the control plane data layer, as well as a service gateway 236 and a network address translation (NAT) gateway 238. The control plane VCN may include service gateways and NAT gateways. 【0045】 According to one embodiment, the control plane VCN may include a data plane mirror application layer 240 which may include application subnets. The application subnets included in the data plane mirror application layer may include virtual network interface controllers (VNICs) on which compute instances can run. The compute instances can communicately connect the application subnets of the data plane mirror application layer to application subnets that may be included in the data plane application layer. 【0046】 According to the embodiment, the data plane VCN may include a data plane application layer 246, a data plane DMZ layer 248, and a data plane data layer 250. The data plane DMZ layer may include an application subnet of the data plane application layer and an LB subnet that can be communicatively coupled to the internet gateway of the data plane VCN. The application subnet may be communicatively coupled to the service gateway of the data plane VCN and the NAT gateway of the data plane VCN. The data plane data layer may also include a DB subnet that can be communicatively coupled to the application subnet of the data plane application layer. 【0047】 According to the embodiment, the internet gateways of the control plane VCN and the data plane VCN may be communicably coupled to a metadata management service 252 which may be communicably coupled to the public internet 254. The public internet may be communicably coupled to the NAT gateways of the control plane VCN and the data plane VCN. The service gateways of the control plane VCN and the data plane VCN may be communicably coupled to a cloud service 256. 【0048】 According to the embodiment, a service gateway of a control plane VCN or a data plane VCN can make application programming interface (API) calls to a cloud service without traversing the public internet. API calls from the service gateway to the cloud service can be one-way, with the service gateway making the API call to the cloud service and the cloud service sending the requested data to the service gateway. Generally, the cloud service does not need to initiate the API call to the service gateway. 【0049】 According to the embodiment, a secure host tenancy can be directly connected to a service tenancy, or otherwise may be isolated. A secure host subnet can communicate with an SSH subnet via an LPG, which can enable bidirectional communication on otherwise isolated systems. Connecting a secure host subnet to an SSH subnet may give the secure host subnet access to other entities within the service tenancy. 【0050】 According to one embodiment, the control plane VCN may allow users of the service tenancy to configure or otherwise provision the desired resources. The desired resources provisioned within the control plane VCN may be deployed or otherwise used in the data plane VCN. In some examples, the control plane VCN can be separated from the data plane VCN, and the data plane mirror application layer of the control plane VCN can communicate with the data plane application layer of the data plane VCN via VNICs that may be included in the data plane mirror application layer and the data plane application layer. 【0051】 According to the embodiment, a user or customer of the system can perform requests, such as create, read, update, or delete (CRUD) operations, over the public internet, which can transmit the requests to a metadata management service. The metadata management service can transmit the requests to the control plane VCN via an internet gateway. The requests may be received by an LB subnet included in the control plane DMZ layer. The LB subnet may determine that the request is valid, and in response to this determination, the LB subnet may send the request to an application subnet included in the control plane application layer. If the validity of the request is confirmed and the request requires a call to the public internet, the call to the internet may be sent to a NAT gateway capable of making internet calls. The metadata to be stored by the request may be stored in a DB subnet. 【0052】 According to the embodiment, the data plane mirror application layer can facilitate direct communication between the control plane VCN and the data plane VCN. For example, it may be desirable that changes, updates, or other appropriate modifications to the configuration be applied to the resources contained in the data plane VCN. Using the VNIC, the control plane VCN can communicate directly with the resources contained in the data plane VCN, thereby enabling changes, updates, or other appropriate modifications to the configuration of the resources. 【0053】 According to this embodiment, the control plane VCN and the data plane VCN may be included in the service tenancy. In this case, the system user or customer does not have to own or operate either the control plane VCN or the data plane VCN. Instead, the cloud infrastructure provider may own or operate the control plane VCN and the data plane VCN, both of which may be included in the service tenancy. This embodiment can enable network isolation, which can prevent the user or customer from exchanging information with the resources of other users or other customers. This embodiment may also enable the system user or customer to store databases privately without having to rely on the public internet for storage, which may not provide the desired level of threat protection. 【0054】 According to this embodiment, the LB subnet included in the control plane VCN may be configured to receive signals from the service gateway. In this embodiment, the control plane VCN and the data plane VCN may be configured to be invoked by the cloud infrastructure provider's customers without calling the public internet. The cloud infrastructure provider's customers may desire this embodiment because the databases they use may be controlled by the cloud infrastructure provider and stored in a service tenancy that can be isolated from the public internet. 【0055】 Figure 4 shows another example of a cloud infrastructure architecture according to an embodiment. 【0056】 As shown in Figure 4, according to this embodiment, the data plane VCN may be included in the customer tenancy 221. In this case, the cloud infrastructure provider may provide a control plane VCN for each customer, and the cloud infrastructure provider may configure a unique compute instance included in the service tenancy for each customer. Each compute instance may enable communication between the control plane VCN included in the service tenancy and the data plane VCN included in the customer tenancy. The compute instance may enable resources provisioned within the control plane VCN included in the service tenancy to be deployed, or otherwise used, in the data plane VCN included in the customer tenancy. 【0057】 In one embodiment, a customer of a cloud infrastructure provider may have a database that is managed and operates within the customer's tenancy. In this example, the control plane VCN may include a data plane mirror app layer that may include app subnets. The data plane mirror app layer may reside in the data plane VCN, but does not have to be provided in the data plane VCN. That is, the data plane mirror app layer may have access rights to the customer's tenancy, but does not have to reside in the data plane VCN, and does not have to be owned or operated by the customer. The data plane mirror app layer may be configured to make calls to the data plane VCN, but does not have to be configured to make calls to any entities contained within the control plane VCN. The customer may want to deploy, or otherwise use, resources in the data plane VCN that are provisioned within the control plane VCN, and the data plane mirror app layer can facilitate the customer's desired deployment or other use of resources. 【0058】 In one embodiment, a customer of a cloud infrastructure provider can apply filters to data plane VCNs. In this embodiment, the customer can determine which data plane VCNs are accessible, and may restrict access from data plane VCNs to the public internet. The cloud infrastructure provider does not need to be able to apply filters or otherwise control access of data plane VCNs to any external network or database. Applying filters and controls to data plane VCNs included in the customer's tenancy can help isolate the data plane VCNs from other customers and from the public internet. 【0059】 According to the embodiment, a cloud service may be invoked by a service gateway to access services that may not exist on the public internet, a control plane VCN, or a data plane VCN. The connection between the cloud service and the control plane VCN or data plane VCN does not have to be continuous. The cloud service may reside on different networks owned or operated by the cloud infrastructure provider. The cloud service may be configured to receive calls from the service gateway and not to receive calls from the public internet. Some cloud services may be isolated from others, and the control plane VCN may be isolated from cloud services that may not be in the same region as the control plane VCN. 【0060】 For example, according to one embodiment, the control plane VCN may be located in "Region 1," and the cloud service "Deployment 1" may be located in both Region 1 and "Region 2." When a service gateway included in the control plane VCN located in Region 1 makes a call to Deployment 1, this call may be sent to Deployment 1 within Region 1. In this example, the control plane VCN, or Deployment 1 within Region 1, may or may not communicate with Deployment 1 within Region 2. 【0061】 Figure 5 shows another example of a cloud infrastructure architecture according to an embodiment. 【0062】 As shown in Figure 5, according to the embodiment, a trusted application subnet 260 can be communicatively coupled to a service gateway included in the data plane VCN, a NAT gateway included in the data plane VCN, and a DB subnet included in the data plane data layer. An untrusted application subnet 264 can be communicatively coupled to a service gateway included in the data plane VCN and a DB subnet included in the data plane data layer. The data plane data layer may include a DB subnet that can be communicatively coupled to a service gateway included in the data plane VCN. 【0063】 According to one embodiment, an untrusted application subnet may include one or more primary VNICs (1) to (N) that can be communicatively coupled to tenant virtual machines (VMs). Each tenant VM may be communicatively coupled to each application subnet 267 (1) to (N) that may be included in each container exit VCN 268 (1) to (N) that may be included in each customer tenancy 270 (1) to (N). Each secondary VNIC can facilitate communication between the untrusted application subnet included in the data plane VCN and the application subnet included in the container exit VCN. Each container exit VCN may include a NAT gateway that can be communicatively coupled to the public internet. 【0064】 According to the embodiment, the public internet may be communicatively coupled to a NAT gateway, which is included in the control plane VCN and the data plane VCN. A service gateway, which is included in the control plane VCN and the data plane VCN, may be communicatively coupled to a cloud service. 【0065】 According to one embodiment, the data plane VCN can be integrated with a customer's tenancy. This integration may be useful or desirable for a cloud infrastructure provider's customer when they may require additional support when executing code. For example, a customer may provide code that could potentially be destructive, communicate with other customers' resources, or otherwise cause undesirable consequences. 【0066】 According to one embodiment, a customer of a cloud infrastructure provider may request the cloud infrastructure provider to grant temporary network access privileges and the ability to connect to the data plane application layer. The code for performing this function may run in a VM and may not be configured to run elsewhere on the data plane VCN. Each VM may be connected to one customer's tenancy. Each container (1) to (N) contained within a VM may be configured to run the code. In this case, a double isolation may exist (e.g., the container running the code, the container may be contained in at least one VM that is in an untrusted application subnet), which can help prevent incorrect or otherwise undesirable code from damaging the cloud infrastructure provider's network or the networks of different customers. The containers may be communicatively coupled to the customer's tenancy and may be configured to send or receive data to or from the customer's tenancy. The containers may not be configured to send or receive data to or from any other entities within the data plane VCN. Upon completion of code execution, the cloud infrastructure provider may discard the containers. 【0067】 In one embodiment, a trusted application subnet may execute code that may be owned or operated by the cloud infrastructure provider. In this embodiment, the trusted application subnet may be communicatively joined to a DB subnet and configured to perform CRUD operations within the DB subnet. An untrusted application subnet may be communicatively joined to a DB subnet and configured to perform read operations within the DB subnet. Containers that may be contained within each customer's VM and can execute code from the customer do not need to be communicatively joined to the DB subnet. 【0068】 In some embodiments, the control plane VCN and the data plane VCN do not need to be directly communicatively coupled, or direct communication between the control plane VCN and the data plane VCN is not required. However, communication can occur indirectly, and a LPG (Landing Platform) may be established by the cloud infrastructure provider to facilitate communication between the control plane VCN and the data plane VCN. In another example, the control plane VCN or the data plane VCN can make calls to cloud services via a service gateway. For example, a call from the control plane VCN to a cloud service may include a request to a service that can communicate with the data plane VCN. 【0069】 Figure 6 shows another example of a cloud infrastructure architecture according to an embodiment. 【0070】 As shown in Figure 6, according to the embodiment, a trusted application subnet can be communicatively coupled to a service gateway included in the data plane VCN, a NAT gateway included in the data plane VCN, and a DB subnet included in the data plane data layer. An untrusted application subnet can be communicatively coupled to a service gateway included in the data plane VCN and a DB subnet included in the data plane data layer. The data plane data layer may include a DB subnet that can be communicatively coupled to a service gateway included in the data plane VCN. 【0071】 According to one embodiment, an untrusted application subnet may include a primary VNIC that can be communicatively coupled to tenant virtual machines (VMs) residing within the untrusted application subnet. Each tenant VM may execute code within its respective container and may be communicatively coupled to an application subnet that may be included in a dataplane application layer 281, which may be included in a container exit VCN 280. Each secondary VNIC 282(1)-(N) can facilitate communication between the untrusted application subnet included in the dataplane VCN and the application subnet included in the container exit VCN. The container exit VCN may include a NAT gateway that can be communicatively coupled to the public internet. 【0072】 According to the embodiment, an internet gateway included in the control plane VCN and included in the data plane VCN may be communicatively coupled to a metadata management service which may be communicatively coupled to the public internet. The public internet may be communicatively coupled to a NAT gateway included in the control plane VCN and included in the data plane VCN. A service gateway included in the control plane VCN and included in the data plane VCN may be communicatively coupled to a cloud service. 【0073】 In this embodiment, the pattern shown in Figure 6 may be considered an exception to the pattern shown in Figure 5, which may be desirable for a customer when the cloud infrastructure provider cannot communicate directly with the customer (e.g., a disconnected region). Each container contained within a VM for each customer may be accessible in real time by the customer. The container may be configured to make calls to each secondary VNIC contained within the application subnet of the data plane application layer, which may be contained within the container exit VCN. The secondary VNIC may send the call to a NAT gateway, which may send the call to the public internet. In this example, the container, which may be accessible in real time by the customer, can be isolated from the control plane VCN and from other entities contained within the data plane VCN. The container may also be isolated from other customers' resources. 【0074】 In another example, a customer can use a container to invoke a cloud service. In this example, the customer may execute code within a container that requests a service from the cloud service. The container can send this request to a secondary VNIC, which can send it to a NAT gateway, which can send it to the public internet. The public internet can be used to send this request to an LB subnet included in the control plane VCN via an internet gateway. In response to deciding that this request is valid, the LB subnet can send this request to an application subnet, which can send this request to the cloud service via a service gateway. 【0075】 It should be understood that the IaaS architecture shown in the above diagram may include components other than those shown. Furthermore, the embodiments shown in the diagram are merely examples of cloud infrastructure systems that may incorporate embodiments of this disclosure. In some other examples, the IaaS system may include more or fewer components than those shown in the diagram, may combine two or more components, or may have different configurations or arrangements of components. 【0076】 In one embodiment, the IaaS system described herein may include the provision of a set of applications, middleware, and database services that are self-service, subscription-based, elastically scalable, reliable, highly available, and securely delivered to the customer. 【0077】 Cloud environment According to the embodiment, the cloud infrastructure environment may be used to provide a dedicated cloud environment, for example, as one or more private label cloud environments, for use by tenants of the cloud infrastructure environment in accessing subscription-based software products, services, or other offerings associated with the cloud infrastructure environment. 【0078】 Figure 7 illustrates how the system can provide a dedicated label cloud environment or private label cloud environment for use by tenants or customers of a cloud infrastructure environment, according to the embodiment. 【0079】 While the various examples described herein illustrate different systems, methods, and / or techniques that may be used in the context of providing a private label cloud (PLC) environment, according to different embodiments, the systems, methods, and techniques described herein may be used within or in conjunction with other types of cloud environments. 【0080】 As shown in Figure 7, according to the embodiment, a cloud infrastructure provider can provide one or more cloud environments (e.g., PLC environments) or realms to an operator 320, for example, a customer of the cloud infrastructure acting as a reseller. The operator / reseller can then customize and extend the cloud environments for use by the customer 330 (of the operator / reseller) to use in accessing subscription-based software products, services, or other offerings associated with the cloud infrastructure environment. 【0081】 For illustrative purposes, examples of such subscription-based products, services, or other offerings may include various cloud infrastructure software products, such as Oracle Fusion Applications products, or other types of products or services that allow customers to subscribe to use those products or services. 【0082】 Figure 8 further illustrates the use of a cloud realm for use by a tenant or customer of a cloud infrastructure environment, according to an embodiment. 【0083】 As shown in Figure 8, according to the embodiments, the system may include a cloud subscription service or component called a subscription manager in some embodiments herein, which exposes one or more subscription management APIs to onboard new customers or to create orders used to create subscriptions and to initiate workflows to coordinate billing and pricing services or other components for use with Cloud Realm 400. 【0084】 According to one embodiment, when an operator (e.g., a PLC operator) or an operator's customer requests a cloud environment, the system creates realms for use within regions 402, 404, along with tenancies 416 owned by one or more providers. These tenancies enable the regions to function with the required service infrastructure and are managed by the cloud infrastructure provider. 【0085】 According to one embodiment, the first step in the process is to create an operator tenancy 406 for the operator before the region and associated realms are handed over to the operator for subsequent management. The operator then becomes the administrator of this tenancy, within which the operator can view and manage everything that happens within that region, including customer accounts and the usage of cloud resources by those customers 412. 【0086】 Generally, after a region is handed over to or provided to an operator, the cloud infrastructure provider cannot access the data within the operator tenancy, for example, to troubleshoot any issues that may arise, unless the operator allows the cloud infrastructure provider to access the data within the operator tenancy. 【0087】 According to the embodiment, the operator can then create additional internal tenancies 408 intended for the operator's own internal use, for example, to evaluate what the end-user or customer experience will be like, or to provide sales demo tenancies, or to operate a database for the operator's own internal use. The operator can also create one or more customer tenancies 410, where the end-user or customer becomes the administrator of the customer tenancies 410. Cloud infrastructure usage, such as compute, storage, and other infrastructure resources, is aggregated by the operator reflecting both the operator's usage and the operator's customers' usage and reported to the cloud infrastructure provider. 【0088】 Depending on the embodiment, a user interface or console may be provided that allows the operator to manage their customer accounts and the services provided by the customer. The cloud infrastructure provider may also use a cloud infrastructure tenancy, such as a Fusion Applications tenancy, to install any infrastructure services required for use by the operator and the operator's customers. 【0089】 Figure 9 further illustrates the use of a cloud realm for use by a tenant or customer of a cloud infrastructure environment, according to an embodiment. 【0090】 As shown in Figure 9, according to the embodiment, a service or component of the subscription manager 424 exposes one or more subscription management APIs to onboard new customers or to create orders used to create subscriptions and initiate workflows to coordinate billing and pricing services or other components. 【0091】 According to one embodiment, the system may also include a billing service 428 or component that operates on subscription and preferred billing accounts or logical containers used to generate invoices for customers. 【0092】 According to one embodiment, the system may also include a subscription pricing service (SPS) 426 or component which operates on a product catalog defining products that can be purchased by a customer and may be used to provide a price list (e.g., rate cards) which the pricing service also possesses. 【0093】 According to the embodiment, products may be selected from the product hub to support the sales process in realms 420 and 422 in which subscriptions are created. After an order is created via the subscription service 430, the subscription is created in the subscription manager, which then manages the lifecycle of that subscription and provisions what needs to be provisioned in downstream services. The SPS component then manages pricing and usage aspects for use in billing the operator for final costs or in its ability to bill the customer. Usage events are forwarded to the billing service or component, an invoice is created according to the subscription billing preference, and sent to the accounts receivable component. 【0094】 According to one embodiment, services provided in the realm report their usage to a metering service or component 432, but such usage is not associated with any price. The valuation process determines the cost of each specific event, for example by applying a rate card, determines the unit and cost of that subscription, associates this cost with the record, and then forwards it to the billing service or component. 【0095】 As further shown in Figure 9, according to the embodiment, the operator may control multiple realms A, B, for example, an operator operating in multiple countries may want to operate a completely isolated data center for the United States and another completely isolated data center for Europe to address, for example, management or regulatory requirements. According to the embodiment, usage associated with these multiple realms may be aggregated for use by the central subscription manager 435 and, where applicable, the prime billing service 436 in billing to the operator (434). 【0096】 The various system examples presented above are provided to illustrate computing environments that may be used to provide a dedicated label cloud environment or private label cloud environment for use by tenants of a cloud infrastructure in accessing subscription-based software products, services, or other offerings related to the cloud infrastructure environment. According to other embodiments, the various components, processes, and features described herein may be used in conjunction with other types of cloud computing environments. 【0097】 Cloud Subscription Figure 10 shows an embodiment of a system for providing access to software products or services in a cloud computing environment or other computing environment. 【0098】 As shown in Figure 10, according to the embodiments, the system may be provided as a cloud computing environment or other computing environment, referred to as a platform in some embodiments herein, which supports the use of subscription-based products, services, or other offerings. 【0099】 Examples of such subscription-based products, services, or other offerings may include software products or services for various cloud infrastructures that allow customers to subscribe to use those products or services. 【0100】 According to the embodiment, the environment may include several components provided as operator singletons 438, realm singletons 439, and regional services 440, as further described below. 【0101】 Depending on the embodiment, a subscription may include artifacts such as products, commits, billing models, and states. A subscription manager service or component may expose one or more subscription management APIs to onboard new customers or to create orders used to create subscriptions and initiate workflows that coordinate the creation of appropriate footprints in billing and pricing services or components, as further described below. 【0102】 According to the embodiment, the billing service or component operates on subscription and preferred billing accounts or logical containers used to generate invoices. Each billing account generates one invoice per billing cycle. The billing service includes a first pipeline that receives usage and costs from the metering service or component via a REST API, and includes a first pipeline in which billing writes usage to a database and billing workers aggregate from this database to calculate balances, and a second pipeline that receives aggregated usage and commitments and is responsible for calculating charges over billing intervals. 【0103】 According to the embodiment, the Subscription Pricing Service (SPS) 426 or component operates on a product catalog that defines the products that can be purchased by a customer. The product catalog forms the backbone of a price list (i.e., rate cards) which the Pricing Service also owns. The rate cards are modeled as pricing rules on top of public list prices. The Pricing Service maintains a single price list for all products, and new product prices can be added and existing prices can be changed. The price list has a complete history, and the latest version is the current rate card. Since some contracts may require a snapshot of the rate cards to be taken, the Pricing Service handles this by recording the time when the customer's rate card was created and then querying the price list at that point in time. 【0104】 According to the embodiment, the SPS or pricing service communicates with the product and pricing hub 421 and is responsible for providing information about products, the overall price list, and price lists and discounts specific to the end user or customer's subscription. For example, according to the embodiment, the SPS can synchronize product information from the product hub with the overall price list from the pricing hub. 【0105】 According to the embodiment, the subscription manager service or component acts as an upstream service for receiving new order requests from the order management component 423, for example, from an Oracle Fusion Order Management environment. The subscription manager service or component can provide the SPS service with subscription information, including configured estimated time or subscription type (commitment, PayG), to help the SPS determine the effective base price (rate card) of the subscription. The subscription manager service or component can also send subscription discounts received from the order management component, which the SPS stores as entities of pricing rules. 【0106】 According to the embodiment, the SPS service runs as a background process for managing the rate card service or component, which is responsible for generating rate cards for new subscriptions and updating those rate cards when new price changes occur. The SPS service can provide APIs for accessing rate cards and pricing rules. The measurement inline evaluation engine can use these APIs to retrieve rate cards and pricing rules specific to a subscription and then use this data for cost calculation. 【0107】 According to the embodiment, additional SPS components may include, for example, a pricing / product hub integration component that enables an operator entity providing subscription-based products, services, or other offerings within the environment to manage product and price lists, such as those provided by a product hub and a pricing hub, respectively. 【0108】 For example, in such an embodiment, the SPS product integration flow can listen for create / update events in the product hub and make calls to the SPS product API. Similarly, the SPS pricing integration flow can retrieve new price list creations from the pricing hub and call the respective SPS pricing API. 【0109】 According to one embodiment, the system may also include an SPS core module that manages pricing entities and provides APIs for accessing them. Pricing entities can be accessed by internal services, such as an inline valuation engine. 【0110】 According to the embodiment, the system may also include a rate card manager component. The SPS service maintains a single base price for a product at a given point in time. However, the product price for a subscription depends on the base price and price list change policy attributes at the time the subscription is estimated and configured. The SPS service uses these properties to internally maintain the prices used for subscriptions. All such price lists are grouped into rate cards. The rate card manager can create and maintain rate cards, listen for price list changes and update existing rate cards with the new prices, and listen for new subscriptions and assign rate cards based on the subscription properties. 【0111】 According to the embodiment, the SPS service is responsible for managing subscription pricing rules, including discounts offered to end users or customers. Eligibility for pricing rules can be based on product attributes, such as discount groups, product categories, or specific SKUs. The SPS needs to internally identify a list of products to which these rules apply. To achieve this, a rule decoder engine can compile pricing rules in a format that allows an inline evaluation engine to use the information for cost calculations. This compilation process may occur when a product or pricing rule is created or updated. 【0112】 As shown in Figure 10 as an example, according to the embodiment, in 441, product and pricing information managed in, for example, Fusion Applications is sent to the SPS component. 【0113】 In step 442, the order is sent to the Subscription Manager component to create the subscription, rate card, and billing account. 【0114】 In step 443, the pricing configuration and pricing rules for the new order are sent to SPS. 【0115】 In version 444, the Subscription Manager component is used to configure billing accounts in the billing service or component. 【0116】 In step 445, the Subscription Manager component exposes events to the Subscription Manager Streaming component. 【0117】 In step 446, the billing data is sent to the accounts receivable component 425 in order to generate an invoice. 【0118】 In step 447, the Subscription Manager component consumes reclaim and subscription lifecycle (RASL) events from the Subscription Manager Streaming. 【0119】 At 448, Activation Service 427 reads the Subscription Manager event stream. 【0120】 In step 449, the customer obtains activation data from the activation portal 429. 【0121】 In 450, Tenancy Lifecycle Services 461 provision the tenancy as part of the subscription activation. 【0122】 In 451, the tenancy lifecycle service creates the account footprint within the account component 463 during account provisioning. 【0123】 In 452, the Tenancy Lifecycle Service configures the restriction template during account provisioning within the Restriction Service 467. 【0124】 In version 453, the account component functions as a downstream RASL client for handling the legacy reuse and subscription lifecycle in version 465. 【0125】 In step 454, the aggregated costs and usage are sent to the billing service 428 or component. 【0126】 In version 455, organizations can create child tenancies using the Tenancy Lifecycle Service. 【0127】 In step 456, the measurement service 432 or component retrieves subscription mapping data. 【0128】 In step 457, the subscription service 430 retrieves organizational data 469 for subscription mapping. 【0129】 At step 458, the RASL component reads the subscription manager event stream. 【0130】 In 459, the subscription service reads the subscription manager event stream, and in 460, the metering service or component retrieves ratecard data for each subscription, which can then be used in billing the operator or the customer for the final cost. 【0131】 The above examples are provided for illustrative purposes only to illustrate computing environments that may be used to provide a dedicated label cloud environment or private label cloud environment for use by tenants of a cloud infrastructure in accessing subscription-based software products, services, or other offerings related to the cloud infrastructure environment. According to other embodiments, the various components, processes, and features described herein may be used in conjunction with other types of cloud computing environments. 【0132】 Phased evaluation of service usage in a cloud infrastructure realm Figure 11 shows a system, according to an embodiment, for providing a stepwise evaluation of the use of software products and / or services in a cloud computing environment or other computing environment. 【0133】 Overall, according to the embodiments, the System of the Subject provides a method and system for multi-layer resource usage measurement, including a first layer of resource usage measurement occurring at the operator level within the realm of the cloud infrastructure operator, and a second layer of resource usage measurement occurring at the cloud infrastructure provider level. 【0134】 While several examples described herein illustrate various systems, methods, and / or techniques that may be used in the context of providing a private label cloud (PLC) environment, according to various embodiments, the systems, methods, and techniques described herein may be used in or in conjunction with other types of cloud environments. 【0135】 According to the embodiment, the first level of measurement provides the operator with detailed resource usage information relating to the specific resources used by each of the one or more end users, the amount of resources used by each of the one or more end users, and the timing of resource use by each of the one or more end users. 【0136】 According to the embodiment, the second level of measurement provides the cloud provider system with generalized resource usage information relating to resources used by the realm operator and by each of the realm operator's end users, however, the generalized resource usage information is anonymized for each of the one or more end users. In this way, the cloud provider system is provided with resource usage information relating to specific resources used attributable to the realm operator and the realm operator's end users, the amount of resources used attributable to the realm operator and the realm operator's end users, and the timing of resource usage attributable to the realm operator and the realm operator's end users. 【0137】 Commercially, the first level of measurement allows operators to directly control the pricing of products offered to end users and the billing activities associated with those end users, while the second level of measurement provides the cloud provider system with accounting data for all usage by the operator and its customers, which can then be billed for total usage. 【0138】 According to the embodiment, data related to total usage by the operator and the operator's customers is anonymized. In the case of usage related to unique / proprietary infrastructure and platform services used by the operator's customers, the accounting provided to the cloud infrastructure provider, e.g., OCI, includes only a portion of the resource consumption required to support or related to any of the platform infrastructure and platform services used by the operator's customers. 【0139】 According to the embodiment, continuing with reference to Figure 11, the shown system provides a stepwise evaluation of the use of products and / or services in a cloud infrastructure environment. The operator's cloud environment runs on one or more computers and is deployed within a first realm A that is controlled by or otherwise “owned” by a first realm operator. 【0140】 In an exemplary embodiment, the first realm may be, for example, a PLC realm controlled by a first realm operator. A set of software products is provided to the first realm A from the cloud infrastructure provider of the cloud environment as a vendor cloud service for access by multiple end users through the first realm A. The measurement service 432 is configured to receive end customer usage information from the vendor cloud service, the end customer usage information representing use or consumption by each of the multiple end users of the vendor cloud service, and to deliver end user consumption information representing use by customer users of the vendor cloud service to the operator of realm A and the cloud infrastructure provider. 【0141】 According to one embodiment, the measurement service 432 is further configured to receive operator consumption information from a set of software products, the operator consumption information representing the use of the set of software products by an operator in Realm A. The measurement service may sum end-user or customer consumption information with the operator consumption information as operator-attributable consumption information and deliver the operator-attributable consumption information to the cloud infrastructure provider. 【0142】 According to one embodiment, an operator subscription manager service is provided for managing an operator's subscription to a set of software products, the operator subscription manager is configured to send a request to a cloud infrastructure provider in a cloud environment to order one or more of the software products, thereby one or more software products may be received from the cloud infrastructure provider to a first realm A as a set of software products for the operator to selectively provide to multiple end users or end customers as a vendor cloud service. 【0143】 In an exemplary embodiment, the Operator Subscription Manager is configured to fulfill orders by creating Operator Subscriptions in Realm A, and the Operator Subscriptions include Operator Subscription Pricing Attributes. In addition, the Measurement Service further includes a Usage Service evaluated by Operators, which is configured to receive Operator Consumption Information from a set of software products, and the Operator Consumption Information represents the Operator's use of the set of software products. The Operator-Evaluated Usage Service is further configured to determine the usage cost to the Operator for the use of the set of software products by the Operator and a set of end-user customers, based on the Operator Subscription Pricing Attributes, as well as the sum of aggregated end-user consumption information and operator consumption information. The usage cost to the Operator in Realm A, taking into account the Operator's own service or product usage and the usage by the Operator's customers in Realm A, is delivered to the Cloud Infrastructure Provider. 【0144】 According to one embodiment, an end-user subscription manager is provided to the operator in Realm A to manage multiple end-user subscriptions to vendor cloud services. In an exemplary embodiment, the subscription manager is configured to receive requests from end-user customers to order a set of vendor cloud services and to fulfill the orders of the requests by creating end-user customer subscriptions in the subscription manager, which provide the end-user customer with access to the desired set of vendor cloud services. 【0145】 According to the embodiment, the system provides a stepwise evaluation of the use of a software product or service in a cloud computing environment or other computing environment, between usage by operators in Realm A and between multiple different end-user customers. In this regard, a first end-user subscription of a first end-user customer may include a first end-user pricing attribute, and similarly, a second end-user subscription of a second different end-user customer may include a second end-user pricing attribute. The measurement service includes an end-user customer evaluation service configured to also perform the following: determining the usage cost to the first end-user for the first end-user's use of a first set of vendor cloud services based on the first end-user pricing attribute and first end-user consumption information; and determining the usage cost to the second end-user for the second end-user's use of a second set of vendor cloud services based on the second end-user pricing attribute and second end-user consumption information. 【0146】 According to the embodiment, the system's measurement service further includes a billing service configured to deliver to the first end user the usage costs to the first end user for the first end user's use of a first set of vendor cloud services, and to deliver to the second end user the usage costs to the second end user for the second end user's use of a second set of vendor cloud services. 【0147】 According to one embodiment, the system further includes a usage service evaluated by an end-user customer, configured to determine the usage cost to the first end-user for the first end-user's use of a first set of vendor cloud services, based on first end-user pricing attributes and first end-user consumption information, thereby allowing the end-user customer to be billed for usage via a billing service. 【0148】 According to one embodiment, the system is configured to anonymize end-user customer consumption information, including end-user identification information and end-user pricing attributes, as anonymized end-user consumption information. The anonymized end-user consumption information may be delivered to a cloud infrastructure provider. 【0149】 According to the embodiment, the system's measurement service includes receiving operator consumption information from a set of software products, the operator consumption information representing the operator's use of the set of software products, and may further include a usage service evaluated by an operator configured to determine the usage cost to the operator in Realm A for the use of the software services or set of software products by the operator in Realm A and a set of end-user customers of the operator in Realm A, based on the received operator subscription pricing attributes, operator consumption information, and anonymized end-user consumption information. The usage cost to the operator in Realm A may be delivered to the operator of the cloud infrastructure provider for appropriate billing via the Subscription Manager Prime billing service. 【0150】 According to the embodiment, the shown system providing a stepwise evaluation of the use of services and / or products in a cloud infrastructure environment 100 may include one or more computers having one or more microprocessors, and the cloud environment 100 may run on one or more computers. Multiple products and / or services are deployed within one or more realms of the cloud environment, such as realm A and realm B. A multi-layer reporting service 475 is provided within a first realm A, and the multi-layer reporting service is operable to monitor the usage of services within the first realm A. Similarly, the multi-layer reporting service 475 may be provided within a second realm B, and the multi-layer reporting service is operable to monitor the usage of services within the second realm B. 【0151】 Overall, focusing on the first realm A in an exemplary embodiment, the multi-layer reporting service 475 receives usage data recording the usage of multiple services by user entities within the first realm A, the usage data including identification data that associates user entities with the usage of services within the first realm A. The usage data is provided by the multi-layer reporting service as a first set of data to a first entity associated with control of the first realm A. The multi-layer reporting service processes the usage data to remove or transform the identification data, thereby generating a second set of data, which is provided to a second entity associated with control of the cloud environment. 【0152】 In the illustrated exemplary embodiment, the first entity may be an operator associated with the control of a first realm A, and the second entity may be an operator associated with the control of a second realm B. 【0153】 In exemplary embodiments, the first entity may be a first operator associated with the control of a first realm A, where the first realm A is a first PLC realm; the second entity may be a second operator associated with the control of a second realm B, where the second realm B is a second PLC realm of the cloud infrastructure; and in exemplary embodiments, the second entity may be a cloud infrastructure provider associated with the overall control of the cloud environment 100. 【0154】 According to the embodiment, it may be understood that it is preferable for the multi-layer reporting service to be operable to generate a second set of data by replacing references in usage data to user entities with references to first entities. 【0155】 It should also be understood that it is preferable for the multi-layer reporting service to be able to generate a second set of data by reformatting usage data, which records the usage of multiple services by a user entity, to match the usage records of multiple services by a second entity. 【0156】 In one embodiment, the second multilayer reporting service 475 may be provided within the second realm B, and the second multilayer reporting service may be operable to monitor the usage of the services and / or within the second realm B, and the first entity may also be associated with the control of the second realm B. In an exemplary embodiment, the second multilayer reporting service 475 operating within the second realm B receives usage data recording the usage of multiple services by user entities within the second realm B, and the usage data includes identification data that associates user entities with the usage of services within the second realm B. 【0157】 According to one embodiment, a second multi-layer reporting service 475 operating within a second realm B generates a modified set of usage data by processing the usage data and removing or transforming the identification data. The multi-layer reporting service is further operable to combine the modified sets of usage data received from both the first and second realms A and B, describing usage by user entities within the first and second realms A and B, to generate aggregated usage data, and the multi-layer reporting service is operable to provide the aggregated usage data to a second entity associated with the cloud environment. In the exemplary embodiment shown, the multi-layer reporting service 475 may be distributed across the first and second realms A and B. Alternatively, the multi-layer reporting service 475 may be provided as an instance of a reporting service that cooperates to generate aggregated usage data and provide the aggregated usage data to a second entity associated with the cloud environment. 【0158】 In an exemplary embodiment, the multi-layer reporting service is operable to transmit one or more rules or policies stored within the first realm from a second entity associated with control of the cloud environment to a first entity associated with control of the first realm, and to modify the operation of the multi-layer reporting service in monitoring the usage of services within the first realm. The first entity may be, for example, a realm operator, and the second entity may be, for example, a cloud infrastructure provider. 【0159】 According to the embodiment, the multi-layer reporting service is further configured to receive first entity consumption information from multiple services, the first entity consumption information being based on usage data representing the usage of multiple services by user entities in a first realm; to receive second entity consumption information from multiple services, the second entity consumption information representing the usage of multiple services by a second entity; to sum the first entity consumption information with the second entity consumption information as totaled cloud environment consumption information; and to deliver the totaled cloud environment consumption information to a second entity associated with the control of the cloud environment. 【0160】 According to one embodiment, the system further includes an operator subscription service 430 capable of managing a first entity's subscriptions to a plurality of services, the operator subscription service being configured to send requests to a second entity associated with control of a cloud environment to order one or more of the plurality of services, and to receive one or more services to the first realm as a plurality of services for the first entity to selectively provide to user entities as vendor cloud services. 【0161】 According to the embodiment, the operator subscription service 430 is capable of fulfilling orders by creating a subscription of a first entity in the operator subscription service, and it can be understood that the subscription of the first entity includes a subscription pricing attribute of the first entity representing the pricing to the first entity for the use of one or more of a plurality of services, and a subscription pricing attribute of the user entity representing the pricing to the user entity for the use of one or more of a plurality of services by the user entity. 【0162】 In addition to the above, according to the embodiment, the subscription manager service or component 424 further includes or operates as an end-user subscription manager (EUSM) for managing user entity subscriptions to multiple services, the EUSM being configured to receive a first request from a first user entity ordering a first set of multiple services, and a second request from a second user entity ordering a second set of multiple services. The subscription manager / EUSM service or component can further operate to fulfill the order of the first request by creating a subscription for the first user entity in the EUSM, the subscription for the first user entity providing the first user entity with access to the first set of cloud services. The EUSM can further operate to fulfill the order of the second request by creating a subscription for the second user entity in the EUSM, the subscription for the second user entity providing the second user entity with access to the second set of cloud services. 【0163】 Figure 12 is a flowchart illustrating a method 500 for providing a stepwise evaluation of the use of a software product or service in a cloud computing environment or other computing environment, according to an embodiment. 【0164】 As shown in Figure 12, according to the embodiment, in 502, multiple services are deployed within one or more realms of a cloud environment running on one or more computers having one or more microprocessors. 【0165】 In 504, a multi-layer reporting service is provided within the first realm. According to one embodiment, the multi-layer reporting service provided within the first realm is operable to monitor the usage of services within the first realm. 【0166】 In 506, customer usage data is received by a multi-layer reporting service provided in 504 within the first realm. According to an exemplary embodiment, the usage data records the usage of multiple services by user entities within the first realm. The usage data may include, for example, identification data that associates user entities with the usage of services within the first realm. 【0167】 In 508, usage data is provided to a first entity associated with the control of the first realm. According to an exemplary embodiment, the first entity may be, for example, a PLC operator. 【0168】 In 510, the multi-layer reporting service generates a second set of data by processing the usage data and removing or transforming the identification data. According to the embodiment, it may be understood that the processing of the usage data by the multi-layer reporting service is preferably done by anonymizing the usage data by removing or transforming the identification data from the usage data. That is, the resulting second set of data does not contain any information that associates the usage of the cloud product or service with any particular end user or customer. 【0169】 According to an exemplary embodiment, generating a second set of data may include replacing references in usage data to user entities with references to first entities. 【0170】 According to an exemplary embodiment, generating a second set of data may include reformatting usage data that records the usage of multiple services by a user entity to match the usage records of multiple services by the second entity. 【0171】 In 512, the multi-layer reporting service provides a second set of data to a second entity associated with the control of the cloud environment. According to an exemplary embodiment, the second entity may be a cloud infrastructure provider. 【0172】 Figure 13 is a further flowchart illustrating a method 520 for providing a stepwise evaluation of the use of a software product or service in a cloud computing environment or other computing environment, according to an embodiment. 【0173】 As shown in Figure 13, according to the embodiment, a second multilayer reporting service is provided to a second realm B, for example, as shown in Figure 9, in 524. In the exemplary embodiment, the second multilayer reporting service is operable to monitor the usage of services within the second realm, and the first entity is associated with the control of the second realm. In the exemplary embodiment, the second entity associated with the control of the second realm may be, for example, a PLC operator. 【0174】 In one embodiment, customer usage data is received by a second multilayer reporting service operating within the second realm B at 526. In one embodiment, it can be understood that the usage data includes identification data relating the user entity to the usage of services within the second realm B, and the second multilayer reporting service 475 operating within the second realm B records the usage of multiple services by user entities within the second realm B. The user entity may be, for example, an end-user of a PLC operator. 【0175】 In 526, customer usage data received by the second multi-layer reporting service may be provided to the PCL operator to report and verify the use of cloud services and cloud products by end-user customers. 【0176】 In 528, the modified set of usage data is generated by a second multi-layer reporting service operating within the second realm B. In an exemplary embodiment, the modified set of usage data is generated by the second multi-layer reporting service by processing the usage data to remove or transform the identification data. 【0177】 In 530, aggregated usage data is generated by joining the modified sets of usage data received from both the first and second realms, and this aggregated usage data describes the usage by user entities in the first and second realms. 【0178】 In step 532, the aggregated usage data is provided to the cloud infrastructure operator, which is a second entity associated with the cloud environment. 【0179】 In addition, one or more rules or policies may be propagated from a second entity associated with controlling the cloud environment to a first entity associated with controlling the first realm, and one or more rules or policies may be stored within the first realm and modify the behavior of the multi-layer reporting service in monitoring the usage of services within the first realm. 【0180】 In the embodiment, it can be understood that the first entity may be a realm operator, and the second entity may be a cloud infrastructure provider. 【0181】 Figure 14 is a further flowchart illustrating a method 540 for providing a stepwise evaluation of the use of a software product or service in a cloud computing environment or other computing environment, according to an embodiment. 【0182】 As shown in Figure 14, according to the embodiment, in 542, the multilayer reporting service is configured to receive first entity consumption information from multiple services, the first entity consumption information is based on usage data representing the usage of multiple services by user entities in a first realm. 【0183】 In 544, the multilayer reporting service is further configured to receive second entity consumption information from multiple services, where the second entity consumption information represents the use of multiple services by the second entity. 【0184】 In step 546, the multi-layer reporting service sums the first actual consumption information with the second actual consumption information to obtain totaled cloud environment consumption information. 【0185】 In version 548, the multi-layer reporting service delivers aggregated cloud environment consumption information to a second entity associated with the control of the cloud environment. 【0186】 Figure 15 is a further flowchart illustrating a method 550 for providing a stepwise evaluation of the use of a software product or service in a cloud computing environment or other computing environment, according to an embodiment. 【0187】 As shown in Figure 15, according to the embodiment, 552 provides an operator subscription manager (OSM) for managing the subscriptions of the first entity to multiple services. 【0188】 In version 554, OSM is configured to send requests to order one or more of several services to a second entity associated with control of the cloud environment. 【0189】 In 556, OSM is further configured to receive one or more services to the first realm as a vendor cloud service, as a set of services to be selectively provided to user entities by the first entity. 【0190】 According to a further exemplary embodiment, in 558, the OSM is configured to fulfill an order by creating a subscription of a first entity in the OSM, the subscription of the first entity including a subscription pricing attribute of the first entity representing pricing to the first entity for the use of one or more of a plurality of services, and a subscription pricing attribute of the user entity representing pricing to the user entity for the use of one or more of a plurality of services by the user entity. 【0191】 Figure 16 is a further flowchart illustrating a method 560 for providing a stepwise evaluation of the use of a software product or service in a cloud computing environment or other computing environment, according to an embodiment. 【0192】 As shown in Figure 16, according to the embodiment, an End User Subscription Manager (EUSM) is provided in 562 for managing user entity subscriptions to multiple services. 【0193】 In 564, EUSM is capable of receiving a first request from a first user entity ordering a first set of multiple services. 【0194】 In 566, EUSM can further operate to receive a second request from a second user entity ordering a second set of multiple services. 【0195】 In 568, EUSM may further act to fulfill the order of the First Request by creating a subscription for the First User Entity in EUSM, which provides the First User Entity with access to a first set of cloud services. 【0196】 In 570, EUSM can further act to fulfill the order of a second request by creating a subscription for a second user entity in EUSM, the subscription for the second user entity providing the second user entity with access to a second set of cloud services. 【0197】 According to various embodiments, the teachings herein may be implemented using one or more computers, computing devices, machines, or microprocessors, including one or more processors, memory, and / or computer-readable storage media, programmed in accordance with the teachings herein. Appropriate software coding can be readily prepared by a skilled programmer based on the teachings herein, as will be apparent to those skilled in the art of software technology. 【0198】 In some embodiments, the teachings herein may include a computer program product which is a non-temporary computer-readable storage medium containing instructions that can be used to program a computer to perform any of the processes of these teachings. Examples of such storage media may include, but are not limited to, hard disk drives, hard disks, fixed disks, ROMs, RAMs, EPROMs, EEPROMs, DRAMs, VRAMs, flash memory devices, or other types of storage media or devices suitable for the non-temporary storage of instructions and / or data. 【0199】 The foregoing description is provided for illustrative and explanatory purposes only. It is not intended to be exhaustive or to limit the scope of protection to the exact form disclosed. Further modifications and variations will be apparent to those skilled in the art. 【0200】 The embodiments have been selected and described to best illustrate the teaching principles and their practical application herein, thereby enabling those skilled in the art to understand the various embodiments, along with various modifications suitable for specific intended uses. This scope is intended to be defined by the following claims and their equivalents.

Claims

[Claim 1] It is a method, To provide multiple services deployed within one or more realms of the cloud environment, To provide a multi-layer reporting service that can operate within a first realm to monitor the usage of the service within the first realm, The multi-layer reporting service includes receiving usage data that records the usage of the multiple services by user entities within the first realm, the usage data including identification data that associates the user entities with the usage of the services within the first realm. The method includes providing the usage data as a first set of data to a first entity associated with the control of the first realm, The multi-layer reporting service generates a second set of data by processing the usage data and removing or transforming the identification data, A method further comprising providing a second set of the aforementioned data to a second entity associated with the control of the cloud environment. [Claim 2] The method according to claim 1, wherein generating the second set of data includes replacing the references in the usage data to the user entities with references to the first entities. [Claim 3] The method according to claim 1, wherein generating the second set of data includes reformatting the usage data recording the usage of the plurality of services by the user entity to match the usage record of the plurality of services by the second entity. [Claim 4] The aforementioned method, The first entity further includes providing a second multi-layer reporting service within a second realm that is operable to monitor the usage of the services within the second realm, and the first entity is associated with the control of the second realm. The method further includes the second multi-layer reporting service operating within the second realm receiving usage data recording the usage of the multiple services by user entities within the second realm, wherein the usage data includes identification data that associates the user entities with the usage of the services within the second realm. The method involves the second multi-layer reporting service, operating within the second realm, processing the usage data and removing or transforming the identification data to generate a modified set of usage data. To generate aggregated usage data by combining modified sets of usage data received from both the first and second realms, which describe the usage by the user entities within the first and second realms, The method according to claim 1, further comprising providing the aggregated usage data to the second entity associated with the cloud environment. [Claim 5] The method according to claim 1, further comprising transmitting one or more rules or policies stored in the first realm from the second entity associated with control of the cloud environment to the first entity associated with control of the first realm, and modifying the operation of the multi-layer reporting service in monitoring the usage of the services in the first realm. [Claim 6] The method according to claim 1, wherein the first entity is a realm operator and the second entity is a cloud infrastructure provider. [Claim 7] The aforementioned multi-layer reporting service is The system is configured to receive first entity consumption information from the plurality of services, and the first entity consumption information is based on the usage data representing the amount of the plurality of services used by the user entities within the first realm. It is configured to receive a second entity consumption information from the aforementioned multiple services, and the second entity consumption information represents the use of the aforementioned multiple services by the second entity. The total cloud environment consumption information is obtained by summing the first actual consumption information with the second actual consumption information, The method according to claim 1, configured to deliver the totaled cloud environment consumption information to the second entity associated with the control of the cloud environment. [Claim 8] The present invention further includes providing an Operator Subscription Manager (OSM) for managing subscriptions of the first entity to the aforementioned multiple services, wherein the OSM is: Sending a request to order one or more of the aforementioned services to the second entity associated with the control of the cloud environment, The method according to claim 1, configured to receive one or more of the services to the first realm as a plurality of services to be selectively provided to the user entity by the first entity as a vendor cloud service. [Claim 9] The method according to claim 8, wherein the OSM is configured to fulfill the order by creating a subscription for a first entity in the OSM, and the subscription for the first entity includes a subscription pricing attribute for the first entity representing pricing to the first entity for the use of one or more of the plurality of services, and a subscription pricing attribute for the user entity representing pricing to the user entity for the use of one or more of the plurality of services by the user entity. [Claim 10] The invention further includes providing an End User Subscription Manager (EUSM) for managing the subscriptions of the user entities to the aforementioned multiple services, wherein the EUSM is: Receiving a first request from a first user entity to order a first set of the plurality of services, Receiving a second request from a second user entity to order a second set of the aforementioned multiple services, The EUSM is configured to fulfill the order of the first request by creating a subscription for the first user entity, and the subscription for the first user entity provides the first user entity with access to a first set of the cloud services. The method according to claim 1, wherein the EUSM is configured to fulfill the order of the second request by creating a subscription for the second user entity, and the subscription for the second user entity provides the second user entity with access to a second set of the cloud services. [Claim 11] A system that provides a phased evaluation of service usage in a cloud environment, wherein the system is One or more computers, each equipped with one or more microprocessors, A cloud environment running on one or more computers, Multiple services deployed within one or more realms of the aforementioned cloud environment, A multilayer reporting service provided within a first realm is provided, wherein the multilayer reporting service is operable to monitor the usage of the service within the first realm. The multi-layer reporting service receives usage data recording the usage of the multiple services by user entities within the first realm, and the usage data includes identification data that associates the user entities with the usage of the services within the first realm. The usage data is provided by the multi-layer reporting service as a first set of data to a first entity associated with the control of the first realm. The multi-layer reporting service generates a second set of data by processing the usage data and removing or transforming the identification data. The second set of the aforementioned data is provided to a second entity associated with the control of the cloud environment, a system. [Claim 12] The multi-layer reporting service is operable to generate a second set of data by replacing references in the usage data to user entities with references to first entities, according to claim 11. [Claim 13] The system according to claim 11, wherein the multi-layer reporting service is operable to generate a second set of data by reformatting the usage data, which records the usage of the plurality of services by the user entity, to match the usage records of the plurality of services by the second entity. [Claim 14] The first entity further comprises a second multilayer reporting service provided within the second realm, the second multilayer reporting service being operable to monitor the usage of the service within the second realm, and the first entity is associated with the control of the second realm. The second multi-layer reporting service operating within the second realm receives usage data recording the usage of the multiple services by user entities within the second realm, and the usage data includes identification data that associates the user entities with the usage of the services within the second realm. The second multi-layer reporting service operating within the second realm processes the usage data to remove or transform the identification data, thereby generating a modified set of usage data. The multi-layer reporting service combines the modified sets of usage data received from both the first and second realms, describes the usage by the user entities within the first and second realms, and generates aggregated usage data. The system according to claim 11, wherein the multi-layer reporting service is operable to provide the aggregated usage data to the second entity associated with the cloud environment. [Claim 15] The system according to claim 11, wherein the multilayer reporting service is operable to transmit one or more rules or policies stored in the first realm from the second entity associated with control of the cloud environment to the first entity associated with control of the first realm, and to modify the operation of the multilayer reporting service in monitoring the usage of the services in the first realm. [Claim 16] The system according to claim 11, wherein the first entity is a realm operator and the second entity is a cloud infrastructure provider. [Claim 17] The aforementioned multi-layer reporting service is The system is configured to receive first entity consumption information from the plurality of services, and the first entity consumption information is based on the usage data representing the amount of the plurality of services used by the user entities within the first realm. It is configured to receive a second entity consumption information from the aforementioned multiple services, and the second entity consumption information represents the use of the aforementioned multiple services by the second entity. The total cloud environment consumption information is obtained by summing the first actual consumption information with the second actual consumption information, The system according to claim 11, configured to distribute the totaled cloud environment consumption information to the second entity associated with the control of the cloud environment. [Claim 18] The operator subscription service further comprises an operator subscription service capable of managing subscriptions of the first entity to the plurality of services, wherein the operator subscription service is Sending a request to order one or more of the aforementioned services to the second entity associated with the control of the cloud environment, The system according to claim 11, configured to receive one or more of the services to the first realm as the plurality of services to be selectively provided to the user entity by the first entity as a vendor cloud service. [Claim 19] The system according to claim 18, wherein the operator subscription service is operable to fulfill the order by creating a subscription of a first entity in the operator subscription service, the subscription of the first entity includes a subscription pricing attribute of the first entity representing pricing to the first entity for the use of one or more of the plurality of services, and a subscription pricing attribute of the user entity representing pricing to the user entity for the use of one or more of the plurality of services by the user entity. [Claim 20] The system further comprises an End User Subscription Manager (EUSM) capable of managing the subscriptions of the user entities to the aforementioned multiple services, wherein the EUSM is: Receiving a first request from a first user entity to order a first set of the plurality of services, Receiving a second request from a second user entity to order a second set of the aforementioned multiple services, The EUSM is configured to perform the fulfillment of the order of the first request by creating a subscription for the first user entity, and the subscription for the first user entity provides the first user entity with access to a first set of the cloud services. The system according to claim 11, wherein the EUSM is configured to fulfill the order of the second request by creating a subscription for the second user entity, and the subscription for the second user entity provides the second user entity with access to a second set of the cloud services. [Claim 21] A non-temporary computer-readable storage medium containing stored instructions, wherein, when the instructions are read and executed by one or more computers in a cloud environment, the one or more computers cause the one or more computers to execute a method, and the method is To provide multiple services deployed within one or more realms of the cloud environment, To provide a multi-layer reporting service that can operate within a first realm to monitor the usage of the service within the first realm, The multi-layer reporting service includes receiving usage data that records the usage of the multiple services by user entities within the first realm, wherein the usage data includes identification data that associates the user entities with the usage of the services within the first realm. The usage data is provided as a first set of data to a first entity associated with the control of the first realm, The multi-layer reporting service generates a second set of data by processing the usage data and removing or transforming the identification data, A non-temporary computer-readable storage medium further comprising providing a second set of the aforementioned data to a second entity associated with the control of the cloud environment.

Images