System and method for tenant network identity-based authentication and authorization for administrative access in a protection storage system
First Claim
1. A computer-implemented method for configuring a multi-tenancy storage system, the method comprising:
- in response to a request received from a remote device of a user for configuring a tenant-unit of a storage system via a user'"'"'s secure connection session, determining whether the tenant-unit requires a tenant admin role for access,if the tenant admin role is not required, then the request is allowed;
if the tenant admin role is required,determining a first network identity associated with the user'"'"'s secure connection session wherein the first network identity is of the user'"'"'s remote device used to establish the secure connection session;
examining a secure multi-tenancy (SMT) registry namespace to determine a second network identity that has been assigned to the tenant-unit;
comparing the first network identity with the second network identity to authenticate the user;
allowing the request to configure the tenant-unit in response to determining that the first network identity matches the second network identity; and
denying the request to configure the tenant-unit if the first and second network identities do not match.
13 Assignments
0 Petitions
Accused Products
Abstract
In one embodiment, a request is received from a remote device of a user for configuring a tenant-unit of a storage system via a secure connection session. A secure multi-tenancy (SMT) module determines a first network identity associated with the secure connection session. The SMT module examines an SMT registry namespace associated with the tenant-unit of the tenant to determine a second network identity that has been assigned to the tenant-unit. The first network identity is compared with the second network identity. The request is allowed to configure the tenant-unit in response to determining that the first and second network identities match; otherwise, the request is denied.
51 Citations
24 Claims
-
1. A computer-implemented method for configuring a multi-tenancy storage system, the method comprising:
-
in response to a request received from a remote device of a user for configuring a tenant-unit of a storage system via a user'"'"'s secure connection session, determining whether the tenant-unit requires a tenant admin role for access, if the tenant admin role is not required, then the request is allowed; if the tenant admin role is required, determining a first network identity associated with the user'"'"'s secure connection session wherein the first network identity is of the user'"'"'s remote device used to establish the secure connection session; examining a secure multi-tenancy (SMT) registry namespace to determine a second network identity that has been assigned to the tenant-unit; comparing the first network identity with the second network identity to authenticate the user; allowing the request to configure the tenant-unit in response to determining that the first network identity matches the second network identity; and denying the request to configure the tenant-unit if the first and second network identities do not match. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A non-transitory machine-readable medium having instructions stored therein, which when executed by a processor, cause the processor to perform operations of configuring tenants of a multi-tenant storage system, the operations comprising:
-
in response to a request received from a remote device of a user for configuring a tenant-unit of a storage system via a user'"'"'s secure connection session, determining whether the tenant-unit requires a tenant admin role for access, if the tenant admin role is not required, then the request is allowed; if the tenant admin role is required, determining a first network identity associated with the user'"'"'s secure connection session wherein the first network identity is of the user'"'"'s remote device used to establish the secure connection session; examining a secure multi-tenancy (SMT) registry namespace to determine a second network identity that has been assigned to the tenant-unit; comparing the first network identity with the second network identity to authenticate the user; allowing the request to configure the tenant-unit in response to determining that the first network identity matches the second network identity; and denying the request to configure the tenant-unit if the first and second network identities do not match. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A storage system, comprising:
-
a processor; and a secure multi-tenant (SMT) module executed by the processor to perform operations, the operations including in response to a request received from a remote device of a user for configuring a tenant-unit of the storage system via a user'"'"'s secure connection session, determining whether the tenant-unit requires a tenant admin role for access, if the tenant admin role is not required, then the request is allowed; if the tenant admin role is required, determining a first network identity associated with the user'"'"'s secure connection session wherein the first network identity is of the user'"'"'s remote device used to establish the secure connection session, examining a secure multi-tenancy (SMT) registry namespace to determine a second network identity that has been assigned to the tenant-unit, comparing the first network identity with the second network identity to authenticate the user, allowing the request to configure the tenant-unit in response to determining that the first network identity matches the second network identity, and denying the request to configure the tenant-unit if the first and second network identities do not match. - View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
-
Specification