Mechanism for evaluating security risks

US 20040254936A1
Filed: 06/13/2003
Published: 12/16/2004
Est. Priority Date: 06/13/2003
Status: Active Grant

First Claim

Patent Images

1. A computer-readable medium having computer-executable components, comprising:

a distributed file system server component configured to expose a shared volume resident on a server computer, the shared volume having a root and a volume shadow copy, the distributed file system server component being further configured to return to a requesting client a listing of resources under the root of the shared volume including a volume shadow copy resource that identifies the volume shadow copy, the volume shadow copy resource being operative to provide the requesting client with access to the volume shadow copy.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Described is a mechanism for exposing a volume shadow copy of a shared volume over a network to a remote client. A shared volume is accessed at a client computing system having a root. A volume shadow copy (or “snapshot”) of the volume is identified as a child resource of the shared volume. The child resource representing the snapshot may be hidden from ordinary view by default. To access the snapshot, a user may access the child resource as if it were an ordinary file or directory on the shared volume. Advantageously, the user need not mount a new volume representing the snapshot volume, but rather the user may directly access the snapshot.

Citations

22 Claims

1. A computer-readable medium having computer-executable components, comprising:
- a distributed file system server component configured to expose a shared volume resident on a server computer, the shared volume having a root and a volume shadow copy, the distributed file system server component being further configured to return to a requesting client a listing of resources under the root of the shared volume including a volume shadow copy resource that identifies the volume shadow copy, the volume shadow copy resource being operative to provide the requesting client with access to the volume shadow copy.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The computer-readable medium of claim 1, wherein the listing of resources comprises a directory tree structure.
  - 3. The computer-readable medium of claim 1, wherein the server computer and the client are configured to communicate using the network file system protocol.
  - 4. The computer-readable medium of claim 1, wherein the volume shadow copy resource comprises an entry under the root of the shared volume.
  - 5. The computer-readable medium of claim 4, wherein the entry is hidden by default.
  - 6. The computer-readable medium of claim 4, wherein the entry comprises a name uniquely distinguishing the volume shadow copy from other volume shadow copies of the shared volume.
  - 7. The computer-readable medium of claim 6, wherein the name is based on a creation time of the volume shadow copy.
  - 8. The computer-readable medium of claim 6, wherein the name is a virtual name.
  - 9. The computer-readable medium of claim 1, wherein the requesting client is provided access to the volume shadow copy without using heightened access privileges.
  - 10. The computer-readable medium of claim 1, wherein the requesting client is provided access to the volume shadow copy without mounting an additional volume on the requesting client.
  - 11. The computer-readable medium of claim 1, wherein access to the volume shadow copy resource uses access-control mechanisms based on permissions stored in association with the shared volume.
  - 12. The computer-readable medium of claim 1, wherein access to the volume shadow copy is provided on a read-only basis.
  - 13. The computer-readable medium of claim 1, wherein access to the volume shadow copy is provided on a read/write basis.

14. A computer-readable medium encoded with a data structure, comprising:
- a first directory structure representing a shared volume, the first directory structure having a root entry; and
  
  a second directory structure associated with the first directory structure, the second directory structure representing a volume shadow copy of the shared volume, the second directory structure being accessible through a child entry under the root entry of the first directory structure.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The computer-readable medium of claim 14, wherein the first directory structure and the second directory structure are maintained on a server computer and provided to a requesting client computer over a network.
  - 16. The computer-readable medium of claim 15, wherein the server computer and the requesting client computer communicate using the network file system protocol.
  - 17. The computer-readable medium of claim 14, wherein the child entry comprises a name based on a creation time of the volume shadow copy.
  - 18. The computer-readable medium of claim 17, wherein the name is a hidden entry in the first directory structure by default.

19. A computer-readable medium encoded with a data structure, comprising:
- a file handle for accessing a file over a distributed file system, the file handle including a volume shadow copy flag bit indicating that a file associated with the file handle resides in a volume shadow copy of a shared volume.

20. A computer-implemented method for accessing a file over a distributed file system, the method comprising:
- receiving a request to mount a shared volume from a requesting client;
  
  returning to the requesting client a first file handle associated with a root of the shared volume;
  
  receiving a request for another file handle associated with a child entry of the root, the child entry representing a volume shadow copy of the shared volume; and
  
  returning to the requesting client a second file handle associated with the root of the volume shadow copy.
- View Dependent Claims (21, 22)
- - 21. The computer-implemented method of claim 20, wherein returning the file handle associated with the root of the volume shadow copy further comprises creating a volume shadow copy file handle having a volume shadow copy flag bit set to indicate that the second file handle is associated with the volume shadow copy.
  - 22. The computer-implemented method of claim 20, further comprising evaluating access permissions associated with the requesting client to determine if the requesting client has permission to access the volume shadow copy.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Mohamed, Ahmed Hassan

Granted Patent

US 7,730,033 B2
Time in Patent Office

Days
Field of Search
US Class Current

707/10
CPC Class Codes

G06F 16/10   File systems; File servers

G06F 2003/0697   device management, e.g. han...

G06F 3/0601   Interfaces specially adapte...

Mechanism for evaluating security risks

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Mechanism for evaluating security risks

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links