CIFS for scalable NAS architecture

US 20050223014A1
Filed: 05/13/2005
Published: 10/06/2005
Est. Priority Date: 12/06/2002
Status: Active Grant

First Claim

Patent Images

1. A method of authenticating a user communicating with a scalable network attached storage system via CIFS protocol, the network attached storage system comprising:

(i) one or more protocol termination nodes and (ii) one or more file server nodes in communication with the one or more termination nodes for maintaining file systems, wherein the one or more termination nodes and file server nodes can be added to or deleted from the scalable network attached storage system as needed, the method comprising;

receiving the user'"'"'s credentials at a selected termination node;

forwarding the user'"'"'s credentials from the selected termination node to a management entity or domain controller responsible for authenticating users;

authenticating the user; and

receiving a message, at the selected termination node, indicating authentication to the selected termination node.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A scalable NAS file system and protocols for implementing CIFS thereon are disclosed. In certain embodiments, the protocols implement the CIFS protocol on a scalable file server architecture having one or more protocol termination nodes, one or more file server nodes, and one or more disk controller nodes. Among the features that may be specifically implemented are tree access, file access, user authentication, locking, state maintenance, and failover of protocol termination nodes and file server nodes.

Citations

32 Claims

1. A method of authenticating a user communicating with a scalable network attached storage system via CIFS protocol, the network attached storage system comprising:
- (i) one or more protocol termination nodes and (ii) one or more file server nodes in communication with the one or more termination nodes for maintaining file systems, wherein the one or more termination nodes and file server nodes can be added to or deleted from the scalable network attached storage system as needed, the method comprising;
  
  receiving the user'"'"'s credentials at a selected termination node;
  
  forwarding the user'"'"'s credentials from the selected termination node to a management entity or domain controller responsible for authenticating users;
  
  authenticating the user; and
  
  receiving a message, at the selected termination node, indicating authentication to the selected termination node.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1, further comprising providing a CIFS Uid to the user from the selected termination node after the selected termination node has received the message indicating that user is authenticated.
  - 3. The method of claim 1, further comprising employing multiple domain controllers in a NetLogon authentication procedure.
  - 4. The method of claim 1, further comprising employing multiple domain controllers in a pass-through authentication procedure.

5. A scalable network attached storage system comprising:
- one or more termination nodes;
  
  one or more file server nodes in communication with the one or more termination nodes for maintaining file systems; and
  
  a switching fabric coupling the one or more termination nodes and file server nodes, wherein the one or more termination nodes and file server nodes can be added to or deleted from the scalable network attached storage system as needed, and wherein the one or more termination nodes are configured to communicate with users via CIFS protocol.
- View Dependent Claims (6, 7, 8, 9, 10, 11, 12)
- - 6. The storage system of claim 5, wherein the one or more termination nodes are configured to (i) receive a user'"'"'s credentials and (ii) forward said credentials to a management entity or domain controller responsible for authenticating users.
  - 7. The storage system of claim 5, wherein the one or more termination nodes are configured to (i) receive a SMB TREE_CONNECT message from a user, which TREE_CONNECT message identifies a share to be accessed by the user, (ii) determine which file server node is responsible for a tree identified in the TREE_CONNECT message, (iii) send the TREE_CONNECT message to the file server node determined to be responsible, and (iv) send a response to the user, which response identifies a Tid to be used by the user to identify said share.
  - 8. The storage system of claim 5, wherein the termination nodes are configured to (i) receive a request from the user to lock a selected file or portion of a file stored on the network attached storage system, and (ii) provide the request or at least criteria pertaining to locking from the selected termination node to a file server node responsible for the file for which the lock request was made, and wherein the file server nodes are configured to maintain state information pertaining to the locked file or portion of the file.
  - 9. The storage system of claim 5, wherein the storage system is configured to (i) determine that a protocol termination node has failed, wherein the failed protocol termination node had established a session with a client at the time when it failed, (ii) designate another protocol termination node to handle subsequent communication with the client, and (iii) start a new session between the client and the other protocol termination node.
  - 10. The storage system of claim 5, wherein the storage system is configured to (i) determine that a file server node has failed, wherein the failed file server node was responsible for handling access to one or more file system trees, (ii) identify one or more peer file server nodes to handle the file system trees of the failed file server node, and (iii) allow a client to access one or more files in the file system trees of the failed file server node by providing access through the one or more peer file server nodes identified to handle said file system trees.
  - 11. The storage system of claim 5, wherein the termination nodes are configured to (i) receive a Tid from the user, wherein the Tid identifies a tree in the file system, (ii) determine which file server node is responsible for a tree identified by the Tid, and (iii) send a request for access to the file server node determined to be responsible;
    - wherein the responsible file server node is configured to (i) identify the actual file associated with an operation via an Fid carried in the request, wherein the Fid identifies a file to be accessed, (ii) determine that the user has appropriate permissions for that Fid, and (iii) allow the user to access the file.
  - 12. The storage system of claim 5, further comprising one or more disk controller nodes for accessing storage disks.

13. A method of connecting a user to a file system tree maintained on a scalable network attached storage system using CIFS protocol, the network attached storage system comprising:
- (i) one or more termination nodes and (ii) one or more file server nodes in communication with the one or more termination nodes for maintaining file systems, wherein the one or more termination nodes and file server nodes can be added to or deleted from the scalable network attached storage system as needed, the method comprising;
  
  receiving a SMB TREE_CONNECT message at a selected termination node;
  
  determining which file server node is responsible for a tree identified in the TREE_CONNECT message;
  
  sending the TREE_CONNECT message to the file server node determined to be responsible;
  
  determining a tree ID used by the file server node for the share;
  
  providing the tree ID used by the file server node to the selected termination node;
  
  generating a Tid at the selected termination node, which Tid identifies the share; and
  
  sending a response including the Tid to the user.
- View Dependent Claims (14, 15, 16)
- - 14. The method of claim 13, further comprising authenticating the user'"'"'s access to the share.
  - 15. The method of claim 14, wherein authenticating the user'"'"'s access to the share is performed by a management process on the network attached storage system.
  - 16. The method of claim 13, wherein the Tid is generated on a per client basis.

17. A method of administering a lock in a scalable network attached storage system via a CIFS protocol, the network attached storage system comprising:
- (i) one or more protocol termination nodes and (ii) one or more file server nodes in communication with the one or more termination nodes for maintaining file systems, wherein the one or more termination nodes and file server nodes can be added to or deleted from the scalable network attached storage system as needed, the method comprising;
  
  at a selected termination node, receiving a request from a client to lock a selected file or portion of a file stored on the network attached storage system;
  
  providing the request or at least criteria pertaining to locking from the selected termination node to a file server node responsible for the file for which the lock request was made; and
  
  at the file server node, maintaining state information pertaining to the locked file or portion of the file.
- View Dependent Claims (18, 19)
- - 18. The method of claim 17, wherein the file server node maintains a list of client, Tid, Fid pairs that have a particular section of an identified file locked.
  - 19. The method of claim 17, wherein the file server node maintains a list of client, Tid, Fid pairs, which have been granted oplocks for an identified file.

20. A method of performing failover when a protocol termination node fails in a scalable network attached storage system, the network attached storage system comprising:
- (i) a plurality of protocol termination nodes and (ii) one or more file server nodes in communication with the one or more termination nodes for maintaining file systems, wherein the one or more termination nodes and file server nodes can be added to or deleted from the scalable network attached storage system as needed, the method comprising;
  
  determining that a protocol termination node has failed, wherein the failed protocol termination node had established a session with a client at the time when it failed;
  
  designating another protocol termination node to handle subsequent communication with the client; and
  
  starting a new session between the client and the other protocol termination node.
- View Dependent Claims (21, 22)
- - 21. The method of claim 20, wherein the sessions are CIFS sessions.
  - 22. The method of claim 20, further comprising:
    - informing a management process of the failover; and
      
      sending clean up messages to one or more file server blocks.

23. A method of performing failover when a file server node fails in a scalable network attached storage system, the network attached storage system comprising:
- (i) one or more protocol termination nodes and (ii) a plurality of file server nodes in communication with the one or more termination nodes for maintaining file systems, wherein the one or more termination nodes and file server nodes can be added to or deleted from the scalable network attached storage system as needed, the method comprising;
  
  determining that a file server node has failed, wherein the failed file server node was responsible for handling access to one or more file system trees;
  
  identifying one or more peer file server nodes to handle the file system trees of the failed file server node; and
  
  allowing a client to access one or more files in the file system trees of the failed file server node by providing access through the one or more peer file server nodes identified to handle said file system trees.
- View Dependent Claims (24, 25, 26, 27, 28)
- - 24. The method of claim 23, wherein a client was accessing a tree handled by the failed file server node when it failed and wherein the client had established a session with a protocol termination node when the failed file server node failed.
  - 25. The method of claim 24, further comprising causing the protocol termination node to close any connections with the client when it is determined that a file server node has failed.
  - 26. The method of claim 23, wherein individual ones of the file server nodes are responsible for different trees in the file system and wherein a client was accessing a tree handled by the failed file server node when it failed.
  - 27. The method of claim 26, wherein state information about the client'"'"'s access when the failed file server node failed is maintained when providing access through the one or more peer file server nodes identified to handle said file system trees.
  - 28. The method of claim 27, wherein the network attached storage system further comprises one or more disk controller nodes for accessing storage disks;
    - and wherein the storage disks persistently store said state information.

29. A method of allowing a user to access a file system maintained on a scalable network attached storage system using CIFS protocol, the network attached storage system comprising:
- (i) one or more protocol termination nodes and (ii) one or more file server nodes in communication with the one or more termination nodes for maintaining file systems, wherein the one or more termination nodes and file server nodes can be added to or deleted from the scalable network attached storage system as needed, the method comprising;
  
  receiving a Tid from the user at a selected termination node, wherein the Tid identifies a tree in the file system;
  
  determining which file server node is responsible for a tree identified by the Tid;
  
  sending a request for access to the file server node determined to be responsible;
  
  at the responsible file server node, identifying the actual file associated with an operation via an Fid carried in the request, wherein the Fid identifies a file to be accessed;
  
  at the responsible file server node, determining that the user has appropriate permissions for that Fid; and
  
  allowing the user to access the file.
- View Dependent Claims (30, 31, 32)
- - 30. The method of claim 29, wherein determining that the Tid is valid for the user is performed at the selected termination node.
  - 31. The method of claim 29, wherein the access comprises one or more of creating the file, writing to the file, seeking the file, flushing the file, and renaming the file.
  - 32. The method of claim 29, wherein the access comprises one or more of (i) moving the file from the tree identified by the Tid to another tree and (ii) copying the file from the tree identified by the Tid to another tree.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Inventors
Edsall, Thomas J., Dutt, Dinesh G., Kumar, Sanjaya, Mahajan, Umesh, Sharma, Samar

Granted Patent

US 7,475,142 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 16/1824   implemented using Network-a...

H04L 63/08   for authentication of entit...

H04L 67/1001   for accessing one among a p...

H04L 67/1008   based on parameters of serv...

H04L 67/1097   for distributed storage of ...

H04L 69/40   for recovering from a failu...

CIFS for scalable NAS architecture

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

CIFS for scalable NAS architecture

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links