FILE LEVEL SECURITY FOR A METADATA CONTROLLER IN A STORAGE AREA NETWORK
0 Assignments
0 Petitions
Accused Products
Abstract
A storage gateway is employed as part of a security enhancing protocol in a data processing system which includes at least one metadata controller node and at least one application node which is granted a time limited access to files in a shared storage system. The gateway is provided with information as to data blocks to which access is to be allowed and also with information concerning the duration of special access granted to a requesting application node. This insures that metadata cannot be improperly used, changed or corrupted by users operating on an application node.
109 Citations
6 Claims
-
1-4. -4. (canceled)
-
5. A multinode, shared storage data processing system in which a first set of nodes is capable of acting as metadata controller nodes and a first node from said first set of nodes so acts to provide access to an individual file in said shared storage, said access being provided so that access occurs from a second node, not within said first set of nodes, which has time limited access to said file but which does not act as a metadata controller for said file, said data processing system including a storage gateway through which said access to said shared storage by said first and second nodes is provided, said metadata controller nodes enabled to provide an identify of said second node that is authorized to directly access said file from said storage gateway, said gateway having a memory containing program code for performing the step of comparing an access request from said second node with metadata control information provided to said gateway from one of said metadata controller nodes and allowing direct access by said second node if said second node has authenticated access, and temporarily bypassing said metadata controller nodes.
-
6. A program product comprising a machine readable medium containing program code, for use in a multinode, shared storage data processing system in which a first set of nodes is capable of acting as metadata controller nodes and a first node from said first set of nodes so acts to provide access to an individual file in said shared storage, said access being provided so that access occurs from a second node, not within said first set of nodes, which has time limited access to said file but which does not act as a metadata controller for said file, said data processing system including a storage gateway through which said access to said shared storage by said first and second nodes is provided, said metadata controller nodes enabled to provide an identify of said second node that is authorized to directly access said file from said storage gateway, said gateway having a memory containing program code for performing the step of comparing an access request from said second node with metadata control information provided to said gateway from one of said metadata controller nodes and allowing direct access by said second node if said second node has authenticated access, and temporarily bypassing said metadata controller nodes.
Specification