VIRTUAL DATA CENTER

US 20130297902A1
Filed: 04/26/2013
Published: 11/07/2013
Est. Priority Date: 02/13/2001
Status: Abandoned Application

First Claim

Patent Images

1. A method for sharing a plurality of storage resources for an organization, wherein the organization is modeled as an organizational model having a plurality of units, wherein one or more users are assigned to each unit of the plurality of units of the organizational model, the method comprising:

mapping the plurality of storage resources to the plurality of units of the organizational model, wherein, for each unit of the plurality of units, one or more storage resource of the plurality of storage resources is mapped to a corresponding unit of the plurality of units;

establishing access restrictions to storage resource management commands by the one or more users assigned to each unit, wherein command access levels assigned to the one or more users assigned to each unit are used to establish the access restrictions to storage resource management commands; and

securing access to the plurality of storage resources using the storage resource mapping and the access restrictions to provide secure unit-based storage resource access, wherein the secure unit-based storage resource access is secured at a port level through use of the mapping whereby storage resources of the plurality of storage resources are only visible via ports of host devices to which a storage resource of the storage resources is mapped, and wherein the secure unit-based storage resource access is secured at a user level through use of the access restrictions whereby storage resource management commands are only available to users assigned to each unit in accordance with the access restrictions to the storage resource management commands.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method are provided for securely sharing storage resources in a storage network. One or more organizations are modeled in a structure where each organization includes one or more units. Users are assigned to a unit and are also assigned a command access level. The command access level grants access to certain management commands that may be performed on storage resources. Storage resources are then bound to units in the organization and may be accessed by users in the unit. Once command access levels are assigned and storage resources are bound, access for a user in the unit is restricted to the command access level assigned to the user and the storage resources bound to the user'"'"'s unit. When a command from a user is received, the command access level of the user and the bound storage resources for the unit of the user is determined. Then, a management command is performed using the bound storage for the user'"'"'s unit if the command is available for the command access level.

Citations

20 Claims

1. A method for sharing a plurality of storage resources for an organization, wherein the organization is modeled as an organizational model having a plurality of units, wherein one or more users are assigned to each unit of the plurality of units of the organizational model, the method comprising:
- mapping the plurality of storage resources to the plurality of units of the organizational model, wherein, for each unit of the plurality of units, one or more storage resource of the plurality of storage resources is mapped to a corresponding unit of the plurality of units;
  
  establishing access restrictions to storage resource management commands by the one or more users assigned to each unit, wherein command access levels assigned to the one or more users assigned to each unit are used to establish the access restrictions to storage resource management commands; and
  
  securing access to the plurality of storage resources using the storage resource mapping and the access restrictions to provide secure unit-based storage resource access, wherein the secure unit-based storage resource access is secured at a port level through use of the mapping whereby storage resources of the plurality of storage resources are only visible via ports of host devices to which a storage resource of the storage resources is mapped, and wherein the secure unit-based storage resource access is secured at a user level through use of the access restrictions whereby storage resource management commands are only available to users assigned to each unit in accordance with the access restrictions to the storage resource management commands.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, further comprising:
    - binding the storage resources to the mapped corresponding units of the plurality of units, wherein storage resources bound to a unit are available for access to users assigned to the unit to which a storage resource is bound.
  - 3. The method of claim 2, wherein the securing access to the plurality of storage resources comprises:
    - imposing the access restrictions for a user and limiting application of storage resource commands by the user to the one or more storage resource of the plurality of storage resources bound to a unit to which the user is assigned.
  - 4. The method of claim 2, wherein storage resources bound to a particular unit of the plurality of units are available for access to users assigned to the particular unit in accordance with the access restrictions established for that particular unit.
  - 5. The method of claim 1, wherein the organizational model provides a hierarchical organization of the plurality of units.
  - 6. The method of claim 5, wherein the hierarchical organization comprises a parent-child relationship of units.
  - 7. The method of claim 6, wherein a user is allowed access to storage resources bound to all units that are children of a unit to which the user is assigned.
  - 8. The method of claim 1, further comprising:
    - implementing the access restrictions to storage resource management commands using roles and features for each unit of the plurality of units, wherein the roles provide different levels of command access for each command access level, wherein each feature provides commands that are permitted for that feature, and wherein each role is granted access to one or more feature.

9. A storage management system for sharing a plurality of storage resources for an organization, the system comprising:
- an organizational model, stored in memory of the storage management system, of an organization having a plurality of units, wherein one or more users are assigned to each unit of the plurality of units of the organizational model, wherein, for each unit of the plurality of units, one or more storage resource of the plurality of storage resources is mapped to a corresponding unit of the plurality of units;
  
  access restrictions to storage resource management commands, stored in memory of the storage management system, by the one or more users assigned to each unit, wherein command access levels assigned to the one or more users assigned to each unit establish access restrictions to storage resource management commands; and
  
  instructions, operable upon a device of the system, securing access to the plurality of storage resources using the storage resource mapping and the access restrictions to provide secure unit-based storage resource access, wherein the secure unit-based storage resource access is secured at a port level through use of the mapping whereby storage resources of the plurality of storage resources are only visible via ports of host devices to which a storage resource of the storage resources is mapped, and wherein the secure unit-based storage resource access is secured at a user level through use of the access restrictions whereby storage resource management commands are only available to users assigned to each unit in accordance with the access restrictions to the storage resource management commands.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The system of claim 9, further comprising:
    - instructions, operable upon a device of the system, binding the storage resources to the mapped corresponding units of the plurality of units, wherein storage resources bound to a unit are available for access to users assigned to the unit to which a storage resource is bound.
  - 11. The system of claim 10, further comprising:
    - instructions, operable upon a device of the system, imposing the access restrictions upon a user and limiting application of storage resource commands by the user to the one or more storage resource of the plurality of storage resources bound to a unit to which the user is assigned.
  - 12. The system of claim 10, wherein storage resources bound to a particular unit of the plurality of units are available for access to users assigned to the particular unit in accordance with the access restrictions established for that particular unit.
  - 13. The system of claim 9, wherein the organizational model provides a hierarchical organization of the plurality of units.
  - 14. The system of claim 13, wherein the hierarchical organization comprises a parent-child relationship of units.
  - 15. The system of claim 14, wherein a user is allowed access to storage resources bound to all units that are children of a unit to which the user is assigned.
  - 16. The system of claim 9, further comprising:
    - instructions, operable upon a device of the system, implementing the access restrictions to storage resource management commands using roles and features for each unit of the plurality of units, wherein the roles provide different levels of command access for each command access level, wherein each feature provides commands that are permitted for that feature, and wherein each role is granted access to one or more feature.

17. A method for sharing a plurality of storage resources for an organization, wherein the organization is modeled as an organizational model having a plurality of units, wherein one or more users are assigned to each unit of the plurality of units of the organizational model, the method comprising:
- mapping the plurality of storage resources to the plurality of units of the organizational model, wherein, for each unit of the plurality of units, one or more storage resource of the plurality of storage resources is mapped to a corresponding unit of the plurality of units; and
  
  establishing access restrictions to storage resource management commands by the one or more users assigned to each unit, wherein the access restrictions comprise command access levels having roles and features for each unit of the plurality of units, wherein the roles provide different levels of command access for each command access level, wherein each feature provides commands that are permitted for that feature, wherein each role is granted access to one or more feature, and wherein command access levels assigned to the one or more users assigned to each unit are used to establish the access restrictions to storage resource management commands in accordance with its roles and features.
- View Dependent Claims (18, 19, 20)
- - 18. The method of claim 17, further comprising:
    - securing access to the plurality of storage resources using the storage resource mapping and the access restrictions to provide secure unit-based storage resource access, wherein the secure unit-based storage resource access is secured at a port level through use of the mapping whereby storage resources of the plurality of storage resources are only visible via ports of host devices to which a storage resource of the storage resources is mapped, and wherein the secure unit-based storage resource access is secured at a user level through use of the access restrictions whereby storage resource management commands are only available to users assigned to each unit in accordance with the access restrictions to the storage resource management commands.
  - 19. The method of claim 18, further comprising:
    - binding the storage resources to the mapped corresponding units of the plurality of units, wherein storage resources bound to a unit are available for access to users assigned to the unit to which a storage resource is bound, wherein storage resources bound to a particular unit of the plurality of units are available for access to users assigned to the particular unit in accordance with the access restrictions established for that particular unit.
  - 20. The method of claim 19, wherein the securing access to the plurality of storage resources comprises:
    - imposing the access restrictions for a user and limiting application of storage resource commands by the user to the one or more storage resource of the plurality of storage resources bound to a unit to which the user is assigned.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NetApp, Inc.
Original Assignee
NetApp, Inc.
Inventors
Collins, Jim, Prasad, Chandra, Ghate, Ranjit, Stevens, Brian

Application Number

US13/871,718
Publication Number

US 20130297902A1
Time in Patent Office

Days
Field of Search
US Class Current

711/163
CPC Class Codes

G06F 11/0724   in a multiprocessor or a mu...

G06F 11/0727   in a storage system, e.g. i...

G06F 11/0766   Error or fault reporting or...

G06F 11/0793   Remedial or corrective acti...

G06F 11/1482   by means of middleware or O...

G06F 11/201   between storage system comp...

G06F 11/2025   using centralised failover ...

G06F 11/2089   Redundant storage control f...

G06F 11/2092   Techniques of failing over ...

G06F 11/2094   Redundant storage or storag...

G06F 11/2097   maintaining the standby con...

G06F 12/1458   by checking the subject acc...

G06F 2201/815   Virtual

G06F 3/0605   by facilitating the interac...

G06F 3/0607   by facilitating the process...

G06F 3/0614   Improving the reliability o...

G06F 3/0629   Configuration or reconfigur...

G06F 3/0632   by initialisation or re-ini...

G06F 3/0635   by changing the path, e.g. ...

G06F 3/0665   at area level, e.g. provisi...

G06F 3/067 : Distributed or networked st...

H04L 49/357 : Fibre channel switches

H04L 67/1097 : for distributed storage of ...

View All

VIRTUAL DATA CENTER

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

VIRTUAL DATA CENTER

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links