USER AUTHORIZATION FOR FILE LEVEL RESTORATION FROM IMAGE LEVEL BACKUPS

US 20160055064A1
Filed: 08/20/2015
Published: 02/25/2016
Est. Priority Date: 08/21/2014
Status: Active Grant

First Claim

Patent Images

1. A backup server, comprising:

a processor configured to execute a backup application; and

a storage configured to store at least one image level backup of a machine,wherein the backup application is configured to;

save during backup or replication activity to a database a plurality of user accounts belonging to an access control group associated with the machine;

receive a restoration request, the restoration request including a first machine identifier and a user identifier of a user currently logged onto the machine;

compare the first machine identifier to a second machine identifier associated with the machine present in the at least one image level backup;

accept or deny the restoration request based at least in part on the comparison of the first machine identifier and the second machine identifier.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments provide systems, methods, and computer program products for enabling user authorization to perform a file level recovery from an image level backup of a virtual machine without the need for access control by an administrator. Specifically, embodiments enable an access control mechanism for controlling access to stored image level backups of a virtual machine. In an embodiment, the virtual machine includes a backup application user interface that can be used to send a restoration request to a backup server. The restoration request can include a machine identifier and a user identifier of the user logged onto the virtual machine. The backup server includes a backup application that determines whether or not the machine identifier contained in the restoration request can be matched to a machine identifier of a virtual machine present in one of the virtual machine backups stored on the backup server.

Citations

35 Claims

1. A backup server, comprising:
- a processor configured to execute a backup application; and
  
  a storage configured to store at least one image level backup of a machine,wherein the backup application is configured to;
  
  save during backup or replication activity to a database a plurality of user accounts belonging to an access control group associated with the machine;
  
  receive a restoration request, the restoration request including a first machine identifier and a user identifier of a user currently logged onto the machine;
  
  compare the first machine identifier to a second machine identifier associated with the machine present in the at least one image level backup;
  
  accept or deny the restoration request based at least in part on the comparison of the first machine identifier and the second machine identifier.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The backup server of claim 1, wherein the access control group is a local administrators group.
  - 3. The backup server of claim 1, wherein the backup application is further configured to deny the restoration request if the first machine identifier does not match the second machine identifier.
  - 4. The backup server of claim 1, wherein the backup application is further configured to:
    - identify whether the user identifier contained in the restoration request belongs to the access control group associated with the machine; and
      
      accept or deny the restoration request based at least in part on whether or not the user identifier belongs to the access control group associated with the machine.
  - 5. The backup server of claim 4, wherein the access control group is a local administrators group.
  - 6. The backup server of claim 1, wherein the backup application is further configured to deny the restoration request if the user identifier contained in restoration request does not belong to the access control group associated with the machine.
  - 7. The backup server of claim 6, wherein the access control group is a local administrators group.
  - 8. The backup server of claim 1, wherein the backup application is further configured to:
    - write an authentication cookie to a location within a file system of the machine accessible to at least the user issuing the restoration request;
      
      prompt the user logged onto the machine to provide the authentication cookie to the backup application;
      
      deny the restoration request if no authentication cookie is received from the user within a predetermined time interval; and
      
      if an authentication cookie is received within the predetermined time interval from the user,accept the restoration request if the received authentication cookie matches the written authentication cookie; and
      
      deny the restoration request if the received authentication cookie does not match the written authentication cookie.

9. A computer-implemented method, comprising:
- saving during backup or replication activity to a database a plurality of user accounts belonging to an access control group associated with a machine, the machine having at least image level backup stored on a backup server;
  
  receiving a restoration request, the restoration request including a first machine identifier and a user identifier of a user currently logged onto the machine;
  
  comparing the first machine identifier to a second machine identifier associated with the machine present in the at least one image level backup;
  
  accepting or denying the restoration request based at least in part on the comparison of the first machine identifier and the second machine identifier.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The computer-implemented method of claim 9, where the access group is a local administrators group.
  - 11. The computer-implemented method of claim 9, further comprising:
    - denying the restoration request if the first machine identifier does not match the second machine identifier.
  - 12. The computer-implemented method of claim 9, further comprising:
    - identifying whether the user identifier contained in the restoration request belongs to the access control group associated with the machine; and
      
      accepting or denying the restoration request based at least in part on whether or not the user identifier belongs to the access control group associated with the machine.
  - 13. The computer-implemented method of claim 12, where the access control group is a local administrators group.
  - 14. The computer-implemented method of claim 9, further comprising:
    - denying the restoration request if the user identifier does not belong to the access control group associated with the machine.
  - 15. The computer-implemented method of claim 13, where the access control group is a local administrators group.
  - 16. The computer-implemented method of claim 9, wherein, the method further comprises:
    - writing an authentication cookie to a location within a file system of the machine accessible to at least the user issuing the restoration request;
      
      prompting the user logged onto the machine to provide the authentication cookie;
      
      denying the restoration request if no authentication cookie is received from the user within a predetermined time interval; and
      
      if an authentication cookie is received within the predetermined time interval from the user,accepting the restoration request if the received authentication cookie matches the written authentication cookie; and
      
      denying the restoration request if the received authentication cookie does not match the written authentication cookie.

17. A computer program product comprising a non-transitory computer readable medium including computer control logic stored therein, wherein the computer control logic, when executed by one or more processors, enables a method for user authorization for file level restoration from an image level backup, the method comprising:
- saving during backup or replication activity to a database a plurality of user accounts belonging to an access control group associated with a machine, the machine having at least one image level backup stored on a backup server;
  
  receiving a restoration request, the restoration request including a first machine identifier and a user identifier of a user currently logged onto the machine; and
  
  comparing the first machine identifier to a second machine identifier associated with the machine present in the at least one image level backup; and
  
  accepting or denying the restoration request based at least in part on the comparison of the first machine identifier and the second machine identifier.
- View Dependent Claims (18, 19, 20, 21, 22, 23)
- - 18. The computer program product of claim 17, the method further comprising:
    - denying the restoration request if the first machine identifier does not match the second machine identifier.
  - 19. The computer program product of claim 17, the method further comprising:
    - identifying whether the user identifier contained in the restoration request belongs to the access control group associated with the machine; and
      
      accepting or denying the restoration request based at least in part on whether or not the user identifier belongs to the access control group associated with the machine.
  - 20. The computer program product of claim 19, where the access control group is a local administrators group.
  - 21. The computer program product of claim 17, the method further comprising:
    - denying the restoration request if the user identifier contained in the restoration request does not belong to the access control group associated with the machine.
  - 22. The computer program product of claim 21, where the access control group is a local administrators group.
  - 23. The computer program product of claim 17, wherein the method further comprises:
    - writing an authentication cookie to a location within a file system of the machine accessible to at least the user issuing the restoration request;
      
      prompting the user logged onto the machine to provide the authentication cookie;
      
      denying the restoration request if no authentication cookie is received from the user within a predetermined time interval; and
      
      if an authentication cookie is received within the predetermined time interval from the user,accepting the restoration request if the received authentication cookie matches the written authentication cookie; and
      
      denying the restoration request if the received authentication cookie does not match the written authentication cookie.

24. A backup server, comprising:
- a processor configured to execute a backup application; and
  
  a storage configured to store at least one image level backup of a machine,wherein the backup application is configured to;
  
  save during backup or replication activity to a database a plurality of user accounts belonging to an access control group associated with the machine, wherein the plurality of user accounts include a plurality of user identifiers;
  
  receive a restoration request, the restoration request including a machine identifier and a user identifier of a user currently logged onto the machine;
  
  compare the user identifier to the plurality of user identifiers; and
  
  accept or deny the restoration request based at least in part on whether or not the user identifier matches one of the plurality of user identifiers.
- View Dependent Claims (25, 26, 27)
- - 25. The backup server of claim 24, wherein the access control group is a local administrators group.
  - 26. The backup server of claim 24, wherein the backup application is further configured to deny the restoration request if the user identifier does not match any of the plurality of user identifiers.
  - 27. The backup server of claim 24, wherein the backup application is further configured to use the machine identifier to limit visible scope of content of the at least image level backup.

28. A computer-implemented method, comprising:
- saving during backup or replication activity to a database a plurality of user accounts belonging to an access control group associated with a machine, the plurality of user accounts including a plurality of user identifiers, the machine having at least one image level backup stored on a backup server;
  
  receiving a restoration request, the restoration request including a machine identifier and a user identifier of a user currently logged onto the machine;
  
  comparing the user identifier to the plurality of user identifiers;
  
  accepting or denying the restoration request based at least in part on whether or not the user identifier matches one of the plurality of user identifiers.
- View Dependent Claims (29, 30, 31)
- - 29. The computer-implemented method of claim 28, wherein the access control group is a local administrators group.
  - 30. The computer-implemented method of claim 28, further comprising:
    - denying the restoration request if the user identifier does not match any of the plurality of user identifiers.
  - 31. The computer-implemented method of claim 28, further comprising:
    - using the machine identifier to limit visible scope of content of the at least one image level backup.

32. A computer program product comprising a non-transitory computer readable medium including computer control logic stored therein, wherein the computer control logic, when executed by one or more processors, enables a method for user authorization for file level restoration from an image level backup, the method comprising:
- saving during backup or replication activity to a database a plurality of user accounts belonging to an access control group associated with a machine, the plurality of user accounts including a plurality of user identifiers, the machine having at least one image level backup stored on a backup server;
  
  receiving a restoration request, the restoration request including a machine identifier and a user identifier of a user currently logged onto the machine;
  
  comparing the user identifier to the plurality of user identifiers; and
  
  accepting or denying the restoration request based at least in part on whether or not the user identifier matches one of the plurality of user identifiers.
- View Dependent Claims (33, 34, 35)
- - 33. The computer program product of claim 32, wherein the access control group is a local administrators group.
  - 34. The computer program product of claim 32, further comprising:
    - denying the restoration request if the user identifier does not match any of the plurality of user identifiers.
  - 35. The computer program product of claim 32, further comprising:
    - using the machine identifier to limit visible scope of content of the at least one image level backup.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Veeam Software Group GmbH
Original Assignee
Veeam Software AG
Inventors
GOSTEV, Anton

Granted Patent

US 10,394,657 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 11/1448   Management of the data invo...

G06F 11/1461   Backup scheduling policy

G06F 11/1469   Backup restoration techniques

G06F 16/27   Replication, distribution o...

G06F 21/31   User authentication

G06F 21/335   for accessing specific reso...

G06F 21/6218   to a system of files or obj...

G06F 21/629   to features or functions of...

G06F 2201/815   Virtual

G06F 2201/86   Event-based monitoring

H04L 63/102   Entity profiles

USER AUTHORIZATION FOR FILE LEVEL RESTORATION FROM IMAGE LEVEL BACKUPS

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

35 Claims

Specification

Solutions

Use Cases

Quick Links

USER AUTHORIZATION FOR FILE LEVEL RESTORATION FROM IMAGE LEVEL BACKUPS

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

35 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links