Decentralized virus scanning for stored data
First Claim
1. A method comprising:
- receiving at a storage server, from a requester, a request for an object stored at the server;
in response to the request, determining at the storage server whether to cause a processing device in a cluster of processing devices to access the object stored at the storage server and perform an operation on the object, wherein the operation is from the set of operations consisting of virus scanning, data decompression, data encryption, and data compaction, wherein the cluster is separate from the storage server and is not in a path from the requester to the object and wherein said determining includes determining whether to cause the processing device to perform the operation based at least partially on a file space containing the object;
selecting, at the storage server, the processing device from among a plurality of processing devices that form the cluster, based on a classification of the processing device relative to other processing devices in the cluster, wherein the classification is based on a performance criterion;
assigning a specific access type to the processing device by the storage server when the storage server verifies the processing device satisfies restriction criteria;
causing the processing device to perform the operation in response to a specified outcome of said determining;
receiving at the storage server a result of the operation from the processing device; and
conditionally allowing access to the object in response to the request according to the result of the operation.
2 Assignments
0 Petitions
Accused Products
Abstract
The invention provides a method and system for performing specialized services for files at a server, such as scanning files for viruses. A filer or other server is connected to one or more supplementary computing devices that scan requested files to ensure they are virus free prior to delivery to end users. When an end user requests a file the following steps occur: The server determines whether the file requested must be scanned before delivery to the end user. The server opens a channel to one of the external computing devices and sends the filename. The external computing device opens the file and scans it. The external computing device notifies the filer the results of the file scan operation. The server sends the file to the end user provided the status indicates it may do so.
-
Citations
15 Claims
-
1. A method comprising:
-
receiving at a storage server, from a requester, a request for an object stored at the server; in response to the request, determining at the storage server whether to cause a processing device in a cluster of processing devices to access the object stored at the storage server and perform an operation on the object, wherein the operation is from the set of operations consisting of virus scanning, data decompression, data encryption, and data compaction, wherein the cluster is separate from the storage server and is not in a path from the requester to the object and wherein said determining includes determining whether to cause the processing device to perform the operation based at least partially on a file space containing the object; selecting, at the storage server, the processing device from among a plurality of processing devices that form the cluster, based on a classification of the processing device relative to other processing devices in the cluster, wherein the classification is based on a performance criterion; assigning a specific access type to the processing device by the storage server when the storage server verifies the processing device satisfies restriction criteria; causing the processing device to perform the operation in response to a specified outcome of said determining; receiving at the storage server a result of the operation from the processing device; and conditionally allowing access to the object in response to the request according to the result of the operation. - View Dependent Claims (2, 3, 4, 5)
-
-
6. An apparatus comprising:
-
a storage server storing a set of objects and having a network interface; and a plurality of processing devices configured as a cluster that is connected to the storage server and that is not in a path from a client to the objects stored at the server, wherein when the storage server receives a client request for an object of the set of objects through the network interface; the storage server determines whether to cause the processing device to perform an operation on the object, wherein the operation is from the set of operations consisting of virus scanning, data decompression. data encryption, and data compaction, and wherein the storage server determines whether to cause the processing device to perform the operation based at least partially on a file space containing the object; the storage server selects the processing device from among a plurality of processing devices that form the cluster, based on a classification of the processing device relative to other processing devices in the cluster, wherein the classification is based on a performance criterion; the storage server assigns a specific access type to the processing device when the storage server verifies the processing device satisfies restriction criteria; the storage server sends a first message to the processing device that indicates the object to the processing device, in response to a specified outcome of the determination, to cause the processing device to access the object stored at the storage server and perform the operation; the processing device sends a second message to the storage server that indicates a result of the operation; and the storage server generates a response to the client request, the response conditionally providing access by the client to the object according to the second message. - View Dependent Claims (7, 8, 9)
-
-
10. A method comprising:
-
receiving at a storage server a client request for an object stored at the server; selecting a processing device from among a plurality of processing devices that form a cluster, based on a classification of the processing device relative to other processing devices in the cluster, wherein the classification is based on a performance criterion; assigning by the storage server a specific access type to the processing device when the storage server verifies the processing device satisfies restriction criteria, the processing device separate from the storage server and not in a path from the client to the object, the specific access type allowing the processing device to perform an operation on the object even while another client has a lock on the object, wherein the operation is from the set of operations consisting of virus scanning, data decompression, data encryption, and data compaction; causing the processing device to perform the operation; receiving at the storage server a result of the operation from the processing device; and conditionally allowing access to the object in response to the client request according to the result of the operation. - View Dependent Claims (11)
-
-
12. An apparatus comprising:
-
a storage server storing a set of objects and having a network interface; and a processing device coupled to the server, wherein the processing device is one of a plurality of processing devices configured as a cluster which is not in a path from a client to the objects stored at the server, wherein; the storage server receives a client request for an object of the set of objects through the network interface; the storage server selects the processing device from among the plurality of processing devices, based on a classification of the processing device relative to other processing devices in the cluster, wherein the classification is based on a performance criterion; the storage server assigns a specific access type to a processing device when the storage server verifies the processing device satisfies restriction criteria, the processing device separate from the storage server and not in a path from the client to the object, the specific access type allowing the processing device to perform an operation on the object even while another user has a lock on the object, wherein the operation is from the set of operations consisting of virus scanning, data decompression, data encryption, and data compaction; the storage server causes the processing device to perform the operation; the storage server receives at the storage server a result of the operation from the processing device; and the storage server conditionally allows access to the object in response to the client request according to the result of the operation. - View Dependent Claims (13)
-
-
14. A storage server comprising:
-
a processor; and a memory coupled to the processor through a bus, the memory storing executable instructions that cause the processor to select a processing device from among a plurality of processing devices that form a cluster, based on a classification of the processing device relative to other processing devices in the cluster, wherein the classification is based on a performance criterion, and to determine whether to cause a processing device to perform an operation on an object requested by a client and to assign a specific access type to the processing device when the processor verifies the processing device satisfies restriction criteria, wherein the operation is from the set of operations consisting of virus scanning. data decompression, data encryption. and data compaction, the specific access type allowing the processing device to perform an operation on the object even while another user has a lock on the object, wherein the processing device is separate from the storage server and is not in a path from the client to objects stored at the storage server. - View Dependent Claims (15)
-
Specification