System and method for performing storage operations through a firewall
First Claim
1. A method for performing a data storage operation through a firewall in a networked computer system, the method comprising:
- identifying, based on configuration data, whether each of a set of network elements related to the data storage operation is within a trusted network or not within the trusted network, wherein traffic between elements within the trusted network and elements not within the trusted network must pass through the firewall, wherein the firewall is an element in the networked computer system that is not a firewall in a client computer system;
when the set of network elements related to the data storage operation is such that storage operation data must pass through the firewall, determining a specific set of ports to be used to send and receive storage operation data,wherein storage operation data includes data associated with at least one of a backup operation, a restore operation, a migration operation, an archival operation, and a recovery operation, andwherein the specific set of ports includes a first set of one or more ports and a second set of one or more ports;
wherein the first set of one or more ports are one or more ports through which storage operation data is to pass; and
wherein the second set of one or more ports are one or more ports through which data associated with control of the data storage operation is to pass; and
prior to receipt by the firewall of storage operation data, allocating the specific set of ports with the firewall in advance, in accordance with at least one security parameter, for use in performing the data storage operation.
6 Assignments
0 Petitions
Accused Products
Abstract
The present invention provides systems and methods for performing storage operations through a firewall. Methods are provided that include, in a networked computer system, identifying, based on configuration data, whether each of a set of network elements is within a trusted network or not within the trusted network. Traffic between elements within the trusted network and elements not within the trusted network must pass through a firewall. The methods also include, prior to performing a storage operation through the firewall, allocating a specific set of ports, in accordance with at least one security parameter, for use in performing the storage operation. Methods are also provided which include monitoring traffic through the specific ports, and, if traffic is determined to be inactive through a first port of the specific ports, sending a packet through the first port.
-
Citations
25 Claims
-
1. A method for performing a data storage operation through a firewall in a networked computer system, the method comprising:
-
identifying, based on configuration data, whether each of a set of network elements related to the data storage operation is within a trusted network or not within the trusted network, wherein traffic between elements within the trusted network and elements not within the trusted network must pass through the firewall, wherein the firewall is an element in the networked computer system that is not a firewall in a client computer system; when the set of network elements related to the data storage operation is such that storage operation data must pass through the firewall, determining a specific set of ports to be used to send and receive storage operation data, wherein storage operation data includes data associated with at least one of a backup operation, a restore operation, a migration operation, an archival operation, and a recovery operation, and wherein the specific set of ports includes a first set of one or more ports and a second set of one or more ports; wherein the first set of one or more ports are one or more ports through which storage operation data is to pass; and wherein the second set of one or more ports are one or more ports through which data associated with control of the data storage operation is to pass; and prior to receipt by the firewall of storage operation data, allocating the specific set of ports with the firewall in advance, in accordance with at least one security parameter, for use in performing the data storage operation. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A system for performing a data storage operation through a firewall in a networked computer system, the system comprising:
-
a firewall, wherein the firewall is a distinct element in the networked computer system and is not a firewall of a client computer; a plurality of network elements, comprising; one or more client computers; and one or more data storage devices; a storage manager; and one or more media agents configured to conduct data between the one or more client computers and the one or more data storage devices under the direction of the storage manager, wherein the storage manager is configured to; identify, based on configuration data, a first set of network elements related to the data storage operation that are within a trusted network and a second set of network elements related to the data storage operation that are not within the trusted network, wherein traffic between elements of the trusted network and elements not within the trusted network must pass through the firewall; when the first and second sets of network elements related to the data storage operation are such that storage operation data must pass through the firewall, determine a specific set of ports to be used to send and receive the storage operation data, wherein the specific set of ports includes; a first set of one or more ports through which storage operation data is to pass; and a second set of one or more ports through which data associated with control of the data storage operation is to pass; and prior to receipt by the firewall of the storage operation data, allocate the specific set of ports with the firewall in advance, according to at least one security parameter, for use in performing the data storage operation, wherein, prior to receipt of the storage operation data, the firewall opens ports in accordance with the allocation. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A system for performing a data storage operation involving multiple network elements in a networked computer system, including one or more client computers and one or more data storage devices, wherein the data storage operation si performed through a firewall in the networked computer system, the system comprising:
-
one or more media agents configured to transfer storage operation data between the one or more client computers and the one or more data storage devices; and a storage manager configured to; identify, based on configuration data, a first set of network elements related to the data storage operation that are within a trusted network and a second set of network elements related to the data storage operation that are not within the trusted network, wherein traffic between network elements within the trusted network and network elements not within the trusted network must pass through the firewall; when the first and second sets of network elements related to the data storage operation are such that storage operation data must pass through the firewall; determine a first set of one or more firewall ports through which the one or more media agents are to transfer storage operation data between the one or more client computers and the one or more data storage devices; and determine a second set of one or more firewall ports through which data associated with control of the data storage operation is to pass; and prior to receipt by the firewall of the storage operation data, allocate the first and second sets of firewall ports with the firewall, wherein the firewall is a distinct network element in the networked computer system and is not a firewall of a client computer, and wherein prior to receipt of the storage operation data, the firewall opens the first and second sets of ports in accordance with the allocation. - View Dependent Claims (23, 24, 25)
-
Specification