File level security for a metadata controller in a storage area network
First Claim
Patent Images
1. A multinode, shared storage data processing system, comprising:
- a first set of nodes including at least a processor, the first set of nodes being capable of acting as metadata controller nodes, wherein a first node from said first set of nodes acts to provide access to an individual file in said shared storage,said access being provided so that access occurs from a second node, not within said first set of nodes, which has time limited access to said file but which does not act as a metadata controller for said file;
a storage gateway through which said access to said shared storage by said first and second nodes is provided,said metadata controller nodes enabled to provide an identity of said second node that is authorized to directly access said file from said storage gateway,said gateway having a memory containing program code for comparing an access request from said second node with metadata control information provided to said gateway from one of said metadata controller nodes, and allowing direct access by said second node if said second node has authenticated access, and temporarily bypassing said metadata controller nodes.
0 Assignments
0 Petitions
Accused Products
Abstract
A storage gateway is employed as part of a security enhancing protocol in a data processing system which includes at least one metadata controller node and at least one application node which is granted a time limited access to files in a shared storage system. The gateway is provided with information as to data blocks to which access is to be allowed and also with information concerning the duration of special access granted to a requesting application node. This insures that metadata cannot be improperly used, changed or corrupted by users operating on an application node.
-
Citations
2 Claims
-
1. A multinode, shared storage data processing system, comprising:
-
a first set of nodes including at least a processor, the first set of nodes being capable of acting as metadata controller nodes, wherein a first node from said first set of nodes acts to provide access to an individual file in said shared storage, said access being provided so that access occurs from a second node, not within said first set of nodes, which has time limited access to said file but which does not act as a metadata controller for said file; a storage gateway through which said access to said shared storage by said first and second nodes is provided, said metadata controller nodes enabled to provide an identity of said second node that is authorized to directly access said file from said storage gateway, said gateway having a memory containing program code for comparing an access request from said second node with metadata control information provided to said gateway from one of said metadata controller nodes, and allowing direct access by said second node if said second node has authenticated access, and temporarily bypassing said metadata controller nodes.
-
-
2. A non-transitory machine readable storage medium containing program code, for use in a multinode, shared storage data processing system,
the shared storage data processing system including at least a first set of nodes capable of acting as metadata controller nodes, wherein a first node from said first set of nodes acts to provide access to an individual file in said shared storage, said access being provided so that access occurs from a second node, the second node not within said first set of nodes, and which has time limited access to said file but which does not act as a metadata controller for said file; -
a storage gateway through which said access to said shared storage by said first and second nodes is provided, said metadata controller nodes enabled to provide an identity of said second node that is authorized to directly access said file from said storage gateway, said gateway having a memory containing program code for comparing an access request from said second node with metadata control information provided to said gateway from one of said metadata controller nodes, and allowing direct access by said second node if said second node has authenticated access, and temporarily bypassing said metadata controller nodes.
-
Specification