Centralizing access request authorizations for storage systems
First Claim
1. A system for authorizing access requests for accessing a storage system, the system comprising:
- an authorization module configured for determining authorization of access requests for a first storage system;
a first server system comprising a first application configured for;
sending an initiation request to the authorization module;
receiving an access request for accessing the first storage system;
sending an authorization request to the authorization module for authorizing the access request; and
only upon receiving an authorization of the access request from the authorization module, sending the access request to the first storage system;
the first storage system comprising a set of one or more storage devices, the first storage system configured for performing the access request received from the first application without determining authorization of the received access request; and
a network connecting the authorization module, first server system, and first storage system, wherein the authorization module resides and executes externally from the first server system and the first storage system, wherein the authorization module is further configured for generating a unique identifier and a password for the first application to connect with the first storage system and sending the unique identifier and password to the first application and the first storage system.
2 Assignments
0 Petitions
Accused Products
Abstract
Described herein is a centralized access request authorization system comprising an authorization module, one or more server systems, and a collection of one or more storage systems connected through a network. An application executing on a server system receives an access request for accessing the storage system collection and sends an authorization request to the authorization module for authorizing the access request. The application may be configured to only send the access request to the storage system collection if it first receives an authorization of the access request from the authorization module. Since the application is configured to do such, the storage system performs the access request without performing any authorization verification on the access request. The authorization module may receive authorization requests from a plurality of applications (executing on a plurality of server systems) and determine received authorization requests using a single repository of access permission information.
42 Citations
18 Claims
-
1. A system for authorizing access requests for accessing a storage system, the system comprising:
-
an authorization module configured for determining authorization of access requests for a first storage system; a first server system comprising a first application configured for; sending an initiation request to the authorization module; receiving an access request for accessing the first storage system; sending an authorization request to the authorization module for authorizing the access request; and only upon receiving an authorization of the access request from the authorization module, sending the access request to the first storage system; the first storage system comprising a set of one or more storage devices, the first storage system configured for performing the access request received from the first application without determining authorization of the received access request; and a network connecting the authorization module, first server system, and first storage system, wherein the authorization module resides and executes externally from the first server system and the first storage system, wherein the authorization module is further configured for generating a unique identifier and a password for the first application to connect with the first storage system and sending the unique identifier and password to the first application and the first storage system. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A system for authorizing access requests for accessing a storage system, the system comprising:
-
an authorization module configured for determining authorization of access requests for a first storage system; a first server system comprising; a first application configured for; receiving an access request for accessing the first storage system; sending an authorization request to the authorization module for authorizing the access request; and only upon receiving an authorization of the access request from the authorization module, sending the access request to the first storage system; and a second application configured for; supporting a set of one or more operations on the first storage system; receiving the access request from a user, the access request specifying an operation in the set of operations; and sending the access request to the first application; the first storage system comprising a set of one or more storage devices, the first storage system configured for performing the access request received from the first application without determining authorization of the received access request; and a network connecting the authorization module, first server system, and first storage system, wherein the authorization module resides and executes externally from the first server system and the first storage system, wherein; the first storage system comprises a first file system for organizing one or more storage objects stored on the first storage system; the first server system comprises a second file system for organizing the one or more storage objects; and the first application is further configured for; receiving, from the second application, the access request comprising a server address path to a storage object, the server address path being specified by the second file system; and mapping the server address path to a storage address path to the storage object, the storage address path being specified by the first file system.
-
-
7. A system for authorizing access requests for accessing a storage system, the system comprising:
-
an authorization module configured for determining authorization of access requests for a first storage system; a first server system comprising a first application configured for; receiving an access request for accessing the first storage system; sending an authorization request to the authorization module for authorizing the access request; and only upon receiving an authorization of the access request from the authorization module, sending the access request to the first storage system; the first storage system comprising a set of one or more storage devices, the first storage system configured for performing the access request received from the first application without determining authorization of the received access request; a network connecting the authorization module, first server system, and first storage system, wherein the authorization module resides and executes externally from the first server system and the first storage system; and a second server system comprising a second application configured for; receiving an access request for accessing the first storage system; sending an authorization request to the authorization module for authorizing the access request; and only upon receiving an authorization of the access request from the authorization module, sending the access request to the first storage system, wherein; the first storage system is configured for performing the access request received from the second application without determining authorization of the received access request; and the network connects the authorization module, first and second server systems, and first storage system.
-
-
8. A system for authorizing access requests for accessing a storage system, the system comprising:
-
an authorization module configured for determining authorization of access requests for a first storage system; a first server system comprising a first application configured for; receiving an access request for accessing the first storage system; sending an authorization request to the authorization module for authorizing the access request; and only upon receiving an authorization of the access request from the authorization module, sending the access request to the first storage system; the first storage system comprising a set of one or more storage devices, the first storage system configured for performing the access request received from the first application without determining authorization of the received access request; a network connecting the authorization module, first server system, and first storage system, wherein the authorization module resides and executes externally from the first server system and the first storage system; and a second storage system comprising a set of one or more storage devices, wherein; the authorization module is further configured for determining authorization of access requests for a second storage system; the first application is further configured for receiving an access request for accessing the second storage system, sending an authorization request to the authorization module for authorizing the access request, and only upon receiving an authorization of the access request from the authorization module, sending the access request to the second storage system; the second storage system is configured for performing the access request received from the first application without determining authorization of the received access request; and the network connects the authorization module, first server system, and first and second storage systems.
-
-
9. A method for authorizing access requests for accessing a storage system, the method comprising:
-
providing an authorization module configured for determining authorization of access requests for a first storage system; providing a first server system comprising a first application configured for; sending an initiation request to the authorization module; receiving an access request for accessing the first storage system; sending an authorization request to the authorization module for authorizing the access request; and only upon receiving an authorization of the access request from the authorization module, sending the access request to the first storage system; providing the first storage system comprising a set of one or more storage devices, the first storage system configured for performing the access request received from the first application without determining authorization of the received access request; and providing a network connecting the authorization module, first server system, and first storage system, wherein the authorization module resides and executes externally from the first server system and the first storage system, wherein the authorization module is further configured for generating a unique identifier and a password for the first application to connect with the first storage system and sending the unique identifier and password to the first application and the first storage system. - View Dependent Claims (10, 11, 12)
-
-
13. A system for registering an application for using an authorization module for authorizing access requests for accessing a storage system, the system comprising:
-
a server system comprising an application configured for sending an initiation request to the authorization module, the initiation request comprising credential information describing the application; the authorization module configured for; generating a unique identifier and a password for the application to connect with the storage system; and sending the unique identifier and password to the application and the storage system, wherein the authorization module generates and sends the unique identifier and password only upon determining that the credential information indicates that the application is configured to only send an access request to the storage system after receiving an authorization of the access request from the authorization module; the storage system comprising a set of one or more storage devices, the storage system configured for receiving and storing the unique identifier and password for the application; and a network connecting the authorization module, server system, and storage system, wherein the authorization module resides and executes externally from the server system and the storage system. - View Dependent Claims (14, 15)
-
-
16. A method for registering an application for using an authorization module for authorizing access requests for accessing a storage system, the method comprising:
-
providing a server system comprising an application configured for sending an initiation request to the authorization module, the initiation request comprising credential information describing the application;
providing the authorization module configured for;generating a unique identifier and a password for the application to connect with the storage system; and sending the unique identifier and password to the application and the storage system, wherein the authorization module generates and sends the unique identifier and password only upon determining that the credential information indicates that the application is configured to only send an access request to the storage system after receiving an authorization of the access request from the authorization module; providing the storage system comprising a set of one or more storage devices, the storage system configured for receiving and storing the unique identifier and password for the application; and providing a network connecting the authorization module, server system, and storage system, wherein the authorization module resides and executes externally from the server system and the storage system. - View Dependent Claims (17, 18)
-
Specification