Virtual filer and IP space based IT configuration transitioning framework
First Claim
1. A method for operating a computer system, comprising:
- executing a filer on the computer, the filer instantiating a first virtual server and a second virtual server;
operating the first virtual server in a first security domain to provide access for a client to resources, the client gaining access to the resources by presentation of a first security credentials for comparison with a first security objects of the resources, the first security credentials and the first security objects operable within the first security domain;
transitioning the filer from the first security domain to a second security domain by transitioning the client from the first virtual server in the first security domain to the second virtual server in the second security domain;
transitioning the resources from the first security domain to a second security domain, the transitioning including upgrading the first security objects to a second security objects operable with the second security domain, the resources accessible by the second virtual server in the second security domain with the second security credentials for comparison with the second security objects;
mapping the first security credentials of the client to the second security objects to allow the client to access the resources using the first security credentials to provide a transition of the resources from the first security domain to the second security domain while allowing access to the resources by the client using the first security credentials to permit the client to access the resources using both the first security credentials and the second security credentials after the resources have been transitioned to the second security domain.
3 Assignments
0 Petitions
Accused Products
Abstract
A system and method enables gradual transitioning of a server, such as a filer, to a new security domain and/or IP address scheme. A single physical platform may comprise multiple logical servers, such as virtual filers (vfilers), that simultaneously participate in different security domains and IP address schemes. Each logical server is allocated its own set of storage resources, such as volumes and qtrees, and network resources, such as network addresses. Additionally, a common set of storage resources may store a data set that is accessible to logical servers that participate in the different security domains and/or IP address schemes. Therefore, the server can transition from an old security domain to a new, e.g., upgraded, security domain, by gradually phasing out file access requests sent to a logical server in the old domain and redirecting those requests to a logical server in the new security domain. Similarly, the server can transition from an old IP address scheme to a new IP address scheme by gradually redirecting file access requests from one logical server to another. Since the invention enables multiple logical servers to access the server'"'"'s data set, clients do not experience any downtime in service during the server'"'"'s transition to a new security domain and/or IP address scheme.
-
Citations
20 Claims
-
1. A method for operating a computer system, comprising:
-
executing a filer on the computer, the filer instantiating a first virtual server and a second virtual server; operating the first virtual server in a first security domain to provide access for a client to resources, the client gaining access to the resources by presentation of a first security credentials for comparison with a first security objects of the resources, the first security credentials and the first security objects operable within the first security domain; transitioning the filer from the first security domain to a second security domain by transitioning the client from the first virtual server in the first security domain to the second virtual server in the second security domain; transitioning the resources from the first security domain to a second security domain, the transitioning including upgrading the first security objects to a second security objects operable with the second security domain, the resources accessible by the second virtual server in the second security domain with the second security credentials for comparison with the second security objects; mapping the first security credentials of the client to the second security objects to allow the client to access the resources using the first security credentials to provide a transition of the resources from the first security domain to the second security domain while allowing access to the resources by the client using the first security credentials to permit the client to access the resources using both the first security credentials and the second security credentials after the resources have been transitioned to the second security domain. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer system, comprising:
-
a filer executing on the computer, the filer instantiating a first virtual server and a second virtual server; the first virtual server to operate in a first security domain to provide access for a client to resources, the client gaining access to the resources by presentation of a first security credentials for comparison with a first security objects of the resources, the first security credentials and the first security objects operable within the first security domain; the filer to transition from the first security domain to a second security domain by transitioning the client from the first virtual server in the first security domain to the second virtual server in the second security domain; an operating system configured to transition the resources from the first security domain to the second security domain, the transitioning including upgrading the first security objects to the second security objects operable with the second security domain, the resources accessible by the second virtual server in the second security domain with the second security credentials for comparison with the second security objects; and the operating system further configured to map the first security credentials of the client to the second security objects to allow the client to access the resources using the first security credentials to provide a transition of the resources from the first security domain to the second security domain while allowing access to the resources by the client using the first security credentials to permit the client to access the resources using both the first security credentials and the second security credentials after the resources have been transitioned to the second security domain. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A computer readable non-transitory storage media, comprising:
-
said computer readable storage media containing program instructions for execution on a processor for a method of operating a computer system the program instructions for, executing a filer on the computer, the filer instantiating a first virtual server and a second virtual server; operating the first virtual server in a first security domain to provide access for a client to resources, the client gaining access to the resources by presentation of a first security credentials for comparison with a first security objects of the resources, the first security credentials and the first security objects operable within the first security domain; transitioning the filer from the first security domain to a second security domain by transitioning the client from the first virtual server in the first security domain to the second virtual server in the second security domain; transitioning the resources from the first security domain to a second security domain, the transitioning including upgrading the first security objects to a second security objects operable with the second security domain, the resources accessible by the second virtual server in the second security domain with the second security credentials for comparison with the second security objects; and mapping the first security credentials of the client to the second security objects to allow the client to access the resources using the first security credentials to provide a transition of the resources from the first security domain to the second security domain while allowing access to the resources by the client using the first security credentials to permit the client to access the resources using both the first security credentials and the second security credentials after the resources have been transitioned to the second security domain.
-
Specification