Virtual filer and IP space based IT configuration transitioning framework

US 8,041,761 B1
Filed: 12/23/2002
Issued: 10/18/2011
Est. Priority Date: 12/23/2002
Status: Active Grant

First Claim

Patent Images

1. A method for operating a computer system, comprising:

executing a filer on the computer, the filer instantiating a first virtual server and a second virtual server;

operating the first virtual server in a first security domain to provide access for a client to resources, the client gaining access to the resources by presentation of a first security credentials for comparison with a first security objects of the resources, the first security credentials and the first security objects operable within the first security domain;

transitioning the filer from the first security domain to a second security domain by transitioning the client from the first virtual server in the first security domain to the second virtual server in the second security domain;

transitioning the resources from the first security domain to a second security domain, the transitioning including upgrading the first security objects to a second security objects operable with the second security domain, the resources accessible by the second virtual server in the second security domain with the second security credentials for comparison with the second security objects;

mapping the first security credentials of the client to the second security objects to allow the client to access the resources using the first security credentials to provide a transition of the resources from the first security domain to the second security domain while allowing access to the resources by the client using the first security credentials to permit the client to access the resources using both the first security credentials and the second security credentials after the resources have been transitioned to the second security domain.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method enables gradual transitioning of a server, such as a filer, to a new security domain and/or IP address scheme. A single physical platform may comprise multiple logical servers, such as virtual filers (vfilers), that simultaneously participate in different security domains and IP address schemes. Each logical server is allocated its own set of storage resources, such as volumes and qtrees, and network resources, such as network addresses. Additionally, a common set of storage resources may store a data set that is accessible to logical servers that participate in the different security domains and/or IP address schemes. Therefore, the server can transition from an old security domain to a new, e.g., upgraded, security domain, by gradually phasing out file access requests sent to a logical server in the old domain and redirecting those requests to a logical server in the new security domain. Similarly, the server can transition from an old IP address scheme to a new IP address scheme by gradually redirecting file access requests from one logical server to another. Since the invention enables multiple logical servers to access the server'"'"'s data set, clients do not experience any downtime in service during the server'"'"'s transition to a new security domain and/or IP address scheme.

Citations

20 Claims

1. A method for operating a computer system, comprising:
- executing a filer on the computer, the filer instantiating a first virtual server and a second virtual server;
  
  operating the first virtual server in a first security domain to provide access for a client to resources, the client gaining access to the resources by presentation of a first security credentials for comparison with a first security objects of the resources, the first security credentials and the first security objects operable within the first security domain;
  
  transitioning the filer from the first security domain to a second security domain by transitioning the client from the first virtual server in the first security domain to the second virtual server in the second security domain;
  
  transitioning the resources from the first security domain to a second security domain, the transitioning including upgrading the first security objects to a second security objects operable with the second security domain, the resources accessible by the second virtual server in the second security domain with the second security credentials for comparison with the second security objects;
  
  mapping the first security credentials of the client to the second security objects to allow the client to access the resources using the first security credentials to provide a transition of the resources from the first security domain to the second security domain while allowing access to the resources by the client using the first security credentials to permit the client to access the resources using both the first security credentials and the second security credentials after the resources have been transitioned to the second security domain.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method as in claim 1, further comprising:
    - permitting the client to access the resources by using the first security credentials with the first virtual server in the first security domain while also permitting the client to access the resources using the second security credentials with the second virtual server in the second security domain to permit access by the client to the resources while transitioning the filer from the first security domain to the second security domain.
  - 3. The method as in claim 1, further comprising:
    - processing a first request by the client for the resources by directing the first request to a first network interface operable in the first security domain and processing a second request by the client for the resources by directing the second request to a second network interface operable in the second security domain.
  - 4. The method as in claim 1, further comprising:
    - testing the second virtual server while gradually transitioning client requests from the first virtual server to the second virtual server.
  - 5. The method as in claim 1, further comprising:
    - destroying the first virtual server if testing the second virtual server indicates that the second virtual server operates correctly.
  - 6. The method as in claim 1, further comprising:
    - configuring an operating system to permit information technology personnel to gradually transition the client from the first virtual server to the second virtual server.
  - 7. The method as in claim 1, further comprising:
    - configuring an operating system for the first virtual server to map the first security objects operable within the first security domain to the second security domain.
  - 8. The method as in claim 1, further comprising:
    - processing a first request by the client for the resources by directing the first request to a first network interface operable in a first network address scheme and processing a second request by the client for the resources by directing the second request to a second network interface operable in a second network address scheme.
  - 9. The method as in claim 1, further comprising:
    - assigning a first network address to the first virtual server and assigning a second network address to the second virtual server, and transitioning client requests from the first network address to the second network address.
  - 10. The method as in claim 9, further comprising:
    - using an IP address as the network address.

11. A computer system, comprising:
- a filer executing on the computer, the filer instantiating a first virtual server and a second virtual server;
  
  the first virtual server to operate in a first security domain to provide access for a client to resources, the client gaining access to the resources by presentation of a first security credentials for comparison with a first security objects of the resources, the first security credentials and the first security objects operable within the first security domain;
  
  the filer to transition from the first security domain to a second security domain by transitioning the client from the first virtual server in the first security domain to the second virtual server in the second security domain;
  
  an operating system configured to transition the resources from the first security domain to the second security domain, the transitioning including upgrading the first security objects to the second security objects operable with the second security domain, the resources accessible by the second virtual server in the second security domain with the second security credentials for comparison with the second security objects; and
  
  the operating system further configured to map the first security credentials of the client to the second security objects to allow the client to access the resources using the first security credentials to provide a transition of the resources from the first security domain to the second security domain while allowing access to the resources by the client using the first security credentials to permit the client to access the resources using both the first security credentials and the second security credentials after the resources have been transitioned to the second security domain.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
- - 12. The computer system as in claim 11, further comprising:
    - the operating system to permit the client to access the resources by using the first security credentials with the first virtual server in the first security domain while also permitting the client to access the resources using the second security credentials with the second virtual server in the second security domain to permit access by the client to the resources while transitioning the filer from the first security domain to the second security domain.
  - 13. The computer system as in claim 11, further comprising:
    - the operating system to process a first request by the client for the resources by directing a request to a first network interface operable in the first security domain and processing a second request by the client for the resources by a directing the request to a second network interface operable in the second security domain.
  - 14. The computer system as in claim 11, further comprising:
    - the operating system to test the second virtual server while gradually transitioning the client requests from the first virtual server to the second virtual server.
  - 15. The computer system as in claim 11, further comprising:
    - the operating system to destroy the first virtual server if testing the second virtual server indicates that the second virtual server operates correctly.
  - 16. The computer system as in claim 11, further comprising:
    - the operating system to permit information technology personnel to gradually transition the client from the first virtual server to the second virtual server.
  - 17. The computer system as in claim 11, further comprising:
    - the operating system for the first virtual server to map the first security objects operable in the first security domain to the second security domain.
  - 18. The computer system as in claim 11, further comprising:
    - a first network interface operable with a first network address to process a first request by the client for the resources and a second network interface operable with a second network address to process a second request by the client for the resources.
  - 19. The computer system as in claim 18, further comprising:
    - a first IP address used as the first network address and a second IP address used as the second network address.

20. A computer readable non-transitory storage media, comprising:
- said computer readable storage media containing program instructions for execution on a processor for a method of operating a computer system the program instructions for,executing a filer on the computer, the filer instantiating a first virtual server and a second virtual server;
  
  operating the first virtual server in a first security domain to provide access for a client to resources, the client gaining access to the resources by presentation of a first security credentials for comparison with a first security objects of the resources, the first security credentials and the first security objects operable within the first security domain;
  
  transitioning the filer from the first security domain to a second security domain by transitioning the client from the first virtual server in the first security domain to the second virtual server in the second security domain;
  
  transitioning the resources from the first security domain to a second security domain, the transitioning including upgrading the first security objects to a second security objects operable with the second security domain, the resources accessible by the second virtual server in the second security domain with the second security credentials for comparison with the second security objects; and
  
  mapping the first security credentials of the client to the second security objects to allow the client to access the resources using the first security credentials to provide a transition of the resources from the first security domain to the second security domain while allowing access to the resources by the client using the first security credentials to permit the client to access the resources using both the first security credentials and the second security credentials after the resources have been transitioned to the second security domain.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NetApp, Inc.
Original Assignee
NetApp, Inc.
Inventors
Banga, Gaurav, Muhlestein, Mark
Primary Examiner(s)
Nguyen; Thuong T

Application Number

US10/327,755
Time in Patent Office

3,221 Days
Field of Search

709/201, 709/220, 709/223, 709/204, 718/1, 719/330, 705/51, 705/52, 705/64, 726/2, 726/15, 726/27
US Class Current

709/201
CPC Class Codes

G06F 9/5077   Logical partitioning of res...

G06Q 20/382   insuring higher security of...

H04L 63/20   for managing network securi...

Virtual filer and IP space based IT configuration transitioning framework

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Virtual filer and IP space based IT configuration transitioning framework

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links