Credential caching for clustered storage systems

US 8,099,766 B1
Filed: 03/26/2007
Issued: 01/17/2012
Est. Priority Date: 03/26/2007
Status: Active Grant

First Claim

Patent Images

1. A method for efficiently transmitting credentials among nodes of a clustered storage system, comprising:

adding a credential of a requester to a N-module cache of a N-module, the N-module operatively connected to the requester over a network;

creating a corresponding credential handle that indexes the credential in the N-module cache;

relaying the credential and the credential handle between the N-module and a D-module, the D-module operatively connected to a storage device served by the D-module;

adding the credential to a corresponding D-module cache of the D-module at a location indexed by the corresponding credential handle; and

sending an access request of the requester between the N-module and the D-module to access data at the storage device using the credential handle to authenticate the requester.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A technique efficiently transmits credentials between network elements and disk elements in a clustered storage system. According to the novel technique, in response to a user request to access data served by a data element, a network element inserts (adds) a credential associated with the user to a network element credential cache and creates a corresponding credential handle that indexes the credential in that cache. The network element relays the credential and credential handle to the disk element, which adds the credential to a corresponding disk element credential cache at a location indexed by the corresponding credential handle. Requests may then be sent between the elements using the credential handle. In addition, the network element may further send a series of chained requests to the disk element for the same credential/credential handle with an indication that the requests are for the same credential without sending the credential or credential handle.

Citations

30 Claims

1. A method for efficiently transmitting credentials among nodes of a clustered storage system, comprising:
- adding a credential of a requester to a N-module cache of a N-module, the N-module operatively connected to the requester over a network;
  
  creating a corresponding credential handle that indexes the credential in the N-module cache;
  
  relaying the credential and the credential handle between the N-module and a D-module, the D-module operatively connected to a storage device served by the D-module;
  
  adding the credential to a corresponding D-module cache of the D-module at a location indexed by the corresponding credential handle; and
  
  sending an access request of the requester between the N-module and the D-module to access data at the storage device using the credential handle to authenticate the requester.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The method as in claim 1, wherein the clustered storage system comprises one or more file servers.
  - 3. The method as in claim 1, wherein adding the credential to the N-module cache comprises:
    - authenticating the requester at the N-module; and
      
      in response, generating the credential for the requester.
  - 4. The method as in claim 3, wherein the requester is selected from a group consisting of:
    - a client, a user, a machine, an element, a node, and a storage system.
  - 5. The method as in claim 1, further comprising:
    - evicting the credential from one of the N-module cache and the D-module cache.
  - 6. The method as in claim 1, further comprising:
    - replacing the credential handle with a new credential handle.
  - 7. The method as in claim 1, further comprising:
    - rejecting the creation of the credential handle.
  - 8. The method as in claim 1, further comprising:
    - rejecting the access request if the credential handle is invalid.
  - 9. The method as in claim 1, further comprising:
    - rejecting the credential handle; and
      
      resubmitting the credential handle between the N-module and the D-module.
  - 10. The method as in claim 1, further comprising:
    - rejecting the credential handle; and
      
      sending an error message between the D-module and the N-module.
  - 11. The method as in claim 1, further comprising:
    - storing a sufficient amount of the credential in the N-module cache to match the credential with the corresponding credential handle.
  - 12. The method as in claim 1, further comprising:
    - changing the credential at the D-module corresponding to the credential handle.
  - 13. The method as in claim 1, wherein the credential handle is smaller than the credential.
  - 14. The method as in claim 1, further comprising:
    - sending the access request as a first access request of a series of chained access requests using the credential between the N-module and the D-module;
      
      specifying that the corresponding credential handle is for the series of chained access requests in the first access request; and
      
      sending remaining access requests of the series with an indication that the remaining access requests are for the credential used by the first access request without sending the credential or the corresponding credential handle between the N-module and the D-module to authenticate the requester.
  - 15. The method as in claim 1, wherein the D-module comprises a disk element.
  - 16. The method as in claim 1, further comprising:
    - distributing the credential and the credential handle to one or more nodes of the clustered storage system using a replicated database.
  - 17. The method as in claim 1, further comprising:
    - merging the credential with a new credential.
  - 18. The method as in claim 1, further comprising:
    - using a cluster fabric (CF) message type as the credential.

19. A method for efficiently transmitting credentials among nodes of a clustered storage system, comprising:
- sending a first request of a series of chained requests comprising a credential between a N-module and a D-module, the N-module enabled to operatively connect to a client, and the D-module operatively connected to a storage device served by the D-module;
  
  specifying a corresponding credential handle indexing the credential in a cache of the clustered storage system associated with the series of chained requests in the first request; and
  
  sending remaining requests of the series of chained requests with an indication that the remaining requests are for the credential without sending the corresponding credential handle between the N-module and the D-module.
- View Dependent Claims (20, 21, 22)
- - 20. The method as in claim 19, wherein the first request is sent from the N-module to the D-module.
  - 21. The method as in claim 19, wherein the first request further comprises a cluster fabric (CF) message type.
  - 22. The method as in claim 19, wherein the N-module and the D-module each have their own cache to store the credential.

23. A clustered storage system for transmitting credentials among nodes of the clustered storage system, comprising:
- a N-module configured to operatively connect to a requester over a network;
  
  a cache of the N-module configured to store a credential of the requester;
  
  the cache further configured to store a credential handle that corresponds to the credential configured to index the credential in the cache;
  
  one or more D-modules operatively connected to a storage device served by the D-module; and
  
  the N-module and the one or more D-modules configured to send one or more requests of the requester between the N-module and the one or more D-modules using the credential handle to authenticate the requester.
- View Dependent Claims (24, 25, 26, 27, 28, 29)
- - 24. The clustered storage system as in claim 23, further comprising:
    - a cluster interface configured to relay the credentials and the credential handles between the one or more D-modules, and further configured to transmit the one or more requests between the N-module and the one or more D-modules by sending the credential handle without the credential to authenticate the requester.
  - 25. The clustered storage system as in claim 23, wherein the D-module comprises a disk element.
  - 26. The clustered storage system as in claim 23, wherein the cache of the N-module is between the N-module and the D-module.
  - 27. The clustered storage system as in claim 23, further comprising:
    - a replicated database configured to distribute the credential and the credential handle to one or more nodes of the clustered storage system.
  - 28. The clustered storage system as in claim 23, wherein the N-module is configured to merge thecredential with a new credential.
  - 29. The clustered storage system as in claim 23, wherein the credential comprises a cluster fabric (CF) message type.

30. A non-transitory computer readable storage medium containing executable program instructions for execution by a processor, comprising:
- program instructions that add a credential of a requester to a N-module cache of a N-module, the N-module operatively connected to the requester over a network;
  
  program instructions that create a corresponding credential handle that indexes the credential in the N-module cache;
  
  program instructions that relay the credential and the credential handle between the N-module and a D-module, the D-module operatively connected to a storage device served by the D-module; and
  
  program instructions that send an access request of the requester between the N-module and the D-module to access data at the storage device using the credential handle to authenticate the requester.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NetApp, Inc.
Original Assignee
NetApp, Inc.
Inventors
Corbett, Peter F.
Primary Examiner(s)
Cervetti, David García
Assistant Examiner(s)
McNally, Michael S

Application Number

US11/691,179
Time in Patent Office

1,758 Days
Field of Search

726/6
US Class Current

726/6
CPC Class Codes

H04L 67/1097 for distributed storage of ...

Credential caching for clustered storage systems

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Credential caching for clustered storage systems

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links