System and method for administering security in a logical namespace of a storage system environment
First Claim
1. A system configured to administer security in a logical namespace of a storage system environment, the system comprising:
- a remote agent of an integrated management framework, the remote agent installed on a host machine of a first domain in the storage system environment; and
a namespace and storage management (NSM) server, comprising a processor and a memory, residing in a second domain and cooperating with the remote agent to dynamically establish a trust relationship with the host machine of the first domain by transferring at least one application program interface (API) message from the NSM server to the remote agent to delegate responsibility of issuing system calls associated with namespace and storage management to the remote agent, thereby enabling remote agent-based namespace and storage management, through the NSM server, across multiple domains of the storage system environment, wherein rights are assigned to a user of the host machine interacting with the NSM server in accordance with a security administration feature of the integrated management framework and wherein an authentication procedure is provided, utilizing a database of the NSM server, that indicates the rights assigned to the user to ensure that the user has appropriate rights to perform operations on the NSM server.
3 Assignments
0 Petitions
Accused Products
Abstract
A system and method administers security in a logical namespace of a storage system environment. A remote agent performs an integral security-related role within a management framework that is directed to off-loading administration of privileges from a namespace and storage management (NSM) server for namespace and storage management. NSM server rights are defined and assigned to a user of the NSM server in accordance with a security administration feature of the management framework. In addition, a multi-stage authentication procedure is provided to ensure that a user has the appropriate rights to perform operations on the NSM server.
-
Citations
16 Claims
-
1. A system configured to administer security in a logical namespace of a storage system environment, the system comprising:
-
a remote agent of an integrated management framework, the remote agent installed on a host machine of a first domain in the storage system environment; and a namespace and storage management (NSM) server, comprising a processor and a memory, residing in a second domain and cooperating with the remote agent to dynamically establish a trust relationship with the host machine of the first domain by transferring at least one application program interface (API) message from the NSM server to the remote agent to delegate responsibility of issuing system calls associated with namespace and storage management to the remote agent, thereby enabling remote agent-based namespace and storage management, through the NSM server, across multiple domains of the storage system environment, wherein rights are assigned to a user of the host machine interacting with the NSM server in accordance with a security administration feature of the integrated management framework and wherein an authentication procedure is provided, utilizing a database of the NSM server, that indicates the rights assigned to the user to ensure that the user has appropriate rights to perform operations on the NSM server. - View Dependent Claims (2, 3)
-
-
4. A method for administering security in a logical namespace of a storage system environment, the method comprising:
-
installing a remote agent of an integrated management framework on a host machine of a first domain in the storage system environment; deploying a namespace and storage management (NSM) server, comprising a processor and a memory, in a second domain of the environment; dynamically establishing a trust relationship between the host machine of the first domain and the NSM server in the second domain by transferring at least one application program interface (API) message from the NSM server to the remote agent to delegate responsibility of issuing system calls associated with namespace and storage management to the remote agent, to thereby enable remote agent-based namespace and storage management, through the NSM server, across multiple domains of the storage system environment; assigning rights to a user of the NSM server in accordance with a security administration feature of the integrated management framework; and providing an authentication procedure, utilizing a database of the NSM server, that indicates the rights assigned to the user to ensure that the user has appropriate rights to perform operations on the NSM server. - View Dependent Claims (5, 6, 7, 8, 9, 10)
-
-
11. A non-transitory computer readable medium containing executable program instructions executed by a processor, comprising:
-
program instructions that install a remote agent of an integrated management framework on a host machine of a first domain in the storage system environment; program instructions that deploy a namespace and storage management (NSM) server, comprising a processor and a memory, in a second domain of the environment; program instructions that dynamically establish a trust relationship between the host machine of the first domain and the NMS server in the second domain by transferring at least one application program interface (API) message from the NSM server to the remote agent to delegate responsibility of issuing system calls associated with namespace and storage management to the remote agent, to thereby enable remote agent-based namespace and storage management, through the NSM server, across multiple domains of the storage system environment; program instructions that assign rights to a user of the NSM server in accordance with a security administration feature of the integrated management framework; and program instructions that provide an authentication procedure, utilizing a database of the NSM server configured to store an indication of the rights assigned to the user, to ensure that the user has the rights to perform operations on the NSM server. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A method for administering security in a logical namespace of a storage system environment, the method comprising:
-
installing a remote agent of an integrated management framework on a host machine of a first domain in the storage system environment; deploying a namespace and storage management (NSM) server, comprising a processor and a memory, in a second domain of the environment; dynamically establishing a trust relationship between the host machine of the first domain and the NSM server in the second domain by transferring at least one application program interface (API) message from the NSM server to the remote agent to delegate responsibility of issuing system calls associated with namespace and storage management to the remote agent, to thereby enable remote agent-based namespace and storage management, through the NSM server, across multiple domains of the storage system environment; assigning rights to a user of the NSM server in accordance with a security is administration feature of the integrated management framework; providing a multi-stage authentication procedure to ensure that the user has appropriate rights to perform operations on the NSM server; and performing a first look-up operation into a database of the NSM server by a command line interface process of the NSM server in accordance with a first stage of authentication, the database configured to store an indication of the rights assigned to the user.
-
Specification