Enabling proxy services using referral mechanisms

US 8,539,081 B2
Filed: 09/15/2004
Issued: 09/17/2013
Est. Priority Date: 09/15/2003
Status: Active Grant

First Claim

Patent Images

1. A method for authenticating a client on a plurality of file servers in connection with providing proxy services to the client, comprising:

establishing, at a network device, a connection between the client and a first file server of the plurality of file servers;

receiving, at the network device, a transaction request from the client to access an object on the plurality of file servers;

in response to the received transaction request and in order to provide proxy services to the client, authenticating, at the network device, the client on the other file servers of the plurality of file servers by successively obtaining a referral request from the client for each of the other file servers, wherein the successively obtained referral requests are used to authenticate the client on each of the other file servers of the plurality of file servers in connection with providing proxy services to the client, the authenticating comprising for each file server;

the network device sending a request declined message to the client indicating the requested object is not available;

the network device receiving a referral request from the client;

the network device responding to the received referral request by sending the client a referral, wherein the referral refers the client to the each file server;

the network device receiving a reformulated transaction request from the client in response to the referral, wherein the reformulated transaction request comprises authentication information for the client; and

the network device forwarding the reformulated transaction request to the each file server, wherein the each file server uses the authentication information to authenticate the client on the each file server; and

after authenticating the client on the plurality of file servers, performing transactions at the network device to access the object or other objects on the plurality of file servers on behalf of the client.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A NAS (Network Attaches Storage) switch authenticates a client on multiple file servers for proxy services. The NAS switch enables proxy services by successively authenticating the client on the file servers using referrals. The NAS switch further comprises a connection manager to establish connections to the client and the file servers, a referral manager to redirect the client for successive authentications, and a transaction manager to perform data transfers with the file servers on behalf of the client. The system components support DFS (Distributed File System), and communicate using a protocol dialect that supports referral mechanisms such as NFSv4 (Network File Server version 4) or CIFS (Common Internet File System). The transaction manager also performs a protocol dialect translation service when the connection manager negotiates one protocol dialect with the client, and a different protocol dialect with the file server.

117 Citations

45 Claims

1. A method for authenticating a client on a plurality of file servers in connection with providing proxy services to the client, comprising:
- establishing, at a network device, a connection between the client and a first file server of the plurality of file servers;
  
  receiving, at the network device, a transaction request from the client to access an object on the plurality of file servers;
  
  in response to the received transaction request and in order to provide proxy services to the client, authenticating, at the network device, the client on the other file servers of the plurality of file servers by successively obtaining a referral request from the client for each of the other file servers, wherein the successively obtained referral requests are used to authenticate the client on each of the other file servers of the plurality of file servers in connection with providing proxy services to the client, the authenticating comprising for each file server;
  
  the network device sending a request declined message to the client indicating the requested object is not available;
  
  the network device receiving a referral request from the client;
  
  the network device responding to the received referral request by sending the client a referral, wherein the referral refers the client to the each file server;
  
  the network device receiving a reformulated transaction request from the client in response to the referral, wherein the reformulated transaction request comprises authentication information for the client; and
  
  the network device forwarding the reformulated transaction request to the each file server, wherein the each file server uses the authentication information to authenticate the client on the each file server; and
  
  after authenticating the client on the plurality of file servers, performing transactions at the network device to access the object or other objects on the plurality of file servers on behalf of the client.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1, wherein establishing the connection between the client and the first file server comprises:
    - negotiating a first protocol dialect with the client.
  - 3. The method of claim 2, further comprising:
    - negotiating a second protocol dialect with one or more file servers from the plurality of file servers, the second protocol dialect differing from the first protocol dialect,wherein the performing transactions comprises translating a transaction request from the first protocol dialect to the second protocol dialect.
  - 4. The method of claim 3, further comprising:
    - negotiating a third protocol dialect with one or more file servers from the plurality of file servers, the third protocol dialect differing from the second protocol dialect.
  - 5. The method of claim 3, wherein the authenticating the client on the other file servers of the plurality of file servers comprises:
    - negotiating a third protocol dialect with a second file server.
  - 6. The method of claim 2, wherein the first protocol dialect comprises NFS (Network File System) or CIFS (Common Internet File System).
  - 7. The method of claim 1, wherein the message sent to the client in response to the transaction request is an error message.
  - 8. The method of claim 1, wherein the authenticating the client on the other file servers of the plurality of file servers comprises:
    - referring the client to a file server from among the other file servers using the referral request received from the client.
  - 9. The method of claim 1, wherein the authenticating the client on the other file servers of the plurality of file servers comprises:
    - receiving authentication information for one or more file servers; and
      
      establishing a connection to the one or more file servers using the authentication information.
  - 10. The method of claim 9, wherein the authentication information comprises Kerberos authentication information.
  - 11. The method of claim 1, wherein the authenticating the client on the other file servers of the plurality of file servers comprises:
    - associating the plurality of file servers with a virtual server; and
      
      referring the client to the virtual server using a sharename that uniquely identifies the client.
  - 12. The method of claim 1, wherein the authenticating the client on the other file servers of the plurality of file servers comprises:
    - authenticating the client on the other file servers using a plurality of proxy servers, each at a separate network address.
  - 13. The method of claim 12, further comprising:
    - associating the plurality of file servers with a virtual server at a network address differing from the proxy server network addresses.
  - 14. The method of claim 1, wherein the client supports DFS (Distributed File System).
  - 15. The method of claim 1, wherein the performing the transactions comprises:
    - performing one or more of create file, delete file, move file, copy file, read file, or write file.

16. A NAS (Network Attached Storage) switch to authenticate a client on a plurality of file servers in connection with providing proxy services to the client, comprising:
- an interface connecting the switch to other devices;
  
  memory; and
  
  a processor or processors, the processor or processors configured to perform the functions of;
  
  a connection manager to establish a connection between the client and a first file server of the plurality of file servers;
  
  a referral manager to authenticate the client on the other file servers of the plurality of file servers, in response to receiving a transaction request from the client to access an object on the plurality of file servers, by successively obtaining a referral request from the client for each of the other file servers, wherein the successively obtained referral requests are used to authenticate the client on each of the other file servers of the plurality of file servers in connection with providing proxy services to the client, the authenticating comprising for each file server;
  
  the NAS switch sending a request declined message to the client indicating that the requested object is not available;
  
  the NAS switch receiving a referral request from the client;
  
  the NAS switch responding to the received referral request by sending the client a referral, wherein the referral refers the client to the each file server;
  
  the NAS switch receiving a reformulated transaction request from the client in response to the referral, wherein the reformulated transaction request comprises authentication information for the client; and
  
  the NAS switch forwarding the reformulated transaction request to the each file server, wherein the each file server uses the authentication information to authenticate the client on the each file server; and
  
  a transaction manager to perform transactions to access the object or other objects on the plurality of file servers on behalf of the client after authenticating the client on the plurality of file servers.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 17. The NAS switch of claim 16, wherein the connection manager is further configured to negotiate a first protocol dialect with the client.
  - 18. The NAS switch of claim 17, wherein the connection manager is further configured to negotiate a second protocol dialect with one or more file servers from the plurality of file servers, the second protocol dialect differing from the first protocol dialect, and the transaction manager translates a transaction request from the first protocol dialect to the second protocol dialect.
  - 19. The NAS switch of claim 18, wherein the connection manager is further configured to negotiate a third protocol dialect with one or more file servers from the plurality of file servers, the third protocol dialect differing from the second protocol dialect.
  - 20. The NAS switch of claim 18, wherein the referral manager is further configured to negotiate a third protocol dialect with a second file server.
  - 21. The NAS switch of claim 17, wherein the first protocol dialect comprises NFS (Network File System) or CIFS (Common Internet File System).
  - 22. The NAS switch of claim 16, wherein the referral manager, in response to receiving the transaction request, is further configured to send an error message to the client.
  - 23. The NAS switch of claim 16, wherein the referral manager, in response to receiving the referral request from the client, is further configured to refer the client to a file server from among the other file servers.
  - 24. The NAS switch of claim 16, wherein the referral manager is further configured to receive authentication information for one or more file servers, and establish a connection to the at least one file server using the authentication information.
  - 25. The NAS switch of claim 24, wherein the authenticating information comprises Kerberos authentication information.
  - 26. The NAS switch of claim 16, wherein the referral manager is further configured to associate the plurality of file servers with a virtual server, and refer the client to the virtual server using a sharename that uniquely identifies the client.
  - 27. The NAS switch of claim 16, wherein the authenticating the client on the other file servers of the plurality of file servers comprises:
    - authenticating the client on the other file servers using a plurality of proxy servers, each at a separate network address.
  - 28. The NAS switch of claim 27, wherein the transaction manager is further configured to associate the plurality of file servers with a virtual server at a network address differing from the proxy server network addresses.
  - 29. The NAS switch of claim 16, wherein the client supports DFS (Distributed File System).
  - 30. The NAS switch of claim 16, wherein the performing the transactions comprises:
    - performing one or more of create file, delete file, move file, copy file, read file, or write file.

31. A computer program product, comprising a non-transitory computer readable medium having computer program instructions for a method for authenticating a client on a plurality of file servers in connection with providing proxy services to the client, comprising:
- establishing, at a network device, a connection between the client and a first file server of the plurality of file servers;
  
  receiving, at the network device, a transaction request from the client to access an object on the plurality of file servers;
  
  in response to the received transaction request and in order to provide proxy services to the client, authenticating, at the network device, the client on the other file servers of the plurality of file servers by successively obtaining a referral request from the client for each of the other file servers, wherein the successively obtained referral requests are used to authenticate the client on each of the other file servers of the plurality of file servers in connection with providing proxy services to the client, the authenticating comprising for each file server;
  
  the network device sending a request declined message to the client indicating the requested object is not available;
  
  the network device receiving a referral request from the client;
  
  the network device responding to the received referral request by sending the client a referral, wherein the referral refers the client to the each file server;
  
  the network device receiving a reformulated transaction request from the client in response to the referral, wherein the reformulated transaction request comprises authentication information for the client; and
  
  the network device forwarding the reformulated transaction request to the each file server, wherein the each file server uses the authentication information to authenticate the client on the each file server; and
  
  after authenticating the client on the plurality of file servers, performing transactions at the network device to access the object or other objects on the plurality of file servers on behalf of the client.
- View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45)
- - 32. The computer program product of claim 31, wherein establishing the connection between the client and the first file server comprises:
    - negotiating a first protocol dialect with the client.
  - 33. The computer program product of claim 32, the method further comprising:
    - negotiating a second protocol dialect with one or more file servers from the plurality of file servers, the second protocol dialect differing from the first protocol dialect,wherein the performing transactions comprises translating a transaction request from the first protocol dialect to the second protocol dialect.
  - 34. The computer program product of claim 33, the method further comprising:
    - negotiating a third protocol dialect with one or more file servers from the plurality of file servers, the third protocol dialect differing from the second protocol dialect.
  - 35. The computer program product of claim 33, wherein the authenticating the client on the other file servers of the plurality of file servers comprises:
    - negotiating a third protocol dialect with a second file server.
  - 36. The computer program product of claim 32, wherein the first protocol dialect comprises NFS (Network File System) or CIFS (Common Internet File System).
  - 37. The computer program product of claim 31, wherein the message sent to the client in response to the transaction request is an error message.
  - 38. The computer program product of claim 31, wherein the authenticating the client on the other file servers of the plurality of file servers further comprises:
    - referring the client to a file server from among the other file servers.
  - 39. The computer program product of claim 31, wherein the authenticating the client on the other file servers of the plurality of file servers comprises:
    - receiving authentication information for one or more file servers; and
      
      establishing a connection to the at least one file server using the authentication information.
  - 40. The computer program product of claim 39, wherein the authenticating information comprises Kerberos authentication information.
  - 41. The computer program product of claim 31, wherein the authenticating the client on the other file servers of the plurality of file servers comprises:
    - associating the plurality of file servers with a virtual server; and
      
      referring the client to the virtual server using a sharename that uniquely identifies the client.
  - 42. The computer program product of claim 31, wherein the authenticating the client with the other file servers of the plurality of file servers comprises:
    - authenticating the client with the other file servers using a plurality of proxy servers, each at a separate network address.
  - 43. The computer program product of claim 42, the method further comprising:
    - associating the plurality of file servers with a virtual server at a network address differing from the proxy server network address.
  - 44. The computer program product of claim 31, wherein the client supports DFS (Distributed File System).
  - 45. The computer program product of claim 31, wherein the performing the transactions comprises:
    - performing one or more of create file, delete file, move file, copy file, read file, or write file.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Cisco Technology, Inc. (Cisco Systems, Inc.)
Original Assignee
NeoPath Networks, Inc. (Cisco Systems, Inc.)
Inventors
Wong, Thomas K., Tsirigotis, Panagiotis, Chawla, Rajeev, Liu, Zuwei, Seitz, Matthew, Iyengar, Anand, Simpkins, Richard A.
Primary Examiner(s)
Patel, Dhairya A

Application Number

US10/942,762
Publication Number

US 20050125503A1
Time in Patent Office

3,289 Days
Field of Search

709/226, 709/227, 709/229, 709/225
US Class Current

709/227
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 67/1097   for distributed storage of ...

H04L 67/56   Provisioning of proxy servi...

H04L 67/565   Conversion or adaptation of...

Enabling proxy services using referral mechanisms

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

117 Citations

45 Claims

Specification

Solutions

Use Cases

Quick Links

Enabling proxy services using referral mechanisms

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

117 Citations

45 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links