Utilizing virtual private networks to provide object level security on a multi-node computer system
First Claim
1. A computer implemented method for data security using virtual networks in a multi-node computer system, the method comprising the steps of:
- setting up a virtual private network to make determined nodes become protected nodes by configuring access control data on the compute nodes to indicate one of a plurality of virtual networks is the virtual private network;
loading a database in the multi-node computer system;
executing a query to access the database objects over the virtual private network by sending a query to a particular security class so the query is only seen by those nodes that are authorized for the particular security class indicated in the access control data by performing the steps of;
determining a security class of a user from the access control data;
selecting the virtual private network based on the security class of the user;
sending the query on the selected virtual private network; and
collecting results for the query from the nodes and displaying a result to the user.
1 Assignment
0 Petitions
Accused Products
Abstract
The disclosure herein provides data security on a parallel computer system using virtual private networks connecting the nodes of the system. A mechanism sets up access control data in the nodes that describes a number of security classes. Each security class is associated with a virtual network. Each user on the system is associated with one of the security classes. Each database object to be protected is given an attribute of a security class. Database objects are loaded into the system nodes that match the security class of the database object. When a query executes on the system, the query is sent to a particular class or set of classes such that the query is only seen by those nodes that are authorized by the equivalent security class. In this way, the network is used to isolate data from users that do not have proper authorization to access the data.
-
Citations
7 Claims
-
1. A computer implemented method for data security using virtual networks in a multi-node computer system, the method comprising the steps of:
-
setting up a virtual private network to make determined nodes become protected nodes by configuring access control data on the compute nodes to indicate one of a plurality of virtual networks is the virtual private network; loading a database in the multi-node computer system; executing a query to access the database objects over the virtual private network by sending a query to a particular security class so the query is only seen by those nodes that are authorized for the particular security class indicated in the access control data by performing the steps of; determining a security class of a user from the access control data; selecting the virtual private network based on the security class of the user; sending the query on the selected virtual private network; and collecting results for the query from the nodes and displaying a result to the user. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A computer implemented method for data security using virtual networks in a massively parallel computer system, the method comprising the steps of:
-
setting up a virtual private network to make determined nodes become protected nodes by configuring access control data on the compute nodes to indicate one of a plurality of virtual networks is the virtual private network, wherein the access control data includes a virtual network identification, security class, user, and a database object associated with a security class; loading a database in the multi-node computer system by performing the steps of; for each data object, perform the steps of; determine security class corresponding to the data object; and choose a node from a network associated with the determined security class; determining security class of a user; selecting the virtual private network based on the security class of the user; executing a query by the user on the selected virtual private network to access the database objects over the virtual private network by sending a query to a particular security class so the query is only seen by those nodes that are authorized by the equivalent security class indicated in the access control data; and collecting results for the query from the nodes and displaying a result to the user.
-
-
7. A computer implemented method for data security using virtual networks in a massively parallel multi-node computer system, the method comprising the steps of:
-
setting up a virtual private network to make determined nodes become protected nodes by configuring access control data on the compute nodes to indicate one of a plurality of virtual networks is the virtual private network and setting up the virtual private network includes configuring a class routing table for the plurality of virtual networks, wherein the access control data is selected from the following;
virtual network identification;
security class, user, and a database object associated with a security class, wherein the database objects include a security class attribute to indicate in what security class to store the database object in the database;loading a database in the multi-node computer system; executing a query to access the database objects over the virtual private network by sending a query to a particular security class so the query is only seen by those nodes that are authorized for the particular security class indicated in the access control data by performing the steps of; determining the security class of a user from the access control data; selecting the virtual private network based on the security class of the user; sending the query on the selected virtual private network; and collecting results for the query from the nodes and displaying a result to the user.
-
Specification