Computer architectures using shared storage

US 8,601,309 B2
Filed: 03/28/2012
Issued: 12/03/2013
Est. Priority Date: 03/30/2009
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

providing a persistent common view of data, services, and infrastructure functions accessible via one or more shared storage systems of a plurality of shared storage systems of a virtual shared storage system;

applying different governance policies to two or more shared storage systems of the plurality of shared storage systems, wherein a first governance policy applied to a first shared storage system is associated with providing access to first content accessible via the first shared storage system, and wherein the first governance policy indicates that a first portion of the first content is accessible based on a first security level and a second portion of the first content is accessible based on a second security level; and

restricting access to the first content based on a security level associated with a data consumer, wherein the first content corresponds to at least one of first data, a first service, and a first infrastructure function.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method includes providing a persistent common view of data, services, and infrastructure functions accessible via one or more shared storage systems of a plurality of shared storage systems of a virtual shared storage system. The method includes applying different governance policies to two or more shared storage systems of the plurality of shared storage systems. The method includes restricting access to first content accessible via a first shared storage system of the plurality of shared storage systems based on a security level associated with a data consumer. The first content corresponds to at least one of first data, a first service, and a first infrastructure function.

64 Citations

19 Claims

1. A method comprising:
- providing a persistent common view of data, services, and infrastructure functions accessible via one or more shared storage systems of a plurality of shared storage systems of a virtual shared storage system;
  
  applying different governance policies to two or more shared storage systems of the plurality of shared storage systems, wherein a first governance policy applied to a first shared storage system is associated with providing access to first content accessible via the first shared storage system, and wherein the first governance policy indicates that a first portion of the first content is accessible based on a first security level and a second portion of the first content is accessible based on a second security level; and
  
  restricting access to the first content based on a security level associated with a data consumer, wherein the first content corresponds to at least one of first data, a first service, and a first infrastructure function.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein restricting access to the first content further comprises:
    - determining whether the security level associated with the data consumer corresponds to one of the first security level and the second security level;
      
      in response to determining that the security level corresponds to the first security level, providing the data consumer with access to the first portion of the first content; and
      
      in response to determining that the security level corresponds to the second security level, providing the data consumer with access to the second portion of the first content.
  - 3. The method of claim 2, further comprising denying access to the second portion of the first content in response to determining that the security level corresponds to the first security level.
  - 4. The method of claim 1, wherein restricting access to the first content further comprises determining an access level associated with the data consumer, wherein the access level indicates whether the data consumer is authorized to store additional content at the first shared storage system.
  - 5. The method of claim 1, wherein the first governance policy indicates that a third portion of the first content is accessible to users associated with the first security level and to users associated with the second security level.
  - 6. The method of claim 5 further comprising:
    - in response to a request from the data consumer to access a first particular service included in the third portion of the first content, associating the security level associated with the data consumer with the first particular service; and
      
      providing the data consumer with access to the first particular service via the first shared storage system.
  - 7. The method of claim 6, further comprising:
    - receiving a request to store a data output of the first particular service at the first shared storage system;
      
      storing the data output at the first shared storage system; and
      
      associating the security level associated with the data consumer with the data output, wherein access to the data output is subsequently restricted based on the associated security level.
  - 8. The method of claim 1, farther comprising restricting access to second content accessible via a second shared storage system of the plurality of shared storage systems based on the security level of the data consumer, wherein the second content corresponds to at least one of second data, a second service, and a second infrastructure function.
  - 9. The method of claim 1, wherein the first governance policy applied to the first shared storage system includes a data usage policy, and wherein a second governance policy applied to the second shared storage system includes one of a computer usage policy, a data retention policy, and a malware scanning policy.

10. A system comprising:
- a metadata controller communicatively coupled to a plurality of shared storage systems of a virtual shared storage system, wherein the metadata controller is configured to;
  
  provide a persistent common view of data, services, and infrastructure functions accessible via one or more shared storage systems of the plurality of shared storage systems;
  
  apply different governance policies to two or more shared storage systems of the plurality of shared storage systems, wherein a first governance policy applied to the first shared storage system is associated with providing access to first content accessible via the first shared storage system, and wherein the first governance policy indicates that a first portion of the first content is accessible based on a first security level and a second portion of the first content is accessible based on a second security level; and
  
  restrict access to the first content based on a security level associated with a data consumer, wherein the first content corresponds to at least one of first data, a first service, and a first infrastructure function.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The system of claim 10, wherein the metadata controller is located at a first location, wherein the first shared storage system is located at the first location, and wherein a second shared storage system of the plurality of shared storage systems is located at a second location that is remote from the first location.
  - 12. The system of claim 10, further comprising a security gateway configured to:
    - receive a request to access the first content from a device associated with the data consumer; and
      
      authenticate the device based on authentication information associated with the data consumer.
  - 13. The system of claim 12, wherein the authentication information is included in the request and comprises authentication credentials of the data consumer, and wherein authenticating the device further comprises comparing the authentication credentials of the data consumer to authentication data stored in an authentication database accessible to the security gateway.
  - 14. The system of claim 10, wherein the metadata controller is further configured to:
    - receive a message from a security controller that includes information indicating the security level associated with the data consumer; and
      
      send registry information to a device associated with the data consumer, wherein the registry information identifies a portion of the first content accessible to the device based on the security level associated with the data consumer.
  - 15. The system of claim 10, wherein the first portion of the first content is encrypted, wherein the metadata controller is further configured to send a first decryption key to a device associated with the data consumer, and wherein the first decryption key enables the device to decrypt the first portion of the first content.
  - 16. The system of claim 15, wherein the metadata controller is further configured to:
    - send a first encryption key to the device;
      
      receive first encrypted data from the device, wherein the first encrypted data is generated at the device using the first encryption key; and
      
      store the first encrypted data at the first shared storage system.
  - 17. The system of claim 16, wherein the metadata controller is further configured to associate the first encrypted data with a particular security level, wherein the particular security level is determined based on the security level associated with the data consumer.

18. A non-transitory computer-readable storage medium comprising instructions that, when executed by a processor, cause the processor to:
- provide a persistent common view of data, services, and infrastructure functions accessible via one or more shared storage systems of a plurality of shared storage systems of a virtual shared storage system;
  
  apply different governance policies at two or more shared storage systems of the plurality of shared storage systems, wherein a first governance policy applied to the first shared storage system is associated with providing access to first content accessible via the first shared storage system, wherein the first governance policy indicates that a first portion of the first content is accessible based on a first security level and a second portion of the first content is accessible based on a second security level; and
  
  restrict access to the first content accessible based on a security level associated with a data consumer, wherein the first content corresponds to at least one of first data, a first service, and a first infrastructure function.
- View Dependent Claims (19)
- - 19. The non-transitory computer-readable storage medium of claim 18, wherein the instructions to restrict access to the first content further comprise instructions executable by the processor to:
    - provide access to the first portion and deny access to the second portion based on a determination that the security level associated with the data consumer corresponds to the first security level; and
      
      provide access to the second portion and deny access to the first portion based on a determination that the security level associated with the data consumer corresponds to the second security level.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
The Boeing Co.
Original Assignee
The Boeing Co.
Inventors
Peters, Marc A., Kuehn, Dennis L., Bettger, David D., Stone, Kevin A.
Primary Examiner(s)
MCCARTHY, CHRISTOPHER S

Application Number

US13/432,997
Publication Number

US 20120185653A1
Time in Patent Office

615 Days
Field of Search

None
US Class Current

714/4.1
CPC Class Codes

G06F 12/0813   with a network or matrix co...

G06F 13/4221   being an input/output bus, ...

G06F 16/176   Support for shared access t...

G06F 16/28   Databases characterised by ...

G06F 3/0607   by facilitating the process...

G06F 3/0608   Saving storage space on sto...

G06F 3/0655   Vertical data movement, i.e...

G06F 3/067   Distributed or networked st...

G06F 3/0689   Disk arrays, e.g. RAID, JBOD

G06F 9/50   Allocation of resources, e....

Computer architectures using shared storage

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

64 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Computer architectures using shared storage

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

64 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links