Managing connections in a data storage system
First Claim
1. A system for managing connections in a data storage system, wherein the data storage system includes at least one client computing device storing data, the system comprising:
- an authentication manager;
a storage device; and
at least one secondary storage computing device configured to receive a request from the client computing device to store the data on the storage device, wherein the secondary storage computing device includes;
a blacklist that includes one or more entries, wherein the entries include an identifier of a computing device;
a connection manager component configured to;
receive, at a first time, from the client computing device a connection request, wherein the connection request includes a identifier identifying the client computing device;
based upon the identifier of the client computing device or the combination of the identifier of the client computing device and the first time, determine from the blacklist whether the connection request from the client computing device should be refused;
refuse the connection request from the client computing device if the connection request from the client computing device should be refused based upon the determination from the blacklist;
if the connection request from the client computing device should not be refused based upon the determination from the blacklist, then determine whether the client computing device is authenticated or authorized to connect to the secondary storage computing device;
if the client computing device is either not authenticated or not authorized to connect to the secondary storage computing device, refuse the connection request from the client computing device; and
if the client computing device is authenticated, or if the client computing device is authorized to connect to the secondary storage computing device, allow the client computing device to connect to the secondary storage computing device,wherein the secondary storage computing device is located at a friendly side of a firewall, wherein the client computing device is not located at the friendly side of the firewall, and wherein the secondary storage computing device receives the request from the client computing device through the firewall.
4 Assignments
0 Petitions
Accused Products
Abstract
Described in detail herein are systems and methods for managing connections in a data storage system. For example, the systems and methods may be used to manage connections between two or more computing devices for purposes of performing storage operations on the data of one of the computing devices. The data storage system includes at least two computing devices. A first computing device includes an unauthorized connection data structure and a connection manager component. The connection manager component receives a connection request from a second computing device. If the second computing device is not identified on the unauthorized connection data structure, the connection manager component can request that an authentication manager authenticate the second computing device and/or determine whether the second computing device is properly authorized. If so, the connection manager component can allow the second computing device to connect to the first computing device.
191 Citations
20 Claims
-
1. A system for managing connections in a data storage system, wherein the data storage system includes at least one client computing device storing data, the system comprising:
-
an authentication manager; a storage device; and at least one secondary storage computing device configured to receive a request from the client computing device to store the data on the storage device, wherein the secondary storage computing device includes; a blacklist that includes one or more entries, wherein the entries include an identifier of a computing device; a connection manager component configured to; receive, at a first time, from the client computing device a connection request, wherein the connection request includes a identifier identifying the client computing device; based upon the identifier of the client computing device or the combination of the identifier of the client computing device and the first time, determine from the blacklist whether the connection request from the client computing device should be refused; refuse the connection request from the client computing device if the connection request from the client computing device should be refused based upon the determination from the blacklist; if the connection request from the client computing device should not be refused based upon the determination from the blacklist, then determine whether the client computing device is authenticated or authorized to connect to the secondary storage computing device; if the client computing device is either not authenticated or not authorized to connect to the secondary storage computing device, refuse the connection request from the client computing device; and if the client computing device is authenticated, or if the client computing device is authorized to connect to the secondary storage computing device, allow the client computing device to connect to the secondary storage computing device, wherein the secondary storage computing device is located at a friendly side of a firewall, wherein the client computing device is not located at the friendly side of the firewall, and wherein the secondary storage computing device receives the request from the client computing device through the firewall. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method of managing connections in a data storage system, wherein the data storage system includes at least two computing devices, the method comprising:
-
receiving, at a local computing device, a connection request from a remote computing device, wherein the connection request includes an identifier that identifies the remote computing device, wherein the local computing device is located at a friendly side of a firewall, and accessing a blacklist, wherein the blacklist includes one or more entries, wherein the entries include an identifier of a computing device; receiving an indication to enable refusing connection requests at the local computing device to computing devices that are not at the friendly side of the firewall; based upon the identifier of the remote computing device, determining from the blacklist whether the connection request from the remote computing device should be refused; and
,if the connection request from the remote computing device should be refused based upon the determination from the blacklist, then refusing the connection request from the remote computing device; if the remote computing device is either not authenticated or not authorized to connect to the local computing device, refusing the connection request from the remote computing device; and if the remote computing device is authenticated, or if the remote computing device is authorized to connect to the local computing device, allowing the remote computing device to connect to the local computing device. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
-
-
19. A computer-readable, non-transitory medium including instructions for managing connections in a data storage system, comprising:
-
receiving, at a first time at a first computing device, a connection request from a second computing device, wherein the connection request includes an identifier that identifies the second computing device; accessing a blacklist, wherein the blacklist includes zero or more entries, and, wherein the entries are configured to include an identifier of a computing device; receiving an indication to enable refusing connection requests at the first computing device to computing devices that are not on a friendly side of a firewall and that are not authenticated; based upon the combination of the identifier of the second computing device and the first time, determining from the blacklist whether the connection request should be refused; and
,if the connection request from the second computing device should be refused based upon the determination from the blacklist, then refusing the connection request from the second computing device; if the second computing device is either not authenticated or not authorized to connect to the secondary storage computing device, refuse the connection request; and if the second computing device is authenticated, or if the second computing device is authorized to connect to the first computing device, allowing the second computing device to connect to the first storage computing device. - View Dependent Claims (20)
-
Specification