Cross-ACL multi-master replication
First Claim
Patent Images
1. A computer-implemented method comprising:
- maintaining, at a replication site of a plurality of replication sites arranged in a multi-master topology, a data object comprising an access controlled data object data unit;
maintaining, at the replication site, a first version vector for the access controlled data object data unit, the first version vector representing a first update to the access controlled data object data unit at a replication site of the plurality of replication sites;
receiving a data object change update for the data object from another replication site of the plurality of replication sites;
wherein the data object change update comprises a data object data unit update;
wherein the data object data unit update is associated in the data object change update with a second version vector, the second version vector representing a second update to the access controlled data object data unit at a replication site of the plurality of replication sites;
determining, based at least in part upon the second version vector associated with the data object data unit update and the first version vector maintained at the replication site for the access controlled data object data unit, whether the data object data unit update conflicts with the access controlled data object data unit;
if a conflict does not exist, applying the data object change update to the data object maintained at the replication site;
if a conflict exists, applying the data object change update to the data object maintained at the replication site after the conflict has been deconflicted;
wherein applying the data object change update to the data object maintained at the replication site includes comparing the second version vector to the first version vector to determine whether the second update happened before, happened after, or happened concurrently with the first update;
if the second update happened after the first update, applying the data object data unit update to the access controlled data object data unit and merging the second version vector associated with the data object data unit update and the first version vector associated with the access controlled data object data unit without incrementing the resulting merged version vector;
wherein the method is performed by one or more computing devices at the replication site.
9 Assignments
0 Petitions
Accused Products
Abstract
Techniques for cross-ACL multi-master replication are provided. The techniques allow a replication site in a multi-master replication system implementing an asynchronous replication protocol and an access control policy to appropriately apply received data change updates to data maintained at the site even where a data change update is missing information because of the implemented access control policy.
54 Citations
17 Claims
-
1. A computer-implemented method comprising:
-
maintaining, at a replication site of a plurality of replication sites arranged in a multi-master topology, a data object comprising an access controlled data object data unit; maintaining, at the replication site, a first version vector for the access controlled data object data unit, the first version vector representing a first update to the access controlled data object data unit at a replication site of the plurality of replication sites; receiving a data object change update for the data object from another replication site of the plurality of replication sites; wherein the data object change update comprises a data object data unit update; wherein the data object data unit update is associated in the data object change update with a second version vector, the second version vector representing a second update to the access controlled data object data unit at a replication site of the plurality of replication sites; determining, based at least in part upon the second version vector associated with the data object data unit update and the first version vector maintained at the replication site for the access controlled data object data unit, whether the data object data unit update conflicts with the access controlled data object data unit; if a conflict does not exist, applying the data object change update to the data object maintained at the replication site; if a conflict exists, applying the data object change update to the data object maintained at the replication site after the conflict has been deconflicted; wherein applying the data object change update to the data object maintained at the replication site includes comparing the second version vector to the first version vector to determine whether the second update happened before, happened after, or happened concurrently with the first update; if the second update happened after the first update, applying the data object data unit update to the access controlled data object data unit and merging the second version vector associated with the data object data unit update and the first version vector associated with the access controlled data object data unit without incrementing the resulting merged version vector; wherein the method is performed by one or more computing devices at the replication site. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A non-transitory computer-readable medium storing instructions which, when executed by one or more processors, causes performance of a method comprising:
-
maintaining, at a replication site of a plurality of replication sites arranged in a multi-master topology, a data object comprising an access controlled data object data unit; maintaining, at the replication site, a first version vector for the access controlled data object data unit, the first version vector representing a first update to the access controlled data object data unit at a replication site of the plurality of replication sites; receiving a data object change update for the data object from another replication site of the plurality of replication sites; wherein the data object change update comprises a data object data unit update; wherein the data object data unit update is associated in the data object change update with a second version vector, the second version vector representing a second update to the access controlled data object data unit at a replication site of the plurality of replication sites; determining, based at least in part upon the second version vector associated with the data object data unit update and the first version vector maintained at the replication site for the access controlled data object data unit, whether the data object data unit update conflicts with the access controlled data object data unit; if a conflict does not exist, applying the data object change update to the data object maintained at the replication site; if a conflict exists, applying the data object change update to the data object maintained at the replication site after the conflict has been deconflicted; wherein applying the data object change update to the data object maintained at the replication site includes comparing the second version vector to the first version vector to determine whether the second update happened before, happened after, or happened concurrently with the first update; if the second update happened after the first update, applying the data object data unit update to the access controlled data object data unit and merging the second version vector associated with the data object data unit update and the first version vector associated with the access controlled data object data unit without incrementing the resulting merged version vector; wherein the method is performed by one or more computing devices at the replication site. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A computer-implemented method, comprising:
-
at a first replication site of a plurality of replication sites; storing a first version of a data object, the first version of the data object having a plurality of properties, each property of the plurality of properties being associated with a version vector and an access control list; updating a first property of the plurality of properties; in response to updating the first property, incrementing the version vector associated with the first property; updating a second property of the plurality of properties; in response to updating the second property, incrementing the version vector associated with the second property; determining, based on an access control filter, to share the update to the first property with a second replication site of the plurality of replication sites; determining, based on the access control filter, not to share the update to the second property with the second replication site; and sending a data object change update to the second replication site; wherein the data object change update includes information pertaining to the update to the first property and the incremented version vector associated with the first property; wherein the data object change update does not include information pertaining to the update to the second property; at the second replication site of the plurality of replication sites; maintaining a second version of the data object; wherein the second version of the data object has the first property but not the second property; receiving the data object change update from the first replication site; determining, based at least in part upon the incremented version vector associated with the first property in the data object change update, whether the information pertaining to the update to the first property in the data object change update conflicts with the first property at the second replication site; and wherein the method is performed by one or more computing devices.
-
Specification