Method and apparatus to keep consistency of ACLs among a meta data server and data servers
First Claim
1. A meta data server coupled to a plurality of client computers and a plurality of data servers, comprising:
- a memory configured to store an indication of a relationship among first identification information indicating a data server, second identification information identifying a location of a file, and third identification information associated with a client computer; and
a controller operable to;
manage first access control information in the meta data server based on a layout information for a file subject to an access request from the client computer; and
control access from the client computer identified by the third identification information to the data server identified by the first identification information, by creating or updating second access control information in the data server based on the first access control information of the meta data server, and executing access control by the data server according to the second access control information for a chunk data identified by the layout information,wherein the second access control information in the data server identifies another relationship between each file and related chunk data stored in a storage system identified by the layout information, and is configured to be used for the access control for the chunk data by the data server;
wherein the second identification information further comprises file path information and file name information of the file;
wherein the third identification information comprises at least one Internet Protocol (IP) address segment; and
wherein the controller controls the access from the client computer based on the relationship in the memory and an address segment of the client computer.
1 Assignment
0 Petitions
Accused Products
Abstract
Exemplary embodiments may involve a meta-data server that manages data-server access control list (DS ACL) information. Each entry of this DS ACL information may include an address of a data server, an identification or a range address of chunk data on the data server, a file path of the chunk data in the file tree provided by the meta-data server, and addresses of the permitted clients. The meta-data server may determine the addresses of the permitted clients for the chunk data by retrieving the original file path of chunk data from layout information of the meta-data server, and by retrieving the entry containing the directory path that partially matches with the original file path from an access control list of the meta-data server.
-
Citations
17 Claims
-
1. A meta data server coupled to a plurality of client computers and a plurality of data servers, comprising:
-
a memory configured to store an indication of a relationship among first identification information indicating a data server, second identification information identifying a location of a file, and third identification information associated with a client computer; and a controller operable to; manage first access control information in the meta data server based on a layout information for a file subject to an access request from the client computer; and control access from the client computer identified by the third identification information to the data server identified by the first identification information, by creating or updating second access control information in the data server based on the first access control information of the meta data server, and executing access control by the data server according to the second access control information for a chunk data identified by the layout information, wherein the second access control information in the data server identifies another relationship between each file and related chunk data stored in a storage system identified by the layout information, and is configured to be used for the access control for the chunk data by the data server; wherein the second identification information further comprises file path information and file name information of the file; wherein the third identification information comprises at least one Internet Protocol (IP) address segment; and wherein the controller controls the access from the client computer based on the relationship in the memory and an address segment of the client computer. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system, comprising:
-
a plurality of client computers; a plurality of data servers; and a meta data server coupled to the plurality of client computers and the plurality of data servers, comprising; a memory configured to store an indication of a relationship among first identification information indicating a data server, second identification information identifying a location of a file, and third identification information associated with a client computer; and a controller operable to; manage first access control information in the meta data server based on a layout information for a file subject to an access request from the client computer; and
to control access from the client computer identified by the third identification information to the data server identified by the first identification information, by creating or updating second access control information in the data server based on the first access control information of the meta data server,wherein the data server is configured to execute access control according to the second access control information for a chunk data identified by the layout information, wherein the second access control information in the data server identifies another relationship between each file and related chunk data stored in a storage system identified by the layout information, and is configured to be used for the access control for the chunk data by the data server; wherein the second information further comprises file path information and file name information of the file; wherein the third identification information comprises at least one Internet Protocol (IP) address segment; and wherein the controller controls the access from the client computer based on the relationship in the memory and the IP address segment of the client computer. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A non-transitory computer readable medium storing instructions for operating a meta data server, the instructions comprising:
-
managing an indication of a relationship among first identification information indicating a data server, second identification information identifying a location of a file, and third identification information associated with a client computer; managing first access control information in the meta data server based on layout information for the file subject to an access request by the client computer, and controlling access from the client computer identified by the third identification information to the data server identified by the first identification information, by creating or updating second access control information in the data server based on the first access control information of the meta data server, wherein the data server is configured to execute access control according to the second access control information for a chunk data identified by the layout information, wherein the second access control information in the data server identifies another relationship between each file and related chunk data stored in a storage system identified by the layout information, and is configured to be used for the access control for the chunk data by the data server; wherein the second information further comprises file path information and file name information of the file; wherein the third identification information comprises at least one Internet Protocol (IP) address segment; and wherein the controlling the access from the client computer is based on the relationship in the memory and an address segment of the client computer.
-
Specification