System and method for implementing data migration while preserving security policies of a source filer
First Claim
Patent Images
1. A method for data migration, the method being implemented by one or more processors and comprising:
- implementing a data migration in which a data migration system migrates data from a source file system to a destination file system;
intercepting, at the data migration system, a file system operation request for one or more file system objects on a volume of the source file system from a client while the data migration is in progress;
determining a set of credentials for the client from the intercepted file system operation request;
creating one or more reference file system objects on the volume of the source file system corresponding to the file system operation request, wherein each of the one or more reference file system objects are assigned a separate permission level and do not affect the data migration;
issuing a test request from the data migration system to the source file system to access, using the client'"'"'s set of credentials, the one or more reference file system objects on the volume of the source file system;
determining permission levels associated with the volume for the client based on a response received from the source file system to the test request to access the one or more reference file system objects on the volume of the source file system; and
based on the determined permission levels, implementing a security policy at the data migration system, on behalf of the destination file system, for file system operation requests intercepted from the client at the data migration system that are intended for the volume.
1 Assignment
0 Petitions
Accused Products
Abstract
A data migration system in which security policies of a source file system are preserved, in an environment in which clients actively issue communications for the source filer while data is migrated to a destination file system.
123 Citations
20 Claims
-
1. A method for data migration, the method being implemented by one or more processors and comprising:
-
implementing a data migration in which a data migration system migrates data from a source file system to a destination file system; intercepting, at the data migration system, a file system operation request for one or more file system objects on a volume of the source file system from a client while the data migration is in progress; determining a set of credentials for the client from the intercepted file system operation request; creating one or more reference file system objects on the volume of the source file system corresponding to the file system operation request, wherein each of the one or more reference file system objects are assigned a separate permission level and do not affect the data migration; issuing a test request from the data migration system to the source file system to access, using the client'"'"'s set of credentials, the one or more reference file system objects on the volume of the source file system; determining permission levels associated with the volume for the client based on a response received from the source file system to the test request to access the one or more reference file system objects on the volume of the source file system; and based on the determined permission levels, implementing a security policy at the data migration system, on behalf of the destination file system, for file system operation requests intercepted from the client at the data migration system that are intended for the volume. - View Dependent Claims (2, 3, 4, 5, 6, 7, 19)
-
-
8. A data migration system comprising:
-
a memory that stores a set of instructions; one or more processors that use the instructions to; migrate data from a source file system to a destination file system; intercept a file system operation request for one or more file system objects on a volume of the source file system from a client during data migration; determine a set of credentials for the client from the intercepted file system operation request; create one or more reference file system objects on the volume of the source file system corresponding to the file system operation request, wherein each of the one or more reference file system objects are assigned a separate permission level and do not affect the data migration; issue a test request from the data migration system to the source file system to access, using the client'"'"'s set of credentials, the one or more reference file system objects on the volume of the source file system; determine permission levels associated with the volume for the client based on a response received from the source file system to the test request to access the one or more reference file system objects on the volume of the source file system; and based on the determined permission levels, implement a security policy at the data migration system, on behalf of the destination file system, for file system operation requests intercepted from the client at the data migration system that are intended for the volume. - View Dependent Claims (9, 10, 11, 12, 13, 14, 20)
-
-
15. A non-transitory computer-readable medium that stores instructions, executable by one or more processors, to cause the one or more processors to perform operations that comprise:
-
implementing a data migration in which a data migration system migrates data from a source file system to a destination file system; intercepting, at the data migration system, a file system operation request for one or more file system objects on a volume of the source file system from a client while the data migration is in progress; determining a set of credentials for the client from the intercepted file system operation request; creating one or more reference file system objects on the volume of the source file system corresponding to the file system operation request, wherein each of the one or more reference file system objects are assigned a separate permission level and do not affect the data migration; issuing a test request from the data migration system to the source file system to access, using the client'"'"'s set of credentials, the one or more reference file system objects on the volume of the source file system; determining permission levels associated with the volume for the client based on a response received from the source file system to the test request to access the one or more reference file system objects on the volume of the source file system; and based on the determined permission levels, implementing a security policy at the data migration system, on behalf of the destination file system, for file system operation requests intercepted from the client at the data migration system that are intended for the volume. - View Dependent Claims (16, 17, 18)
-
Specification