System, method and apparatus for enterprise policy management

US 9,330,109 B2
Filed: 03/07/2013
Issued: 05/03/2016
Est. Priority Date: 07/30/2002
Status: Expired due to Fees

First Claim

Patent Images

1. A computer program product comprising one or more non-transitory computer readable storage media storing instructions translatable by one or more processors to perform:

receiving a request configured to affect change to file system resources in a network file system including an interface extending across the network to enable access to files arranged in directories on the network, wherein the request comprises data and an operation for one or more from a group of the files and directories;

consulting a policy rule base comprising one or more policy rules to determine if the request comprises information that triggers application of a policy rule, wherein the policy rule includes a pattern defining a boolean expression for evaluation of a set of metadata and a rule action that is applicable to the request with respect to policies for the network file system and defining a modification for the request, and wherein consulting the policy rule base comprises;

determining from the request the operation and a filesystem object on which the operation is to be performed; and

evaluating each of the patterns of the policy rules utilizing metadata corresponding to the filesystem object to determine triggering of application of the policy rule;

in response to triggering application of the policy rule, applying the rule action to the request in order to modify the operation of the request in accordance with the policy rule; and

forwarding the modified request to the network file system to affect change to the file system resources in accordance with the policies for the network file system.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed are systems, methods and apparatuses for managing objects (files and directories) in network file systems according to policies. Each policy may have one or more rules, each of which ties a condition to an action. Each condition can be expressed in terms of metadata harvested across file systems and stored in a metadata repository. The actions are user-programmable. Users can apply and/or enforce a policy by manipulating the metadata stored in the metadata repository. For example, suppose a policy prohibits storing MP3 files in corporate storage, a user can specify a rule that ties the condition “no MP3 files in volumes A-Z” to an action “delete MP3 files from volumes A-Z.” A file management application may apply a filter to the metadata repository to produce metadata records having values that meet the specified condition and take the corresponding action on managed objects associated with those metadata records.

113 Citations

View as Search Results

16 Claims

1. A computer program product comprising one or more non-transitory computer readable storage media storing instructions translatable by one or more processors to perform:
- receiving a request configured to affect change to file system resources in a network file system including an interface extending across the network to enable access to files arranged in directories on the network, wherein the request comprises data and an operation for one or more from a group of the files and directories;
  
  consulting a policy rule base comprising one or more policy rules to determine if the request comprises information that triggers application of a policy rule, wherein the policy rule includes a pattern defining a boolean expression for evaluation of a set of metadata and a rule action that is applicable to the request with respect to policies for the network file system and defining a modification for the request, and wherein consulting the policy rule base comprises;
  
  determining from the request the operation and a filesystem object on which the operation is to be performed; and
  
  evaluating each of the patterns of the policy rules utilizing metadata corresponding to the filesystem object to determine triggering of application of the policy rule;
  
  in response to triggering application of the policy rule, applying the rule action to the request in order to modify the operation of the request in accordance with the policy rule; and
  
  forwarding the modified request to the network file system to affect change to the file system resources in accordance with the policies for the network file system.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer program product of claim 1, wherein the instructions for applying the rule action comprise instructions to modify the data in accordance with network file system policy.
  - 3. The computer program product of claim 2, wherein the instructions that determine if the request comprises information that triggers application of the policy rule comprise instructions for matching the pattern to the operation and/or the data.
  - 4. The computer program product of claim 1, wherein the rule action is triggered automatically without human intervention.
  - 5. The computer program product of claim 1, wherein the instructions that trigger the application of the policy rule comprise instructions for applying the rule action synchronously via in-band operations and, or asynchronously via out-of-band operations.
  - 6. The computer program product of claim 1, wherein the instructions that trigger the application of the policy rule comprise instructions for initiating a remote procedure call for a stored procedure.
  - 7. The computer program product of claim 1, wherein the instructions that trigger the application of the policy rule comprise instructions for triggering based on a file, file system and/or operating system data or metadata using information from the request.

8. A method for policy management utilizing file system meta data, comprising:
- receiving a request configured to affect change to file system resources in a network file system including an interface extending across the network to enable access to files arranged in directories on the network, wherein the request comprises data and an operation for one or more from a group of the files and directories;
  
  consulting a policy rule base comprising one or more policy rules to determine if the request comprises information that triggers application of a policy rule, wherein the policy rule includes a pattern defining a boolean expression for evaluation of a set of metadata and a rule action that is applicable to the request with respect to policies for the network file system and defining a modification for the request, and wherein consulting the policy rule base comprises;
  
  determining from the request the operation and a filesystem object on which operation is to be performed; and
  
  evaluating each of the patterns of the policy rules utilizing metadata corresponding to the filesystem object to determine triggering of application of the policy rule;
  
  in response to triggering application of the policy rule, applying the rule action to the request in order to modify the operation of the request in accordance with the policy rule; and
  
  forwarding the modified request to the network file system to affect change to the file system resources in accordance with the policies for the network file system.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method according to claim 8, wherein applying the rule action includes modifying the data in accordance with network file system policy.
  - 10. The method according to claim 8, wherein the rule action is triggered automatically without human intervention.
  - 11. The method according to claim 9, wherein determining if the request comprises information that triggers application of the policy rule includes matching the pattern to the operation and/or the data.
  - 12. The method according to claim 8, wherein the triggering the application of the policy rule includes applying the rule action synchronously via in-band operations and/or asynchronously via out-of-band operations.
  - 13. The method according to claim 8, wherein the triggering the application of the policy rule includes initiating a remote procedure call for a stored procedure.
  - 14. The method according to claim 8, wherein the triggering the application of the policy rule includes triggering based on a file, file system and/or operating system data or metadata using information from the request.

15. A system useful for policy management in a computing environment, comprising:
- one or more processors; and
  
  one or more non-transitory computer readable storage media storing instructions translatable by the one or more processors to perform;
  
  receiving a request configured to affect change to file system resources in a network file system including an interface extending across the network to enable access to files arranged in directories on the network, wherein the request comprises data and an operation for one or more from a group of the files and directories;
  
  consulting a policy rule base comprising one or more policy rules to determine if the request comprises information that triggers application of a policy rule, wherein the policy rule includes a pattern defining a boolean expression for evaluation of a set of metadata and a rule action that is applicable to the request with respect to policies for the network file system and defining a modification for the request, and wherein consulting the policy rule base comprises;
  
  determining from the request the operation and a filesystem object on which operation is to be performed; and
  
  evaluating each of the patterns of the policy rules utilizing metadata corresponding to the filesystem object to determine triggering of application of the policy rule;
  
  in response to triggering application of the policy rule, applying the rule action to the request in order to modify the operation of the request in accordance with the policy rule; and
  
  forwarding the modified request to the network file system to affect change to the file system resources in accordance with the policies for the network file system.
- View Dependent Claims (16)
- - 16. The system of claim 15, wherein the instructions for applying the rule action comprise instructions to modify the data in accordance with network file system policy, and wherein the instructions that determine if the request comprises information that triggers application of the policy rule comprise instructions for matching the pattern to the operation and/or the data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Bone, Jeff G., Arbilla, Laura, Zoellner, Keith T., Might, Bradley, Kaplan, Jeremy, Belkin, Morry, Lee, Peter A., Funderburg, Brett A., Jimenez, A. Paul
Primary Examiner(s)
DWIVEDI, MAHESH H

Application Number

US13/788,199
Publication Number

US 20130191355A1
Time in Patent Office

1,153 Days
Field of Search

707/694
US Class Current

1/1
CPC Class Codes

G06F 16/122 using management policies b...

G06F 16/185 Hierarchical storage manage...

System, method and apparatus for enterprise policy management

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

113 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

System, method and apparatus for enterprise policy management

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

113 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links