System, method and apparatus for enterprise policy management
First Claim
1. A computer program product comprising one or more non-transitory computer readable storage media storing instructions translatable by one or more processors to perform:
- receiving a request configured to affect change to file system resources in a network file system including an interface extending across the network to enable access to files arranged in directories on the network, wherein the request comprises data and an operation for one or more from a group of the files and directories;
consulting a policy rule base comprising one or more policy rules to determine if the request comprises information that triggers application of a policy rule, wherein the policy rule includes a pattern defining a boolean expression for evaluation of a set of metadata and a rule action that is applicable to the request with respect to policies for the network file system and defining a modification for the request, and wherein consulting the policy rule base comprises;
determining from the request the operation and a filesystem object on which the operation is to be performed; and
evaluating each of the patterns of the policy rules utilizing metadata corresponding to the filesystem object to determine triggering of application of the policy rule;
in response to triggering application of the policy rule, applying the rule action to the request in order to modify the operation of the request in accordance with the policy rule; and
forwarding the modified request to the network file system to affect change to the file system resources in accordance with the policies for the network file system.
2 Assignments
0 Petitions
Accused Products
Abstract
Disclosed are systems, methods and apparatuses for managing objects (files and directories) in network file systems according to policies. Each policy may have one or more rules, each of which ties a condition to an action. Each condition can be expressed in terms of metadata harvested across file systems and stored in a metadata repository. The actions are user-programmable. Users can apply and/or enforce a policy by manipulating the metadata stored in the metadata repository. For example, suppose a policy prohibits storing MP3 files in corporate storage, a user can specify a rule that ties the condition “no MP3 files in volumes A-Z” to an action “delete MP3 files from volumes A-Z.” A file management application may apply a filter to the metadata repository to produce metadata records having values that meet the specified condition and take the corresponding action on managed objects associated with those metadata records.
113 Citations
16 Claims
-
1. A computer program product comprising one or more non-transitory computer readable storage media storing instructions translatable by one or more processors to perform:
-
receiving a request configured to affect change to file system resources in a network file system including an interface extending across the network to enable access to files arranged in directories on the network, wherein the request comprises data and an operation for one or more from a group of the files and directories; consulting a policy rule base comprising one or more policy rules to determine if the request comprises information that triggers application of a policy rule, wherein the policy rule includes a pattern defining a boolean expression for evaluation of a set of metadata and a rule action that is applicable to the request with respect to policies for the network file system and defining a modification for the request, and wherein consulting the policy rule base comprises; determining from the request the operation and a filesystem object on which the operation is to be performed; and evaluating each of the patterns of the policy rules utilizing metadata corresponding to the filesystem object to determine triggering of application of the policy rule; in response to triggering application of the policy rule, applying the rule action to the request in order to modify the operation of the request in accordance with the policy rule; and forwarding the modified request to the network file system to affect change to the file system resources in accordance with the policies for the network file system. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for policy management utilizing file system meta data, comprising:
-
receiving a request configured to affect change to file system resources in a network file system including an interface extending across the network to enable access to files arranged in directories on the network, wherein the request comprises data and an operation for one or more from a group of the files and directories; consulting a policy rule base comprising one or more policy rules to determine if the request comprises information that triggers application of a policy rule, wherein the policy rule includes a pattern defining a boolean expression for evaluation of a set of metadata and a rule action that is applicable to the request with respect to policies for the network file system and defining a modification for the request, and wherein consulting the policy rule base comprises; determining from the request the operation and a filesystem object on which operation is to be performed; and evaluating each of the patterns of the policy rules utilizing metadata corresponding to the filesystem object to determine triggering of application of the policy rule; in response to triggering application of the policy rule, applying the rule action to the request in order to modify the operation of the request in accordance with the policy rule; and forwarding the modified request to the network file system to affect change to the file system resources in accordance with the policies for the network file system. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A system useful for policy management in a computing environment, comprising:
-
one or more processors; and one or more non-transitory computer readable storage media storing instructions translatable by the one or more processors to perform; receiving a request configured to affect change to file system resources in a network file system including an interface extending across the network to enable access to files arranged in directories on the network, wherein the request comprises data and an operation for one or more from a group of the files and directories; consulting a policy rule base comprising one or more policy rules to determine if the request comprises information that triggers application of a policy rule, wherein the policy rule includes a pattern defining a boolean expression for evaluation of a set of metadata and a rule action that is applicable to the request with respect to policies for the network file system and defining a modification for the request, and wherein consulting the policy rule base comprises; determining from the request the operation and a filesystem object on which operation is to be performed; and evaluating each of the patterns of the policy rules utilizing metadata corresponding to the filesystem object to determine triggering of application of the policy rule; in response to triggering application of the policy rule, applying the rule action to the request in order to modify the operation of the request in accordance with the policy rule; and forwarding the modified request to the network file system to affect change to the file system resources in accordance with the policies for the network file system. - View Dependent Claims (16)
-
Specification