Cluster federation and trust in a cloud environment
First Claim
1. A method, comprising:
- designating a first cluster as a trust root, the first cluster including a first set of containers, each container of the first set of containers being based on one or more user accounts;
setting a first user account in the first set of clusters to synchronize with a second user account in a second cluster, the first user account being specified by an authentication response uniform resource locator (URL);
after a period of time has elapsed, synchronizing the second user account with the first user account; and
switching, based on the synchronizing, the authentication response URL from the first cluster to the second cluster, wherein after the switching, the second user account is specified by the authentication response URL.
5 Assignments
0 Petitions
Accused Products
Abstract
An improved scalable object storage system allows multiple clusters to work together. In one embodiment, a trust and federation relationship is established between a first cluster and a second cluster. This is done by designating a first cluster as a trust root. The trust root receives contact from another cluster, and the two clusters exchange cryptographic credentials. The two clusters mutually authenticate each other based upon the credentials, and optionally relative to a third information service, and establish a service connection. Services from the remote cluster are registered as being available to the cluster designated as the trust root. Multi-cluster gateways can also be designated as the trust root, and joined clusters can be mutually untrusting. Two one-way trust and federation relationships can be set up to form a trusted bidirectional channel.
135 Citations
20 Claims
-
1. A method, comprising:
-
designating a first cluster as a trust root, the first cluster including a first set of containers, each container of the first set of containers being based on one or more user accounts; setting a first user account in the first set of clusters to synchronize with a second user account in a second cluster, the first user account being specified by an authentication response uniform resource locator (URL); after a period of time has elapsed, synchronizing the second user account with the first user account; and switching, based on the synchronizing, the authentication response URL from the first cluster to the second cluster, wherein after the switching, the second user account is specified by the authentication response URL. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A system, comprising:
-
a first cluster including a plurality of information processing devices, wherein the first cluster includes a first set of containers, and each container of the first set of containers is based on one or more user accounts; and a first cluster controller that, by one or more hardware processors, sets a first user account in the first set of clusters to synchronize with a second user account in a second cluster, wherein after a period of time has elapsed, the first cluster controller synchronizes the second user account with the first user account, wherein the first user account is specified by an authentication response uniform resource locator (URL), and the first cluster controller switches, based on the synchronizing, the authentication response URL from the first cluster to the second cluster, wherein after the first cluster controller switches the authentication response URL from the first cluster to the second cluster, the second user account is specified by the authentication response URL. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
-
-
19. A non-transitory machine-readable medium comprising a plurality of machine-readable instructions that when executed by one or more processors is adapted to cause the one or more processors to perform a method comprising:
-
designating a first cluster as a trust root, the first cluster including a first set of containers, each container of the first set of containers being based on one or more user accounts; setting a first user account in the first set of clusters to synchronize with a second user account in a second cluster, the first user account being specified by an authentication response uniform resource locator (URL); after a period of time has elapsed, synchronizing the second user account with the first user account; and switching, based on the synchronizing, the authentication response URL from the first cluster to the second cluster, wherein after the switching, the second user account is specified by the authentication response URL. - View Dependent Claims (20)
-
Specification