Restricted data zones for backup servers
First Claim
1. A backup and recovery server, comprising:
- a storage device providing backup resources;
a first communication interface for displaying information to and receiving configuration from a top-level administrator of the backup and recovery server;
a second communication interface for displaying information to and receiving configuration from a tenant administrator associated with a tenant of the backup and recovery server, wherein the tenant comprises a company or organization that is under a different administrative control from that of other tenants; and
a processor coupled to the storage device and configured to;
cause the first communication interface to display to the top-level administrator available backup resources of the storage device, wherein the available backup resources are portions of the backup resources that are available to be allocated to one or more restricted data zones;
receive from the first communication interface configurations from the top-level administrator, wherein the configurations from the top-level administrator comprise external configurations of a restricted data zone associated with the tenant, wherein the external configurations specify portions of the backup resources to be allocated to the restricted data zone associated with the tenant;
store in the storage device data representing the external configurations of the restricted data zone associated with the tenant, such that the backup resources allocated to the restricted data zone associated with the tenant can no longer be allocated to another restricted data zone;
cause the second communication interface to display to the tenant administrator only the backup resources allocated to the restricted data zone associated with the tenant, and hide available backup resources and backup resources allocated to other restricted data zones such that the tenant administrator is unaware of the available backup resources and the backup resources allocated to other restricted data zones and is unaware of other tenants sharing the storage device;
receive from the second communication interface configurations from the tenant administrator, wherein the configurations from the tenant administrator comprise internal configurations of the restricted data zone associated with the tenant, wherein the internal configurations of the restricted data zone do not include adding backup resources to the restricted data zone associated with the tenant, and wherein the internal configurations comprise configurations that specify portions of the backup resources allocated to the restricted data zone associated with the tenant to be allocated to users associated with the tenant;
provide backup and recovery services to the users associated with the tenant using the backup resources allocated to the restricted data zone associated with the tenant based on the configurations from the tenant administrator;
segregate the backup and recovery services provided to the users associated with the tenant from backup and recovery services provided to other tenants associated with restricted data zones that are different from the restricted data zone associated with the tenant; and
after receiving the external configurations of the restricted data zone associated with the tenant, permit the top-level administrator to modify via the first communication interface the external configurations of the restricted data zone associated with the tenant, but restrict the top-level administrator from internal operations of the restricted data zone associated with the tenant, including restricting the top-level administrator from viewing and modifying the internal configurations of the restricted data zone and restricting the top-level administrator from viewing and modifying backup data backed up by the backup and recovery services provided to the users associated with the tenant, wherein the top-level administrator was previously allowed full access to the backup resources allocated to the restricted data zone prior to their allocation.
9 Assignments
0 Petitions
Accused Products
Abstract
A method for backing up and recovering data is disclosed. Data representing an allocation of a plurality of backup resources to a plurality of restricted data zones is stored in a storage device. Any of the plurality of backup resources allocated to one restricted data zone is not allocated to another restricted data zone. A user is associated with one of the plurality of restricted data zones. Backup and recovery services are provided to the user using one or more backup resources allocated to the restricted data zone associated with the user. The backup and recovery services provided to the user are segregated from backup and recovery services provided to other users associated with restricted data zones that are different from the restricted data zone associated with the user.
11 Citations
20 Claims
-
1. A backup and recovery server, comprising:
-
a storage device providing backup resources; a first communication interface for displaying information to and receiving configuration from a top-level administrator of the backup and recovery server; a second communication interface for displaying information to and receiving configuration from a tenant administrator associated with a tenant of the backup and recovery server, wherein the tenant comprises a company or organization that is under a different administrative control from that of other tenants; and a processor coupled to the storage device and configured to; cause the first communication interface to display to the top-level administrator available backup resources of the storage device, wherein the available backup resources are portions of the backup resources that are available to be allocated to one or more restricted data zones; receive from the first communication interface configurations from the top-level administrator, wherein the configurations from the top-level administrator comprise external configurations of a restricted data zone associated with the tenant, wherein the external configurations specify portions of the backup resources to be allocated to the restricted data zone associated with the tenant; store in the storage device data representing the external configurations of the restricted data zone associated with the tenant, such that the backup resources allocated to the restricted data zone associated with the tenant can no longer be allocated to another restricted data zone; cause the second communication interface to display to the tenant administrator only the backup resources allocated to the restricted data zone associated with the tenant, and hide available backup resources and backup resources allocated to other restricted data zones such that the tenant administrator is unaware of the available backup resources and the backup resources allocated to other restricted data zones and is unaware of other tenants sharing the storage device; receive from the second communication interface configurations from the tenant administrator, wherein the configurations from the tenant administrator comprise internal configurations of the restricted data zone associated with the tenant, wherein the internal configurations of the restricted data zone do not include adding backup resources to the restricted data zone associated with the tenant, and wherein the internal configurations comprise configurations that specify portions of the backup resources allocated to the restricted data zone associated with the tenant to be allocated to users associated with the tenant; provide backup and recovery services to the users associated with the tenant using the backup resources allocated to the restricted data zone associated with the tenant based on the configurations from the tenant administrator; segregate the backup and recovery services provided to the users associated with the tenant from backup and recovery services provided to other tenants associated with restricted data zones that are different from the restricted data zone associated with the tenant; and after receiving the external configurations of the restricted data zone associated with the tenant, permit the top-level administrator to modify via the first communication interface the external configurations of the restricted data zone associated with the tenant, but restrict the top-level administrator from internal operations of the restricted data zone associated with the tenant, including restricting the top-level administrator from viewing and modifying the internal configurations of the restricted data zone and restricting the top-level administrator from viewing and modifying backup data backed up by the backup and recovery services provided to the users associated with the tenant, wherein the top-level administrator was previously allowed full access to the backup resources allocated to the restricted data zone prior to their allocation. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method for backing up and recovering data by a backup and recovery server, comprising:
-
causing a first communication interface to display to a top-level administrator available backup resources of a storage device, wherein the available backup resources are portions of backup resources of the storage device that are available to be allocated to one or more restricted data zones, wherein the first communication interface displays information to and receives configuration from the top-level administrator of the backup and recovery server; receiving from the first communication interface configurations from the top-level administrator, wherein the configurations from the top-level administrator comprise external configurations of a restriction data zone associated with a tenant of the backup and recovery server, wherein the external configurations specify portions of the backup resources to be allocated to the restricted data zone associated with the tenant; storing in the storage device data representing the external configurations of the restricted data zone associated with the tenant, such that the backup resources allocated to the restricted data zone associated with the tenant can no longer be allocated to another restricted data zone; causing a second communication interface to display to the tenant administrator only the backup resources allocated to the restricted data zone associated with the tenant, and hiding available backup resources and backup resources allocated to other restricted data zones such that the tenant administrator associated with the tenant is unaware of the available backup resources and the backup resources allocated to other restricted data zones and is unaware of other tenants sharing the storage device, wherein the second communication interface displays information to and receives configuration from the tenant administrator associated with the tenant of the backup and recovery server, wherein the tenant comprises a company or organization that is under a different administrative control from that of other tenants; receiving from the second communication interface configurations from the tenant administrator associated with the tenant, wherein the configurations from the tenant administrator comprise internal configurations of the restricted data zone associated with the tenant, wherein the internal configurations of the restricted data zone do not include adding backup resources to the restricted data zone associated with the tenant, and wherein the internal configurations comprise configurations that specify portions of the backup resources allocated to the restricted data zone associated with the tenant to be allocated to users associated with the tenant; providing backup and recovery services to the users associated with the tenant using the backup resources allocated to the restricted data zone associated with the tenant based on the configurations from the tenant administrator; segregating the backup and recovery services provided to the users associated with the tenant from backup and recovery services provided to other tenants associated with restricted data zones that are different from the restricted data zone associated with the tenant; after receiving the external configurations of the restricted data zone associated with the tenant, permitting the top-level administrator to modify via the first communication interface the external configurations of the restricted data zone associated with the tenant, but restricting the top-level administrator from internal operations of the restricted data zone associated with the tenant, including restricting the top-level administrator from viewing and modifying the internal configurations of the restricted data zone and restricting the top-level administrator from viewing and modifying backup data backed up by the backup and recovery services provided to the users associated with the tenant, wherein the top-level administrator was previously allowed full access to the backup resources allocated to the restricted data zone prior to their allocation. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
-
-
20. A computer program product for backing up and recovering data by a backup and recovery server, the computer program product being embodied in a tangible non-transitory computer readable storage medium and comprising computer instructions for:
-
causing a first communication interface to display to a top-level administrator available backup resources of a storage device, wherein the available backup resources are portions of the backup resources that are available to be allocated to one or more restricted data zones, wherein the first communication interface displays information to and receives configuration from the top-level administrator of the backup and recovery server; receiving from the first communication interface configurations from the top-level administrator, wherein the configurations from the top-level administrator comprise external configurations of a restricted data zone associated with the tenant, wherein the external configuration specify portions of the backup resources to be allocated to the restricted data zone associated with the tenant; storing in the storage device data representing the external configurations of the restricted data zone associated with the tenant, such that the backup resources allocated to the restricted data zone associated with the tenant can no longer be allocated to another restricted data zone; causing a second communication interface to display to the tenant administrator only the backup resources allocated to the restricted data zone associated with the tenant, and hiding available backup resources and backup resources allocated to other restricted data zones such that the tenant administrator is unaware of the available backup resources and the backup resources allocated to other restricted data zones and is unaware of other tenants sharing the storage device, wherein the second communication interface displays information to and receives configuration from the tenant administrator associated with the tenant of the backup and recovery server, wherein the tenant comprises a company or organization that is under a different administrative control from that of other tenants; receiving from the second communication interface configurations from the tenant administrator, wherein the configurations from the tenant administrator comprises internal configurations of the restricted data zone associated with the tenant, wherein the internal configurations of the restricted data zone do not include adding backup resources to the restricted data zone associated with the tenant, and wherein the internal configurations comprise configurations that specify portions of the backup resources allocated to the restricted data zone associated with the tenant to be allocated to users associated with the tenant; providing backup and recovery services to the users associated with the tenant using the backup resources allocated to the restricted data zone associated with the users associated with the tenant based on the configurations from the tenant administrator; segregating the backup and recovery services provided to the users associated with the tenant from backup and recovery services provided to other tenants associated with restricted data zones that are different from the restricted data zone associated with the tenant; after receiving the external configurations of the restricted data zone associated with the tenant, permitting the top-level administrator to modify via the first communication interface the external configurations of the restricted data zone associated with the tenant, but restricting the top-level administrator from internal operations of the restricted data zone associated with the tenant, including restricting the top-level administrator from viewing and modifying the internal configurations of the restricted data zone and restricting the top-level administrator from viewing and modifying backup data backed up by the backup and recovery services provided to the users associated with the tenant, wherein the top-level administrator was previously allowed full access to the backup resources allocated to the restricted data zone prior to their allocation.
-
Specification