System and method for supporting block-based protocols on a virtual storage appliance executing within a physical storage appliance
First Claim
1. A system comprising:
- a processor;
a memory coupled to the processor;
a storage operating system resident in the memory and executed by the processor, the storage operating system implementing a file system configured to provide storage service of information stored on the system;
a plurality of network interfaces configured to process received block-based protocol data access requests, each network interface assigned to one or more network addresses, each network interface further assigned an identifier that binds the network interface to an address space that includes the one or more network addresses; and
a plurality of context data structures stored in the memory and containing configuration information to establish a plurality of instances of virtual servers executed by the processor, each virtual server allocated resources that include a partitioning of the network interfaces and assigned network addresses to establish a distinct security domain for that virtual server that enables controlled access to the allocated network interfaces and assigned network addresses, each virtual server further configured to share access to the file system to service the block-based protocol data access requests by converting the block-based protocol data access requests to appropriate file system data requests when providing the storage service of the information stored on the system.
2 Assignments
0 Petitions
Accused Products
Abstract
An architecture provides the ability to create and maintain multiple instances of virtual servers, such as virtual filers (vfilers), within a server, such as a storage appliance. A vfiler is a logical partitioning of network and storage resources of the storage appliance platform to establish an instance of a multi-protocol server. Each vfiler is allocated a subset of dedicated units of storage resources, such as volumes or logical sub-volumes (qtrees), and one or more network address resources. Each vfiler is also allowed shared access to a file system resource of a storage operating system. To ensure controlled access to the allocated and shared resources, each vfiler is further assigned its own security domain for each access protocol. A vfiler boundary check is performed by the file system to verify that a current vfiler is allowed to access certain storage resources for a requested file stored on the filer platform.
83 Citations
18 Claims
-
1. A system comprising:
-
a processor; a memory coupled to the processor; a storage operating system resident in the memory and executed by the processor, the storage operating system implementing a file system configured to provide storage service of information stored on the system; a plurality of network interfaces configured to process received block-based protocol data access requests, each network interface assigned to one or more network addresses, each network interface further assigned an identifier that binds the network interface to an address space that includes the one or more network addresses; and a plurality of context data structures stored in the memory and containing configuration information to establish a plurality of instances of virtual servers executed by the processor, each virtual server allocated resources that include a partitioning of the network interfaces and assigned network addresses to establish a distinct security domain for that virtual server that enables controlled access to the allocated network interfaces and assigned network addresses, each virtual server further configured to share access to the file system to service the block-based protocol data access requests by converting the block-based protocol data access requests to appropriate file system data requests when providing the storage service of the information stored on the system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method comprising:
-
executing, by a processor, a storage operating system resident in a memory of a storage system, the storage operating system implementing a file system configured to provide storage service of information stored on the storage system; processing, by the processor coupled to a plurality of network interfaces, received block-based protocol data access requests; assigning each network interface to one or more network addresses; assigning each network interface an identifier that binds that network interface to an address space that includes the one or more network addresses; storing a plurality of context data structures in the memory, where each context data structure contains configuration information to establish a plurality of instances of virtual servers executed by the processor; allocating resources that include a partitioning of the network interfaces and assigned network addresses to each virtual server to establish a distinct security domain for that virtual server that enables controlled access to the allocated network interfaces and assigned network addresses; and sharing, amongst the virtual servers, access to the file system to service the block-based protocol data access requests by converting the block-based protocol data access requests to appropriate file system data requests when providing the storage service of the information stored on the storage system. - View Dependent Claims (15, 16, 17)
-
-
18. A non-transitory computer readable medium containing executable program instructions executed by a processor, comprising:
-
program instructions that execute a storage operating system resident in a memory of a storage system, the storage operating system implementing a file system configured to provide storage service of information stored on the storage system; program instructions that process block-based protocol data access requests received at a plurality of network interfaces; program instructions that assign each network interface to one or more network addresses; program instructions that assign each network interface an identifier that binds that network interface to an address space that includes the one or more network addresses; program instructions that store a plurality of context data structures in the memory, where each context data structure contains configuration information to establish a plurality of instances of virtual servers executed by the processor; program instructions that allocate resources that include a partitioning of the network interfaces and assigned network addresses to each virtual server to establish a distinct security domain for that virtual server that enables controlled access to the allocated network interfaces and assigned network addresses; and program instructions that share, amongst the virtual servers, access to the file system to service the block-based protocol data access requests by converting the block-based protocol data access requests to appropriate file system data requests when providing the storage service of the information stored on the storage system.
-
Specification