System and method for storage operation access security
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
G06F-017/30
출원번호
US-0058511
(2008-03-28)
등록번호
US-8108427
(2012-01-31)
발명자
/ 주소
Prahlad, Anand
Kavuri, Srinivas
출원인 / 주소
CommVault Systems, Inc.
대리인 / 주소
Perkins Coie LLP
인용정보
피인용 횟수 :
62인용 특허 :
82
초록▼
A method and system for controlling access to stored data is provided. The storage access control system leverages a preexisting security infrastructure of a system to inform the proper access control that should be applied to data stored outside of its original location, such as a data backup. The
A method and system for controlling access to stored data is provided. The storage access control system leverages a preexisting security infrastructure of a system to inform the proper access control that should be applied to data stored outside of its original location, such as a data backup. The storage access control system may place similar access control restrictions on the backup files that existed on the original files. In this way, the backed up data is given similar protection as that of the original data.
대표청구항▼
1. A method of managing users in a data management system that is configured to manage secondary copies of data files, the method comprising: identifying a preexisting user created in a security system external to the data management system, wherein the identified preexisting user has certain access
1. A method of managing users in a data management system that is configured to manage secondary copies of data files, the method comprising: identifying a preexisting user created in a security system external to the data management system, wherein the identified preexisting user has certain access rights defined by the security system;creating a group within the data management system that associates one or more users with at least one access right for performing storage operations that create secondary copies of data files from source production data files;adding the identified preexisting user to the created group within the data management system at a first time;at a later time, receiving a request from the identified preexisting user to perform a storage operation that would create a secondary copy of a particular production data file;querying the security system to determine the certain access rights of the identified preexisting user, wherein the certain access rights relate to the preexisting user's rights to access the particular production data file, and,performing the requested storage operation to create a secondary copy of the particular production data file when the certain access rights permit the identified preexisting user to perform the requested management storage operation,wherein the secondary copies are used to restore production data from which the secondary copies are created and are not actively used by a live data server or other computer system;wherein querying the security system to determine the certain access rights includes determining one or more computers to which the identified preexisting user has access, and wherein the certain access rights permit the identified preexisting user to perform the requested storage operation if the particular production data file is associated with one of the determined one or more computers;wherein adding the identified preexisting user to the created group within the data management system includes associating the created group with a reference to the identified preexisting user in the security system; andwherein the at least one access right for performing storage operations determines which copies of source data stored in multiple copies a user within the group can access. 2. The method of claim 1 wherein a user of the data management system who does not have privileges to create new users within the data management system adds the identified preexisting user to the created group within the data management system. 3. The method of claim 1, further comprising querying the security system to determine an email address associated with the identified preexisting user. 4. The method of claim 1, wherein the particular production data file includes textual content, and the certain access rights are determined in part by evaluating the textual content. 5. The method of claim 1, further comprising: querying the security system to determine an electronic address associated with the identified preexisting user; and,notifying the identified preexisting user at the determined electronic address that the requested storage operation failed. 6. The method of claim 1, wherein performing the requested storage operation comprises creating a secondary copy of the particular production data file and applying access rights that the security system associates with the particular production data file to the created secondary copy. 7. A non-transitory computer-readable storage medium storing instructions for controlling a computer system to migrate users from a preexisting security system to a data management system that is configured to manage secondary copies of data files, wherein the secondary copies are used to restore production data from which the secondary copies are created and are not actively used by a live data server or other computer system, the instructions when executed by the computer system performs a method comprising: receiving a request to create a new security entity in the data management system, wherein the new security entity is associated with at least one privilege for performing storage management operations to create secondary copies of data files from source production data files;providing a list of one or more preexisting security entities defined by a security infrastructure external to the data management system;receiving a selection of a preexisting security entity defined by the external security infrastructure;migrating the selected preexisting security entity defined by the external security infrastructure to the new security entity in the data management system, and,performing a storage operation requested by the selected preexisting security entity,wherein the storage operation creates a secondary copy of a particular production data file, andwherein the storage operation is performed after querying the security infrastructure to determine that the selected preexisting security entity has sufficient access rights with respect to the particular production data file to perform the requested data management operation;wherein querying the security infrastructure to determine that the selected preexisting security entity has sufficient access comprises determining one or more computers to which the selected preexisting security entity has access, and wherein the selected preexisting security entity has sufficient access rights when the particular production data file is associated with one of the determined one or more computers;wherein migrating the selected preexisting security entity defined by the external security infrastructure to the new security entity in the data management system includes associating the new security entity with a reference to the selected preexisting security entity in the security infrastructure; andwherein the at least one privilege for performing storage management operations determines which copies of source data stored in multiple copies can be accessed by the new security entity. 8. The non-transitory computer-readable storage medium of claim 7 wherein migrating the selected preexisting security entity further includes determining information about the preexisting security entity and associating at least a portion of the information with the new security entity. 9. The non-transitory computer-readable storage medium of claim 7 wherein the external security infrastructure includes a directory provided by an operating system. 10. The non-transitory computer-readable storage medium of claim 7 wherein providing a list of one or more preexisting security entities defined by a security infrastructure external to the data management system includes retrieving information from a first external security infrastructure provided by a first operating system. 11. The non-transitory computer-readable storage medium of claim 10 wherein providing a list of one or more preexisting security entities defined by a security infrastructure external to the data management system further includes retrieving information from a second external security infrastructure provided by a second operating system. 12. The non-transitory computer-readable storage medium of claim 7 wherein the selected preexisting security entity is an individual user. 13. The non-transitory computer-readable storage medium of claim 7 wherein the external security infrastructure provides one or more access control lists that define one or more access rights assigned to each preexisting security entity. 14. A system for securing storage operations in a storage management system, wherein the storage management system interfaces with an external security component configured to store data regarding one or more external users and one or more access rights that indicate how the one or more external users are permitted to access production data files, the system comprising: a memory;a storage management application configured to store one or more storage management users and to perform storage operations on behalf of the one or more storage management users,wherein some of the storage operations performed create secondary copies of data files from source production data files, andwherein the secondary copies are used to restore production data from which the secondary copies are created and are not actively used by a live data server or other computer system;a privileges migration component stored at least in part by the memory that is configured to interface with the external security component and with the storage management application, wherein the privileges migration component is further configured to:create storage management users based on selected external users, and,determine whether a storage management user that was created based on a particular selected external user has sufficient access rights to perform a storage operation that would create a secondary copy of a data file from a particular production data file,wherein this determination is made by querying the external security component to determine one or more access rights that indicate how the particular selected external user is permitted to access the particular production data file;wherein determining whether a storage management user that was created based on a particular selected external user has sufficient access rights to perform a storage operation includes determining one or more computers to which the particular selected external user has access, and wherein the particular selected external user has sufficient access rights when the particular production data file is associated with one of the determined one or more computers;wherein creating storage management users based on selected external users includes associating one or more storage management users with a reference to one or more of the selected external users; andwherein the access rights to perform a storage operation determine which copies of source data stored in multiple copies a storage management user can access. 15. The system of claim 14 wherein the privileges migration component is further configured to determine at least a name and an email address associated with each of the selected external users. 16. The system of claim 14 wherein the storage management application is further configured to store, with each storage management user, privileges information describing storage management operations that each storage management user is allowed to perform. 17. The system of claim 14 wherein the external security component includes a Lightweight Directory Access Protocol (LDAP) directory.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (82)
Yuval Ofek ; Zoran Cakeljic ; Samuel Krikler IL; Sharon Galtzur IL; Michael Hirsch IL; Dan Arnon ; Peter Kamvysselis, Apparatus and methods for copying, backing up, and restoring data using a backup segment size larger than the storage block size.
Griffin David (Maynard MA) Campbell Jonathan (Acton MA) Reilly Michael (Sterling MA) Rosenbaum Richard (Pepperell MA), Arrangement with cooperating management server node and network service node.
Nakano Toshio (Odawara JPX) Nozawa Masafumi (Odawara JPX) Kurano Akira (Odawara JPX) Hisano Kiyoshi (Odawara JPX) Hoshino Masayuki (Odawara JPX), Backup control method and system in data processing system using identifiers for controlling block data transfer.
Kitajima Hiroyuki (Yokohama) Yamamoto Akira (Yokohama) Doi Takashi (Hadano) Nozawa Masafumi (Odawara JPX), Buffered peripheral system and method for backing up and retrieving data to and from backup memory device.
Cole Leo J. (Raleigh NC) Frantz Curtis J. (Durham NC) Lee Jeannette (Raleigh NC) Ordanic Zvonimir (Raleigh NC) Plank Larry K. (Rochester MN), Centralized management in a computer network.
Carpenter Kelly S. (Fremont CA) Dearing Gerard M. (San Jose CA) Nick Jeffrey M. (Fishkill NY) Strickland Jimmy P. (Saratoga CA) Swanson Michael D. (Poughkeepsie NY) Wilkinson Wendell W. (Hyde Park NY, Coherence controls for store-multiple shared data coordinated by cache directory entries in a shared electronic storage.
Senator Steven T. ; Fuller Billy J., Computer system method and apparatus providing for various versions of a file without requiring data copy or log operati.
Fecteau Jean G. (Toronto NY CAX) Gdaniec Joseph M. (Vestal NY) Hennessy James P. (Endicott NY) MacDonald John F. (Vestal NY) Osisek Damian L. (Vestal NY), Computer system which supports asynchronous commitment of data.
Dunphy William E. (Westminster CO) Halladay Steven M. (Louisville CO) Moy Michael E. (Lafayette CO) Munro Frederick G. (Broomfield CO), Data storage and protection system.
Yanai Moshe (Framingham MA) Vishlitzky Natan (Brookline MA) Alterescu Bruno (Newton MA) Castel Daniel (Framingham MA) Shklarsky Gadi (Brookline MA), Data storage system controlled remote data mirroring with respectively maintained data indices.
Fortier Richard W. (Acton MA) Mastors Robert M. (Ayer MA) Taylor Tracy M. (Upton MA) Wallace John J. (Franklin MA), Digital data processor with improved backup storage.
Kenley Gregory (Northboro MA) Ericson George (Schrewsbury MA) Fortier Richard (Acton MA) Holland Chuck (Northboro MA) Mastors Robert (Ayer MA) Pownell James (Natick MA) Taylor Tracy (Upton MA) Wallac, Digital data storage system with improved data migration.
Xu Yikang ; Vahalia Uresh K. ; Jiang Xiaoye ; Gupta Uday ; Tzelnic Percy, File server system using file system storage, data movers, and an exchange of meta data among data movers for file locking and direct access to shared file systems.
Lagueux, Jr., Richard A.; Stave, Joel H.; Yeaman, John B.; Stevens, Brian E.; Higgins, Robert M.; Collins, James M., Graphical user interface for configuration of a storage system.
Urevig Paul D. ; Malnati James R. ; Ethen Donald J. ; Weber Herbert L., Grouping shared resources into one or more pools and automatically re-assigning shared resources from where they are not currently needed to where they are needed.
Barney Rock D. ; Schwols Keith ; Nelson Ellen M., Integration of a database into file management software for protecting, tracking and retrieving data.
Martin Charles W. (Richardson TX) Reid Fredrick S. (Plano TX) Forbus Gary L. (Dallas TX) Adams Steve M. (Plano TX) Shannon C. Patrick (Garland TX) Pirpich Eric A. (Garland TX), Mass data storage and retrieval system.
Kedem Nadav,ILX, Mass storage subsystem and backup arrangement for digital data processing system which permits information to be backed up while host computer(s) continue(s) operating in connection with information .
Long Robert M., Media element library with non-overlapping subset of media elements and non-overlapping subset of media element drives accessible to first host and unaccessible to second host.
Kullick Steven E. ; Spirakis Charles S. ; Titus Diane J., Method and apparatus for transferring archival data among an arbitrarily large number of computer devices in a networked.
Eastridge Lawrence E. (Tucson AZ) Kern Robert F. (Tucson AZ) Kern Ronald M. (Tucson AZ) Mikkelsen Claus W. (Morgan Hill CA) Ratliff James M. (Tucson AZ), Method and system for automated backup copy ordering in a time zero backup copy session.
Eastridge Lawrence E. (Tucson AZ) Kern Robert F. (Tucson AZ) Micka William F. (Tucson AZ) Mikkelsen Claus W. (Morgan Hill CA) Ratliff James M. (Tucson AZ), Method and system for automated termination and resumption in a time zero backup copy process.
Walter A. Hubis ; William G. Deitz, Method and system for controlling access share storage devices in a network environment by configuring host-to-volume mapping data structures in the controller memory for granting and denying access .
Aoyama Yuki,JPX ; Takahashi Toru,JPX ; Wakayama Satoshi,JPX, Method of and an apparatus for displaying version information and configuration information and a computer-readable recording medium on which a version and configuration information display program i.
Pisello Thomas (De Bary FL) Crossmier David (Casselberry FL) Ashton Paul (Oviedo FL), Network management system having virtual catalog overview of files distributively stored across network domain.
Crockett Robert N. (Tucson AZ) Kern Ronald M. (Tucson AZ) Micka William F. (Tucson AZ), Software directed microcode state save for distributed storage controller.
Retnamma,Manoj Vijayan; Amarendran,Arun; Kottomtharayil,Rajiv, System and method for combining data streams in pipelined storage operations in a storage network.
Mutalik Madhav ; Senie Faith M., System and method for performing file-handling operations in a digital data processing system using an operating system-independent file map.
Huai ReiJane (Old Brookville NY) Daly Robert (Ronkonkoma NY) Curti Walter (Dix Hills NY) Mohan Deepak (Huntington NY) Chueh James Kuang-Ru (Bayside NY) Louie Larry (Forest Hills NY), System and parallel streaming and data stripping to back-up a network.
Stoppani ; Jr. Peter (Woodinville WA), System for allocating storage spaces based upon required and optional service attributes having assigned piorities.
Flynn Rex A. (Belmont MA) Anick Peter G. (Marlboro MA), System for reconstructing prior versions of indexes using records indicating changes between successive versions of the.
Saether Christian D. (Seattle WA) Stoppani ; Jr. Peter (Woodinville WA), System of device independent file directories using a tag between the directories and file descriptors that migrate with.
Cairns, Brian Lewis; Schoeffler, Eric Benson; Richter, John Day; Procopio, Michael Jeffrey; Eaton, Brian Edgar; Besen, Adam Wayne; Wyrick, Robert Eugene, Controlling access by web applications to resources on servers.
Prahlad, Anand; Muller, Marcus S.; Kottomtharayil, Rajiv; Kavuri, Srinivas; Gokhale, Parag; Vijayan, Manoj, Data object store and server for a cloud storage environment, including data deduplication and data management across multiple cloud storage sites.
Prahlad, Anand; Muller, Marcus S.; Kottomtharayil, Rajiv; Kavuri, Srinivas; Gokhale, Parag; Vijayan, Manoj Kumar, Data object store and server for a cloud storage environment, including data deduplication and data management across multiple cloud storage sites.
Prahlad, Anand; Muller, Marcus S.; Kottomtharayil, Rajiv; Kavuri, Srinivas; Gokhale, Parag; Vijayan, Manoj Kumar, Data object store and server for a cloud storage environment, including data deduplication and data management across multiple cloud storage sites.
Gokhale, Parag; Kottomtharayil, Rajiv; Karandikar, Amey Vijaykumar; Wang, Yu, Data storage resource allocation list updating for data storage operations.
Gokhale, Parag; Kottomtharayil, Rajiv; Karandikar, Amey Vijaykumar; Wang, Yu, Data storage resource allocation using blacklisting of data storage requests classified in the same category as a data storage request that is determined to fail if attempted.
Vijayan, Manoj Kumar; Chen, Ho-Chi; Attarde, Deepak Raghunath; Joshi, Hetalkumar N., Information management of data associated with multiple cloud services.
Vijayan, Manoj Kumar; Chen, Ho-Chi; Attarde, Deepak Raghunath; Joshi, Hetalkumar N., Information management of data associated with multiple cloud services.
Vijayan, Manoj Kumar; Chen, Ho-Chi; Attarde, Deepak Raghunath; Joshi, Hetalkumar N., Information management of data associated with multiple cloud services.
Vijayan, Manoj Kumar; Chen, Ho-chi; Attarde, Deepak Raghunath; Joshi, Hetalkumar N., Information management of data associated with multiple cloud services.
Vijayan, Manoj Kumar; Chen, Ho-chi; Attarde, Deepak Raghunath; Joshi, Hetalkumar N., Information management of data associated with multiple cloud services.
Day-Richter, John; Cairns, Brian Lewis; Schoeffler, Eric Benson; Procopio, Michael Jeffrey; Lemonik, Micah; Besen, Adam Wayne; Eaton, Brian Edgar; Wyrick, Robert Eugene, Installation of third-party web applications into a container.
Prahlad, Anand; Muller, Marcus S.; Kottomtharayil, Rajiv; Kavuri, Srinivas; Gokhale, Parag; Vijayan, Manoj Kumar, Performing data storage operations with a cloud environment, including containerized deduplication, data pruning, and data transfer.
Joshi, Hetalkumar N.; Maranna, Chandrashekar; Vijayan, Manoj Kumar, Scalable auxiliary copy processing in a data storage management system using media agent resources.
Joshi, Hetalkumar N.; Maranna, Chandrashekar; Vijayan, Manoj Kumar, Scalable auxiliary copy processing in a storage management system using media agent resources.
Schoeffler, Eric Benson; Lee, Ivan Young; Cooper, Nicholas Mark Vasic; Stone, Trevor Keir MacFergus; Vongsouvanh, Alain; Afshar, Ali Hamid; Fryzel, Victor Eric; Procopio, Michael Jeffrey, System and method for anchoring third party metadata in a document.
Procopio, Michael Jeffrey; Thierer, Tobias; Kan, Reuben; Lee, Ivan Young; Schoeffler, Eric Benson; Cairns, Brian Lewis, System and method for detecting and integrating with native applications enabled for web-based storage.
Procopio, Michael Jeffrey; Thierer, Tobias; Kan, Reuben; Lee, Ivan Young; Schoeffler, Eric Benson; Cairns, Brian Lewis, System and method for detecting and integrating with native applications enabled for web-based storage.
Ignatius, Paul; Prahlad, Anand; Tyagarajan, Mahesh; Vijayan Retnamma, Manoj; Amarendran, Arun; Kottomtharayil, Rajiv, System and method for providing encryption in storage operations in a storage network, such as for use by application service providers that provide data storage services.
Ignatius, Paul; Prahlad, Anand; Tyagarajan, Mahesh; Vijayan, Manoj Kumar; Amarendran, Arun Prasad; Kottomtharayil, Rajiv, System and method for providing encryption in storage operations in a storage network, such as for use by application service providers that provide data storage services.
Vongsouvanh, Alain; Jorgensen, Russell Blaine; Wyrick, Robert Eugene; Hicks, Justin Lee; Clark, Stephen Nowland, System and method to store third-party metadata in a cloud storage system.
Buzbee, Thomas P.; Procopio, Michael J.; Schneider, Ronald E., Systems and methods for providing third-party application specific storage in a cloud-based storage system.
Gokhale, Parag; Kottomtharayil, Rajiv; Karandikar, Amey Vijaykumar; Wang, Yu, Updating a list of data storage requests if an abbreviated resource check determines that a request in the list would fail if attempted.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.