US2013297902A1PendingUtilityA1

Virtual data center

Assignee: NETAPP INCPriority: Feb 13, 2001Filed: Apr 26, 2013Published: Nov 7, 2013
Est. expiryFeb 13, 2021(expired)· nominal 20-yr term from priority
G06F 2201/815G06F 3/0614G06F 3/0632G06F 3/0629G06F 11/201G06F 3/067G06F 3/0607G06F 12/1458G06F 11/2097G06F 3/0635G06F 11/2094H04L 67/1097G06F 11/2092G06F 11/0724G06F 3/0665G06F 11/0727H04L 49/357G06F 11/0766G06F 11/0793G06F 11/2089G06F 11/2025G06F 11/1482G06F 3/0605
55
PatentIndex Score
0
Cited by
0
References
0
Claims

Abstract

A system and method are provided for securely sharing storage resources in a storage network. One or more organizations are modeled in a structure where each organization includes one or more units. Users are assigned to a unit and are also assigned a command access level. The command access level grants access to certain management commands that may be performed on storage resources. Storage resources are then bound to units in the organization and may be accessed by users in the unit. Once command access levels are assigned and storage resources are bound, access for a user in the unit is restricted to the command access level assigned to the user and the storage resources bound to the user's unit. When a command from a user is received, the command access level of the user and the bound storage resources for the unit of the user is determined. Then, a management command is performed using the bound storage for the user's unit if the command is available for the command access level.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
         1 . A method for sharing a plurality of storage resources for an organization, wherein the organization is modeled as an organizational model having a plurality of units, wherein one or more users are assigned to each unit of the plurality of units of the organizational model, the method comprising:
 mapping the plurality of storage resources to the plurality of units of the organizational model, wherein, for each unit of the plurality of units, one or more storage resource of the plurality of storage resources is mapped to a corresponding unit of the plurality of units;   establishing access restrictions to storage resource management commands by the one or more users assigned to each unit, wherein command access levels assigned to the one or more users assigned to each unit are used to establish the access restrictions to storage resource management commands; and   securing access to the plurality of storage resources using the storage resource mapping and the access restrictions to provide secure unit-based storage resource access, wherein the secure unit-based storage resource access is secured at a port level through use of the mapping whereby storage resources of the plurality of storage resources are only visible via ports of host devices to which a storage resource of the storage resources is mapped, and wherein the secure unit-based storage resource access is secured at a user level through use of the access restrictions whereby storage resource management commands are only available to users assigned to each unit in accordance with the access restrictions to the storage resource management commands.   
     
     
         2 . The method of  claim 1 , further comprising:
 binding the storage resources to the mapped corresponding units of the plurality of units, wherein storage resources bound to a unit are available for access to users assigned to the unit to which a storage resource is bound.   
     
     
         3 . The method of  claim 2 , wherein the securing access to the plurality of storage resources comprises:
 imposing the access restrictions for a user and limiting application of storage resource commands by the user to the one or more storage resource of the plurality of storage resources bound to a unit to which the user is assigned.   
     
     
         4 . The method of  claim 2 , wherein storage resources bound to a particular unit of the plurality of units are available for access to users assigned to the particular unit in accordance with the access restrictions established for that particular unit. 
     
     
         5 . The method of  claim 1 , wherein the organizational model provides a hierarchical organization of the plurality of units. 
     
     
         6 . The method of  claim 5 , wherein the hierarchical organization comprises a parent-child relationship of units. 
     
     
         7 . The method of  claim 6 , wherein a user is allowed access to storage resources bound to all units that are children of a unit to which the user is assigned. 
     
     
         8 . The method of  claim 1 , further comprising:
 implementing the access restrictions to storage resource management commands using roles and features for each unit of the plurality of units, wherein the roles provide different levels of command access for each command access level, wherein each feature provides commands that are permitted for that feature, and wherein each role is granted access to one or more feature.   
     
     
         9 . A storage management system for sharing a plurality of storage resources for an organization, the system comprising:
 an organizational model, stored in memory of the storage management system, of an organization having a plurality of units, wherein one or more users are assigned to each unit of the plurality of units of the organizational model, wherein, for each unit of the plurality of units, one or more storage resource of the plurality of storage resources is mapped to a corresponding unit of the plurality of units;   access restrictions to storage resource management commands, stored in memory of the storage management system, by the one or more users assigned to each unit, wherein command access levels assigned to the one or more users assigned to each unit establish access restrictions to storage resource management commands; and   instructions, operable upon a device of the system, securing access to the plurality of storage resources using the storage resource mapping and the access restrictions to provide secure unit-based storage resource access, wherein the secure unit-based storage resource access is secured at a port level through use of the mapping whereby storage resources of the plurality of storage resources are only visible via ports of host devices to which a storage resource of the storage resources is mapped, and wherein the secure unit-based storage resource access is secured at a user level through use of the access restrictions whereby storage resource management commands are only available to users assigned to each unit in accordance with the access restrictions to the storage resource management commands.   
     
     
         10 . The system of  claim 9 , further comprising:
 instructions, operable upon a device of the system, binding the storage resources to the mapped corresponding units of the plurality of units, wherein storage resources bound to a unit are available for access to users assigned to the unit to which a storage resource is bound.   
     
     
         11 . The system of  claim 10 , further comprising:
 instructions, operable upon a device of the system, imposing the access restrictions upon a user and limiting application of storage resource commands by the user to the one or more storage resource of the plurality of storage resources bound to a unit to which the user is assigned.   
     
     
         12 . The system of  claim 10 , wherein storage resources bound to a particular unit of the plurality of units are available for access to users assigned to the particular unit in accordance with the access restrictions established for that particular unit. 
     
     
         13 . The system of  claim 9 , wherein the organizational model provides a hierarchical organization of the plurality of units. 
     
     
         14 . The system of  claim 13 , wherein the hierarchical organization comprises a parent-child relationship of units. 
     
     
         15 . The system of  claim 14 , wherein a user is allowed access to storage resources bound to all units that are children of a unit to which the user is assigned. 
     
     
         16 . The system of  claim 9 , further comprising:
 instructions, operable upon a device of the system, implementing the access restrictions to storage resource management commands using roles and features for each unit of the plurality of units, wherein the roles provide different levels of command access for each command access level, wherein each feature provides commands that are permitted for that feature, and wherein each role is granted access to one or more feature.   
     
     
         17 . A method for sharing a plurality of storage resources for an organization, wherein the organization is modeled as an organizational model having a plurality of units, wherein one or more users are assigned to each unit of the plurality of units of the organizational model, the method comprising:
 mapping the plurality of storage resources to the plurality of units of the organizational model, wherein, for each unit of the plurality of units, one or more storage resource of the plurality of storage resources is mapped to a corresponding unit of the plurality of units; and   establishing access restrictions to storage resource management commands by the one or more users assigned to each unit, wherein the access restrictions comprise command access levels having roles and features for each unit of the plurality of units, wherein the roles provide different levels of command access for each command access level, wherein each feature provides commands that are permitted for that feature, wherein each role is granted access to one or more feature, and wherein command access levels assigned to the one or more users assigned to each unit are used to establish the access restrictions to storage resource management commands in accordance with its roles and features.   
     
     
         18 . The method of  claim 17 , further comprising:
 securing access to the plurality of storage resources using the storage resource mapping and the access restrictions to provide secure unit-based storage resource access, wherein the secure unit-based storage resource access is secured at a port level through use of the mapping whereby storage resources of the plurality of storage resources are only visible via ports of host devices to which a storage resource of the storage resources is mapped, and wherein the secure unit-based storage resource access is secured at a user level through use of the access restrictions whereby storage resource management commands are only available to users assigned to each unit in accordance with the access restrictions to the storage resource management commands.   
     
     
         19 . The method of  claim 18 , further comprising:
 binding the storage resources to the mapped corresponding units of the plurality of units, wherein storage resources bound to a unit are available for access to users assigned to the unit to which a storage resource is bound, wherein storage resources bound to a particular unit of the plurality of units are available for access to users assigned to the particular unit in accordance with the access restrictions established for that particular unit.   
     
     
         20 . The method of  claim 19 , wherein the securing access to the plurality of storage resources comprises:
 imposing the access restrictions for a user and limiting application of storage resource commands by the user to the one or more storage resource of the plurality of storage resources bound to a unit to which the user is assigned.

Join the waitlist — get patent alerts

Track US2013297902A1 — get alerts on status changes and closely related new filings.

We store only your email — no account needed. See our privacy policy.