Virtual data center
Abstract
A system and method are provided for securely sharing storage resources in a storage network. One or more organizations are modeled in a structure where each organization includes one or more units. Users are assigned to a unit and are also assigned a command access level. The command access level grants access to certain management commands that may be performed on storage resources. Storage resources are then bound to units in the organization and may be accessed by users in the unit. Once command access levels are assigned and storage resources are bound, access for a user in the unit is restricted to the command access level assigned to the user and the storage resources bound to the user's unit. When a command from a user is received, the command access level of the user and the bound storage resources for the unit of the user is determined. Then, a management command is performed using the bound storage for the user's unit if the command is available for the command access level.
Claims
exact text as granted — not AI-modifiedWhat is claimed is:
1 . A method for sharing a plurality of storage resources for an organization, wherein the organization is modeled as an organizational model having a plurality of units, wherein one or more users are assigned to each unit of the plurality of units of the organizational model, the method comprising:
mapping the plurality of storage resources to the plurality of units of the organizational model, wherein, for each unit of the plurality of units, one or more storage resource of the plurality of storage resources is mapped to a corresponding unit of the plurality of units; establishing access restrictions to storage resource management commands by the one or more users assigned to each unit, wherein command access levels assigned to the one or more users assigned to each unit are used to establish the access restrictions to storage resource management commands; and securing access to the plurality of storage resources using the storage resource mapping and the access restrictions to provide secure unit-based storage resource access, wherein the secure unit-based storage resource access is secured at a port level through use of the mapping whereby storage resources of the plurality of storage resources are only visible via ports of host devices to which a storage resource of the storage resources is mapped, and wherein the secure unit-based storage resource access is secured at a user level through use of the access restrictions whereby storage resource management commands are only available to users assigned to each unit in accordance with the access restrictions to the storage resource management commands.
2 . The method of claim 1 , further comprising:
binding the storage resources to the mapped corresponding units of the plurality of units, wherein storage resources bound to a unit are available for access to users assigned to the unit to which a storage resource is bound.
3 . The method of claim 2 , wherein the securing access to the plurality of storage resources comprises:
imposing the access restrictions for a user and limiting application of storage resource commands by the user to the one or more storage resource of the plurality of storage resources bound to a unit to which the user is assigned.
4 . The method of claim 2 , wherein storage resources bound to a particular unit of the plurality of units are available for access to users assigned to the particular unit in accordance with the access restrictions established for that particular unit.
5 . The method of claim 1 , wherein the organizational model provides a hierarchical organization of the plurality of units.
6 . The method of claim 5 , wherein the hierarchical organization comprises a parent-child relationship of units.
7 . The method of claim 6 , wherein a user is allowed access to storage resources bound to all units that are children of a unit to which the user is assigned.
8 . The method of claim 1 , further comprising:
implementing the access restrictions to storage resource management commands using roles and features for each unit of the plurality of units, wherein the roles provide different levels of command access for each command access level, wherein each feature provides commands that are permitted for that feature, and wherein each role is granted access to one or more feature.
9 . A storage management system for sharing a plurality of storage resources for an organization, the system comprising:
an organizational model, stored in memory of the storage management system, of an organization having a plurality of units, wherein one or more users are assigned to each unit of the plurality of units of the organizational model, wherein, for each unit of the plurality of units, one or more storage resource of the plurality of storage resources is mapped to a corresponding unit of the plurality of units; access restrictions to storage resource management commands, stored in memory of the storage management system, by the one or more users assigned to each unit, wherein command access levels assigned to the one or more users assigned to each unit establish access restrictions to storage resource management commands; and instructions, operable upon a device of the system, securing access to the plurality of storage resources using the storage resource mapping and the access restrictions to provide secure unit-based storage resource access, wherein the secure unit-based storage resource access is secured at a port level through use of the mapping whereby storage resources of the plurality of storage resources are only visible via ports of host devices to which a storage resource of the storage resources is mapped, and wherein the secure unit-based storage resource access is secured at a user level through use of the access restrictions whereby storage resource management commands are only available to users assigned to each unit in accordance with the access restrictions to the storage resource management commands.
10 . The system of claim 9 , further comprising:
instructions, operable upon a device of the system, binding the storage resources to the mapped corresponding units of the plurality of units, wherein storage resources bound to a unit are available for access to users assigned to the unit to which a storage resource is bound.
11 . The system of claim 10 , further comprising:
instructions, operable upon a device of the system, imposing the access restrictions upon a user and limiting application of storage resource commands by the user to the one or more storage resource of the plurality of storage resources bound to a unit to which the user is assigned.
12 . The system of claim 10 , wherein storage resources bound to a particular unit of the plurality of units are available for access to users assigned to the particular unit in accordance with the access restrictions established for that particular unit.
13 . The system of claim 9 , wherein the organizational model provides a hierarchical organization of the plurality of units.
14 . The system of claim 13 , wherein the hierarchical organization comprises a parent-child relationship of units.
15 . The system of claim 14 , wherein a user is allowed access to storage resources bound to all units that are children of a unit to which the user is assigned.
16 . The system of claim 9 , further comprising:
instructions, operable upon a device of the system, implementing the access restrictions to storage resource management commands using roles and features for each unit of the plurality of units, wherein the roles provide different levels of command access for each command access level, wherein each feature provides commands that are permitted for that feature, and wherein each role is granted access to one or more feature.
17 . A method for sharing a plurality of storage resources for an organization, wherein the organization is modeled as an organizational model having a plurality of units, wherein one or more users are assigned to each unit of the plurality of units of the organizational model, the method comprising:
mapping the plurality of storage resources to the plurality of units of the organizational model, wherein, for each unit of the plurality of units, one or more storage resource of the plurality of storage resources is mapped to a corresponding unit of the plurality of units; and establishing access restrictions to storage resource management commands by the one or more users assigned to each unit, wherein the access restrictions comprise command access levels having roles and features for each unit of the plurality of units, wherein the roles provide different levels of command access for each command access level, wherein each feature provides commands that are permitted for that feature, wherein each role is granted access to one or more feature, and wherein command access levels assigned to the one or more users assigned to each unit are used to establish the access restrictions to storage resource management commands in accordance with its roles and features.
18 . The method of claim 17 , further comprising:
securing access to the plurality of storage resources using the storage resource mapping and the access restrictions to provide secure unit-based storage resource access, wherein the secure unit-based storage resource access is secured at a port level through use of the mapping whereby storage resources of the plurality of storage resources are only visible via ports of host devices to which a storage resource of the storage resources is mapped, and wherein the secure unit-based storage resource access is secured at a user level through use of the access restrictions whereby storage resource management commands are only available to users assigned to each unit in accordance with the access restrictions to the storage resource management commands.
19 . The method of claim 18 , further comprising:
binding the storage resources to the mapped corresponding units of the plurality of units, wherein storage resources bound to a unit are available for access to users assigned to the unit to which a storage resource is bound, wherein storage resources bound to a particular unit of the plurality of units are available for access to users assigned to the particular unit in accordance with the access restrictions established for that particular unit.
20 . The method of claim 19 , wherein the securing access to the plurality of storage resources comprises:
imposing the access restrictions for a user and limiting application of storage resource commands by the user to the one or more storage resource of the plurality of storage resources bound to a unit to which the user is assigned.Join the waitlist — get patent alerts
Track US2013297902A1 — get alerts on status changes and closely related new filings.
We store only your email — no account needed. See our privacy policy.