The present invention relates generally to managing and controlling data storage resources in an enterprise environment. More specifically, the present invention relates to a system, method and apparatus for managing enterprise policies on files and directories in file systems utilizing file system metadata harvested across file system protocols.
Today's computers require memory to hold or store both the steps or instructions of computer programs and the data that those programs take as input or produce as output. This memory is conventionally divided into two types, primary storage and secondary storage. Primary storage is that which is immediately accessible by the computer or microprocessor, and is typically though not exclusively used as temporary storage. It is, in effect, the short term memory of the computer. Secondary storage can be seen as the long-term computer memory. This form of memory maintains information that must be kept for a long time, and may be orders of magnitude larger and slower. Secondary memory is typically provided by devices such as magnetic disk drives, optical drives, and so forth. These devices present to the computer's operating system a low-level interface in which individual storage subunits may be individually addressed. These subunits are often generalized by the computer's operating system into “blocks,” and such devices are often referred to as “block storage devices.”
Block storage devices are not typically accessed directly by users or (most) programs. Rather, programs or other components of the operating system organize block storage in an abstract fashion and make this higher-level interface available to other software components. The most common higher-level abstraction thus provided is a “file system” (often also written as filesystem). In a file system, the storage resource is organized into directories, files, and other objects. Associated with each file, directory, or other object is typically a name, some explicit/static metadata such as its owner, size, and so on, its contents or data, and an arbitrary and open set of implicit or “dynamic” metadata such as the file's content type, checksum, and so on. Directories are containers that provide a mapping from directory-unique names to other directories and files. Files are containers for arbitrary data. Because directories may contain other directories, the file system client (human user, software application, etc.) perceives the storage to be organized into a quasi-hierarchical structure or “tree” of directories and files. This structure may be navigated by providing the unique names necessary to identify a directory inside another directory at each traversed level of the structure. Hence, the organizational structure of names is sometimes said to constitute a “file system namespace.”
Conventional file systems support a finite set of operations (such as create, open, read, write, close, delete) on each of the abstract objects which the file system contains. For each of these operations, the file system takes a particular action in accordance with the operation in question and the data provided in the operation. The sequence of these operations over time affects changes to the file system structure, data, and metadata in a predictable way. The set of file system abstractions, operations, and predictable results for particular actions is said to constitute a “semantic” for the file system.
In some cases, a storage resource is accessed by a computer over a network connection. Various mechanisms exist for allowing software or users on one computing device to access storage devices that are located on another remote computer or device. While there are several remote storage access facilities available, they generally fall into one of two classes: block-level; and file-level. File-level remote storage access mechanisms extend the file system interface and namespace across the network, enabling clients to access and utilize the files and directories as if they were local. Such systems are therefore typically called “network file systems.” One Example of this type of storage access mechanism is the Network File System (“NFS”) originally developed by Sun Microsystems. Note that the term “network file system” is used herein generally to refer to all such systems and the term “NFS” will be used when discussing the Sun Microsystems developed Network File System.
Networked file systems enable machines to access the file systems that reside on other machines. Architecturally, this leads to the following distinctions. In the context of a given file system, one machine plays the role of a file system “origin server” (alternatively either “fileserver” or simply “server”) and another plays the role of a file system client. The two are connected via a data transmission network. The client and server communicate over this network using standardized network protocols. The high-level protocols which extend the file system namespace and abstractions across the network are referred to as “network file system protocols.” There are many such protocols, including the Common Internet File System or CIFS, the aforementioned NFS, Novell® Netware file sharing system, Apple® AppleShare®, the Andrew File System (AFS), the Coda file system (Coda®), and others. CFS and NFS are by far the most prevalent. All of these network file system protocols share approximately equivalent semantics and sets of abstractions, but differ in their details and are noninteroperable. In order to use a file system from some fileserver, a client must “speak the same language,” i.e., have software that implements the same protocol that the server uses.
A fileserver indicates which portions of its file systems are available to remote clients by defining “exports” or “shares.” In order to access a particular remote fileserver's file systems, a client must then make those exports or shares of interest available by including them by reference as part of their own file system namespace. This process is referred to as “mounting” or “mapping (to)” a remote export or share. By mounting or mapping, a client establishes a tightly coupled relationship with the particular file server. The overall architecture can be characterized as a “two-tier” client-server system, since the client communicates directly with the server which has the resources of interest to the client.
The pressing need to monitor file systems and to report activities related to the file systems presents a challenge of unprecedented scope and scale on many fronts. For example, current network file system architectures suffer several shortcomings. In large network settings (e.g., those with large numbers of clients and servers), the architecture itself creates administrative problems for the management and maintenance of file systems. The inflexibility of the two-tier architecture manifests itself in two distinct ways. First, the tight logical coupling of client and server means that changes to the servers (e.g., moving a directory and its [recursive] contents from one server to another) require changes (e.g. to the definitions of mounts or mappings) on all clients that access that particular resource, and thus must be coordinated and executed with care. This is a manual and error-prone process that must be continuously engaged and monitored by the system administrators that manage and maintain such networked file systems. Second, the overall complexity of the environment grows at a non-linear rate. The complexity of a system of networked file system clients and servers can be characterized by the total number of relationships (mounts, mappings) between clients and servers, i.e. it grows as/is bounded by:
{{{Complexity˜=#Clients×#Servers}}}
Two-tier networked file systems therefore ultimately fail to scale in an important sense—the overall cost of managing a networked file system environment is proportional to this complexity, and as the complexity grows the costs quickly become untenable. This can be referred to as “the mapping problem.” The mapping problem may be understood as the direct result of an architectural deficiency in networked file system, namely the inflexibility of the two-tier architecture.
Existing attempts to address the problems of unconstrained complexity growth in the networked file system environment generally take one of two general forms: automation of management tasks; and minimization of the number of mounts through storage asset virtualization. The automation approach seeks to provide better administrative tools for managing network file storage. The virtualization approach takes two forms: abstraction; and delegation. The abstraction approach aggregates low-level storage resources across many servers so that they appear to be a single resource from a single server from a client's perspective. The delegation approach designates a single server as “owning” the file system namespace, but upon access by a client the delegation server instructs the client to contact the origin server for the resource in question to carry out the request. None of these approaches alone fully addresses the architectural deficiencies that cause complexity growth.
“Directory services” can be used to centralize the definition and administration of both lists of server exports and lists of mounts between clients and servers. Automation schemes can then allow clients to automatically lookup the appropriate server for a given file system in a directory service and mount the file system in its own namespace on demand.
File system virtualization solutions to date have usually taken one of three forms: low-level gateways between networked block-level protocols and file-level protocols; delegation systems; and fully distributed file systems. Low level gateways aggregate storage resources which are made available over the network in block (not file) form, and provide a file system atop the conjunction of block storage devices thus accessed. This provides some benefit in minimizing the number of exports and servers involved from a client perspective, but creates new complexity in that a new set of protocols (block-level storage protocols) is introduced and must be managed.
Delegation systems centralize namespace management in a single system—i.e., they make it appear that all the files are located on a single server—while actually redirecting each client request to a particular origin server. Delegation systems are relatively new and support for them must be enabled in new versions of the various file system protocols. Delegation systems allow a directory service to appear as a file system. One example is MicroSoft Corp.'s NT-DFS. Delegation systems typically do not map individual directories to individual directories. In other words, all the directories below a certain point in the file system namespace controlled by the delegation system are mapped to a single top-level directory. Another shortcoming is that prior art delegation systems typically respond to a request for a file or directory with the same response, regardless of the client making the request. As another deficiency, the underlying directory service does not handle requests directly, but redirects the requests to be handled by underlying systems.
Fully distributed file systems employ distributed algorithms, caching, and so forth to provide a unified and consistent view of a file system across all participating machines. While addressing mount management to some extent, distributed file systems introduce new and significant challenges in terms of maintaining consistency, increased sensitivity to failures, and increased implementation complexity. It should be noted that fully distributed file systems typically require specialized protocols and software on every participant in the system, in effect making every computer involved both a client and a server. Other distributed file systems seek to support mobile clients which frequently disconnect from the network, and thus focus on techniques for caching files and operations and ensuring consistency of the distributed file system upon reconnection.
Some prior art has focused on mechanisms for taking multiple file systems and producing a merged logical view of those file systems on a given file system client. This is sometimes referred to as “stack mounting.” Stack mounting to date has been seen as a nondistributed mechanism. It is used by a client to organize and structure their own local file system namespace for various purposes, rather than being used to organize and manage a collection of network file systems on an enterprise basis. Existing stacking file systems are limited in an important way—among a collection of logically joined file systems, a single origin file system is designated as the primary or “top” file system “layer” in the stack. All writes are performed on this file system layer. This has incorrectly been perceived as the only way to preserve the “correct” or traditional semantics of file systems.
In addition to organizing and maintaining the relationships between file system clients and file servers, additional challenges exist in managing access to and utilization of file systems. While most organizations have and enforce stringent document workflow and retention policies for their paper files, similar policies—while desired and mandated—are rarely enforced for electronic files. As a non-limiting example, many corporations have a policy that prohibits the usage of corporate storage capacity on fileservers for the storage of certain personal files and content types—for instance MP3s, personal digital images, and so on. This “policy” usually takes the form of a memo, email, etc. The administrators in charge of enforcing this policy face significant challenges. Conventional file systems do not provide mechanisms for configuring a file system to only allow particular content types or otherwise automatically make decisions about what should be stored, where, and how. These conventional file systems are static, and the set of semantics for access and other administrative controls are rather limited. Thus any such policy enforcement that happens is done retroactively and in an ad-hoc manner via manual or mostly-manual processes. The net result is that network file storage fills up with old, duplicated, and garbage files that often violate corporate and administrative utilization policies.
File systems are quasi-hierarchical collections of directories and files. The “intelligence” that a file system exhibits with respect to access control is typically restricted to a static set of rules defining file owners, permissions, and access control lists. To the extent even this relatively low level of “intelligence” exists, it is typically statically defined as a part of the file system implementation and may not be extended. Current file systems do not allow arbitrary triggers and associated activities to be programmed outside of the permissions hard coded in the original implementation of the file system.
Additional challenges exist for file system monitoring and reporting. File system activity produces changes to the state of a file system. This activity can affect changes to the structure, the stored metadata, and the stored data of the directories and files. Generally speaking, this activity is not logged in any way. Rather, the file system itself holds its current state. Some file systems—called “journaling” file systems—maintain transient logs of changes for a short duration as a means of implementing the file system itself. These logs, however, are not typically organized in any way conducive to monitoring and reporting on the state of the file system and its evolutionary activity over time. These logs are typically not made available to external programs, but are instead internal artifacts of the file system implementation. Further, these logs are frequently purged and therefore provide a poor basis for reporting of historical and trend data.
The collection, redaction, and analysis of high-level data about what a file system is being used for, what is stored in it, by whom and for what purpose continue to be a significant problem. Solutions today involve software programs or users explicitly walking through the file system structure, gathering the data required, and then analyzing it and/or acting on it, etc. Collection of file system data proactively as operations occur is generally not done as it is generally not supported by the file system itself. Furthermore, the accuracy of such collected data is usually questionable, as it reflects not an instantaneous state of the file system at any given moment, but, rather, an approximate state of the file system over the duration of the run. Without collecting and maintaining the appropriate statistics as file operations occur, it is impossible for the data, at the end of the run, to represent a correct and accurate picture of the contents of the file system at that time.
The problem of data collection and reporting is further compounded in the network file system environment. Because each server—indeed, each file system on each server—is a separate entity, it is therefore necessary to perform each data collection independently on each server. If reporting or monitoring is to be done across the network file system environment, significant challenges exist; namely, because of the parallel and discrete nature of the collection runs, it becomes difficult or impossible to sensibly merge the collected data into a consistent snapshot of the state of the file system at some time.
It is further the case that collection and storage of all such data as it occurs could be untenably burdensome; such logs would “grow” quickly and consume additional storage capacity at an undesirable rate. The ability to both collect such data as it occurs and dynamically redact or “historize” it would allow ongoing statistics to be maintained while simultaneously constraining the total amount of storage capacity that must be dedicated to such a purpose.
In today's increasingly litigious environment and in the presence of rules and regulations such as the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Sarbanes-Oxley Act of 2002, the lack of management, including the inability to enforce policies consistently and effectively, represents a serious risk that corporations and businesses alike must rush to address. Unfortunately, as a direct result of the general lack of innovation and improvement in file system architecture over the last 30 years, viable solutions that could provide practical and effective policy management to enterprises do not seem to exist.
Perhaps a general comparison between typical databases systems and typical file systems could provide an insight as to the lack of innovation and improvement in file system architecture. For databases, storage is usually organized into tables arranged in a flat space (i.e., tables may not be contained in other tables) which contain records with generally fixed form. Such database systems often provide a notion of “triggers” and “stored procedures.” Triggers define a set of conditions; when the database is manipulated in a way that matches some condition, the stored procedure associated with that trigger is executed, potentially modifying the transaction or operation. This mechanism is used primarily in two ways in database applications: to ensure data correctness and integrity and to automate certain administrative and application-specific tasks. The analogous facility is not available in file systems because file systems are quasi-hierarchical collections of directories and files. As such, triggers cannot be defined with associated stored procedures that can be automatically activated and enacted synchronous with a file system activity in any extant file system.
In general, implementation of triggers and stored procedures in file systems is significantly more complex than in databases systems because of less regular structure of file systems, their less formally well-defined semantics, and because file data is itself arbitrarily semi-structured and loosely typed. Implementation of programmable procedures which respond to an arbitrary file system operation by modifying the operation is challenging when the correct (i.e., traditional, expected, etc.) semantics of file systems must be preserved. There are existing systems that will generate “events” when operations occur on the file system; these events can then be used to activate arbitrary actions post-facto. However, the actions cannot themselves modify the file operation, since the event which activates them is not generated until the triggering operation completes.
Currently, the “intelligence” that a conventional file system exhibits with respect to access control is typically restricted to a static set of rules defining file owners, permissions, and access control lists. To the extent even this relatively low level of “intelligence” exists, it is usually statically defined as a part of the file system implementation and may not be extended.
In a typical enterprise, the files and directories stored in the enterprise file systems represent unstructured or semi-structured business intelligence, which comprises the work product and intellectual property produced by its knowledge workers. The work product may include business-critical assets and may range from Excel spreadsheets representing (collectively) the financial health and state of the enterprise to domain-specific artifacts such as Word documents representing memos to customers. However, in contrast to the data stored in “mission critical” information systems such as logistics systems, inventory systems, order processing systems, customer service systems, and other “glass house” applications, the unstructured and semi-structured information stored in the enterprise file systems is largely “unmanaged.” It is perhaps backed up but little or no effort is made to understand what the information is, what its relevance or importance to the business might be, or even whether it is appropriately secured.
As examples, assuming that a user ‘Idunno’ has stored unauthorized and illegal copies of MP3 music files in a “home directory” on some file server that belong to a corporation ‘Big Corp’ where Idunno works. In doing so, Idunno has perhaps violated a corporate policy of Big Corp stating that no MP3 files are to be stored on the network. However, since the “home directory” is not visible to the system managers, the system managers have no knowledge to this violation, nor any automated means of remedying the situation. Even in the event that the system managers are able to episodically inventory the file systems for such violators, they are often loathe to automatically take appropriate actions (e.g., deleting) on such offending files. The reason is that, more often than not, while they have the responsibility for enforcing such policies, they do not have the authority to do so. To remedy this, the end-user (i.e., the file owner—in this example, Idunno) or some other responsible party must be brought “into the loop.” Other examples of file management policies might include: documents relating to patients' individual medical conditions within a healthcare provider business might be stored in such a way that perhaps would violate the privacy and/or security constraints of HIPAA; or financial documents within the finance operation of a Fortune 2000 company might be stored in such a way that perhaps would violate both regulatory requirements under the Sarbanes-Oxley Act of 2002 and internal corporate governance considerations.
Embodiments disclosed herein provide a practical and effective solution to enterprise policy management. One embodiment of the invention builds and maintains an out-of-band file system metadata warehouse (or repository) for use in file management applications such as the automated implementation and application of file management policies. A file system metadata repository according to embodiments disclosed herein is configured to store both dense (i.e., common to all objects) and sparse (i.e., uncommon or even unique to a single object) attribute-value data for files and directories residing in various file systems.
In one embodiment, several kinds of metadata are considered: typical file system attributes such as size, owner, various measurements of “age,” and so on; content-specific metadata such as the presence or absence of various keywords (or combinations of keywords) within documents; synthetic attributes such as mathematical checksums or hashes of file contents; and higher-level “semantic” attributes that serve to classify and categorize files and documents, such as for the purpose of automated application of appropriate policies. Other forms of metadata can also be used in conjunction with embodiments of the invention.
In one embodiment, four functions are involved: collection of metadata; storage of metadata; access to metadata for the purpose of reporting and ad hoc queries; and taking action on the cataloged files and directories based on the metadata stored in the metadata repository.
One of ordinary skill in the relevant art will appreciate that each of these functions involves unique challenges, for example:
To address these unique challenges, embodiments disclosed herein employ a “harvester”, which can be implemented, for example, via a set of computer instructions stored on a computer readable storage medium and executable by a processor to harvest file system metadata. The harvester according to embodiments disclosed herein harvests file system metadata via network file system protocols, encapsulating both the common harvesting operations and the file system protocol-specific mechanisms in a single, integrated data collection facility.
Embodiments disclosed herein utilize file system metadata harvested across network file systems and stored in a metadata repository to implement automated and semi-automated policy enforcement against managed file storage(s). More specifically, the harvested file system metadata is utilized to drive programmable actions on managed objects in the file systems in accordance with enterprise policies. Each policy may comprise one or more rules that tie a certain condition to a certain action. These rules may be user-defined. In one embodiment, the metadata repository is optimized to support the automated and/or semi-automated application of file management policies over managed objects in the file systems. In implementing automated or semi-automated policy enforcement over files and directories, it is desirable to separate the notion of the objects that may be acted upon (the files and directories and the metadata about them) from the set of actions which may be taken on such objects. Disclosed is a generic design by which arbitrary metadata associated with files and directories may be used to trigger arbitrary actions taken on those files and directories.
Embodiments disclosed herein may provide many technical advantages. For example, both sparse and dense attributes are considered. By considering both “sparse” attributes of high semantic value as well as the traditional “dense” attributes, a much higher semantic level of policy management may be obtained. Moreover, it unifies management of metadata over all file and directory assets and maintains a *persistent* and persistently useful metadata repository of all such metadata.
Additional objects and advantages of the present invention will become apparent to one skilled in the art upon reading and understanding exemplary embodiments described herein with reference to the following drawings.
For a more complete understanding of the present invention and the advantages thereof, reference is now made to the following description taken in conjunction with the accompanying drawings in which like reference numerals indicate like features and wherein:
Embodiments disclosed herein can comprise systems and methods for managing file systems and can provide a programmable file system with active rules and policies, an n-tier network file system, a stack organized file system, a union file system with write-through semantics, a file system middleware with selective delegation, a file system with a statistical warehouse and/or other management functionality.
Similarly, server 104a can include a processor 212, a network interface device 214 coupled to processor 212 to connect to and interface with network 101, and a computer readable storage medium 216 (e.g., RAM, ROM, optical disk, magnetic storage medium and/or any other computer readable storage medium) coupled to processor 212 storing a set of computer readable instructions 218 (“server program 218”) executable by processor 212. Server 104a can also be coupled to an attached storage media device 106a via a second communications interface 220 (e.g., Ethernet connection, internal or external modem or other interface known in the art) and can maintain a file system for storage media device 106a.
Client program 208 and management program 218 communicate over network 101 by exchanges of file system requests (represented by line 314) and file system responses (represented by line 316). The mechanism by which such an exchange occurs is known as the network file system protocol. Embodiments disclosed herein can employ any network file system protocol known in the art. When client application program 302 wishes to access a media storage device, client application can generate a request to access the storage device. File system client program 304 can intercept the request and direct it over network 101 (e.g., through network interface program 306), thus generating file system request 314. Network interface program 312 can receive the request and direct it to file system management program 310, which can then perform the requested operation on data 311. Upon completion of this operation, file system server 310 can construct response 316 and direct it back to client program 208 by way network 101. Network interface program 306 receives this response and directs it to file system client program 304, which in turn responds to waiting client application program 302, thus completing the transaction.
Server program 218 at server 104a can include a file system manager 401, a network interface program 312 and a rules engine 402 that can access a rules base 404. While shown as a local to file system management program 401 in
File system manager 401 can provide a file system for storage media device 106a. In other words, file system manager 401 can present a file system interface to file system clients and implement the appropriate interfaces and integrations necessary to communicate with and manage data storage on an underlying storage medium (e.g., media storage device 106a). When client application program 302 wishes to access media storage device 106a, client application can generate an access request. File system client program 304 can intercept the request and direct it over network 101 (e.g., through network interface program 306), thus generating file system request 406. Network interface program 312 can receive the request over network 101 and direct it to file system manager 401. The file system request can include a requested operation and the data, such as a file, upon which the operation is to take place. In one embodiment, when file system manager receives the file system request from file system client program 304, file system manager 401 can pass the requested operations and/or data affected by the operation (e.g., files) to rules engine 402 which can compare them against rule base 404. Rules engine 402 determines which, if any, of the rules in programmable rules base 404 specify a pattern that matches the requested operation and/or the data upon which the operation is to take place. Rules engine 402 can then either execute any actions associated with matching rule or defer the execution of the action by an arbitrarily defined time interval.
Rules engine 402 can then respond to file system manager 401. If rules engine 402 executed an action based on a rule, the response may be the result of that action. Based on the rules engine response, file system manager 401 can determine whether to continue with the operation requested by file system client program 304 or terminate the operation. If file system manager 401 proceeds, file system manager 401 can perform the requested operation on the underlying storage medium and return a file system response 408. File operations from the file system request can be synchronously or asynchronously compared against programmable rules base 404 to determine if any actions need to be taken based on a rule. The actions can be arbitrarily defined and, thus, the aggregate behavior of the file system provided by file system manager 401 can be determined by rules that are defined for it.
Action 506 can occur in-band or out-of-band. In-band actions can happen generally synchronously with the requested operation and may affect the success or failure of the operation or modify it a predefined manner. Out-of-band actions, on the other hand, can occur asynchronously with respect to the requested operation and do not impact the success or failure of the operation, but may modify the state of the data in the underlying storage medium (e.g., media storage device 106a) or take other arbitrary action subsequent to the completion of the requested operation.
If, at step 608, the rules engine determines that the file system request does not match a pattern, the rules engine can return a response to the file system manager (step 612). If, however, at step 608, the rules engine determines that the file system request does match a pattern, the rules engine can determine if the action associated with the pattern should be performed in-band. At step 610, the action can be executed by the rules engine. The action can be an arbitrarily complex action and can include for example, changing data in the underlying media storage device, changing the structure of the file system (e.g., changing directories or file names), generating errors, modifying the requested operation or any other programmable action. The rules engine can, at step 612, return a response to the file system manager that can be based on the actions.
Continuing with the previous example of saving an .mp3 file, the rules engine, at step 608, can determine that the request to save a .mp3 file matches the pattern for the no .mp3 file rule (e.g., the request contains the save operation and .mp3 data). At step 609, the rules engine can determine that an in-band the action of returning an error should occur in-band and can generate the error message at step 610. At step 612, the rules engine can return the error message to the file system management program.
Based on the response from the rules engine, the file system manager can, at step 614, determine whether to proceed with the requested operation (either modified or unmodified by the rules engine). In one embodiment, the determination of whether to perform a requested operation can be based on the response from the rules engine. Thus, for example, the rules engine can specify that an operation not take place because a client program (or particular user) is not authorized to perform an operation. The file system manager can, on the other hand, perform the requested operation (step 616) and at step 618 return a file system reply to the file system client program, thus completing the file system transaction. Additionally, the file system manager can return a reply (step 618), such as an error, if the file system manager did not proceed with the requested operation (as determined at 616). In the previous example, the file system manager can determine that the operation of saving the .mp3 file should not continue based on the response from the rules engine and can send an error message to the file system client program in the file system response.
If, at step 609, the rules engine determines that an action was to be performed out-of-band, the rules engine can execute the action at step 620. Because the action is executed after the performance of the requested operation, performance of the action does not affect the success or failure or modify the requested operation. However, the out-of-band action can modify the state of the data in the underlying media storage device or take other arbitrary actions subsequent to the completion of the operation. For example, if the non .mp3 rule was a rule defining an out-of-band action (as determined at step 609), the action executed at step 620 can be, for example, to delete an .mp3 file saved on the underlying storage medium after the operation of saving the .mp3 occurred.
Embodiments disclosed herein provide a system and method for programmable file system with active rules that can enable the automated and proactive enforcement of administrative policies regarding file system unitization (e.g., controlling types of data that can be saved/downloaded), access control and security and so on. Moreover, as would be understood by one of ordinary skill in the art, because the rules are programmable, sophisticated provisioning, storage routing and new file system applications can be implemented. Additionally, this can allow a system administrator to define rules, such as no .mp3 files, and have those rules enforced by the file system.
Embodiments disclosed herein provide advantages over prior art file system systems and methods. In conventional file system systems and methods, particularly Microsoft® Windows based file systems, each file is associated with an access control list (“ACL”) that contains a set of users or groups and the list of permissions associated with the users or groups. The permissions include items such as read, write, delete, append. In UNIX-based systems, each file is associated with the user and a group of users. For each file there typically is a read bit, write bit, and an execute bit. When a file system management program receives a file system request, in conventional systems, the file system management program will determine the user making the request and the permissions associated with that user either from the ACL or the permissions bits to determine if the operation can be performed. The permissions in conventional file system systems and methods generally define only a limited number of actions that can be taken through the file system. In other words the security features of conventional file systems are hard coded and the set of actions cannot be expanded beyond what is included in the original file system implementation. Embodiments disclosed herein, on the other hand, allow administrators of the file system to program the file system behavior by programming arbitrary actions and associating those actions with patterns.
According to another embodiment, a file system statistical warehouse can be provided. Embodiments disclosed herein can collect an arbitrary, user defined set of file system statistics on the file system operations and/or static or dynamic file system metadata. This collection may happen in either synchronously or asynchronously with file system activity. The collected data can be stored in an active statistical database. User-defined redaction methods can continuously filter and transform the statistical database to produce and maintain aggregate statistical values for the purpose monitoring on and reporting against file system capacity accesses utilization and so on.
Server program 218 at server 104a can include a file system manager 702, a network interface program 703, a synchronous collection agent 704, an asynchronous collection agent 706, a data warehouse 708, a redaction agent 710 and a summary agent 712. While shown as a local to file system management program 702 in
File system manager 402 can provide a file system for storage media device 106a. In other words, file system manager 702 can present a file system interface to file system clients and implement the appropriate interfaces and integrations necessary to communicate with and manage data storage on an underlying storage medium (e.g., media storage device 106a). The file system can use file system metadata to catalog data represented by the file system. When client application program 302 wishes to access media storage device 106a, client application program 302 can generate an access request. File system client program 304 can intercept the request and direct it over network 101 (e.g., through network interface program 306), thus generating file system request 706. Network interface program 312 can receive the request over network 101 and direct it to file system manager 702. The file system request can include a requested operation and the data, such as a file, upon which the operation is to take place.
In one embodiment, synchronous collection agent 704 can gather a predefined set of file system metadata. The file system metadata can include any file system metadata associated with the data in the underlying storage medium that is affected by the requested operation, metadata that describes the requested operation or any user defined file system metadata that can be gathered from the file system. Within the gathered file system metadata will be one or more pieces of metadata of interest. That is, there will be one or pieces of metadata to which a heuristic will be applied to generate a statistic of interest. Synchronous collection agent 704 can store the file system metadata in data warehouse 708. Alternatively, asynchronous collection agent 706 can collect file system metadata asynchronously with file system operations (i.e., after an arbitrary time delay). Asynchronous collection of file system metadata can occur, in one embodiment, according to a predefined schedule. The file system metadata entered at any given time, represents a snapshot of a file system statistic of interest. Depending on whether the file system metadata is entered by asynchronous collection agent 706 or synchronous collection agent 704, data warehouse 708 represents a time-varying view of the underlying file systems over continuous or discrete time intervals. Summary agent 712 can apply user-defined heuristics to the file system metadata to generate various file system statistics of interest and redaction agent 710 can integrate the file system statistics into a dynamically maintained time series.
As an example, assume data warehouse 708 is maintained as a database and each file within a set of files of interest (e.g., a set of files on storage medium 106a) is represented in data warehouse 708 by records in a set of tables. Furthermore, each attribute of a file is associated with a record in a separate table. That is, each attribute for a file is stored in a separate table and each file having that attribute is represented by a separate record. Table 1 is an example of various pieces of file system metadata that can be collected by or generated by synchronous collection agent 704 or asynchronous collection agent 706.
In Table 1, each file of interest contains a Path and Last Access Time attribute that can be represented by the Path and Last Access Time tables. The Harvests attribute can be generated by the collection agent to record the time when a particular set of file system metadata was collected. Each record in the Path or Last Access Time tables sharing a common harvestID is, therefore, collected in the same run of the synchronous or asynchronous collection agent. The fields of fileID, parentPath, localName and atime can be collected from the file system metadata maintained by file system manager 702. Thus, based on an operation synchronous and/or asynchronous collection agents can gather predefined sets of file system metadata. For the sake of example, it will be assumed that there are two harvests: harvest1 and harvest2. In this case, the harvestID can act as an attribute to group the collected metadata into one or more groups. Each group can contain one or more pieces of file system metadata of interest and/or other metadata.
Table 2 represents an example summary table that can be generated by summary agent 712 to maintain a file system statistic of interest. In this case, the file system statistic of interest is last access time. This can based on the metadata of interest in the Harvest1 group “atime” from the Last Access Times Records.
In this example, summary agent 712, given a time interval to target, can find the harvestIDs for all harvests that occurred during the interval from the harvestID table. Based on the harvestIDs, summary agent 712 can then find all the records associated with the harvest of interest (e.g., harvest1). In other words, the summary agent can find each of the pieces of metadata of interest associated with a particular attribute (e.g., the harvest1ID). Summary agent 712 can summarize the at least a portion of the metadata of interest in that group by applying predefined heuristics to one or more of the groups of metadata. For example, summary agent 712 can collect all of the LastAccessTime records associated with the harvest1. For each such record, summary agent 712 can allocate the record to an “age bucket” as defined by a heuristic by, for example, subtracting the metadata of interest “atime” value from each such record from the current time. For each record it identifies with a bucket, summary agent 712 can increment a count in the record LastAccessTimeSummary that is associated with the harvestID and age bucket. Thus, the harvest agent can apply the set of heuristics to the metadata of interest (“atime”) in a particular group (e.g. “harvest1”). Summary agent 712 can then provide a list of metadata of interest to redaction agent 710. This can be done, for example, by providing a list of records that contain the metadata affected by the set of heuristics (i.e., by providing a list of records that contain the “atime” metadata and the harvest1 attribute).
Table 3 illustrates an example of a redactions table that can be maintained by redaction agent 710.
Redaction agent 710 can operate as a “garbage collection” agent to remove metadata or records from data warehouse 708. Conventional garbage collection agents simply remove information as they receive records. This can lead to purging of information from a database while the information is still referentially live.
To avoid this, redaction agent 710 can maintain a table which includes first-class references indicating which meta data has been redacted by for example maintaining a list indicating which attribute table/harvest pairs have been redacted. Each record in the redactions table can, in one embodiment, include a full list of dependencies. The list of dependencies can list each table containing records associated with the harvest of interest. In other words, the redaction agent can maintain a listing of the particular pieces of metadata of interest, based, in one embodiment, on record names, that are in a particular group.
As the redaction agent is told to purge records about a given harvest from a particular table, it can remove the table from the list of dependences but does not purge the table. Once the dependencies field associated with that harvest field is empty the redaction agent knows that is has been told to purge all records associated with the harvest of interest. Thus, the redaction agent can determine which pieces of metadata of interest in a particular group (e.g., the harvest1 group) have impacted by the application of a set of heuristics and can purge a group of metadata once all the pieces of metadata in that group have been so impacted.
As an example, assume there are two harvests having the HarvestIDs harvest1 and harvest2 (e.g., two groups of gathered metadata). Each harvest can have several records in the Path Name table and Last Access Time table. The dependencies list maintained by redaction agent 710 can list the Last Access Time table and the Path Name table for each of harvest1 and harvest2. In other words, redaction agent 710 can maintain a representation of the sets of file system metadata (e.g., records) that contain the predefined attribute harvest1 or harvest2 by listing the tables that contain records having those attributes. This indirectly indicates the pieces of metadata of interest (i.e., the pieces of metadata to which a heuristic will be applied) to the redaction agent. If summary agent 712 summarizes access times for Harvest1 it can send a list of records from Last Access Time table that correspond to Harvest1 to redaction agent 710. Since the Last Access Time table includes at least one of the pieces of metadata of interest (e.g., “atime”), the redaction agent will know that the “atime” attribute has been impacted by the application of heuristics. Because it has been told which records to purge, redaction agent 710 can remove the Last Access Time table from the dependencies list associated with Harvest1.
Thus, as the sets of metadata corresponding to the predefined attribute harvest1 are processed, redaction agent can remove the representation of those sets of metadata (the table name) from the list of dependencies associated with the predefined attribute Harvest1. However, since the Path Name table remains in the dependencies list for Harvest1, redaction agent 710 will not immediately purge the records corresponding to Harvest1. This is because summary agent 712 has not yet performed a summary that impacted the metadata of interest in the Path Name table. If summary agent 712 then performs a summary that requires records corresponding to Harvest1 from the Path Name table, it can send a list of those records to redaction agent 710. Again, redaction agent 710 can remove the representation of the sets of metadata (e.g., the Path Name table name) from the list of dependencies associated with the Harvest1 attribute as the sets of metadata (e.g., the records) containing the Harvest1 attribute have been processed. Because the list of dependencies associated with the Harvest1 attribute is now empty, redaction engine 710 can purge all the records from the Path Name table and the Last Access Time table that correspond to the attribute Harvest1. However, since the Last Access Time table and Path name table are still listed in the dependencies table for Harvest2, the redaction agent will not purge records relating to Harvest2.
Redaction agent 710 can thus maintain, directly or indirectly, a list of the metadata of interest (i.e., the metadata in a group to be impacted by the application of heuristics) and, when all the metadata of interest in a group has been impacted by the application of a heuristic, can purge the group. It should be understood that synchronous and asynchronous collection and redaction can happen in parallel with each other. Concurrency control is provided by database mechanisms in the usual way. It should be noted that the redaction agent or agents can continuously and iteratively operate on the database in order to maintain a current statistical view of file system operations while ensuring that the database remains a manageable size.
As would be understood by one of ordinary skill in the art, the present invention allows the automated transformation and archival of static log data about file system activity into dynamically maintained, user definable time series data about file system statistics of interest. The present invention provides advantages over prior art systems because, in traditional file system logging techniques, the collection and storage of file system metadata becomes untenably burdensome because the logs grow quickly and consume a large amount of storage capacity. Embodiments disclosed herein, on the other hand, provide the ability to both collect file system metadata and dynamically redact or “historize” it to allow ongoing file system statistics to be maintained while reducing the required amount of storage capacity.
At step 756, it can be determined if each of the pieces of metadata of interest for a particular group have been impacted by the application of a heuristic (i.e., if all the metadata of interest for a group has been summarized). Again, in the example of
If all the pieces of metadata of interest for a group have not been impacted additional heuristics can be applied. For example, if a heuristic is applied to the “atime” metadata of interest to develop age buckets, as described in conjunction with
If, on the other hand, it is determined that all the metadata of interest in a group has been summarized (i.e., impacted by a heuristic) control can pass to step 758 and the metadata for a particular group can be purged from the statistical warehouse. The steps of
In the above examples, active rules and a statistical warehouse are applied to a two-tier architecture. However, it should be understood that each can employed in an n-tier architecture having three or more tiers.
Similarly, server 804a can include a processor 912, a network interface device 914 coupled to processor 912 to connect to and interface with network 801, and a computer readable storage medium 916 (e.g., RAM, ROM, optical disk, magnetic storage medium and/or any other computer readable storage medium) coupled to processor 912 storing a set of computer readable instructions 918 (“server program 918”) executable by processor 912. Server 804a can also be coupled to an attached storage media device 806a via a second communications interface 920 (e.g., Ethernet connection, internal or external modem or other interface known in the art) and can maintain a file system for storage media device 806a.
Intermediate device 815 can similarly include a processor 922, a communications interface device 924 (internal or external modem, Ethernet interface and/or any other network interface known in the art) coupled to processor 922 to connect to and interface with network 801, an a computer readable storage medium 926 (e.g., RAM, ROM, optical disk, magnetic storage medium and/or any other computer readable storage medium) coupled to processor 922 storing a set of computer readable instructions 928 (“intermediary program 928”) executable by processor 922. Intermediary device 815 can include other computer components known in the art. Another embodiment of intermediary device 815 is illustrated in
Server program 918 at server 804a can include a file system management program 1010 and a network interface program 1012. File system management program 1010 can provide the file system for storage media device 806a. In other words, file system manager 1010 can implement a file system for the associated media storage device to represent the block level storage on storage media device 806a. File system management program 1010 and network interface program 1012 can be implemented as a single program, modules of the same program, separate programs or in any other suitable programming manner, as would be understood by those of ordinary skill in the art.
Intermediary program 928 at intermediary device 815 can include an intermediary file system server program 1014, a middleware program 1016, an intermediary file system client program 1018 and a network interface 1020. It should be noted that intermediary program 928 can include a client facing interface 1020A and a server facing interface 1020B. Client facing interface 1020A can include any file system protocol implementation known in the art including CIFS and/or NFS. Server facing interface 1020B can also comprise any file system protocol implementation known in the art. To clients, such as client 802a, intermediary device 815 appears as a server and to servers, such as server 804a, intermediary device 815 appears as a client. It should be noted that server facing interface 1020B can employ a different network file system protocol than client-facing interface 1020A. In such a case, intermediary program 928 can perform arbitrary protocol translation and bridging between the different network file system protocols. While shown separately in
In operation, intermediary file system server program 1014 can present a union file system or virtual file system that represents the file systems presented by underlying file system server programs (e.g., file system server program 1010). When client application 1002 wishes to access a file or directory that it “sees” on the union file system, client application 1002 can generate a request. The application's request can be intercepted by file system client program 1004, which can generate an original file system request. The original file system request, represented by line 1022, is directed to intermediary device 815.
Intermediary device 815, via client facing interface 1020A receives the request and forwards the request to intermediary file system server program 1014, which can refer the request to middleware program 1016. Middleware program 1016 can take a variety of actions in response to the original request including determining which server should receive a request and passing the request modified or unmodified to intermediary file system client 1018. Intermediary file system client 1018 can then generate a proxy request, represented by line 1024, and direct it to the appropriate server (e.g., server 804a) via server facing interface 1020B. The proxy request can be the same as the original request or be arbitrarily modified from the original request. In one embodiment, intermediary program 928 can arbitrarily delay generating the proxy request.
At server 804a, file system server program 1010 can take the appropriate action based on the request, such as reading or writing to media storage device 106a and send an original response, represented by line 1026, to intermediary device 815. At intermediary device 815, network interface 1020 can receive the original response and pass the response to intermediary file system client, which can, in turn, pass the original response to middleware program 1016. The original response can be modified or unmodified at middleware program 1016 and passed to intermediary file system server program 1014, which can, in turn, generate a proxy response. File system server program 1014 can send the proxy response, represented by line 1028, to file system client program 1004. The proxy response can then be forwarded to client application 1002. In one embodiment, intermediary program 928 can also arbitrarily delay sending the proxy response to file system client program 1004.
Traditional file system implementations discourage decoupling clients from servers due to concerns about preserving expected file system semantics. Intermediary program 928 can, in one embodiment, maintain the expected semantics at all times. This can be done, for example, by disallowing or modifying operations which might result in an inconsistent or unexpected state. As would be understood by one of ordinary skill in the art, this can be accomplished through defining all operations implemented by the client-facing interface in terms of the operations provided by the server facing interface.
File system server 1010 on server computer 804a then responds to request 1110 by issuing response 1114 to file system client 1018 on intermediary device 815. The client program 1018 responds to request 1108 by response 1116, causing middleware program 1016 to respond to its request 1106 with response 1118. This response 1118 may be arbitrarily unlike or like the response from the actual server, according to the program of the middleware program 1016. One skilled in the art will appreciate that this allows the middleware program to implement arbitrary policies, data transformations, and other operations, effectively modifying the view and behavior of the file system server as seen by the client. The middleware program 1016 responds to its request 1106 with response 1118; the file system server 1014 the responds to its request 1104 by issuing response 1120 to the file system client 1004 residing on client computer 802a. Finally, the client program 1004 responds to the original request 1102 by issuing response 1122 to client application 1002. Thus the transaction is completed in a n-tier network file system architecture, where in this example n=3.
In another embodiment, intermediate program 928 can delegate some of the request/response transactions to an underlying origin fileserver.
Server program 918 at server 804a can include a file system management program 1010 and a network interface program 1012. File system management program 1010 can provide the file system for storage media device 806a. In other words, file system manager 1010 can implement a file system for the associated media storage device to represent the block level storage on storage media device 806a. File system management program 1010 and network interface program 1012 can be implemented as a single program, modules of the same program, separate programs or in any other suitable programming manner, as would be understood by those of ordinary skill in the art.
Intermediary program 928 at intermediary device 815 can include an intermediary file system server program 1014, a middleware program 1016, an intermediary file system client program 1018 and a network interface 1020. It should be noted that intermediary program 928 can include a client facing interface 1020A and a server facing interface 1020B. Client facing interface 1020A can include any file system protocol implementation known in the art including CIFS and/or NFS. Server facing interface 1020B can also comprise any file system protocol implementation known in the art. To clients, such as client 802a, intermediary device 815 appears as a server and to servers, such as server 804a, intermediary device 815 appears as a client. It should be noted that server facing interface 1020B can employ a different network file system protocol than client-facing interface 1020A. In such a case, intermediary program 928 can perform arbitrary protocol translation and bridging between the different network file system protocols. In addition, intermediary program 928 can include a delegation manager 1202.
While shown separately in
In operation, intermediary file system server program 1014 can present a union file system or virtual file system that represents the file systems presented by underlying file system server programs (e.g., file system server program 1010). When client application 1002 wishes to access a file or directory that it “sees” on the union file system, client application 1002 can generate a request. The application's request can be intercepted by file system client program 1004, which can generate an original file system request. The original file system request, represented by line 1022, is directed to intermediary device 815.
Intermediary device 815, via client facing interface 1020A receives the request and forwards the request to intermediary file system server program 1014. Delegation manger 1202 can determine whether to delegate or service any given request based on any arbitrarily defined criteria. If delegation manger 1202 determines that a request should be serviced, middleware program 1016 can take a variety of actions in response to the original request including determining which server should receive a request and passing the request modified or unmodified to intermediary file system client 1018. Intermediary file system client 1018 can then generate a proxy request, represented by line 1024, and direct it to the appropriate server (e.g., server 804a) via server facing interface 1020B. The proxy request can be the same as the original request or be arbitrarily modified from the original request. In one embodiment, intermediary program 928 can arbitrarily delay generating the proxy request.
At server 804a, file system server program 1010 can take the appropriate action based on the request, such as reading or writing to media storage device 106a and send an original response, represented by line 1026, to intermediary device 815. At intermediary device 815, network interface 1020 can receive the original response and pass the response to intermediary file system client, which can, in turn, pass the original response to middleware program 1016. The original response can be modified or unmodified at middleware program 1016 and passed to intermediary file system server program 1014, which can, in turn, generate a proxy response. File system server program 1014 can send the proxy response, represented by line 1028, to file system client program 1004. The proxy response can then be forwarded to client application 1002. In one embodiment, intermediary program 928 can also arbitrarily delay sending the proxy response to file system client program 1004.
If delegation manager 1202 determines that an operation is to be redirected, it can generate a redirect reply (represented by line 1204) informing client program 928 to contact fileserver 804a directly. Based on the redirect reply, fileserver client program 1004 can generate a new request to fileserver program 1010 (represented by line 1206). File system management program 1010 can then perform the requested operation and, upon completion construct response 1208 and direct it back to client program 908. File system client program 1004 can forward the response to waiting client application program 1002, thus completing the transaction.
At step 1408, the intermediary program and perform any arbitrary modifications to the request and, at step 1410, direct the request (modified or unmodified) to the origin fileserver (or other intermediary program). The origin fileserver, at step 1412 can perform the requested operation and direct the response back to the intermediary program (step 1414). The intermediary program can perform arbitrary modifications (step 1416) and direct the response (modified or unmodified) to the requesting client (step 1418). At step 1420, the transaction can be completed.
If, at step 1406, the intermediary program determined, on the other hand, that the received request should be delegated or redirected, the intermediary program can send a reply to the originating client program directing the originating client program to send a new request directly to the origin fileserver or other intermediary program. The client program can then generate and communicate a new request to the origin fileserver or other intermediary program (steps 1424 and 1426). At step 1428, the origin fileserver can perform the requested operation and return a response to the requesting client program (step 1430). The transaction can be completed at 1420. At step 1432 the process of
As noted in conjunction with
In one embodiment, volumes 1508 and 1510 can be provided to intermediary program 928 according to any procedure known in the art, including mounting. According to one embodiment, intermediary program can organize the volumes into stacks (referred to as “stack mounting”), such as stack 1550. In stack mounting, the volume on top of the stack will trump volumes lower on the stack to the extent they overlap. To further explain, assume that intermediary program 928 selects srv1 as the top of the stack. It should be noted that for purposes of this discussion the “'” notation indicates the intermediary program's view of the corresponding item in the stack organization. The basic structure for the export space can be defined by intermediary program 928 as shown in
The volumes can be arbitrarily organized in the mapspace. In one embodiment, the volumes can be organized in “stacks” as described in conjunction with
In one embodiment, the intermediary program makes the file system(s) rooted at “/exports” available to clients while using the stacked file system 1550 to dispatch file operation onto the appropriate fileservers and origin file systems by way of the import space paths “/import/srv1/” and “/import/srv2/”. As an example, if a client makes a request to perform an operation on “/export/srv1/C/file4”, the intermediary program can use stack 1550 to map that request to /import/srv2/C/file4″. As another example, if a client makes a request to perform an operation on “/export/srv1/B/file2”, the intermediary program can map the request to “import/srv1/B/file2”. It should be noted, in one embodiment, the command will not be mapped to “import/srv2/B/file2” because srv1, which also contains “/B/file2” is higher in the stack. It should be further noted that multiple export file systems can be defined with different export file systems being presented to different clients. In this manner, access control can be implemented at the intermediary device.
As would be understood by one of ordinary skill in the art, embodiments disclosed herein provide the ability to flexibly organize and reorganize the virtual file system as viewed by clients without impacting the client or the underlying servers. An export space can be arranged in such a way that it abstracts away from the details of the underlying servers' file systems as seen by the client, while at the same time being decoupled from the servers' own organization. The intermediary program can manage the file system export space in terms of file system paths independent from either clients or servers. The intermediary program thus provides a logically centralized point of control and organization for file system resources independent of the particulars of the physical file systems' organization and distribution.
In one embodiment, an intermediary program can employ a write-through stacking file system. One deficiency of previous attempts to stack mount file systems has been that data could only be written or manipulated in the top stack. For example, if a client application requested to update “foo/3”, a new “foo/3” would be created in the top stack and be propagated to “srv1/foo/” rather the to the place the file 3 existed before the operation (i.e., at “srv2/foo/3”. Similarly, if an operation is requested to create a file 5 in “/foo/baz” a new “/baz” directory and file 5 (e.g., “/foo/baz/5”) will be created in the srv1 volume. One embodiment, on the other hand, can write changes through to directories and files on lower levels of the stack. This can be done for example, by maintaining a mapping of export space paths to import space paths and mapping an operation to an export space path to the corresponding import space path that is highest in the stack. Thus, when an operation which creates, deletes, or updates a particular file is received by the intermediary program, the intermediary program can pass the operation along to the underlying topmost file system in which the file or its innermost directory is found. Using the example of file 3, if an operation is received to modify file 3 (e.g., “/foo/3”, the intermediary program can pass the operation to file system 1710 because file system 1710 is the topmost file system in which file 3 is found. Similarly, if an operation is requested to create a file 5 in “/baz/”, the operation can be passed to file system 1710 because file system 1710 is the topmost directory that contains the “/baz” directory. The ability to write operations through to various layers of the file system stack can be referred to as “write-through semantics.” This is represented in
As would be understood by one of ordinary skill in the art, when an operation to delete a file is passed to the topmost layer of the stack containing that file, identically named files in the lower layers may become visible. For example, if an operation is requested to delete file 1730, file 1735 may become visible. This is contrary to the expected semantics of file systems; when a file is deleted, a new version of the file with the same name, and possibly different metadata and data, is not typically expected to become visible. This can be especially problematic if file 1735 is an older version of file 1730. One embodiment can eliminate, or at least reduce, this problem by the use of white-out flags.
In general, write through semantics with white outs can be implemented in a variety of manners.
One skilled in the art will appreciate that the pseudocode above represents without loss of generality a specific but nonexclusive embodiment in terms of the specific semantics of UNIX file systems. Alternative implementations of the same semantics both on UNIX file systems and elsewhere are possible.
The secondary storage controller 2408 connects some storage media 2410 such as a hard drive, CD-ROM, floppy, tape drive, optical storage medium, memory or other storage device to the main processor 2404 by way of the main bus 2402. The main processor 2404 communicates with the secondary storage controller 2408 by way of the main bus 2402, and the secondary storage controller 2408 is used to read and/or write the storage media 2410 on behalf of the main processor 2404.
Intermediary device 2400 may communicate with other computers by way of a network. This is accomplished by attaching a network interface 2416 to the network and attaching the network interface 2416 to a network controller 2412, and connecting the network controller 2412 to the main bus 2402. Software running on the main processor may then access other computers across the network in any of the conventional ways, e.g. by executing “protocols” which affect the transmission and reception of protocol data units, packets, etc. over the data transmission network. Although shown as a standalone device in
In some embodiments, intermediary device 2400 may be implemented as a network file system management device or appliance having a plurality of integrated software components. The software components, which can be stored in memory of various forms and executable by the main processor 2404, may operate to cause network file system management device 2400 to perform the following functions: (1) harvesting file and directory metadata from network file systems; (2) allowing reporting and ad hoc query functions over harvested metadata; (3) providing a mechanism that defines file management policies over managed storage(s) and that enables automated execution of such policies; (4) allowing such policies to trigger arbitrary actions which may change the state of the managed storage(s), such as, and without loss of generality, deleting files, compressing files, moving files, “flagging” files for backup, checking files into a document management system, indexing files for use in content search, generating reports, executing policies, and so on; and (5) providing a workflow model which allows human users to be included in the file management workflow such that they may be prompted for their approval before any given action are taken to bring the managed storage(s) into compliance with defined policies.
A skilled artisan will recognize that in addition to embodiments shown and described with reference to the drawings disclosed herein, other embodiments are possible. In particular, it is possible to compose components/subsystems described herein in various ways, for example, disabling certain of the functions (1)-(5) above. One embodiment described herein can address these functions (1)-(5) simultaneously. However, it should be understood that each of the subsystems (and each of the functions (1)-(5)) are independent of one another and embodiments of the invention can comprise a number of subsystems running any subset of these functions (1)-(5). Moreover, it should be noted that each of the functions (1)-(5) above and their corresponding subsystems and/or software implementations need not reside on a single computer or device. For example, in some embodiments, they can be distributed across multiple distinct computers. These functions will be described in greater detail below with reference to
Function (1): Harvesting File and Directory Metadata from Network File Systems.
In one embodiment, a network file system management device is configured with a software component referred to as a “harvester” for harvesting file and directory metadata from network file systems in a fast and efficient manner.
Components of harvester 2550 may reside on one or more computer systems. In some embodiments, queues between remote components may be configured to support some remote network interfaces capable of transmitting and receiving data across data transmission networks. Such a remote network interface can take many forms including industry-standard remote procedure call (RPC) protocols, hypertext transfer protocol (HTTP), Common Object Request Broker Architecture (CORBA), Distributed Component Object Model (DCOM), and so on. CORBA and DCOM are designed to support objects created in any language.
In the example of
In this embodiment, improver 2520 operates to synthesize or calculate any desired attributes that may be computed from the raw metadata collected by grazer 2510. As improver 2520 reads content out of grazer-improver queue 2501, it can improve, if necessary, the set of attributes associated with each metadata record for each file or directory. Improver 2520 is configured to perform a plurality of computations including checksums, hashes, basic file typing, and so forth. In one embodiment, all operations that interact with the file content directly are performed via improver 2520 to take advantage of cache locality on the file server.
Upon completion of “improvement” of each file or directory metadata, the transformed metadata record is placed in improver-populator queue 2502. Populator 2530 reads the improved metadata records from queue 2502 and inserts them into a metadata repository 2580 according to some scheduling heuristic. In one embodiment, this is done in a batch fashion so that a plurality of insertions can be combined into a single bulk upload to amortize the cost of the database operation across many metadata records. Other methodologies can also be used.
In some embodiments, scrubber 2560 may be included to read the metadata repository 2580 and make judgments about the “freshness” of the data in the metadata repository 2580 on an item-by-item basis. Depending upon the freshness of each item, scrubber 2560 may determine when to deprecate, expire, or otherwise garbage collect metadata.
In some embodiments, enricher 2570 may be included to perform metadata collection tasks: (a) that are likely to be lengthy and/or performance intensive, (b) that require interaction with the file system or other external system in some idiosyncratic fashion, and (c) whose purpose is the collection of “optional” metadata which is not required for the normal or baseline functioning of the system. Examples might include: high-level semantic classification of certain document types, full-text indexing of suitable documents, etc. In such cases, enricher 2570 may retrieve a list of enrichment candidates from metadata repository 2580, perform one or more desired enrichment operations, and update the associated metadata in metadata repository 2580.
For the sparse attributes (i.e., those attributes that are not shared by all files and directories in a file system), a single table exists for every attribute-volume-epoch combination. In
In some embodiments, summary tables may be included to provide pre-computed roll-ups, aggregates, or other computations over one or more node data tables and/or one or more associated attribute tables. Summary tables serve to minimize query time for queries involving these types of computations. Summary tables may be generated either in response to changes to the set of tables (e.g., adding a new node data table, etc.) or on-demand (e.g., whenever a “synthetic” summary attribute is first referenced in some query). They remain valid only as long as their referenced node data tables are still “fresh” and are deprecated and eventually garbage collected when their associated/referenced source tables are deprecated and/or garbage collected. An exemplary summary table 2621 is depicted in
Summary table metadata is maintained by the underlying system (e.g., system 2500) so that the system knows which summary tables correspond to which source node data tables or attribute tables. Summary table metadata is maintained via a Summary_Meta catalog table which records this information. The Summary_Meta information can be joined, linked, or correlated to the associated summary tables via the database's own metadata and data catalog facilities and/or through known naming conventions. An exemplary Summary_Meta catalog table 2631 is depicted in
In one embodiment, the management device is configured with network file system management software that allows for reporting and ad hoc query functions over harvested metadata.
In this embodiment, mount manager 2810 mounts file systems from file server or servers 2801 and interacts with them according to typical file system protocols. Mount manager 2810 provides the generic abstraction of file system interaction semantics that are common to most or all file systems.
In this embodiment, file system protocol adaptor 2812 provides interfaces to file system and protocol specific operations and semantics, for instance, obtaining and/or modifying Access Control Lists (ACLs) in file systems and protocols that support ACLs rather than more primitive permissions operations. File system protocol adaptor 2812 also provides interfaces to directory servers, authentication and authorization domain services, and so forth, on a per-file system protocol, per-domain basis.
In this embodiment, file system interface abstraction layer 2820 provides a common interface to both mount manager 2810 and file system protocol adaptor 2812 for use by higher-level components such as harvester 2550, analyzer 2860, and executive 2870.
In this embodiment, scheduler 2830 runs other components according to a configured schedule. Components that may be run by scheduler 2830 include harvester 2550, analyzer 2860, and executive 2870. Harvester 2550 makes use of file system interface abstraction layer 2820 to collect file and directory metadata from the managed network file systems 2540 and to aggregate it in metadata repository 2580 as described above. Analyzer 2860 utilizes the metadata stored in metadata repository 2580 to generate reports and stores them in report repository 2890.
Function (3): Providing a Mechanism for Defining File Management Policies over Managed Storage and Enabling Automated Execution of such Policies.
Referring to
An end user 2806 can view reports that have been generated by analyzer 2860 and stored in report repository 2890. This user review process is mediated by advisor 2805 which operates to render a user interface to user 2806. These reports may present user 2806 with a list of files and directories and a variety of options to act on them. If user 2806 chooses any of these actions, executive 2870 is informed of the chosen action(s). In response, executive 2870 proceeds to execute the chosen action(s) via file system interface abstraction layer 2820. It should be understood that the user interface presented by advisor 2805 may be a Web-based interface, a “thick client” interface, a command line interface, an active HTML-based e-mail interface, or any other form of user interface. It should also be understood that the chosen actions may be executed synchronously or asynchronously. In the latter case, they may be executed immediately or batched for later execution.
Function (4): Allowing Such Policies to Trigger Arbitrary Actions which May Change the State of Managed Storage(s).
After a management policy is defined over a managed storage/file system, it is then executed. The execution of a policy refers to taking a condition that conceptually lives in a repository, tying it to an action, and applying that action across managed objects (files and directories) in the managed storage(s) in an automated manner. Thus, in some embodiments, a policy may comprise one or more rules, each having a condition tied to an action. Exemplary actions may include, but not limited to, deleting files, compressing files, moving files, flagging files for backup, checking files into a document management system, indexing files for use in content search, etc. For example, a company policy may prohibit storing files exceeding 1 MB in size and files of a certain source type, each of which is tied to the act of deletion to be applied across managed file systems.
In one embodiment, the management device is configured with one or more filters or filtering mechanisms for triggering such actions. Referring to
Following the above example policy, suppose application of filter 2910 generates metadata records 2930 that match the defined condition of files exceeding 1 MB in size and files of a certain source type.
Function (5): Providing a Workflow Model which Allows Human Users to be Included in the File Management Workflow.
As described above with reference to
One of ordinary skill in the art will recognize that it is possible to implement the above-described functions (1)-(5) in various ways without departing from the spirit and principle of the invention. To illustrate, another set of embodiments will now be described with reference to
As mentioned above, each file or directory in a computing environment (e.g., a corporate computer network) that implements embodiments of the invention is regarded as a managed object. Utilizing methods and systems disclosed herein, the metadata of all (potentially tens of millions to billions) of these “managed” files and directories can be collected, stored, maintained, accessed, and used to enforce and manage policies applicable to those files and directories. The range and scale of such a policy management capability afforded by embodiments disclosed herein can be particularly useful in ensuring that all files and directories of an entity (e.g., a health care enterprise) are in compliance with applicable rules and regulations (e.g., HIPAA).
In embodiments of the invention, harvested metadata can encompass the full and unique (disjoint) semantics of each given file system protocol. As exemplified in
Other forms of metadata can also be used in conjunction with embodiments of the invention.
According to embodiments of the invention, policies can be expressed in terms of conditions and actions and conditions conceptually living in a repository can be expressed in terms of metadata. Thus, actions on managed objects (files and directories) may be tied to conditions through metadata. As described above, a policy may have a plurality of rules, each of which may require a certain action or actions to be taken if and when a certain condition is met or present. For example, assuming that a new regulation creates a condition in which all patient records are now considered “protected health information.” To comply with this new regulation, actions must be taken to protect files containing patient records. Utilizing embodiments of the systems and methods disclosed herein, an end user can define and execute a new policy that complies with the new regulation in a timely and efficient manner. Specifically, a user can define a policy that ties the condition (i.e., electronic patient records are protected health information) to an appropriate action (e.g., move files having a metadata “ePHI” on a volume “Public” to a secure volume “Private”). This new policy can be automatically applied to all managed objects across file systems of a managed enterprise platform.
Platform 3300 further comprises a metadata repository 2580 and a policy management system 3360. As described above, metadata repository 2580 stores harvested metadata of all managed objects (files and directories) of file systems 2540. In this example, policy management system 3360 comprises a harvester 2550 and an action framework 3370.
In this embodiment, action framework 2550 comprises a first component (events) 3372 and a second component (actions) 3374. Events 3372 provides typical event monitoring and routing functions and operates to assert events triggered by the generation of a new policy, which may include one or more policy rules, as well as changes made to an existing policy or policies. Actions 3374 comprises a plurality of subcomponents configured to perform various functions (e.g., transaction management, action routing, action adapter, etc.) and a plurality of actions (e.g., move, migrate, copy, delete, secure, notify, etc.) These actions are programmable. For example, each action can be programmed to perform under a certain specified condition to satisfy one or more policy rules. Each action can also be programmed to perform at a certain specified time or upon the assertion or occurrence of a certain event.
Harvester 2550 is configured to perform a plurality of functions similar to those described above with reference to
In this embodiment, file system abstraction layer/protocol adaptor 3365 can be seen as an integrated component that functions similar to file system abstraction layer 2820 and file system protocol adaptor 2812 described above with reference to
In this embodiment, file classes 3420 serves as a container of file classes, each of which consists of one or more metadata. Report cubes 3430 serves as a container storing metadata that are pulled out from metadata repository 2580 as views or snapshots of certain metadata records, such as those described above with reference to
In this example, action fabric 3370 is configured to perform a plurality of functions similar to those described above with reference to
As shown in
In this embodiment, federal layer 3510 comprises a plurality of components including Web application architecture 3410, file classes 3420, report cubes 3430, policies 3440, and metadata repository 2580. These “federal” components are similar to Web application architecture 3410, file classes 3420, report cubes 3430, policies 3440, and metadata repository 2580 described above with reference to
In this embodiment, local layer 3520 comprises one or more local systems, which can simultaneously function as stand-alone systems or as part of a federated file system. In
In the example shown in
Embodiments of a harvester disclosed herein can be implemented in various ways.
The plurality of interrogators 3352A, 3352B, 3352C, and 3352D may operate independently or cooperatively in performing the following functions: fetch or create a profile for each metadata record from volume ID, extract system metadata, extract security information, conduct directory (entity namespace) mapping, perform text conversion, determine and remove duplicates, extract keyword(s), extract raw (base) entities, extract text patterns, perform filtering (scoping), conduct proximity analysis and extraction, perform user level entity assertion, generate file classes, etc. Additional functions are possible. Moreover, not all functions listed herein are necessary. Some of the functions can be optional, for example, regular expression extraction, security extraction, user lookup, and hash calculation.
An artisan will appreciate that it is possible to decouple and implement functionality components disclosed herein in various combinations. For example, as illustrated in
In step 3902, harvested metadata are run through a first filtering mechanism (e.g., policy 3440) in real time and placed in volume metadata caches (e.g., 3931, 3933, 3935) residing in appliance 3930. In step 3903, synthetic metadata may be synthesized from raw metadata and content-based metadata may be generated. Harvested metadata, including raw system metadata, synthetic metadata, and content-based metadata, are transformed into a common representation as described above. In this case, each metadata “record” is comprised of a set of attributes associated with a file or directory that is being “harvested.” “Views” or snapshots of harvested metadata can be generated as described above with reference to
In step 3904, a batch policy process 3939 processes cached metadata (or metadata records) according to some policy rules and/or scheduling heuristic. These metadata records are processed in a batch fashion to minimize the cost of the database operation across vast metadata records. Other methodologies can also be used. In one embodiment, “fresh” or “current” metadata records and/or “views” thereof are placed in volume clusters (e.g., 3932, 3934, 3936) and made available to Web application architecture 3410 in step 3905. In this example, appliance 3930 further comprises application configuration 3938 for storing relevant application configuration parameters for Web application architecture 3410.
As described above, network file system protocols generally are not interoperable, which imposes many challenges in enforcing document workflow and retention policies in, for example, a corporate environment. Moreover, because file systems are quasi-hierarchical collections of directories and files, the notion of “triggers” and “stored procedures” are not available to file systems to ensure data correctness and integrity and to automate certain administrative and application-specific tasks. Embodiments of the invention described herein provide viable mechanisms that can address these challenges and configure a file system or systems to allow only particular content types or otherwise make decisions about what should be stored, where, and how, thereby facilitating intelligent and efficient policy management at an enterprise level, reducing business risks, ensuring regulation compliance, and promoting sensible, timely, and manageable control over vast electronic information.
Although the present invention has been described and illustrated in detail, it should be understood that the embodiments and drawings are not meant to be limiting. Various alterations and modifications are possible without departing from the spirit and scope of the invention. Accordingly, the scope of the invention should be determined by the following claims and their legal equivalents.
This is a continuation-in-part application of U.S. patent application Ser. No. 10/630,339, filed Jul. 30, 2003, now allowed, entitled “METHOD AND APPARATUS FOR MANAGING FILE SYSTEMS AND FILE-BASED DATA STORAGE,” which claims priority from Provisional Patent Applications No. 60/399,723, entitled “N-TIER NETWORK FILE SYSTEM MIDDLEWARE,” No. 60/399,828, entitled “UNION FILE SYSTEM WITH WRITE-THROUGH SEMANTICS,”, No. 60/399,830, entitled “FILE SYSTEM MIDDLEWARE WITH SELECTIVE DELEGATION,” 60/399,831, entitled “PROGRAMMABLE FILE SYSTEM WITH ACTIVE RULES AND POLICIES,” No. 60/399,872, entitled “FILE SYSTEM STATISTICAL WAREHOUSE,” No. 60/399,879, entitled “FILE SYSTEM MOUNT MANAGER WITH STACK MOUNTING,” all filed Jul. 30, 2002, and of U.S. patent application Ser. No. 11/262,282, filed Oct. 28, 2005, pending, entitled “SYSTEM, METHOD AND APPARATUS FOR ENTERPRISE POLICY MANAGEMENT, which claims priority from Provisional Patent Application Nos. 60/622,733, 60/622,818, 60/622,820, 60/622,951, 60/622,955, 60/623,027, all filed Oct. 28, 2004. This application relates to U.S. patent application Ser. No. 11/262,283, filed Oct. 28, 2005, pending, entitled “METHOD AND APPARATUS FOR HARVESTING FILE SYSTEM METADATA.” Contents of all applications referenced herein are hereby fully incorporated.
Number | Date | Country | |
---|---|---|---|
60399723 | Jul 2002 | US | |
60399828 | Jul 2002 | US | |
60399830 | Jul 2002 | US | |
60399831 | Jul 2002 | US | |
60399872 | Jul 2002 | US | |
60399879 | Jul 2002 | US | |
60622733 | Oct 2004 | US | |
60622818 | Oct 2004 | US | |
60622820 | Oct 2004 | US | |
60622951 | Oct 2004 | US | |
60622955 | Oct 2004 | US | |
60623027 | Oct 2004 | US |
Number | Date | Country | |
---|---|---|---|
Parent | 10630339 | Jul 2003 | US |
Child | 12572160 | US | |
Parent | 11262282 | Oct 2005 | US |
Child | 10630339 | US |