CN101534295A - Storage method of architecture based on object storage system - Google Patents
Storage method of architecture based on object storage system Download PDFInfo
- Publication number
- CN101534295A CN101534295A CN200910071729A CN200910071729A CN101534295A CN 101534295 A CN101534295 A CN 101534295A CN 200910071729 A CN200910071729 A CN 200910071729A CN 200910071729 A CN200910071729 A CN 200910071729A CN 101534295 A CN101534295 A CN 101534295A
- Authority
- CN
- China
- Prior art keywords
- client
- data
- osd
- architecture
- object storage
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to a storage method of architecture based on object storage system. A client obtains required data by once interaction with MDS, and other work is finished by MDS and OSD; the client sends out a data request to the MDS, the MDS sends request information to the OSD, and object OSD returns the required data of the client to the client; a metadata server provides security certificate function for the client and OSD data transmission function, thereby realizing the security certificate for the client and the information transmission with the OSD; a safe mode of MODS for OSD confidence is used, the security certificate function is finished by the meta data server, the certificate information is transferred to the client by the OSD as the request information of the next certificate after updating. The invention realizes a storage method of architecture based on object storage system having lower operation complexity, higher efficiency and stronger security.
Description
(1) technical field
What the present invention relates to is a kind of computer memory technical, specifically a kind of storage means of the architecture based on object storage system.
(2) background technology
Deepening continuously of the fast development of current industry and academic research, the information resources sustainable growth, unprecedented development appears in memory technology in all fields.Yet along with the sustainable growth of data volume and the continuous increase of memory device cost, storage system affects the development of computer memory system and becomes the bottleneck of computer memory system, becomes to improve the new challenge of computer memory system performance.Because traditional is the storage architecture of interface with piece (Block) or file (File), as DAS (Direct Attached Storage), the many disadvantages that NAS (NetworkAttached Storage) and SAN (Storage Area Storage) exist, file access direct, memory device can not be provided, can not satisfy the growth requirement of storage system fully.
Proposition based on object storage system OBSS (Object-Based Storage System) notion has overcome the conventional store architecture, can not realize the requirement of scalable, high-performance, the cross-platform and architecture that data security is shared fully.Continuous development along with network and computer technology, new memory technology and storage architecture constantly occur, and have become based on the employing of object storage system architecture to solve the memory barrier that exists in the active computer architecture and improve a kind of effective and efficient manner of performance of storage system.Yet because the problem of bandwidth, delay and data acess method makes this architecture memory barrier occur, the generation of this situation will have a strong impact on and limit the OBSS systematic function, become the major obstacle of performance boost.Therefore, the architecture of current OBSS, no matter from the time, from transfer of data still from secure context, all press for and improve.
(3) summary of the invention
The object of the present invention is to provide a kind of operation complexity lower, efficient is higher, the storage means of a kind of architecture based on object storage system that fail safe is stronger.
The object of the present invention is achieved like this:
The storage means of the architecture based on object storage system of the present invention mainly comprises:
1, the architecture external data interactive mode course of work: client obtains desired data by the once mutual realization with MDS (being meta data server), and MDS is given in other work and OSD (being object storage equipment) finishes;
2, the architecture internal data interactive mode course of work: client is sent request of data to MDS, and MDS sends to OSD with solicited message, and object OSD turns back to client with the client desired data;
3, the data access security mechanism course of work: the safe mode that adopts MDS that OSD is trusted, the function of safety certification is finished by meta data server, and authentication information passes to client by OSD, by upgrading the back as the solicited message that authenticates next time.
Architecture and the traditional architectures based on object storage system that the present invention relates to relatively have following characteristics:
1, simplifies the course of work of the inside and outside data interaction pattern of OBSS architecture.
2, provide the architecture security mechanism of safe and feasible, the verification process in the reduced data access procedure.
3, be optimized in the face of the OBSS architecture course of work from time and transmission side data.
4, provide a kind of simple and safe service mode to client.
5, meta data server changes the functional entity of finishing authentication and management data into from the terminal of metadata, effectively brings into play it based on the function in the object storage architecture course of work.
The present invention is by a kind of new architecture based on object storage system, simplified the course of work based on object storage system architecture internal data interactive mode, expanded traditional architectures meta data server function, safe data acess method is provided, thereby realized that a kind of operation complexity is lower, efficient is higher, the storage means based on the architecture of object storage system that fail safe is stronger.
(4) description of drawings
Fig. 1 is this architecture external data interactive mode process chart.
Fig. 2 is this architecture internal data interactive mode process chart.
Fig. 3 is this architecture security model agreement process chart.
(5) embodiment
For example the present invention is done description in more detail below in conjunction with accompanying drawing:
Fig. 1 is this architecture external data interactive mode process chart.This architecture external data interactive mode comprises three paths: control path, management path and data path.These three paths are independently of one another.This architecture external data interactive mode course of work is described below: when a customer requirement visit data, it at first sends request to a meta data server, meta data server is asked according to this, retrieve the metadata of desired data, this moment, it knew there are this data on which memory device, then it directly issues these memory devices with these metadata, directly data is issued the client by these memory devices again.
Fig. 2 is this architecture internal data interactive mode process chart.This architecture internal data interactive mode has following feature:
1, client only need send once request to MDS, just can wait for the reception data.
2, MDS no longer is the terminal of metadata, and metadata no longer flows out the net territory of storage system, has increased safety of data.
3, because client is carried out safety certification and finished by MDS, the request that OSD trust MDS sends promptly no longer needs client is authenticated.
4, this architecture reduces twice Network Transmission at least in the data access process, reduces data transfer delay and system complex degree.
Fig. 3 is this architecture security model agreement process chart.This security model is made up of three parts: client, manager and object storage equipment.Wherein.The security protocol of security model comprises three parts, i.e. agreement A between client and the manager, the agreement B between manager and the object storage equipment, the agreement C between client and the object storage equipment.The course of work of security model on agreement is:
1, client transmission file access request and safety certificate are to manager.
2, manager authenticates client.
3, manager sends to object storage equipment with object access request and access right sign.
4, object storage equipment accepting object access request and carry out corresponding operating.
5, object storage equipment returns to client with data, wherein comprises authorization message.
6, all authentication operations are finished by manager, and object storage equipment does not carry out authentication operation.Client is judged the validity of return data by timestamp.
Claims (1)
1, a kind of storage means of the architecture based on object storage system is characterized in that:
(1) the architecture external data interactive mode course of work: client obtains desired data by the once mutual realization with meta data server, and it is that meta data server and object storage equipment are finished that other work are given;
(2) the architecture internal data interactive mode course of work: client is to being that meta data server sends request of data, and meta data server sends to object storage equipment with solicited message, and object storage equipment turns back to client with the client desired data;
(3) the data access security mechanism course of work: adopt safe mode at meta data server trust object memory device, the function of safety certification is finished by meta data server, authentication information passes to client by object storage equipment, by upgrading the back as the solicited message that authenticates next time.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910071729A CN101534295A (en) | 2009-04-08 | 2009-04-08 | Storage method of architecture based on object storage system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910071729A CN101534295A (en) | 2009-04-08 | 2009-04-08 | Storage method of architecture based on object storage system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101534295A true CN101534295A (en) | 2009-09-16 |
Family
ID=41104683
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200910071729A Pending CN101534295A (en) | 2009-04-08 | 2009-04-08 | Storage method of architecture based on object storage system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101534295A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102546664A (en) * | 2012-02-27 | 2012-07-04 | 中国科学院计算技术研究所 | User and authority management method and system for distributed file system |
| CN104216984A (en) * | 2014-09-02 | 2014-12-17 | 上海新储集成电路有限公司 | Data inquiry method |
| CN104750756A (en) * | 2013-12-31 | 2015-07-01 | 中国移动通信集团公司 | Data operation method, data operation device and metadata storage device |
| CN105404560A (en) * | 2015-11-05 | 2016-03-16 | 华中科技大学 | RAID5 based security authentication method in object storage system |
-
2009
- 2009-04-08 CN CN200910071729A patent/CN101534295A/en active Pending
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102546664A (en) * | 2012-02-27 | 2012-07-04 | 中国科学院计算技术研究所 | User and authority management method and system for distributed file system |
| CN104750756A (en) * | 2013-12-31 | 2015-07-01 | 中国移动通信集团公司 | Data operation method, data operation device and metadata storage device |
| CN104216984A (en) * | 2014-09-02 | 2014-12-17 | 上海新储集成电路有限公司 | Data inquiry method |
| CN104216984B (en) * | 2014-09-02 | 2017-08-25 | 上海新储集成电路有限公司 | Data query method |
| CN105404560A (en) * | 2015-11-05 | 2016-03-16 | 华中科技大学 | RAID5 based security authentication method in object storage system |
| CN105404560B (en) * | 2015-11-05 | 2019-01-04 | 华中科技大学 | Safety certifying method based on RAID5 in a kind of object storage system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103051631B (en) | Unified security authentication method for PaaS (Platform as a Service) platform and SaaS (Software as a Service) application system | |
| CN105450636B (en) | A kind of cloud computing management system | |
| CN101399671B (en) | Cross-domain authentication method and system thereof | |
| CN1323508C (en) | A Single Sign On method based on digital certificate | |
| EP3008877B1 (en) | User authentication in a cloud environment | |
| US8627409B2 (en) | Framework for automated dissemination of security metadata for distributed trust establishment | |
| KR101541591B1 (en) | System and method for single-sign-on in virtual desktop infrastructure environment | |
| CN101335765B (en) | Storage service middleware based on mobile caching | |
| CN105247529A (en) | Synchronizing credential hashes between directory services | |
| CN103188207A (en) | Cross-domain single sign-on realization method and system | |
| CN102984159A (en) | Secure access logic control method based on terminal access behavior and platform server | |
| CN102404367B (en) | A kind of asynchronous communication method and system | |
| CN106686051B (en) | Cloud computing network topology system and method based on BIM design | |
| CN110771124B (en) | Cloud-based management of access to data storage systems on local networks | |
| CN105141580B (en) | A kind of resource access control method based on the domain AD | |
| US9191201B1 (en) | Optimizing secure communications | |
| CN103841117A (en) | JAAS login method and server based on Cookie mechanism | |
| CN101534295A (en) | Storage method of architecture based on object storage system | |
| CN103634269A (en) | A single sign-on system and a method | |
| WO2019019593A1 (en) | Stateless communication security signature method, terminal and server end | |
| CN106027555B (en) | A kind of method and system improving content distributing network safety using SDN technology | |
| US20090185685A1 (en) | Trust session management in host-based authentication | |
| CN101064611B (en) | Application integration method based on register and call control | |
| CN109246212A (en) | A kind of multi-bank data interaction implementation method based on long connection | |
| CN115550067B (en) | Industrial Internet interoperation method, system and equipment based on distributed identification |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Open date: 20090916 |