CN107741832A - A kind of method based on pond isolated storage catalogue - Google Patents
A kind of method based on pond isolated storage catalogue Download PDFInfo
- Publication number
- CN107741832A CN107741832A CN201710973391.9A CN201710973391A CN107741832A CN 107741832 A CN107741832 A CN 107741832A CN 201710973391 A CN201710973391 A CN 201710973391A CN 107741832 A CN107741832 A CN 107741832A
- Authority
- CN
- China
- Prior art keywords
- storage
- user
- catalogue
- content user
- created
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0602—Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
- G06F3/062—Securing storage systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0602—Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
- G06F3/061—Improving I/O performance
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0628—Interfaces specially adapted for storage systems making use of a particular technique
- G06F3/0638—Organizing or formatting or addressing of data
- G06F3/0643—Management of files
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F3/00—Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
- G06F3/06—Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
- G06F3/0601—Interfaces specially adapted for storage systems
- G06F3/0628—Interfaces specially adapted for storage systems making use of a particular technique
- G06F3/0638—Organizing or formatting or addressing of data
- G06F3/0644—Management of space entities, e.g. partitions, extents, pools
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Human Computer Interaction (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a kind of method based on pond isolated storage catalogue, storage catalogue is produced in method during physical store, storage user is created and sets authority of the storage user to the storage catalogue;Storage pool is created, and memory cell is created in the storage pool, the memory cell maps a storage catalogue respectively;Access rights of the content user to the storage pool of service layer are set, and the content user and the storage user are bound, make content user be only capable of accessing the storage catalogue under its authority;Dual catalogue isolation is realized using this method, physical store and logic storage depth are merged, realizes the directory security isolation of the material and file of radio, TV and film industries, while realizes fine-granularity access control.
Description
Technical field
The invention belongs to document storage management field, and in particular to a kind of method based on pond isolated storage catalogue, use
Isolate in catalogue.
Background technology
With requirement more and more higher of the sensitive data to security guarantee, for the media materials file of radio, TV and film industries more
It is in this way, the content of radio, TV and film industries media is data-centered, content is stored among unified resource pool, the isolation of catalogue
Importance has highlighted.Specific demand for radio, TV and film industries, it is necessary to file directory is set in data storage physically and
Isolation in logic, and ensure the access privilege control that operation layer is mutually united with accumulation layer user.
Existing method is:Store the catalogue isolation of primary support in accumulation layer, carry out being based on column in operation layer
The logic isolation of coarseness management.Existing isolated storage directory scheme or storage physical isolation is only considered, or only examined
The logic isolation of service layer is considered, it is impossible to both are combined well, storage catalogue can not be effectively isolated;It is existing to be directed to broadcasting and TV
The isolation access control of the media materials file of industry, access control coarse size, it is impossible to meet that the isolation of radio, TV and film industries material accesses
Increasingly finer individual demand.
The content of the invention
It is an object of the invention to:A kind of method based on pond isolated storage catalogue is provided, solves isolated storage mesh
Physical isolation and logic isolation can not be combined in record, the thick technical problem of Control granularity.
The technical solution adopted by the present invention is as follows:
A kind of method based on pond isolated storage catalogue, comprises the following steps:
Step 1:Storage catalogue is produced during physical store, storage user is created and sets storage user to the storage catalogue
Authority;
Step 2:Storage pool is created, and memory cell is created in the storage pool, the memory cell maps one respectively
Individual storage catalogue;
Step 3:The content user of service layer is set to the access rights of the storage pool, and by the content user with
The storage user is bound, and makes content user be only capable of accessing the storage catalogue under its authority.
Further, in addition to storage physical division is carried out, specially according to high quality file and low quality file
Efficiency of transmission carries out the division of physical space by storing.
Further, if a content user is only capable of accessing the storage catalogue under a storage user, by content user
Bound one by one with storage user;If multiple content users share storage catalogue, shared storage user's group is established, it would be desirable to access
The user of shared storage catalogue is added to the storage user's group, realizes shared.
In summary, by adopting the above-described technical solution, the beneficial effects of the invention are as follows:
1. realize dual catalogue isolation:Memory cell is created in units of storage pool, each memory cell each corresponds to one
Individual exclusive storage catalogue, realize the physical isolation of storage;Setting content user and the access rights of storage user, realize storage
Logic isolation.Physical store and the fusion of logic storage depth, realize the directory security isolation of the material and file of radio, TV and film industries.
2. realize fine-granularity access control:This method, which accomplishes to isolate by people, to be accessed, and realizes that service layer is melted with storage aspect
The unified strong security isolation of user class material is closed, the storage pool of content user belongs to privately owned read-write isolation and accessed, the text between user
Part, which needs to authorize, to be read.Simultaneously for the operation Direct Attached Storage catalogue for allowing to access, intermediate filtered conversion is not done, ensures effect
Rate.
Brief description of the drawings
Examples of the present invention will be described by way of reference to the accompanying drawings, wherein:
Fig. 1 is the overall architecture of the present invention.
Embodiment
All features disclosed in this specification, or disclosed all methods or during the step of, except mutually exclusive
Feature and/or step beyond, can combine in any way.
The present invention is elaborated with reference to Fig. 1.
A kind of method based on pond isolated storage catalogue, comprises the following steps:
Step 1:Storage catalogue is produced during physical store, storage user is created and sets storage user to the storage catalogue
Authority;
Step 2:Storage pool is created, and memory cell is created in the storage pool, the memory cell maps one respectively
Individual storage catalogue;
Step 3:The content user of service layer is set to the access rights of the storage pool, and by the content user with
The storage user is bound, and realizes that content user is only capable of accessing the storage catalogue under its authority.
Also include carrying out physical division to storage, specially will according to the efficiency of transmission of high quality file and low quality file
Storage carries out the division of physical space.
If a content user is only capable of accessing the storage catalogue under a storage user, by content user and storage user
Bind one by one;If multiple content users share storage catalogue, shared storage user's group is established, it would be desirable to access shared storage mesh
The user of record is added to the storage user's group, realizes shared.
Specific embodiment
A kind of method based on pond isolated storage catalogue,
Storage catalogue is produced during physical store, storage user is created and sets power of the storage user to the storage catalogue
Limit;
Storage pool is created, i.e., physical store is logically divided into many blocks, one storage pool of every piece of correspondence, each
Several memory cell, the corresponding storage catalogue of each memory cell are created in storage pool.
The content user of service layer is set to the access rights of the storage pool, and by the content user and the storage
Deposit user to be bound, make content user be only capable of accessing the storage catalogue under its authority.
Idiographic flow is as follows:
Configure the essential information of physical store, including access mode, management IP, port, user name, password, storage root mesh
Record etc., connection is established with storage.
For privately owned storage pool:Storage user, access of the setting storage user to privately owned storage catalogue are established in storage
Authority, corresponding storage pool and memory cell are established, and memory cell and the storage catalogue are mapped one by one, in setting
Hold access rights of the user to the storage pool;The authority of the storage catalogue is Linux 700 authorities, makes the only content
User could access the storage catalogue, and the operation such as read and write, perform, deleting.
For sharing storage pool:Establish storage user's group and content user group, it would be desirable to access the interior of shared storage catalogue
Hold user and be added to the content user group, and the content user group and the storage user's group are bound (while handle
Content storage user corresponding to the content user under group is added in storage user's group);The authority of the storage catalogue is
Linux 070 authority, the only content user in the content user group could access shared storage catalogue, and read and write,
The operations such as execution, deletion.
Claims (3)
- A kind of 1. method based on pond isolated storage catalogue, it is characterised in that:Comprise the following steps:Step 1:Storage catalogue is produced during physical store, storage user is created and sets power of the storage user to the storage catalogue Limit;Step 2:Storage pool is created, and memory cell is created in the storage pool, the memory cell maps one and deposited respectively Store up catalogue;Step 3:The content user of service layer is set to the access rights of the storage pool, and by the content user with it is described Storage user is bound, and makes content user be only capable of accessing the storage catalogue under its authority.
- A kind of 2. method based on pond isolated storage catalogue according to claim 1, it is characterised in that:Also include to depositing Storage carries out physical division, will specially be stored according to the efficiency of transmission of high quality file and low quality file and carries out physical space Division.
- A kind of 3. method based on pond isolated storage catalogue according to claim 1, it is characterised in that:An if content User is only capable of accessing the storage catalogue under a storage user, then binds content user and storage user one by one;If in multiple Hold users to share storage catalogue, then establish shared content user group, it would be desirable to which the user for accessing shared storage catalogue is added to institute Content user group is stated, is realized shared.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710973391.9A CN107741832B (en) | 2017-10-18 | 2017-10-18 | Method for isolating storage directory based on pooling |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710973391.9A CN107741832B (en) | 2017-10-18 | 2017-10-18 | Method for isolating storage directory based on pooling |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107741832A true CN107741832A (en) | 2018-02-27 |
CN107741832B CN107741832B (en) | 2021-01-08 |
Family
ID=61237730
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710973391.9A Active CN107741832B (en) | 2017-10-18 | 2017-10-18 | Method for isolating storage directory based on pooling |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107741832B (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110955886A (en) * | 2019-11-08 | 2020-04-03 | 广州供电局有限公司 | Sandbox-based data security fusion service device and method thereof |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102164177A (en) * | 2011-03-11 | 2011-08-24 | 浪潮(北京)电子信息产业有限公司 | Method, device and system for sharing storage pool by cluster |
CN102255962A (en) * | 2011-07-01 | 2011-11-23 | 成都市华为赛门铁克科技有限公司 | Distributive storage method, device and system |
CN102340533A (en) * | 2011-06-17 | 2012-02-01 | 中兴通讯股份有限公司 | Multi-tenant system and method for accessing data thereof |
CN105550854A (en) * | 2016-01-26 | 2016-05-04 | 中标软件有限公司 | Access control device of cloud environment management platform |
CN106201357A (en) * | 2016-07-18 | 2016-12-07 | 浪潮(北京)电子信息产业有限公司 | The construction method of a kind of storage pool and system |
CN106547859A (en) * | 2016-10-21 | 2017-03-29 | 杭州朗和科技有限公司 | A kind of storage method and device of the data file under multi-tenant data storage system |
-
2017
- 2017-10-18 CN CN201710973391.9A patent/CN107741832B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102164177A (en) * | 2011-03-11 | 2011-08-24 | 浪潮(北京)电子信息产业有限公司 | Method, device and system for sharing storage pool by cluster |
CN102340533A (en) * | 2011-06-17 | 2012-02-01 | 中兴通讯股份有限公司 | Multi-tenant system and method for accessing data thereof |
CN102255962A (en) * | 2011-07-01 | 2011-11-23 | 成都市华为赛门铁克科技有限公司 | Distributive storage method, device and system |
CN105550854A (en) * | 2016-01-26 | 2016-05-04 | 中标软件有限公司 | Access control device of cloud environment management platform |
CN106201357A (en) * | 2016-07-18 | 2016-12-07 | 浪潮(北京)电子信息产业有限公司 | The construction method of a kind of storage pool and system |
CN106547859A (en) * | 2016-10-21 | 2017-03-29 | 杭州朗和科技有限公司 | A kind of storage method and device of the data file under multi-tenant data storage system |
Non-Patent Citations (1)
Title |
---|
WHYREAL: "Cephfs多用户隔离", 《简书》 * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110955886A (en) * | 2019-11-08 | 2020-04-03 | 广州供电局有限公司 | Sandbox-based data security fusion service device and method thereof |
Also Published As
Publication number | Publication date |
---|---|
CN107741832B (en) | 2021-01-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107172168A (en) | A kind of mixed cloud data storage moving method and system | |
JP6479639B2 (en) | Information processing apparatus, program, and information processing system | |
JP6890401B2 (en) | Multiple mode storage management device, multiple mode storage device, and its selection latent exposure (SUE) mapping operation method | |
KR102541492B1 (en) | Storage device including multi-partitions for multimode operations, and operation method thereof | |
KR102586805B1 (en) | Management system for operating storage media in multi-mode, storage system including the same, and method of managing storage media using the same | |
Portes et al. | Rethinking migration: New theoretical and empirical perspectives | |
US11288180B2 (en) | Management of storage resources allocated from non-volatile memory devices to users | |
CN111428256B (en) | Multi-tenant management system of big data platform | |
JP2017091548A (en) | Dispersion storage system, and dispersion storage method, and dispersion facility | |
US20180342261A1 (en) | File system for shingled magnetic recording (smr) | |
CN104054071A (en) | Method for accessing storage device and storage device | |
US20190227718A1 (en) | Performance Allocation among Users for Accessing Non-volatile Memory Devices | |
CN107688753A (en) | A kind of method and apparatus of ACL controls of authority | |
WO2011053826A3 (en) | Fixed content storage within a partitioned content platform using namespaces, with disposition service | |
WO2015103794A1 (en) | Method and device for controlling access authority of file | |
CN101976181A (en) | Management method and device of storage resources | |
CN102164177A (en) | Method, device and system for sharing storage pool by cluster | |
TW201243593A (en) | Data writing method, memory controller and memory storage apparatus | |
CN109740367A (en) | A kind of mapping method of file system accesses control list | |
US20130191591A1 (en) | Method for volume management | |
CN113420308A (en) | Data access control method and control system for encryption memory | |
CN106897027B (en) | Distributed storage service system and method based on desktop virtualization | |
CN107741832A (en) | A kind of method based on pond isolated storage catalogue | |
CN104199926B (en) | File archiving implementation method and device and file access method and device | |
CN103823641B (en) | The virtual volume system of a kind of on-line rapid estimation and its implementation |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |