CN107741832A - A kind of method based on pond isolated storage catalogue - Google Patents

A kind of method based on pond isolated storage catalogue Download PDF

Info

Publication number
CN107741832A
CN107741832A CN201710973391.9A CN201710973391A CN107741832A CN 107741832 A CN107741832 A CN 107741832A CN 201710973391 A CN201710973391 A CN 201710973391A CN 107741832 A CN107741832 A CN 107741832A
Authority
CN
China
Prior art keywords
storage
user
catalogue
content user
created
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710973391.9A
Other languages
Chinese (zh)
Other versions
CN107741832B (en
Inventor
唐俊毅
王熙
温序铭
张洁
王炜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chengdu Sobey Digital Technology Co Ltd
Original Assignee
Chengdu Sobey Digital Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chengdu Sobey Digital Technology Co Ltd filed Critical Chengdu Sobey Digital Technology Co Ltd
Priority to CN201710973391.9A priority Critical patent/CN107741832B/en
Publication of CN107741832A publication Critical patent/CN107741832A/en
Application granted granted Critical
Publication of CN107741832B publication Critical patent/CN107741832B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0602Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
    • G06F3/062Securing storage systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0602Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
    • G06F3/061Improving I/O performance
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0628Interfaces specially adapted for storage systems making use of a particular technique
    • G06F3/0638Organizing or formatting or addressing of data
    • G06F3/0643Management of files
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0628Interfaces specially adapted for storage systems making use of a particular technique
    • G06F3/0638Organizing or formatting or addressing of data
    • G06F3/0644Management of space entities, e.g. partitions, extents, pools

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Human Computer Interaction (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a kind of method based on pond isolated storage catalogue, storage catalogue is produced in method during physical store, storage user is created and sets authority of the storage user to the storage catalogue;Storage pool is created, and memory cell is created in the storage pool, the memory cell maps a storage catalogue respectively;Access rights of the content user to the storage pool of service layer are set, and the content user and the storage user are bound, make content user be only capable of accessing the storage catalogue under its authority;Dual catalogue isolation is realized using this method, physical store and logic storage depth are merged, realizes the directory security isolation of the material and file of radio, TV and film industries, while realizes fine-granularity access control.

Description

A kind of method based on pond isolated storage catalogue
Technical field
The invention belongs to document storage management field, and in particular to a kind of method based on pond isolated storage catalogue, use Isolate in catalogue.
Background technology
With requirement more and more higher of the sensitive data to security guarantee, for the media materials file of radio, TV and film industries more It is in this way, the content of radio, TV and film industries media is data-centered, content is stored among unified resource pool, the isolation of catalogue Importance has highlighted.Specific demand for radio, TV and film industries, it is necessary to file directory is set in data storage physically and Isolation in logic, and ensure the access privilege control that operation layer is mutually united with accumulation layer user.
Existing method is:Store the catalogue isolation of primary support in accumulation layer, carry out being based on column in operation layer The logic isolation of coarseness management.Existing isolated storage directory scheme or storage physical isolation is only considered, or only examined The logic isolation of service layer is considered, it is impossible to both are combined well, storage catalogue can not be effectively isolated;It is existing to be directed to broadcasting and TV The isolation access control of the media materials file of industry, access control coarse size, it is impossible to meet that the isolation of radio, TV and film industries material accesses Increasingly finer individual demand.
The content of the invention
It is an object of the invention to:A kind of method based on pond isolated storage catalogue is provided, solves isolated storage mesh Physical isolation and logic isolation can not be combined in record, the thick technical problem of Control granularity.
The technical solution adopted by the present invention is as follows:
A kind of method based on pond isolated storage catalogue, comprises the following steps:
Step 1:Storage catalogue is produced during physical store, storage user is created and sets storage user to the storage catalogue Authority;
Step 2:Storage pool is created, and memory cell is created in the storage pool, the memory cell maps one respectively Individual storage catalogue;
Step 3:The content user of service layer is set to the access rights of the storage pool, and by the content user with The storage user is bound, and makes content user be only capable of accessing the storage catalogue under its authority.
Further, in addition to storage physical division is carried out, specially according to high quality file and low quality file Efficiency of transmission carries out the division of physical space by storing.
Further, if a content user is only capable of accessing the storage catalogue under a storage user, by content user Bound one by one with storage user;If multiple content users share storage catalogue, shared storage user's group is established, it would be desirable to access The user of shared storage catalogue is added to the storage user's group, realizes shared.
In summary, by adopting the above-described technical solution, the beneficial effects of the invention are as follows:
1. realize dual catalogue isolation:Memory cell is created in units of storage pool, each memory cell each corresponds to one Individual exclusive storage catalogue, realize the physical isolation of storage;Setting content user and the access rights of storage user, realize storage Logic isolation.Physical store and the fusion of logic storage depth, realize the directory security isolation of the material and file of radio, TV and film industries.
2. realize fine-granularity access control:This method, which accomplishes to isolate by people, to be accessed, and realizes that service layer is melted with storage aspect The unified strong security isolation of user class material is closed, the storage pool of content user belongs to privately owned read-write isolation and accessed, the text between user Part, which needs to authorize, to be read.Simultaneously for the operation Direct Attached Storage catalogue for allowing to access, intermediate filtered conversion is not done, ensures effect Rate.
Brief description of the drawings
Examples of the present invention will be described by way of reference to the accompanying drawings, wherein:
Fig. 1 is the overall architecture of the present invention.
Embodiment
All features disclosed in this specification, or disclosed all methods or during the step of, except mutually exclusive Feature and/or step beyond, can combine in any way.
The present invention is elaborated with reference to Fig. 1.
A kind of method based on pond isolated storage catalogue, comprises the following steps:
Step 1:Storage catalogue is produced during physical store, storage user is created and sets storage user to the storage catalogue Authority;
Step 2:Storage pool is created, and memory cell is created in the storage pool, the memory cell maps one respectively Individual storage catalogue;
Step 3:The content user of service layer is set to the access rights of the storage pool, and by the content user with The storage user is bound, and realizes that content user is only capable of accessing the storage catalogue under its authority.
Also include carrying out physical division to storage, specially will according to the efficiency of transmission of high quality file and low quality file Storage carries out the division of physical space.
If a content user is only capable of accessing the storage catalogue under a storage user, by content user and storage user Bind one by one;If multiple content users share storage catalogue, shared storage user's group is established, it would be desirable to access shared storage mesh The user of record is added to the storage user's group, realizes shared.
Specific embodiment
A kind of method based on pond isolated storage catalogue,
Storage catalogue is produced during physical store, storage user is created and sets power of the storage user to the storage catalogue Limit;
Storage pool is created, i.e., physical store is logically divided into many blocks, one storage pool of every piece of correspondence, each Several memory cell, the corresponding storage catalogue of each memory cell are created in storage pool.
The content user of service layer is set to the access rights of the storage pool, and by the content user and the storage Deposit user to be bound, make content user be only capable of accessing the storage catalogue under its authority.
Idiographic flow is as follows:
Configure the essential information of physical store, including access mode, management IP, port, user name, password, storage root mesh Record etc., connection is established with storage.
For privately owned storage pool:Storage user, access of the setting storage user to privately owned storage catalogue are established in storage Authority, corresponding storage pool and memory cell are established, and memory cell and the storage catalogue are mapped one by one, in setting Hold access rights of the user to the storage pool;The authority of the storage catalogue is Linux 700 authorities, makes the only content User could access the storage catalogue, and the operation such as read and write, perform, deleting.
For sharing storage pool:Establish storage user's group and content user group, it would be desirable to access the interior of shared storage catalogue Hold user and be added to the content user group, and the content user group and the storage user's group are bound (while handle Content storage user corresponding to the content user under group is added in storage user's group);The authority of the storage catalogue is Linux 070 authority, the only content user in the content user group could access shared storage catalogue, and read and write, The operations such as execution, deletion.

Claims (3)

  1. A kind of 1. method based on pond isolated storage catalogue, it is characterised in that:Comprise the following steps:
    Step 1:Storage catalogue is produced during physical store, storage user is created and sets power of the storage user to the storage catalogue Limit;
    Step 2:Storage pool is created, and memory cell is created in the storage pool, the memory cell maps one and deposited respectively Store up catalogue;
    Step 3:The content user of service layer is set to the access rights of the storage pool, and by the content user with it is described Storage user is bound, and makes content user be only capable of accessing the storage catalogue under its authority.
  2. A kind of 2. method based on pond isolated storage catalogue according to claim 1, it is characterised in that:Also include to depositing Storage carries out physical division, will specially be stored according to the efficiency of transmission of high quality file and low quality file and carries out physical space Division.
  3. A kind of 3. method based on pond isolated storage catalogue according to claim 1, it is characterised in that:An if content User is only capable of accessing the storage catalogue under a storage user, then binds content user and storage user one by one;If in multiple Hold users to share storage catalogue, then establish shared content user group, it would be desirable to which the user for accessing shared storage catalogue is added to institute Content user group is stated, is realized shared.
CN201710973391.9A 2017-10-18 2017-10-18 Method for isolating storage directory based on pooling Active CN107741832B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710973391.9A CN107741832B (en) 2017-10-18 2017-10-18 Method for isolating storage directory based on pooling

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710973391.9A CN107741832B (en) 2017-10-18 2017-10-18 Method for isolating storage directory based on pooling

Publications (2)

Publication Number Publication Date
CN107741832A true CN107741832A (en) 2018-02-27
CN107741832B CN107741832B (en) 2021-01-08

Family

ID=61237730

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710973391.9A Active CN107741832B (en) 2017-10-18 2017-10-18 Method for isolating storage directory based on pooling

Country Status (1)

Country Link
CN (1) CN107741832B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110955886A (en) * 2019-11-08 2020-04-03 广州供电局有限公司 Sandbox-based data security fusion service device and method thereof

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102164177A (en) * 2011-03-11 2011-08-24 浪潮(北京)电子信息产业有限公司 Method, device and system for sharing storage pool by cluster
CN102255962A (en) * 2011-07-01 2011-11-23 成都市华为赛门铁克科技有限公司 Distributive storage method, device and system
CN102340533A (en) * 2011-06-17 2012-02-01 中兴通讯股份有限公司 Multi-tenant system and method for accessing data thereof
CN105550854A (en) * 2016-01-26 2016-05-04 中标软件有限公司 Access control device of cloud environment management platform
CN106201357A (en) * 2016-07-18 2016-12-07 浪潮(北京)电子信息产业有限公司 The construction method of a kind of storage pool and system
CN106547859A (en) * 2016-10-21 2017-03-29 杭州朗和科技有限公司 A kind of storage method and device of the data file under multi-tenant data storage system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102164177A (en) * 2011-03-11 2011-08-24 浪潮(北京)电子信息产业有限公司 Method, device and system for sharing storage pool by cluster
CN102340533A (en) * 2011-06-17 2012-02-01 中兴通讯股份有限公司 Multi-tenant system and method for accessing data thereof
CN102255962A (en) * 2011-07-01 2011-11-23 成都市华为赛门铁克科技有限公司 Distributive storage method, device and system
CN105550854A (en) * 2016-01-26 2016-05-04 中标软件有限公司 Access control device of cloud environment management platform
CN106201357A (en) * 2016-07-18 2016-12-07 浪潮(北京)电子信息产业有限公司 The construction method of a kind of storage pool and system
CN106547859A (en) * 2016-10-21 2017-03-29 杭州朗和科技有限公司 A kind of storage method and device of the data file under multi-tenant data storage system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
WHYREAL: "Cephfs多用户隔离", 《简书》 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110955886A (en) * 2019-11-08 2020-04-03 广州供电局有限公司 Sandbox-based data security fusion service device and method thereof

Also Published As

Publication number Publication date
CN107741832B (en) 2021-01-08

Similar Documents

Publication Publication Date Title
CN107172168A (en) A kind of mixed cloud data storage moving method and system
JP6479639B2 (en) Information processing apparatus, program, and information processing system
JP6890401B2 (en) Multiple mode storage management device, multiple mode storage device, and its selection latent exposure (SUE) mapping operation method
KR102541492B1 (en) Storage device including multi-partitions for multimode operations, and operation method thereof
KR102586805B1 (en) Management system for operating storage media in multi-mode, storage system including the same, and method of managing storage media using the same
Portes et al. Rethinking migration: New theoretical and empirical perspectives
US11288180B2 (en) Management of storage resources allocated from non-volatile memory devices to users
CN111428256B (en) Multi-tenant management system of big data platform
JP2017091548A (en) Dispersion storage system, and dispersion storage method, and dispersion facility
US20180342261A1 (en) File system for shingled magnetic recording (smr)
CN104054071A (en) Method for accessing storage device and storage device
US20190227718A1 (en) Performance Allocation among Users for Accessing Non-volatile Memory Devices
CN107688753A (en) A kind of method and apparatus of ACL controls of authority
WO2011053826A3 (en) Fixed content storage within a partitioned content platform using namespaces, with disposition service
WO2015103794A1 (en) Method and device for controlling access authority of file
CN101976181A (en) Management method and device of storage resources
CN102164177A (en) Method, device and system for sharing storage pool by cluster
TW201243593A (en) Data writing method, memory controller and memory storage apparatus
CN109740367A (en) A kind of mapping method of file system accesses control list
US20130191591A1 (en) Method for volume management
CN113420308A (en) Data access control method and control system for encryption memory
CN106897027B (en) Distributed storage service system and method based on desktop virtualization
CN107741832A (en) A kind of method based on pond isolated storage catalogue
CN104199926B (en) File archiving implementation method and device and file access method and device
CN103823641B (en) The virtual volume system of a kind of on-line rapid estimation and its implementation

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant