US11853444B2 - System and method for securing instant access of data in file based backups in a backup storage system using metadata files - Google Patents

System and method for securing instant access of data in file based backups in a backup storage system using metadata files Download PDF

Info

Publication number
US11853444B2
US11853444B2 US17/486,099 US202117486099A US11853444B2 US 11853444 B2 US11853444 B2 US 11853444B2 US 202117486099 A US202117486099 A US 202117486099A US 11853444 B2 US11853444 B2 US 11853444B2
Authority
US
United States
Prior art keywords
fbb
metadata file
access
subset
application
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active, expires
Application number
US17/486,099
Other versions
US20230096665A1 (en
Inventor
Sunil Yadav
Shelesh Chopra
Ravi Vijayakumar Chitloor
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
EMC Corp
Original Assignee
EMC IP Holding Co LLC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by EMC IP Holding Co LLC filed Critical EMC IP Holding Co LLC
Priority to US17/486,099 priority Critical patent/US11853444B2/en
Assigned to EMC IP Holding Company LLC reassignment EMC IP Holding Company LLC ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: CHITLOOR, RAVI VIJAYAKUMAR, CHOPRA, SHELESH, YADAV, SUNIL
Publication of US20230096665A1 publication Critical patent/US20230096665A1/en
Application granted granted Critical
Publication of US11853444B2 publication Critical patent/US11853444B2/en
Active legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/07Responding to the occurrence of a fault, e.g. fault tolerance
    • G06F11/14Error detection or correction of the data by redundancy in operation
    • G06F11/1402Saving, restoring, recovering or retrying
    • G06F11/1446Point-in-time backing up or restoration of persistent data
    • G06F11/1458Management of the backup or restore process
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2201/00Indexing scheme relating to error detection, to error correction, and to monitoring
    • G06F2201/80Database-specific techniques

Definitions

  • Computing devices in a system may include any number of internal components such as processors, memory, and persistent storage.
  • the storage of data across multiple computing devices may require significant use of such internal components.
  • Performing deduplication on such data prior to storage may improve the overall operation of such computing devices.
  • inventions described herein relate to a method for managing file based backups (FBBs).
  • the method may include obtaining, by a FBB metadata file manager, a FBB mount request for a FBB mount of a FBB from an application, wherein the application is executing in a production host environment and the FBB is stored on backup storage; in response to the FBB mount request: capturing, by the FBB metadata file manager, an entity context associated with the application; authenticating, by the FBB metadata file manager, the entity context; obtaining, by the FBB metadata file manager and when the authenticating is successful, access control information corresponding to the FBB from the backup storage; determining, by the FBB metadata file manager, a subset of the FBB for which the access control information indicates the entity context has permission to access; and enabling, by the FBB metadata file manager, access to a portion of the FBB by the application.
  • embodiments described herein relate to a non-transitory computer readable medium that includes computer readable program code, which when executed by a computer processor enables the computer processor to perform a method for managing file based backups (FBBs).
  • the method may include obtaining, by a FBB metadata file manager, a FBB mount request for a FBB mount of a FBB from an application, wherein the application is executing in a production host environment and the FBB is stored on backup storage; in response to the FBB mount request: capturing, by the FBB metadata file manager, an entity context associated with the application; authenticating, by the FBB metadata file manager, the entity context; obtaining, by the FBB metadata file manager and when the authenticating is successful, access control information corresponding to the FBB from the backup storage; determining, by the FBB metadata file manager, a subset of the FBB for which the access control information indicates the entity context has permission to access; and enabling, by the FBB metadata file manager, access to a portion of the FBB by the
  • inventions described herein relate to a system for managing file based backups (FBBs).
  • the system may include a processor, memory, and a FBB metadata file manager.
  • the FBB metadata file manager may be configured to: obtain a FBB mount request for a FBB mount of a FBB from an application, wherein the application is executing in a production host environment and the FBB is stored on backup storage; in response to the FBB mount request: capture an entity context associated with the application; authenticate the entity context; obtain, when the authentication is successful, access control information corresponding to the FBB from the backup storage; determine a subset of the FBB for which the access control information indicates the entity context has permission to access; and enable access to a portion of the FBB by the application.
  • FIG. 1 shows a diagram of a system in accordance with one or more embodiments described herein.
  • FIG. 2 shows a diagram of a file based backup (FBB) in accordance with one or more embodiments described herein.
  • FBB file based backup
  • FIG. 3 A shows a flowchart for managing instant access of a file based backup in accordance with one or more embodiments described herein.
  • FIG. 3 B shows a flowchart for managing temporary storage devices in accordance with one or more embodiments described herein.
  • FIG. 3 C shows a flowchart for generating and storing a file based backup in accordance with one or more embodiments described herein.
  • FIG. 3 D shows a flowchart for generating and storing a file based backup based on a target backup storage system in accordance with one or more embodiments described herein.
  • FIG. 3 E shows a flowchart for providing security for instant access of file based backups in accordance with one or more embodiments described herein.
  • FIG. 4 shows an example in accordance with one or more embodiments described herein.
  • FIG. 5 shows a diagram of a computing device in accordance with one or more embodiments described herein.
  • any component described with regard to a figure in various embodiments described herein, may be equivalent to one or more like-named components described with regard to any other figure.
  • descriptions of these components may not be repeated with regard to each figure.
  • each and every embodiment of the components of each figure is incorporated by reference and assumed to be optionally present within every other figure having one or more like-named components.
  • any description of the components of a figure is to be interpreted as an optional embodiment, which may be implemented in addition to, in conjunction with, or in place of the embodiments described with regard to a corresponding like-named component in any other figure.
  • ordinal numbers e.g., first, second, third, etc.
  • an element i.e., any noun in the application.
  • the use of ordinal numbers is not to imply or create any particular ordering of the elements, nor to limit any element to being only a single element unless expressly disclosed, such as by the use of the terms “before”, “after”, “single”, and other such terminology. Rather, the use of ordinal numbers is to distinguish between the elements.
  • a first element is distinct from a second element, and the first element may encompass more than one element and succeed (or precede) the second element in an ordering of elements.
  • a data structure may include a first element labeled as A and a second element labeled as N.
  • This labeling convention means that the data structure may include any number of the elements.
  • a second data structure also labeled as A to N, may also include any number of elements. The number of elements of the first data structure and the number of elements of the second data structure may be the same or different.
  • operatively connected means that there exists between elements/components/devices a direct or indirect connection that allows the elements to interact with one another in some way.
  • operatively connected may refer to any direct (e.g., wired directly between two devices or components) or indirect (e.g., wired and/or wireless connections between any number of devices or components connecting the operatively connected devices) connection.
  • any path through which information may travel may be considered an operative connection.
  • embodiments described herein relate to methods, systems, and non-transitory computer readable mediums storing instructions for managing file based backups.
  • One or more embodiments relate to a system for utilizing a file based backup (FBB) metadata file of a FBB stored in a backup storage system to enable access to the data of the FBB.
  • FBB file based backup
  • Such access may be provided by an application managing the file system corresponding to the FBB.
  • the application may operate from a production host environment that is operatively connected to the backup storage system.
  • the FBB metadata file may be utilized by obtaining attributes corresponding to the data in the FBB, including the storage location, file name, and file size, and allowing access to those attributes by the applications.
  • a FBB metadata file manager executing on the production host environment may utilize the obtained attributes to enable access to the data (e.g., the files) in the FBB by the applications.
  • the FBB metadata file manager may implement a virtual file system that specifies the files in the file based backup and the storage location in the backup storage system.
  • Embodiments described herein further may include a method for managing the data accessed by the applications by generating temporary storage devices.
  • a backup agent would manage the generation and execution of the temporary storage devices.
  • the temporary storage devices may be instantiated in the production host environment, in the backup storage system, or in an additional entity without departing from the scope of embodiments described herein.
  • a temporary storage device manager may generate the temporary storage devices and populate them with requested data from a FBB stored in the backup storage device.
  • the temporary storage device manager may store a copy of the requested data in the temporary storage device.
  • the application requesting the data may read and/or write to the data in the temporary storage device.
  • the temporary storage device may be used in the generation of future FBBs of the file system used by the application.
  • Embodiments described herein further include methods for generating and storing the FBBs in target backup storage devices regardless of the storage protocol implemented by the backup storage systems.
  • Embodiments described herein include generating the FBB backup, identifying the target backup system to which the FBB is to be stored, identifying the target exposed API(s) provided by the identified backup storage system, and generating an API command based on the identified exposed API(s).
  • Embodiments described herein further include managing certain aspects of security related to a FBB.
  • a FBB metadata file manager executing in a production host environment obtains an entity context (e.g., security credentials associated with the application and/or a user using the application vi a user interface).
  • the FBB metadata file manager uses a security manager to authenticate the entity using the entity context.
  • the FBB metadata file manager obtains access control information from a FBB metadata file stored with the FBB in backup storage.
  • the FBB metadata file manager determines a subset of the FBB for which the entity context has access permission(s). In one or more embodiments, access to the subset of the FBB is enabled using any of the access methods described herein. In one or more embodiments, prior to enabling access to the subset of the FBB, the FBB metadata file manager may determine, via a security manager, that the entity context is associated with override FBB subset information that indicates the entity context is allowed to access a portion of the FBB that is different than what the access control information indicates. In one or more embodiments, in such scenarios, access to the portion of the FBB indicated by the override FBB subset information may be made accessible to the application.
  • FIG. 1 shows an example system in accordance with one or more embodiments described herein.
  • the system includes a backup agent ( 100 ), one or more clients ( 120 ), a production host environment ( 130 ) and a backup storage system ( 150 ).
  • the system may include additional, fewer, and/or different components without departing from the scope of embodiments described herein.
  • Each component may be operably connected to any of the other components via any combination of wired and/or wireless connections (e.g., as part of a network).
  • Each component illustrated in FIG. 1 is discussed below.
  • the backup agent ( 100 ) manages backup operations of data in the production host environment ( 130 ).
  • the backup operations may include generating, storing, and/or recovering file based backups (FBBs) stored in the backup storage system ( 150 ).
  • FBBs file based backups
  • a FBB is a backup of a file system that has been updated, modified, and/or otherwise accessed by the applications ( 132 ) in the production host environment ( 130 ).
  • the backup agent ( 100 ) may perform the method of FIG. 3 C- 3 D to generate the FBBs.
  • the backup agent ( 100 ) further includes a FBB temporary storage device manager ( 102 ) (also referred to as a temporary storage device manager).
  • the temporary storage device manager ( 102 ) generates one or more temporary storage devices. Each temporary storage devices may include at least a portion of data in a FBB. The data may be copied from the FBB and stored in the temporary storage device such that the data in the temporary storage devices is accessible by the applications ( 132 ). The generation of the temporary storage devices may be performed in accordance with FIG. 3 B
  • the backup agent ( 100 ) is implemented as a computing device (see e.g., FIG. 5 ).
  • a computing device refers to a single computing device, a collection of computing devices, portion(s) of one or more computing devices, or any other logical grouping of computing resources.
  • a computing device is any device, portion of a device, or any set of devices capable of electronically processing instructions and may include, but is not limited to, any of the following: one or more processors (e.g. components that include integrated circuitry) (not shown), memory (e.g., random access memory (RAM)) (not shown), input and output device(s) (not shown), non-volatile storage hardware (e.g., solid-state drives (SSDs), hard disk drives (HDDs) (not shown)), one or more physical interfaces (e.g., network ports, storage ports) (not shown), any number of other hardware components (not shown), and/or any combination thereof.
  • processors e.g. components that include integrated circuitry
  • memory e.g., random access memory (RAM)
  • input and output device(s) not shown
  • non-volatile storage hardware e.g., solid-state drives (SSDs), hard disk drives (HDDs) (not shown)
  • one or more physical interfaces e.g.,
  • Examples of computing devices include, but are not limited to, a server (e.g., a blade-server in a blade-server chassis, a rack server in a rack, etc.), a desktop computer, a mobile device (e.g., laptop computer, smart phone, personal digital assistant, tablet computer, automobile computing system, and/or any other mobile computing device), a storage device (e.g., a disk drive array, a fibre channel storage device, an Internet Small Computer Systems Interface (iSCSI) storage device, a tape storage device, a flash storage array, a network attached storage device, etc.), a network device (e.g., switch, router, multi-layer switch, etc.), a virtual machine, a virtualized computing environment, a logical container (e.g., for one or more applications), and/or any other type of computing device with the aforementioned requirements.
  • a server e.g., a blade-server in a blade-server chassis, a rack server in a rack, etc.
  • a desktop computer
  • the non-volatile storage (not shown) and/or memory (not shown) of a computing device or system of computing devices may be one or more data repositories for storing any number of data structures storing any amount of data (i.e., information).
  • a data repository is any type of storage unit and/or device (e.g., a file system, database, collection of tables, RAM, and/or any other storage mechanism or medium) for storing data.
  • the data repository may include multiple different storage units and/or devices. The multiple different storage units and/or devices may or may not be of the same type or located at the same physical location.
  • any non-volatile storage (not shown) and/or memory (not shown) of a computing device or system of computing devices may be considered, in whole or in part, as non-transitory computer readable mediums storing software and/or firmware.
  • Such software and/or firmware may include instructions which, when executed by the one or more processors (not shown) or other hardware (e.g. circuitry) of a computing device and/or system of computing devices, cause the one or more processors and/or other hardware components to perform operations in accordance with one or more embodiments described herein.
  • the software instructions may be in the form of computer readable program code to perform methods of embodiments as described herein, and may, as an example, be stored, in whole or in part, temporarily or permanently, on a non-transitory computer readable medium such as a compact disc (CD), digital versatile disc (DVD), storage device, diskette, tape storage, flash storage, physical memory, or any other non-transitory computer readable medium.
  • a non-transitory computer readable medium such as a compact disc (CD), digital versatile disc (DVD), storage device, diskette, tape storage, flash storage, physical memory, or any other non-transitory computer readable medium.
  • the backup agent ( 100 ) is implemented as a logical device.
  • the logical device may utilize the computing resources of any number of computing devices and thereby provide the functionality of the backup agent ( 100 ) described throughout this application and/or all, or a portion thereof, of the methods illustrated in FIGS. 3 A- 3 D .
  • a logical device necessarily requires including the physical computing resources in order to execute. Accordingly, the backup agent ( 100 ), or any other component described herein as all or any portion of a computing device should be understood to include physical hardware necessary to perform the described functionality of the particular component.
  • backup agent ( 100 ) is illustrated in FIG. 1 as being a separate entity, the backup agent ( 100 ), and any components thereof, may be executed as part of the production host environment ( 130 ), the backup storage system ( 150 ), the clients ( 120 ), and/or any other entities without departing from the scope of embodiments described herein.
  • the production host environment ( 130 ) hosts applications ( 132 ).
  • the applications ( 132 ) may be logical entities executed using computing resources (not shown) of the production host environment ( 130 ). Each of the applications may be performing similar or different processes.
  • the applications ( 132 ) provide services to users (not shown), e.g., of clients ( 120 ).
  • the applications ( 132 ) may host components.
  • the components may be, for example, instances of databases, email servers, and/or other components.
  • the applications ( 132 ) may host other types of components without departing from the scope of embodiments described herein.
  • the applications ( 132 ) generate application data to be utilized for the servicing of the users.
  • the application data may be organized in accordance with a file system.
  • the file system may include any number of files organized into directories.
  • the directories may include paths for accessing the files.
  • the file system may be stored in the persistent storage ( 134 ) of the production host environment ( 130 ).
  • the applications ( 132 ) are implemented as computer instructions, e.g., computer code, stored on a persistent storage (e.g., 134 ) that when executed by a processor(s) of the production host environment ( 130 ) cause the production host environment ( 130 ) to provide the functionality of the applications ( 132 ) described throughout this application.
  • a persistent storage e.g., 134
  • the production host environment ( 130 ) further includes a FBB metadata file manager ( 136 ).
  • the FBB metadata file manager ( 136 ) obtains FBB metadata files, obtains the relevant metadata attributes, and prepares a FBB virtual file system for the applications ( 132 ) to use when accessing data in the FBBs stored in the backup storage system ( 150 ).
  • the FBB metadata file manager ( 136 ) may perform the method of FIG. 3 A to generate the FBB virtual file system.
  • the FBB metadata file manager ( 136 ) also includes functionality to obtain an entity context for any attempt to access the FBB by any of the applications ( 132 ).
  • an entity context includes any security information relating to what a given entity (e.g., an application, a user using an application via a user interface, etc.).
  • an entity context may be a username and password of a user using an application on the production host environment ( 130 ).
  • the system includes a security manager ( 160 ). As shown in FIG. 1 , the security manager ( 160 ) is included in the production host environment ( 130 ). Alternatively, the security manager ( 160 ) may be separate from and operatively connected to the production host environment ( 130 ). In one or more embodiments, the security manager includes functionality to receive an entity context from the FBB metadata file manager, and to authenticate the entity. In one or more embodiments, authenticating an entity includes verifying the information included in the entity context. As an example, authenticating an entity may include verifying that a username is valid, and that an associated password is correct.
  • the security manager ( 160 ) also includes functionality to provide any override FBB subset information to a FBB metadata file manager, which may override any access control information obtained from the FBB metadata file.
  • a FBB metadata file manager may override any access control information obtained from the FBB metadata file.
  • administrator entities may have access to additional portions of the FBB than is indicated in the access control information of the FBB metadata file.
  • access permissions for the FBB may have changed since the FBB and corresponding FBB metadata file were created.
  • the override FBB subset information may include what subset of the FBB the entity associated with the entity context may currently access.
  • the production host environment ( 130 ) is implemented as a computing device (described above, also see e.g., FIG. 5 ). In one or more embodiments described herein, the production host environment ( 130 ) is implemented as a logical device. The logical device may utilize the computing resources of any number of computing devices and thereby provide the functionality of the production host environment ( 130 ) described throughout this application.
  • each of the backup storage systems ( 150 ) stores FBBs.
  • the FBBs may be backups for file systems.
  • the file systems may be based on files used by the applications ( 132 ).
  • the FBBs may each correspond to a point in time of the file system.
  • the FBBs may be used to restore the file system as it existed at the corresponding point in time.
  • the backup storage system ( 150 ) is implemented as a computing device (described above, also see e.g., FIG. 5 ). In one or more embodiments described herein, the backup storage system ( 150 ) is implemented as a logical device. The logical device may utilize the computing resources of any number of computing devices and thereby provide the functionality of the backup storage system ( 150 ) described throughout this application.
  • FIG. 2 shows a diagram of a file based backup (FBB) in accordance with one or more embodiments described herein.
  • the FBB ( 200 ) may be an embodiment of a FBB discussed in FIG. 1 .
  • FBB ( 200 ) is a data structure that includes the data in a file system at a point in time.
  • the FBB ( 200 ) may include file system data ( 202 ) and a FBB metadata file ( 204 ).
  • the file system data ( 202 ) includes data for one or more files ( 202 A, 202 B). Each file data ( 202 A, 202 B) may correspond to a file in the file system.
  • the file data also referred to as file system data
  • the data tags may be associated with the storage format of the file data ( 202 A, 202 B).
  • the file data ( 202 A, 202 B) may be stored in a common data streaming format (CDSF).
  • CDSF may be a format that includes the data tags that may correspond to a portion of data and may specify the FBB corresponding to the portion of data.
  • the file data ( 202 A, 202 B) may include: (i) the data of the files and/or file system and (ii) the data tags that specify the metadata of one or more portions of data of the file data ( 202 A, 202 B).
  • the FBB metadata file ( 204 ) is a data structure that includes metadata corresponding to the files in the file system data ( 202 ).
  • the metadata may include attributes ( 204 A, 204 N) of a file. Each attribute may describe an aspect of a file. Examples of attributes ( 204 A, 204 N) include, but are not limited to: a file identifier, a parent file identifier, a container identifier, a file size, a hash value of the file data, a checksum value of the file data, a header size, and an offset of the file.
  • the attributes in the FBB metadata file ( 204 ) are grouped into attribute regions.
  • the attribute regions may be groupings of the metadata attributes.
  • the attribute regions may be grouped based on a likelihood of an attribute changing between various iterations of a FBB (e.g., 200 ).
  • a first attribute e.g., a file size
  • a second attribute e.g., a file name
  • the first attribute may correspond to a first attribute region
  • the second attribute may correspond to a second attribute region.
  • the FBB metadata file also includes access control information ( 206 ).
  • access control information is any information stored in any format or data structure type that includes a mapping of entities and access permissions for portions of the FBB.
  • each file, folder, sub-folder, etc. in the FBB may have an associated access control list (ACL) that includes a listing of entities that have permission to access the portion, that specifically may not access the portion, etc.
  • Access control information may be considered an attribute, as described above, of a particular file, folder, etc. of the FBB.
  • FIGS. 3 A- 3 E show flowcharts in accordance with one or more embodiments described herein. While the various steps in the flowcharts are presented and described sequentially, one of ordinary skill in the relevant art will appreciate that some or all of the steps may be executed in different orders, may be combined or omitted, and some or all steps may be executed in parallel. In one or more embodiments described herein, the steps shown in FIGS. 3 A- 3 D may be performed in parallel with any other steps shown in FIGS. 3 A- 3 D without departing from the scope embodiments described herein.
  • FIG. 3 A shows a flowchart for managing instant access for a file based backup in accordance with one or more embodiments described herein.
  • the method shown in FIG. 3 A may be performed by, for example, a FBB metadata file manager (e.g., 136 , FIG. 1 ).
  • Other components of the system illustrated in FIG. 1 may perform the method of FIG. 3 A without departing from the scope of embodiments described herein.
  • a FBB mount request for a FBB mount for a FBB is obtained from an application.
  • the FBB mount request specifies mounting a subset of the file system of the FBB (which may be referred to as a subset of the FBB) in the production host environment such that the application has access to the data (e.g., files) in the FBB.
  • the FBB mount request may specify the point in time associated with the file system.
  • a FBB in a backup storage system is identified.
  • the FBB is identified based on the specified point in time in the FBB mount request. Further, the FBB may be identified based on the specified file system.
  • the FBB metadata file manager (or other entity) may analyze the FBBs stored in the backup storage system to identify a FBB that corresponds to the requested file system and/or point in time.
  • a FBB metadata file corresponding to the FBB is obtained from the backup storage system.
  • the FBB metadata file manager may send a request (e.g., as an API command) to the backup storage system that specifies the FBB metadata file of the identified FBB. Any other technique for obtaining information may be used to obtain the FBB metadata file without departing from the scope of embodiments described herein.
  • an attribute analysis is performed on attributes specified in the FBB metadata file to identify storage location attributes in the FBB metadata file.
  • the attribute analysis is a process for analyzing the attributes specified in the FBB metadata file that specify the storage location of the data and enable access to the data.
  • attributes may include, but are not limited to: an offset of a portion of data in a storage device, a size of the portion of data, a file name corresponding to the portion of data, and a file path based on the file system.
  • a FBB virtual file system is stored in the production host environment based on the attribute analysis.
  • the FBB virtual file system is an organization of the storage attributes such that the application may access (e.g., read) data of the file system from the FBB.
  • the FBB virtual file system would be organized on a file-storage basis such that the FBB virtual file system would specify each file in the file system of the FBB and the storage of the data corresponding to each file.
  • step 310 access to the FBB virtual file system by the application is enabled.
  • the access includes establishing the organization of the FBB virtual file system so that the application may send read requests for the data (e.g., one or more files) in the FBB.
  • the entity servicing the read request e.g., a driver in the production host environment
  • the access to the FBB virtual file system may include obtaining a read request for the file system data in the FBB.
  • the file system data may include files.
  • the entity (e.g., the FBB metadata file manager) managing the FBB virtual file system may identify a file path corresponding to the requested data.
  • the file path may specify the portions of data corresponding to the requested files.
  • the requested data may be obtained from the backup storage system. For example, a copy of the requested data may be generated and provided to the application.
  • the read request may be serviced in accordance with FIG. 3 B .
  • the read request may be serviced in accordance with any other method without departing from the scope of embodiments described herein.
  • FIG. 3 B shows a flowchart for managing temporary storage devices in accordance with one or more embodiments described herein.
  • the method shown in FIG. 3 B may be performed by, for example, a FBB temporary storage device manager (e.g., 102 , FIG. 1 ).
  • Other components of the system illustrated in FIG. 1 may perform the method of FIG. 3 B without departing from the scope of embodiments described herein.
  • a file request for a set of one or more files stored in a FBB is obtained from an application.
  • the file request may specify a desire to write, read from, and/or otherwise access the set of files from the FBB.
  • the storage of the set of files is identified in the backup storage system.
  • the storage of the set of files is identified using a FBB virtual file system.
  • the FBB virtual file system may specify each of the set of files and the storage locations of the set of files in the backup storage system.
  • step 324 generation of a temporary storage device is initiated that includes a copy of the set of files of the FBB.
  • the temporary storage device is generated by partitioning a portion of the storage of the backup agent (or other entity managing the temporary storage devices) to be reserved for the set of files.
  • the temporary storage device may be populated with a copy of the data from the FBB.
  • the copy may be generated without the data tags of the file system data. In this manner, the data corresponding to the set of files may be organized to enable access to the data by the application without the data tags interrupting the access to the data.
  • step 326 access to the temporary storage device is initiated by the application.
  • the generation of the temporary storage device results in an update to the FBB virtual file system such that the application may access the data in the temporary storage device via the FBB virtual file system.
  • the access includes allowing the application to read from, write to, and/or otherwise modify the data in the temporary storage device via the FBB virtual file system. Any modifications to the data by the application may be stored and tracked in the temporary storage device.
  • the temporary storage device may be deleted following a generation of a FBB of the file system to which the data in the temporary storage device corresponds to.
  • the FBB may be generated in accordance with FIG. 3 B and/or FIG. 3 C .
  • the FBB may be generated via any other process without departing from the scope of embodiments described herein.
  • the temporary storage device may be deleted based on any other policy without departing from the scope of embodiments described herein.
  • FIG. 3 C shows a flowchart for generating and storing a file based backup in accordance with one or more embodiments described herein.
  • the method shown in FIG. 3 C may be performed by, for example, a backup agent (e.g., 100 , FIG. 1 ).
  • a backup agent e.g., 100 , FIG. 1
  • Other components of the system illustrated in FIG. 1 may perform the method of FIG. 3 C without departing from the scope of embodiments described herein.
  • a FBB request is obtained for a file system at a point in time.
  • the FBB request may specify generating and storing a FBB of the file system at the point in time.
  • the FBB request may specify the backup storage system in which the FBB is to be stored.
  • a set of temporary storage devices associated with the file system is identified.
  • the set of temporary storage devices that are identified are those that have been generated based on the file system.
  • the temporary storage devices may be identified based on temporary storage device identifiers of the temporary storage devices.
  • Each of the temporary storage devices may specify the file system and/or a set of data corresponding to the file system.
  • step 344 generating a FBB using data in the production host environment and the set of temporary storage devices.
  • the FBB is generated by generating a copy of the data in the production host environment, generating a copy of the data in the set of temporary storage devices, replacing any data in the production host environment with the corresponding data in the set of temporary storage devices.
  • a FBB metadata file corresponding to the FBB is generated.
  • the FBB metadata file is generated by generating metadata attributes corresponding to each file in the file system.
  • the metadata file may be populated based on the corresponding attributes of the copy of the data generated in step 344 (e.g., file name identifiers, file size, etc.).
  • the storage location attributes of the FBB metadata file may be generated based on the storage of the FBB in the backup storage system as performed in step 348 .
  • the FBB and the FBB metadata file is stored in the backup storage system.
  • the storage includes storing the FBB in a CDSF.
  • the storage of the FBB may include generating data tags for portions of the data in the FBB, storing the data tags with the portions of the data, and tracking the storage of the data in the FBB metadata file.
  • FIG. 3 D shows a flowchart for generating and storing a file based backup based on a target backup storage system in accordance with one or more embodiments described herein.
  • the method shown in FIG. 3 D may be performed by, for example, a backup agent (e.g., 100 , FIG. 1 ).
  • a backup agent e.g., 100 , FIG. 1
  • Other components of the system illustrated in FIG. 1 may perform the method of FIG. 3 D without departing from the scope of embodiments described herein.
  • a FBB generation request for a file system at a point in time is obtained.
  • the FBB generation request may specify generating and storing a FBB of the file system at the point in time.
  • the FBB request may specify the backup storage system in which the FBB is to be stored. Alternatively, the backup storage system may not be specified in the FBB generation request.
  • a target backup storage system in which to store the FBB is identified.
  • the backup agent may identify the target backup storage system by identifying the connection to one or more backup storage systems, determining one of the backup storage systems that may store the FBB in a CDSF. The backup agent may select, from the determined backup storage systems, a target storage system.
  • a target exposed API associated with the target backup storage system is identified.
  • the backup agent may identify a target exposed API of the target backup storage system by establishing a connection with the target backup storage system, sending a request of the API protocol implemented by the target backup storage system, and obtaining a response from the target backup storage system.
  • a FBB is generated corresponding to the FBB generation request.
  • the FBB is generated by generating a copy of the data in the production host environment, generating a copy of the data in a set of temporary storage devices, replacing any data in the production host environment with the corresponding data in the set of temporary storage devices.
  • an API command is generated based on the FBB.
  • the API command specifies the storage of the FBB in the CDSF.
  • the API command may be generated based on the exposed API identified for the target backup storage system.
  • step 370 storage of the FBB is initiated using the API command.
  • the API command is sent to the target backup storage system.
  • the API command may include, or otherwise reference, the FBB.
  • the target backup storage system may perform the storage of the FBB in the CDSF.
  • FIG. 3 E shows a flowchart describing a method for providing secure instant access to a FBB in accordance with one or more embodiments described herein.
  • an FBB mount request is obtained from an application to mount all or any portion a portion of a FBB.
  • the request is made by the application, or a user thereof, attempting to gain instant access to the FBB for portion thereof.
  • the request is obtained by the FBB metadata file manager.
  • the FBB metadata file manager monitors the applications of the production host environment for any requests to access the FBB, and obtains such requests.
  • the FBB metadata file manager captures an entity context associated with the application from which the request was obtained in Step 380 .
  • the entity context is obtained via any scheme for obtaining entity context information from any source of such information.
  • the FBB metadata file manager may, in response to the request, query the application from which the request was obtained in order to receive the entity context (e.g., a user name and password of a user using the application) associated with the application.
  • the application may be associated with a security token that exists to identify the application for any authentication attempt.
  • the entity associated with the entity context is authenticated.
  • authenticating the entity includes using the obtained entity context, and verifying that the entity is properly authenticated.
  • authenticating an entity using an entity context may include verifying that a username of the entity context is a known username in a given domain, and that the password of the entity context is the correct password for the username.
  • the request to access the FBB may be denied.
  • the entity context may be authenticated by a request for authentication made from the FBB metadata file manager to a security manager. The security manager may be able to authenticate the entity context, and/or may engage an external authentication service to authenticate the entity context.
  • access control information associated with the FBB for which instant access was requested is obtained.
  • the access control information is included in the FBB metadata file stored with the FBB in backup storage.
  • the entire FBB metadata file is obtained by the FBB metadata file manager, and then parsed to obtain the access control information therein.
  • the FBB metadata file manager extracts only the access control information and stores it on the production host environment.
  • the FBB metadata file manager builds a temporary access control information store on the production host environment.
  • a subset of the FBB that the entity has permission to access is obtained.
  • the entity context, or any portion thereof is used, along with the access control information, to determine the subset of the FBB that the application that generated the request in Step 380 may access.
  • a portion of an entity context associated with a user of the application may be used as a key to identify a subset of the files and folders stored in the FBB that the user has permission(s) to access, and the subset may be identified using the portion of the entity context and the access control information.
  • override FBB subset information includes information associated with a given entity regarding what portions of a FBB the entity may access, which supersedes whatever subset of the FBB information the access control information indicated the entity had permission to access.
  • Override FBB subset information may be configurable. As such, any entity may be configured, via override FBB subset information, to have permission to access any portion of the FBB. As an example, a system administrator may be associated with access to the entire FBB regardless of what the access control information indicates.
  • the access control information may be outdated, as changes may have occurred to the access control scheme since the last FBB (and associated FBB metadata file) was stored.
  • the FBB metadata file manager determines whether override FBB subset information is available by querying the security manager. In one or more embodiments, if override FBB subset information is available, the method proceeds to step 394 . In one or more embodiments, if there is no override FBB subset information, the method proceeds to step 392 .
  • access is enabled to the subset of the FBB that the authenticated entity has permission to access, based on the access control information obtained from the FBB metadata file by the FBB metadata file manager.
  • access is provided using any scheme of any embodiment described herein.
  • access may be enabled using a virtual file system, temporary storage, etc. (see, e.g., FIGS. 3 A- 3 D ).
  • access is enabled to the portion of the FBB that the authenticated entity has permission to access, based on the override FBB subset information obtained from the security manager by the FBB metadata file manager.
  • access is provided using any scheme of any embodiment described herein.
  • access may be enabled using a virtual file system, temporary storage, etc. (see, e.g., FIGS. 3 A- 3 D ).
  • the method ends following step 392 or step 394 .
  • FIGS. 4 A- 4 C The following section describes an example.
  • the example, illustrated in FIGS. 4 A- 4 C is not intended to limit the scope of embodiments described herein and is independent from any other examples discussed in this application.
  • a backup storage system stores a file based backup (FBB) in a common data streaming format (CDSF).
  • FBB file based backup
  • CDSF common data streaming format
  • FIG. 4 A shows a diagram of an example system.
  • the example system includes a backup storage system ( 450 ) and a production host environment ( 430 ).
  • the backup storage system ( 450 ) includes FBB A ( 452 ) which includes FBB A data ( 454 ) and a FBB metadata file ( 456 ).
  • the production host environment includes an application A ( 432 ), a FBB metadata file manager ( 434 ), and a security manager ( 438 ).
  • Application A ( 432 ) sends a FBB mount request to the FBB metadata file manager ( 434 ) that specifies the mounting of FBB A ( 452 ) for access by application A ( 432 ) [1].
  • the FBB metadata file manager then captures an entity context associated with application A ( 432 ), and uses the entity context to request the security manager ( 438 ) to authenticate the entity associated with the entity context. In this example, the authentication is successful.
  • the FBB metadata file manager ( 434 ) obtains access control information for FBB A ( 452 ) from the FBB metadata file ( 456 ), and determines a subset of the FBB that the entity has permission to access.
  • the FBB metadata file manager ( 434 ) checks with the security manager ( 438 ) to determine whether override FBB subset information exists associated with the entity context. In this example, there is no override FBB subset information available. [4]. Therefore, the FBB metadata file manager enables access to the subset of the FBB determined using the access control information.
  • the FBB metadata file manager ( 434 ) performs the method of FIG. 3 A to mount a subset of FBB A ( 452 ). [5] Specifically, the FBB metadata file manager ( 434 ) obtains relevant attributes from the FBB metadata file ( 456 ) such as the storage location, file names, and file paths of the FBB A data ( 454 ). The FBB metadata file manager ( 434 ) utilizes the relevant attributes to generate a FBB A virtual file system ( 436 ) [3]. The FBB virtual file system ( 436 ) specifies each file in the file system of the FBB ( 452 ) and the storage location of each file in the backup storage system ( 450 ). The FBB virtual file system ( 436 ) further includes the file paths used for accessing by the application ( 432 ).
  • FIG. 5 shows a diagram of a computing device in accordance with one or more embodiments described herein.
  • the computing device ( 500 ) may include one or more computer processors ( 502 ), non-persistent storage ( 504 ) (e.g., volatile memory, such as random access memory (RAM), cache memory), persistent storage ( 506 ) (e.g., a hard disk, an optical drive such as a compact disk (CD) drive or digital versatile disk (DVD) drive, a flash memory, etc.), a communication interface ( 512 ) (e.g., Bluetooth interface, infrared interface, network interface, optical interface, etc.), input devices ( 510 ), output devices ( 508 ), and numerous other elements (not shown) and functionalities. Each of these components is described below.
  • non-persistent storage e.g., volatile memory, such as random access memory (RAM), cache memory
  • persistent storage e.g., a hard disk, an optical drive such as a compact disk (CD) drive or digital versatile disk (
  • the computer processor(s) ( 502 ) may be an integrated circuit for processing instructions.
  • the computer processor(s) may be one or more cores or micro-cores of a processor.
  • the computing device ( 500 ) may also include one or more input devices ( 510 ), such as a touchscreen, keyboard, mouse, microphone, touchpad, electronic pen, or any other type of input device.
  • the communication interface ( 512 ) may include an integrated circuit for connecting the computing device ( 500 ) to a network (not shown) (e.g., a local area network (LAN), a wide area network (WAN) such as the Internet, mobile network, or any other type of network) and/or to another device, such as another computing device.
  • a network not shown
  • LAN local area network
  • WAN wide area network
  • the computing device ( 500 ) may include one or more output devices ( 508 ), such as a screen (e.g., a liquid crystal display (LCD), a plasma display, touchscreen, cathode ray tube (CRT) monitor, projector, or other display device), a printer, external storage, or any other output device.
  • a screen e.g., a liquid crystal display (LCD), a plasma display, touchscreen, cathode ray tube (CRT) monitor, projector, or other display device
  • One or more of the output devices may be the same or different from the input device(s).
  • the input and output device(s) may be locally or remotely connected to the computer processor(s) ( 502 ), non-persistent storage ( 504 ), and persistent storage ( 506 ).
  • One or more embodiments described herein may improve the operation of one or more computing devices. More specifically, embodiments described herein improve the operation of the storage and access of data for file systems stored in backups stored in a backup storage system. Embodiments described herein provide a use of a virtual file system that is tailored to access data for a file based backup that is stored in a format that would otherwise make access to such data difficult, and secures such access based on entity contexts associated with applications requesting instant FBB access.
  • Embodiments described herein further include providing temporary storage devices for requested data in the file based backup to be accessed by applications.
  • the use of the temporary storage devices prevent modifications to the data in the file based backups, which would be undesirable when restoring the file system to a previous point in time. Further, the data in the temporary storage device may be used for future backups of the file system.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Databases & Information Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Quality & Reliability (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

Embodiments described herein relate to a method for managing file based backups (FBBs). The method may include obtaining a FBB mount request for a FBB mount of a FBB from an application, wherein the application is executing in a production host environment and the FBB is stored on backup storage; in response to the FBB mount request: capturing an entity context associated with the application; authenticating the entity context; obtaining, when the authenticating is successful, access control information corresponding to the FBB from the backup storage; determining a subset of the FBB for which the access control information indicates the entity context has permission to access; and enabling access to a portion of the FBB by the application.

Description

BACKGROUND
Computing devices in a system may include any number of internal components such as processors, memory, and persistent storage. The storage of data across multiple computing devices may require significant use of such internal components. Performing deduplication on such data prior to storage may improve the overall operation of such computing devices.
SUMMARY
In general, in one aspect, embodiments described herein relate to a method for managing file based backups (FBBs). The method may include obtaining, by a FBB metadata file manager, a FBB mount request for a FBB mount of a FBB from an application, wherein the application is executing in a production host environment and the FBB is stored on backup storage; in response to the FBB mount request: capturing, by the FBB metadata file manager, an entity context associated with the application; authenticating, by the FBB metadata file manager, the entity context; obtaining, by the FBB metadata file manager and when the authenticating is successful, access control information corresponding to the FBB from the backup storage; determining, by the FBB metadata file manager, a subset of the FBB for which the access control information indicates the entity context has permission to access; and enabling, by the FBB metadata file manager, access to a portion of the FBB by the application.
In general, in one aspect, embodiments described herein relate to a non-transitory computer readable medium that includes computer readable program code, which when executed by a computer processor enables the computer processor to perform a method for managing file based backups (FBBs). The method may include obtaining, by a FBB metadata file manager, a FBB mount request for a FBB mount of a FBB from an application, wherein the application is executing in a production host environment and the FBB is stored on backup storage; in response to the FBB mount request: capturing, by the FBB metadata file manager, an entity context associated with the application; authenticating, by the FBB metadata file manager, the entity context; obtaining, by the FBB metadata file manager and when the authenticating is successful, access control information corresponding to the FBB from the backup storage; determining, by the FBB metadata file manager, a subset of the FBB for which the access control information indicates the entity context has permission to access; and enabling, by the FBB metadata file manager, access to a portion of the FBB by the application.
In general, in one aspect, embodiments described herein relate to a system for managing file based backups (FBBs). The system may include a processor, memory, and a FBB metadata file manager. The FBB metadata file manager may be configured to: obtain a FBB mount request for a FBB mount of a FBB from an application, wherein the application is executing in a production host environment and the FBB is stored on backup storage; in response to the FBB mount request: capture an entity context associated with the application; authenticate the entity context; obtain, when the authentication is successful, access control information corresponding to the FBB from the backup storage; determine a subset of the FBB for which the access control information indicates the entity context has permission to access; and enable access to a portion of the FBB by the application.
Other aspects of the embodiments disclosed herein will be apparent from the following description and the appended claims.
BRIEF DESCRIPTION OF DRAWINGS
Certain embodiments described herein will be described with reference to the accompanying drawings. However, the accompanying drawings illustrate only certain aspects or implementations of the embodiments by way of example and are not meant to limit the scope of the claims.
FIG. 1 shows a diagram of a system in accordance with one or more embodiments described herein.
FIG. 2 shows a diagram of a file based backup (FBB) in accordance with one or more embodiments described herein.
FIG. 3A shows a flowchart for managing instant access of a file based backup in accordance with one or more embodiments described herein.
FIG. 3B shows a flowchart for managing temporary storage devices in accordance with one or more embodiments described herein.
FIG. 3C shows a flowchart for generating and storing a file based backup in accordance with one or more embodiments described herein.
FIG. 3D shows a flowchart for generating and storing a file based backup based on a target backup storage system in accordance with one or more embodiments described herein.
FIG. 3E shows a flowchart for providing security for instant access of file based backups in accordance with one or more embodiments described herein.
FIG. 4 shows an example in accordance with one or more embodiments described herein.
FIG. 5 shows a diagram of a computing device in accordance with one or more embodiments described herein.
 DETAILED DESCRIPTION
Specific embodiments will now be described with reference to the accompanying figures.
In the below description, numerous details are set forth as examples of embodiments described herein. It will be understood by those skilled in the art (who also have the benefit of this Detailed Description) that one or more embodiments of embodiments described herein may be practiced without these specific details, and that numerous variations or modifications may be possible without departing from the scope of the embodiments described herein. Certain details known to those of ordinary skill in the art may be omitted to avoid obscuring the description.
In the below description of the figures, any component described with regard to a figure, in various embodiments described herein, may be equivalent to one or more like-named components described with regard to any other figure. For brevity, descriptions of these components may not be repeated with regard to each figure. Thus, each and every embodiment of the components of each figure is incorporated by reference and assumed to be optionally present within every other figure having one or more like-named components. Additionally, in accordance with various embodiments described herein, any description of the components of a figure is to be interpreted as an optional embodiment, which may be implemented in addition to, in conjunction with, or in place of the embodiments described with regard to a corresponding like-named component in any other figure.
Throughout the application, ordinal numbers (e.g., first, second, third, etc.) may be used as an adjective for an element (i.e., any noun in the application). The use of ordinal numbers is not to imply or create any particular ordering of the elements, nor to limit any element to being only a single element unless expressly disclosed, such as by the use of the terms “before”, “after”, “single”, and other such terminology. Rather, the use of ordinal numbers is to distinguish between the elements. By way of an example, a first element is distinct from a second element, and the first element may encompass more than one element and succeed (or precede) the second element in an ordering of elements.
Throughout this application, elements of figures may be labeled as A to N. As used herein, the aforementioned labeling means that the element may include any number of items and does not require that the element include the same number of elements as any other item labeled as A to N. For example, a data structure may include a first element labeled as A and a second element labeled as N. This labeling convention means that the data structure may include any number of the elements. A second data structure, also labeled as A to N, may also include any number of elements. The number of elements of the first data structure and the number of elements of the second data structure may be the same or different.
As used herein, the phrase operatively connected, or operative connection, means that there exists between elements/components/devices a direct or indirect connection that allows the elements to interact with one another in some way. For example, the phrase ‘operatively connected’ may refer to any direct (e.g., wired directly between two devices or components) or indirect (e.g., wired and/or wireless connections between any number of devices or components connecting the operatively connected devices) connection. Thus, any path through which information may travel may be considered an operative connection.
In general, embodiments described herein relate to methods, systems, and non-transitory computer readable mediums storing instructions for managing file based backups. One or more embodiments relate to a system for utilizing a file based backup (FBB) metadata file of a FBB stored in a backup storage system to enable access to the data of the FBB. Such access may be provided by an application managing the file system corresponding to the FBB. The application may operate from a production host environment that is operatively connected to the backup storage system. The FBB metadata file may be utilized by obtaining attributes corresponding to the data in the FBB, including the storage location, file name, and file size, and allowing access to those attributes by the applications. A FBB metadata file manager executing on the production host environment may utilize the obtained attributes to enable access to the data (e.g., the files) in the FBB by the applications. For example, the FBB metadata file manager may implement a virtual file system that specifies the files in the file based backup and the storage location in the backup storage system.
Embodiments described herein further may include a method for managing the data accessed by the applications by generating temporary storage devices. A backup agent would manage the generation and execution of the temporary storage devices. The temporary storage devices may be instantiated in the production host environment, in the backup storage system, or in an additional entity without departing from the scope of embodiments described herein. A temporary storage device manager may generate the temporary storage devices and populate them with requested data from a FBB stored in the backup storage device. The temporary storage device manager may store a copy of the requested data in the temporary storage device. The application requesting the data may read and/or write to the data in the temporary storage device. The temporary storage device may be used in the generation of future FBBs of the file system used by the application.
Embodiments described herein further include methods for generating and storing the FBBs in target backup storage devices regardless of the storage protocol implemented by the backup storage systems. Embodiments described herein include generating the FBB backup, identifying the target backup system to which the FBB is to be stored, identifying the target exposed API(s) provided by the identified backup storage system, and generating an API command based on the identified exposed API(s).
Embodiments described herein further include managing certain aspects of security related to a FBB. Specifically, in one or more embodiments, when an application seeks access to all or any portion of a FBB, a FBB metadata file manager executing in a production host environment obtains an entity context (e.g., security credentials associated with the application and/or a user using the application vi a user interface). In one or more embodiments, the FBB metadata file manager then uses a security manager to authenticate the entity using the entity context. In one or more embodiments, once the entity context is authenticated, the FBB metadata file manager obtains access control information from a FBB metadata file stored with the FBB in backup storage. In one or more embodiments, the FBB metadata file manager then determines a subset of the FBB for which the entity context has access permission(s). In one or more embodiments, access to the subset of the FBB is enabled using any of the access methods described herein. In one or more embodiments, prior to enabling access to the subset of the FBB, the FBB metadata file manager may determine, via a security manager, that the entity context is associated with override FBB subset information that indicates the entity context is allowed to access a portion of the FBB that is different than what the access control information indicates. In one or more embodiments, in such scenarios, access to the portion of the FBB indicated by the override FBB subset information may be made accessible to the application.
FIG. 1 shows an example system in accordance with one or more embodiments described herein. The system includes a backup agent (100), one or more clients (120), a production host environment (130) and a backup storage system (150). The system may include additional, fewer, and/or different components without departing from the scope of embodiments described herein. Each component may be operably connected to any of the other components via any combination of wired and/or wireless connections (e.g., as part of a network). Each component illustrated in FIG. 1 is discussed below.
In one or more embodiments described herein, the backup agent (100) manages backup operations of data in the production host environment (130). The backup operations may include generating, storing, and/or recovering file based backups (FBBs) stored in the backup storage system (150). In one or more embodiments described herein, a FBB is a backup of a file system that has been updated, modified, and/or otherwise accessed by the applications (132) in the production host environment (130). The backup agent (100) may perform the method of FIG. 3C-3D to generate the FBBs.
In one or more embodiments described herein, the backup agent (100) further includes a FBB temporary storage device manager (102) (also referred to as a temporary storage device manager). In one or more embodiments, the temporary storage device manager (102) generates one or more temporary storage devices. Each temporary storage devices may include at least a portion of data in a FBB. The data may be copied from the FBB and stored in the temporary storage device such that the data in the temporary storage devices is accessible by the applications (132). The generation of the temporary storage devices may be performed in accordance with FIG. 3B
In one or more embodiments described herein, the backup agent (100) is implemented as a computing device (see e.g., FIG. 5 ). As used herein, a computing device refers to a single computing device, a collection of computing devices, portion(s) of one or more computing devices, or any other logical grouping of computing resources.
In one or more embodiments, a computing device is any device, portion of a device, or any set of devices capable of electronically processing instructions and may include, but is not limited to, any of the following: one or more processors (e.g. components that include integrated circuitry) (not shown), memory (e.g., random access memory (RAM)) (not shown), input and output device(s) (not shown), non-volatile storage hardware (e.g., solid-state drives (SSDs), hard disk drives (HDDs) (not shown)), one or more physical interfaces (e.g., network ports, storage ports) (not shown), any number of other hardware components (not shown), and/or any combination thereof.
Examples of computing devices include, but are not limited to, a server (e.g., a blade-server in a blade-server chassis, a rack server in a rack, etc.), a desktop computer, a mobile device (e.g., laptop computer, smart phone, personal digital assistant, tablet computer, automobile computing system, and/or any other mobile computing device), a storage device (e.g., a disk drive array, a fibre channel storage device, an Internet Small Computer Systems Interface (iSCSI) storage device, a tape storage device, a flash storage array, a network attached storage device, etc.), a network device (e.g., switch, router, multi-layer switch, etc.), a virtual machine, a virtualized computing environment, a logical container (e.g., for one or more applications), and/or any other type of computing device with the aforementioned requirements. In one or more embodiments, any or all of the aforementioned examples may be combined to create a system of such devices, which may collectively be referred to as a computing device. Other types of computing devices may be used without departing from the scope of embodiments described herein.
In one or more embodiments, the non-volatile storage (not shown) and/or memory (not shown) of a computing device or system of computing devices may be one or more data repositories for storing any number of data structures storing any amount of data (i.e., information). In one or more embodiments, a data repository is any type of storage unit and/or device (e.g., a file system, database, collection of tables, RAM, and/or any other storage mechanism or medium) for storing data. Further, the data repository may include multiple different storage units and/or devices. The multiple different storage units and/or devices may or may not be of the same type or located at the same physical location.
In one or more embodiments, any non-volatile storage (not shown) and/or memory (not shown) of a computing device or system of computing devices may be considered, in whole or in part, as non-transitory computer readable mediums storing software and/or firmware.
Such software and/or firmware may include instructions which, when executed by the one or more processors (not shown) or other hardware (e.g. circuitry) of a computing device and/or system of computing devices, cause the one or more processors and/or other hardware components to perform operations in accordance with one or more embodiments described herein.
The software instructions may be in the form of computer readable program code to perform methods of embodiments as described herein, and may, as an example, be stored, in whole or in part, temporarily or permanently, on a non-transitory computer readable medium such as a compact disc (CD), digital versatile disc (DVD), storage device, diskette, tape storage, flash storage, physical memory, or any other non-transitory computer readable medium.
In one or more embodiments described herein, the backup agent (100) is implemented as a logical device. The logical device may utilize the computing resources of any number of computing devices and thereby provide the functionality of the backup agent (100) described throughout this application and/or all, or a portion thereof, of the methods illustrated in FIGS. 3A-3D. One of ordinary skill in the art will recognize that a logical device necessarily requires including the physical computing resources in order to execute. Accordingly, the backup agent (100), or any other component described herein as all or any portion of a computing device should be understood to include physical hardware necessary to perform the described functionality of the particular component.
While the backup agent (100) is illustrated in FIG. 1 as being a separate entity, the backup agent (100), and any components thereof, may be executed as part of the production host environment (130), the backup storage system (150), the clients (120), and/or any other entities without departing from the scope of embodiments described herein.
In one or more embodiments described herein, the production host environment (130) hosts applications (132). The applications (132) may be logical entities executed using computing resources (not shown) of the production host environment (130). Each of the applications may be performing similar or different processes. In one or more embodiments described herein, the applications (132) provide services to users (not shown), e.g., of clients (120). For example, the applications (132) may host components. The components may be, for example, instances of databases, email servers, and/or other components. The applications (132) may host other types of components without departing from the scope of embodiments described herein.
In one or more embodiments described herein, the applications (132) generate application data to be utilized for the servicing of the users. The application data may be organized in accordance with a file system. The file system may include any number of files organized into directories. For example, the directories may include paths for accessing the files. The file system may be stored in the persistent storage (134) of the production host environment (130).
In one or more of embodiments described herein, the applications (132) are implemented as computer instructions, e.g., computer code, stored on a persistent storage (e.g., 134) that when executed by a processor(s) of the production host environment (130) cause the production host environment (130) to provide the functionality of the applications (132) described throughout this application.
In one or more embodiments described herein, the production host environment (130) further includes a FBB metadata file manager (136). In one or more embodiments described herein, the FBB metadata file manager (136) obtains FBB metadata files, obtains the relevant metadata attributes, and prepares a FBB virtual file system for the applications (132) to use when accessing data in the FBBs stored in the backup storage system (150). The FBB metadata file manager (136) may perform the method of FIG. 3A to generate the FBB virtual file system. In one or more embodiments, the FBB metadata file manager (136) also includes functionality to obtain an entity context for any attempt to access the FBB by any of the applications (132). In one or more embodiments, an entity context includes any security information relating to what a given entity (e.g., an application, a user using an application via a user interface, etc.). As an example, an entity context may be a username and password of a user using an application on the production host environment (130).
In one or more embodiments, the system includes a security manager (160). As shown in FIG. 1 , the security manager (160) is included in the production host environment (130). Alternatively, the security manager (160) may be separate from and operatively connected to the production host environment (130). In one or more embodiments, the security manager includes functionality to receive an entity context from the FBB metadata file manager, and to authenticate the entity. In one or more embodiments, authenticating an entity includes verifying the information included in the entity context. As an example, authenticating an entity may include verifying that a username is valid, and that an associated password is correct. In one or more embodiments, the security manager (160) also includes functionality to provide any override FBB subset information to a FBB metadata file manager, which may override any access control information obtained from the FBB metadata file. For example, administrator entities may have access to additional portions of the FBB than is indicated in the access control information of the FBB metadata file. As another example, access permissions for the FBB may have changed since the FBB and corresponding FBB metadata file were created. In such scenarios, the override FBB subset information may include what subset of the FBB the entity associated with the entity context may currently access.
In one or more embodiments described herein, the production host environment (130) is implemented as a computing device (described above, also see e.g., FIG. 5 ). In one or more embodiments described herein, the production host environment (130) is implemented as a logical device. The logical device may utilize the computing resources of any number of computing devices and thereby provide the functionality of the production host environment (130) described throughout this application.
In one or more embodiments described herein, each of the backup storage systems (150) stores FBBs. The FBBs may be backups for file systems. The file systems may be based on files used by the applications (132). The FBBs may each correspond to a point in time of the file system. The FBBs may be used to restore the file system as it existed at the corresponding point in time.
In one or more embodiments described herein, the backup storage system (150) is implemented as a computing device (described above, also see e.g., FIG. 5 ). In one or more embodiments described herein, the backup storage system (150) is implemented as a logical device. The logical device may utilize the computing resources of any number of computing devices and thereby provide the functionality of the backup storage system (150) described throughout this application.
FIG. 2 shows a diagram of a file based backup (FBB) in accordance with one or more embodiments described herein. The FBB (200) may be an embodiment of a FBB discussed in FIG. 1 . As discussed above, FBB (200) is a data structure that includes the data in a file system at a point in time. The FBB (200) may include file system data (202) and a FBB metadata file (204).
In one or more embodiments described herein, the file system data (202) includes data for one or more files (202A, 202B). Each file data (202A, 202B) may correspond to a file in the file system. The file data (also referred to as file system data) may further include data tags. In one or more embodiments described herein, the data tags may be associated with the storage format of the file data (202A, 202B). For example, the file data (202A, 202B) may be stored in a common data streaming format (CDSF). In one or more embodiments described herein, the CDSF may be a format that includes the data tags that may correspond to a portion of data and may specify the FBB corresponding to the portion of data. In this manner, the file data (202A, 202B) may include: (i) the data of the files and/or file system and (ii) the data tags that specify the metadata of one or more portions of data of the file data (202A, 202B).
In one or more embodiments described herein, the FBB metadata file (204) is a data structure that includes metadata corresponding to the files in the file system data (202). The metadata may include attributes (204A, 204N) of a file. Each attribute may describe an aspect of a file. Examples of attributes (204A, 204N) include, but are not limited to: a file identifier, a parent file identifier, a container identifier, a file size, a hash value of the file data, a checksum value of the file data, a header size, and an offset of the file.
In one or more embodiments described herein, the attributes in the FBB metadata file (204) are grouped into attribute regions. The attribute regions may be groupings of the metadata attributes. The attribute regions may be grouped based on a likelihood of an attribute changing between various iterations of a FBB (e.g., 200).
For example, consider a scenario in which a first attribute (e.g., a file size) changes from a first iteration of a file system of a first FBB to a second iteration of the file system of a second FBB. In contrast, a second attribute (e.g., a file name) may remain the same between the two iterations of the file system. In such scenario, based on their likelihood to change in future iterations of the file system, the first attribute may correspond to a first attribute region, and the second attribute may correspond to a second attribute region.
In one or more embodiments, the FBB metadata file also includes access control information (206). In one or more embodiments, access control information is any information stored in any format or data structure type that includes a mapping of entities and access permissions for portions of the FBB. As an example, each file, folder, sub-folder, etc. in the FBB may have an associated access control list (ACL) that includes a listing of entities that have permission to access the portion, that specifically may not access the portion, etc. Access control information may be considered an attribute, as described above, of a particular file, folder, etc. of the FBB.
FIGS. 3A-3E show flowcharts in accordance with one or more embodiments described herein. While the various steps in the flowcharts are presented and described sequentially, one of ordinary skill in the relevant art will appreciate that some or all of the steps may be executed in different orders, may be combined or omitted, and some or all steps may be executed in parallel. In one or more embodiments described herein, the steps shown in FIGS. 3A-3D may be performed in parallel with any other steps shown in FIGS. 3A-3D without departing from the scope embodiments described herein.
FIG. 3A shows a flowchart for managing instant access for a file based backup in accordance with one or more embodiments described herein. The method shown in FIG. 3A may be performed by, for example, a FBB metadata file manager (e.g., 136, FIG. 1 ). Other components of the system illustrated in FIG. 1 may perform the method of FIG. 3A without departing from the scope of embodiments described herein.
Turning to FIG. 3A, in step 300, a FBB mount request for a FBB mount for a FBB is obtained from an application. In one or more embodiments described herein, the FBB mount request specifies mounting a subset of the file system of the FBB (which may be referred to as a subset of the FBB) in the production host environment such that the application has access to the data (e.g., files) in the FBB. The FBB mount request may specify the point in time associated with the file system.
In step 302, a FBB in a backup storage system is identified. In one or more embodiments described herein, the FBB is identified based on the specified point in time in the FBB mount request. Further, the FBB may be identified based on the specified file system. The FBB metadata file manager (or other entity) may analyze the FBBs stored in the backup storage system to identify a FBB that corresponds to the requested file system and/or point in time.
In step 304, a FBB metadata file corresponding to the FBB is obtained from the backup storage system. In one or more embodiments described herein, the FBB metadata file manager may send a request (e.g., as an API command) to the backup storage system that specifies the FBB metadata file of the identified FBB. Any other technique for obtaining information may be used to obtain the FBB metadata file without departing from the scope of embodiments described herein.
In step 306, an attribute analysis is performed on attributes specified in the FBB metadata file to identify storage location attributes in the FBB metadata file. In one or more embodiments described herein, the attribute analysis is a process for analyzing the attributes specified in the FBB metadata file that specify the storage location of the data and enable access to the data. Such attributes may include, but are not limited to: an offset of a portion of data in a storage device, a size of the portion of data, a file name corresponding to the portion of data, and a file path based on the file system.
In step 308, a FBB virtual file system is stored in the production host environment based on the attribute analysis. In one or more embodiments described herein, the FBB virtual file system is an organization of the storage attributes such that the application may access (e.g., read) data of the file system from the FBB. The FBB virtual file system would be organized on a file-storage basis such that the FBB virtual file system would specify each file in the file system of the FBB and the storage of the data corresponding to each file.
In step 310, access to the FBB virtual file system by the application is enabled. In one or more embodiments described herein, the access includes establishing the organization of the FBB virtual file system so that the application may send read requests for the data (e.g., one or more files) in the FBB. The entity servicing the read request (e.g., a driver in the production host environment) may utilize the FBB virtual file system to identify the file(s), the storage location of the data corresponding to the file(s), and send API requests to the backup storage system to obtain the specified data.
In one or more embodiments described herein, the access to the FBB virtual file system may include obtaining a read request for the file system data in the FBB. The file system data may include files. The entity (e.g., the FBB metadata file manager) managing the FBB virtual file system may identify a file path corresponding to the requested data. The file path may specify the portions of data corresponding to the requested files. Based on the identified file path, the requested data may be obtained from the backup storage system. For example, a copy of the requested data may be generated and provided to the application.
In one or more embodiments described herein, the read request may be serviced in accordance with FIG. 3B. The read request may be serviced in accordance with any other method without departing from the scope of embodiments described herein.
FIG. 3B shows a flowchart for managing temporary storage devices in accordance with one or more embodiments described herein. The method shown in FIG. 3B may be performed by, for example, a FBB temporary storage device manager (e.g., 102, FIG. 1 ). Other components of the system illustrated in FIG. 1 may perform the method of FIG. 3B without departing from the scope of embodiments described herein.
In step 320, a file request for a set of one or more files stored in a FBB is obtained from an application. The file request may specify a desire to write, read from, and/or otherwise access the set of files from the FBB.
In step 322, the storage of the set of files is identified in the backup storage system. In one or more embodiments described herein, the storage of the set of files is identified using a FBB virtual file system. The FBB virtual file system may specify each of the set of files and the storage locations of the set of files in the backup storage system.
In step 324, generation of a temporary storage device is initiated that includes a copy of the set of files of the FBB. In one or more embodiments described herein, the temporary storage device is generated by partitioning a portion of the storage of the backup agent (or other entity managing the temporary storage devices) to be reserved for the set of files. The temporary storage device may be populated with a copy of the data from the FBB. The copy may be generated without the data tags of the file system data. In this manner, the data corresponding to the set of files may be organized to enable access to the data by the application without the data tags interrupting the access to the data.
In step 326, access to the temporary storage device is initiated by the application. In one or more embodiments described herein, the generation of the temporary storage device results in an update to the FBB virtual file system such that the application may access the data in the temporary storage device via the FBB virtual file system. In one or more embodiments described herein, the access includes allowing the application to read from, write to, and/or otherwise modify the data in the temporary storage device via the FBB virtual file system. Any modifications to the data by the application may be stored and tracked in the temporary storage device.
In one or more embodiments described herein, the temporary storage device may be deleted following a generation of a FBB of the file system to which the data in the temporary storage device corresponds to. The FBB may be generated in accordance with FIG. 3B and/or FIG. 3C. The FBB may be generated via any other process without departing from the scope of embodiments described herein. Further, the temporary storage device may be deleted based on any other policy without departing from the scope of embodiments described herein.
FIG. 3C shows a flowchart for generating and storing a file based backup in accordance with one or more embodiments described herein. The method shown in FIG. 3C may be performed by, for example, a backup agent (e.g., 100, FIG. 1 ). Other components of the system illustrated in FIG. 1 may perform the method of FIG. 3C without departing from the scope of embodiments described herein.
In step 340, a FBB request is obtained for a file system at a point in time. The FBB request may specify generating and storing a FBB of the file system at the point in time. The FBB request may specify the backup storage system in which the FBB is to be stored.
In step 342, a set of temporary storage devices associated with the file system is identified. In one or more embodiments described herein, the set of temporary storage devices that are identified are those that have been generated based on the file system. The temporary storage devices may be identified based on temporary storage device identifiers of the temporary storage devices. Each of the temporary storage devices may specify the file system and/or a set of data corresponding to the file system.
In step 344, generating a FBB using data in the production host environment and the set of temporary storage devices. In one or more embodiments described herein, the FBB is generated by generating a copy of the data in the production host environment, generating a copy of the data in the set of temporary storage devices, replacing any data in the production host environment with the corresponding data in the set of temporary storage devices.
In step 346, a FBB metadata file corresponding to the FBB is generated. In one or more embodiments described herein, the FBB metadata file is generated by generating metadata attributes corresponding to each file in the file system. The metadata file may be populated based on the corresponding attributes of the copy of the data generated in step 344 (e.g., file name identifiers, file size, etc.). The storage location attributes of the FBB metadata file may be generated based on the storage of the FBB in the backup storage system as performed in step 348.
In step 348, the FBB and the FBB metadata file is stored in the backup storage system. In one or more embodiments described herein, the storage includes storing the FBB in a CDSF. The storage of the FBB may include generating data tags for portions of the data in the FBB, storing the data tags with the portions of the data, and tracking the storage of the data in the FBB metadata file.
FIG. 3D shows a flowchart for generating and storing a file based backup based on a target backup storage system in accordance with one or more embodiments described herein. The method shown in FIG. 3D may be performed by, for example, a backup agent (e.g., 100, FIG. 1 ). Other components of the system illustrated in FIG. 1 may perform the method of FIG. 3D without departing from the scope of embodiments described herein.
In step 360, a FBB generation request for a file system at a point in time is obtained. The FBB generation request may specify generating and storing a FBB of the file system at the point in time. The FBB request may specify the backup storage system in which the FBB is to be stored. Alternatively, the backup storage system may not be specified in the FBB generation request.
In step 362, a target backup storage system in which to store the FBB is identified. In such embodiments in which the FBB generation request does not specify the target backup storage system, the backup agent may identify the target backup storage system by identifying the connection to one or more backup storage systems, determining one of the backup storage systems that may store the FBB in a CDSF. The backup agent may select, from the determined backup storage systems, a target storage system.
In step 364, a target exposed API associated with the target backup storage system is identified. In one or more embodiments described herein, following the selection and/or identification of the target backup storage system, the backup agent may identify a target exposed API of the target backup storage system by establishing a connection with the target backup storage system, sending a request of the API protocol implemented by the target backup storage system, and obtaining a response from the target backup storage system.
In step 366, a FBB is generated corresponding to the FBB generation request. In one or more embodiments described herein, the FBB is generated by generating a copy of the data in the production host environment, generating a copy of the data in a set of temporary storage devices, replacing any data in the production host environment with the corresponding data in the set of temporary storage devices.
In step 368, an API command is generated based on the FBB. In one or more embodiments described herein, the API command specifies the storage of the FBB in the CDSF. The API command may be generated based on the exposed API identified for the target backup storage system.
In step 370, storage of the FBB is initiated using the API command. In one or more embodiments described herein, the API command is sent to the target backup storage system. The API command may include, or otherwise reference, the FBB. The target backup storage system may perform the storage of the FBB in the CDSF.
FIG. 3E shows a flowchart describing a method for providing secure instant access to a FBB in accordance with one or more embodiments described herein.
In step 380, an FBB mount request is obtained from an application to mount all or any portion a portion of a FBB. In one or more embodiments, the request is made by the application, or a user thereof, attempting to gain instant access to the FBB for portion thereof. In one or more embodiments, the request is obtained by the FBB metadata file manager. In one or more embodiments, the FBB metadata file manager monitors the applications of the production host environment for any requests to access the FBB, and obtains such requests.
In step 382, the FBB metadata file manager captures an entity context associated with the application from which the request was obtained in Step 380. In one or more embodiments, the entity context is obtained via any scheme for obtaining entity context information from any source of such information. As an example, the FBB metadata file manager may, in response to the request, query the application from which the request was obtained in order to receive the entity context (e.g., a user name and password of a user using the application) associated with the application. As another example, the application may be associated with a security token that exists to identify the application for any authentication attempt.
In step 384, the entity associated with the entity context is authenticated. In one or more embodiments, authenticating the entity includes using the obtained entity context, and verifying that the entity is properly authenticated. As an example, authenticating an entity using an entity context may include verifying that a username of the entity context is a known username in a given domain, and that the password of the entity context is the correct password for the username. In one or more embodiments, although not shown in FIG. 3E, if the entity cannot be properly authenticated, the request to access the FBB may be denied. In one or more embodiments, the entity context may be authenticated by a request for authentication made from the FBB metadata file manager to a security manager. The security manager may be able to authenticate the entity context, and/or may engage an external authentication service to authenticate the entity context.
In step 386, access control information associated with the FBB for which instant access was requested is obtained. In one or more embodiments, the access control information is included in the FBB metadata file stored with the FBB in backup storage. In one or more embodiments, the entire FBB metadata file is obtained by the FBB metadata file manager, and then parsed to obtain the access control information therein. In one or more embodiments, the FBB metadata file manager extracts only the access control information and stores it on the production host environment. In one or more embodiments, the FBB metadata file manager builds a temporary access control information store on the production host environment.
In step 388, a subset of the FBB that the entity has permission to access is obtained. In one or more embodiments, the entity context, or any portion thereof, is used, along with the access control information, to determine the subset of the FBB that the application that generated the request in Step 380 may access. As an example, a portion of an entity context associated with a user of the application may be used as a key to identify a subset of the files and folders stored in the FBB that the user has permission(s) to access, and the subset may be identified using the portion of the entity context and the access control information.
In step 390, a determination is made as to whether override FB subset information is available. In one or more embodiments, override FBB subset information includes information associated with a given entity regarding what portions of a FBB the entity may access, which supersedes whatever subset of the FBB information the access control information indicated the entity had permission to access. Override FBB subset information may be configurable. As such, any entity may be configured, via override FBB subset information, to have permission to access any portion of the FBB. As an example, a system administrator may be associated with access to the entire FBB regardless of what the access control information indicates. As another example, the access control information may be outdated, as changes may have occurred to the access control scheme since the last FBB (and associated FBB metadata file) was stored. In one or more embodiments, the FBB metadata file manager determines whether override FBB subset information is available by querying the security manager. In one or more embodiments, if override FBB subset information is available, the method proceeds to step 394. In one or more embodiments, if there is no override FBB subset information, the method proceeds to step 392.
In step 392, access is enabled to the subset of the FBB that the authenticated entity has permission to access, based on the access control information obtained from the FBB metadata file by the FBB metadata file manager. In one or more embodiments, access is provided using any scheme of any embodiment described herein. As examples, access may be enabled using a virtual file system, temporary storage, etc. (see, e.g., FIGS. 3A-3D).
In step 394, access is enabled to the portion of the FBB that the authenticated entity has permission to access, based on the override FBB subset information obtained from the security manager by the FBB metadata file manager. In one or more embodiments, access is provided using any scheme of any embodiment described herein. As examples, access may be enabled using a virtual file system, temporary storage, etc. (see, e.g., FIGS. 3A-3D).
In one or more embodiments, the method ends following step 392 or step 394.
EXAMPLE
The following section describes an example. The example, illustrated in FIGS. 4A-4C, is not intended to limit the scope of embodiments described herein and is independent from any other examples discussed in this application. Turning to the example, consider a scenario in which a backup storage system stores a file based backup (FBB) in a common data streaming format (CDSF).
FIG. 4A shows a diagram of an example system. The example system includes a backup storage system (450) and a production host environment (430). For the sake of brevity, not all components of the example system are illustrated in FIG. 4A. The backup storage system (450) includes FBB A (452) which includes FBB A data (454) and a FBB metadata file (456). The production host environment includes an application A (432), a FBB metadata file manager (434), and a security manager (438).
Application A (432) sends a FBB mount request to the FBB metadata file manager (434) that specifies the mounting of FBB A (452) for access by application A (432) [1].
The FBB metadata file manager then captures an entity context associated with application A (432), and uses the entity context to request the security manager (438) to authenticate the entity associated with the entity context. In this example, the authentication is successful. [2]
Next, the FBB metadata file manager (434) obtains access control information for FBB A (452) from the FBB metadata file (456), and determines a subset of the FBB that the entity has permission to access. [3]
Next the FBB metadata file manager (434) checks with the security manager (438) to determine whether override FBB subset information exists associated with the entity context. In this example, there is no override FBB subset information available. [4]. Therefore, the FBB metadata file manager enables access to the subset of the FBB determined using the access control information.
To enable access, the FBB metadata file manager (434) performs the method of FIG. 3A to mount a subset of FBB A (452). [5] Specifically, the FBB metadata file manager (434) obtains relevant attributes from the FBB metadata file (456) such as the storage location, file names, and file paths of the FBB A data (454). The FBB metadata file manager (434) utilizes the relevant attributes to generate a FBB A virtual file system (436) [3]. The FBB virtual file system (436) specifies each file in the file system of the FBB (452) and the storage location of each file in the backup storage system (450). The FBB virtual file system (436) further includes the file paths used for accessing by the application (432).
End of Example
As discussed above, embodiments described herein may be implemented using computing devices. FIG. 5 shows a diagram of a computing device in accordance with one or more embodiments described herein. The computing device (500) may include one or more computer processors (502), non-persistent storage (504) (e.g., volatile memory, such as random access memory (RAM), cache memory), persistent storage (506) (e.g., a hard disk, an optical drive such as a compact disk (CD) drive or digital versatile disk (DVD) drive, a flash memory, etc.), a communication interface (512) (e.g., Bluetooth interface, infrared interface, network interface, optical interface, etc.), input devices (510), output devices (508), and numerous other elements (not shown) and functionalities. Each of these components is described below.
In one or more embodiments described herein, the computer processor(s) (502) may be an integrated circuit for processing instructions. For example, the computer processor(s) may be one or more cores or micro-cores of a processor. The computing device (500) may also include one or more input devices (510), such as a touchscreen, keyboard, mouse, microphone, touchpad, electronic pen, or any other type of input device. Further, the communication interface (512) may include an integrated circuit for connecting the computing device (500) to a network (not shown) (e.g., a local area network (LAN), a wide area network (WAN) such as the Internet, mobile network, or any other type of network) and/or to another device, such as another computing device.
In one or more embodiments described herein, the computing device (500) may include one or more output devices (508), such as a screen (e.g., a liquid crystal display (LCD), a plasma display, touchscreen, cathode ray tube (CRT) monitor, projector, or other display device), a printer, external storage, or any other output device. One or more of the output devices may be the same or different from the input device(s). The input and output device(s) may be locally or remotely connected to the computer processor(s) (502), non-persistent storage (504), and persistent storage (506). Many different types of computing devices exist, and the aforementioned input and output device(s) may take other forms.
One or more embodiments described herein may improve the operation of one or more computing devices. More specifically, embodiments described herein improve the operation of the storage and access of data for file systems stored in backups stored in a backup storage system. Embodiments described herein provide a use of a virtual file system that is tailored to access data for a file based backup that is stored in a format that would otherwise make access to such data difficult, and secures such access based on entity contexts associated with applications requesting instant FBB access.
Embodiments described herein further include providing temporary storage devices for requested data in the file based backup to be accessed by applications. The use of the temporary storage devices prevent modifications to the data in the file based backups, which would be undesirable when restoring the file system to a previous point in time. Further, the data in the temporary storage device may be used for future backups of the file system.
While embodiments described herein have been discussed above with respect to a limited number of embodiments, those skilled in the art, having the benefit of this disclosure, will appreciate that other embodiments can be devised which do not depart from the scope of embodiments described herein. Accordingly, the scope of such embodiments should be limited only by the attached claims.

Claims (20)

What is claimed is:
1. A method for managing file based backups (FBBs), the method comprising:
obtaining, by a FBB metadata file manager, a FBB mount request for a FBB mount of a FBB from an application, wherein the application is executing in a production host environment and the FBB is stored on backup storage;
in response to the FBB mount request:
capturing, by the FBB metadata file manager, an entity context associated with the application;
authenticating, by the FBB metadata file manager, the entity context;
obtaining, by the FBB metadata file manager and when the authenticating is successful, access control information corresponding to the FBB from the backup storage;
determining, by the FBB metadata file manager, a subset of the FBB for which the access control information indicates the entity context has permission to access; and
enabling, by the FBB metadata file manager, access to a portion of the FBB by the application.
2. The method of claim 1, wherein the FBB comprises file system data and the FBB metadata file.
3. The method of claim 2, wherein the FBB metadata file comprises the access control information.
4. The method of claim 1, wherein the portion of the FBB is the subset of the FBB.
5. The method of claim 1, further comprising:
obtaining, before determining the subset of the FBB and from a security manager, override FBB subset information associated with the entity context,
wherein:
the portion of the FBB is a different subset of the FBB, and
the different subset is based on the override FBB subset information.
6. The method of claim 1, wherein enabling the access to the portion of the FBB comprises storing a FBB virtual file system in the production host environment.
7. The method of claim 1, wherein enabling the access to the portion of the FBB comprises:
initiating, by the FBB metadata file manager, generation of a temporary storage device; and
storing a copy of the portion of the FBB in the temporary storage device.
8. A non-transitory computer readable medium comprising computer readable program code, which when executed by a computer processor enables the computer processor to perform a method for managing file based backups (FBBs), the method comprising:
obtaining, by a FBB metadata file manager, a FBB mount request for a FBB mount of a FBB from an application, wherein the application is executing in a production host environment and the FBB is stored on backup storage;
in response to the FBB mount request:
capturing, by the FBB metadata file manager, an entity context associated with the application;
authenticating, by the FBB metadata file manager, the entity context;
obtaining, by the FBB metadata file manager and when the authenticating is successful, access control information corresponding to the FBB from the backup storage;
determining, by the FBB metadata file manager, a subset of the FBB for which the access control information indicates the entity context has permission to access; and
enabling, by the FBB metadata file manager, access to a portion of the FBB by the application.
9. The non-transitory computer readable medium of claim 8, wherein the FBB comprises file system data and the FBB metadata file.
10. The non-transitory computer readable medium of claim 9, wherein the FBB metadata file comprises the access control information.
11. The non-transitory computer readable medium of claim 8, wherein the portion of the FBB is the subset of the FBB.
12. The non-transitory computer readable medium of claim 8, wherein the method performed by executing the computer readable program code further comprises:
obtaining, before determining the subset of the FBB and from a security manager, override FBB subset information associated with the entity context,
wherein:
the portion of the FBB is a different subset of the FBB, and
the different subset is based on the override FBB subset information.
13. The non-transitory computer readable medium of claim 8, wherein enabling the access to the portion of the FBB comprises storing a FBB virtual file system in the production host environment.
14. The non-transitory computer readable medium of claim 8, wherein enabling the access to the portion of the FBB comprises:
initiating, by the FBB metadata file manager, generation of a temporary storage device; and
storing a copy of the portion of the FBB in the temporary storage device.
15. A system for managing file based backups (FBBs), the system comprising:
a processor;
memory; and
a FBB metadata file manager executing using the processor and the memory and configured to:
obtain a FBB mount request for a FBB mount of a FBB from an application, wherein the application is executing in a production host environment and the FBB is stored on backup storage;
in response to the FBB mount request:
capture an entity context associated with the application;
authenticate the entity context;
obtain, when the authentication is successful, access control information corresponding to the FBB from the backup storage;
determine a subset of the FBB for which the access control information indicates the entity context has permission to access; and
enable access to a portion of the FBB by the application.
16. The system of claim 15, wherein:
the FBB comprises file system data and the FBB metadata file, and
the FBB metadata file comprises the access control information.
17. The system of claim 15, wherein the portion of the FBB is the subset of the FBB.
18. The system of claim 15, wherein the FBB metadata file manager is further configured to:
obtain, before determining the subset of the FBB and from a security manager, override FBB subset information associated with the entity context,
wherein:
the portion of the FBB is a different subset of the FBB, and
the different subset is based on the override FBB subset information.
19. The system of claim 15, wherein enabling the access to the portion of the FBB comprises storing a FBB virtual file system in the production host environment.
20. The system of claim 15, wherein, to enable the access to the portion of the FBB, the FBB metadata file manager is further configured to:
initiate, by the FBB metadata file manager, generation of a temporary storage device; and
store a copy of the portion of the FBB in the temporary storage device.
US17/486,099 2021-09-27 2021-09-27 System and method for securing instant access of data in file based backups in a backup storage system using metadata files Active 2042-07-11 US11853444B2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US17/486,099 US11853444B2 (en) 2021-09-27 2021-09-27 System and method for securing instant access of data in file based backups in a backup storage system using metadata files

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US17/486,099 US11853444B2 (en) 2021-09-27 2021-09-27 System and method for securing instant access of data in file based backups in a backup storage system using metadata files

Publications (2)

Publication Number Publication Date
US20230096665A1 US20230096665A1 (en) 2023-03-30
US11853444B2 true US11853444B2 (en) 2023-12-26

Family

ID=85719043

Family Applications (1)

Application Number Title Priority Date Filing Date
US17/486,099 Active 2042-07-11 US11853444B2 (en) 2021-09-27 2021-09-27 System and method for securing instant access of data in file based backups in a backup storage system using metadata files

Country Status (1)

Country Link
US (1) US11853444B2 (en)

Citations (59)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6185574B1 (en) 1996-11-27 2001-02-06 1Vision, Inc. Multiple display file directory and file navigation system for a personal computer
US20040028042A1 (en) 2002-07-25 2004-02-12 Jai Srinivasan Sharing live advanced streaming format indexed files
US20050078196A1 (en) 2003-10-09 2005-04-14 Nec Corporation Apparatus and method for recording an image and computer program for the image recording apparatus
US20050166082A1 (en) 2004-01-09 2005-07-28 T.W. Storage, Inc. Methods and apparatus for searching backup data based on content and attributes
US20050246398A1 (en) 2004-05-02 2005-11-03 Yoram Barzilai System and methods for efficiently managing incremental data backup revisions
US20080124050A1 (en) 2006-09-07 2008-05-29 Joseph Deschamp Method and Apparatus for Processing Digital Program Segments
US20090276591A1 (en) 2008-04-30 2009-11-05 Yuedong Paul Mu Extensible application backup system and method
US20100077161A1 (en) 2008-09-24 2010-03-25 Timothy John Stoakes Identifying application metadata in a backup stream
US7694103B1 (en) 2006-06-23 2010-04-06 Emc Corporation Efficient use of memory and accessing of stored records
US20100293147A1 (en) * 2009-05-12 2010-11-18 Harvey Snow System and method for providing automated electronic information backup, storage and recovery
WO2011002777A2 (en) 2009-06-30 2011-01-06 Commvault Systems, Inc. Data object store and server for a cloud storage environment
US7873601B1 (en) 2006-06-29 2011-01-18 Emc Corporation Backup of incremental metadata in block based backup systems
US8037032B2 (en) 2008-08-25 2011-10-11 Vmware, Inc. Managing backups using virtual machines
US8200637B1 (en) 2008-09-30 2012-06-12 Symantec Operating Corporation Block-based sparse backup images of file system volumes
WO2013086040A2 (en) 2011-12-05 2013-06-13 Doyenz Incorporated Universal pluggable cloud disaster recovery system
US20140068713A1 (en) * 2012-08-31 2014-03-06 Tweddle Group, Inc. Systems, methods and articles for providing communications and services involving automobile head units and user preferences
US20140181579A1 (en) 2012-12-21 2014-06-26 Zetta, Inc. Systems and methods for on-line backup and disaster recovery
US20150127804A1 (en) 2013-11-01 2015-05-07 Commvault Systems, Inc. Systems and methods for differential health checking of an information management system
WO2015110171A1 (en) 2014-01-24 2015-07-30 Hitachi Data Systems Engineering UK Limited Method, system and computer program product for replicating file system objects from a source file system to a target file system and for de-cloning snapshot-files in a file system
WO2015142676A1 (en) 2014-03-18 2015-09-24 Netapp, Inc. Backing up data to cloud data storage while maintaining storage efficiency
US9171002B1 (en) 2012-12-30 2015-10-27 Emc Corporation File based incremental block backup from user mode
US20160078245A1 (en) * 2014-09-17 2016-03-17 Commvault Systems, Inc. Data storage systems and methods
US20160127307A1 (en) 2014-11-04 2016-05-05 Rubrik, Inc. Cluster-based network file server
US9348827B1 (en) 2014-03-27 2016-05-24 Emc Corporation File-based snapshots for block-based backups
US20160188582A1 (en) 2014-12-31 2016-06-30 Netapp, Inc. System and method for monitoring hosts and storage devices in a storage system
US9411821B1 (en) 2014-03-27 2016-08-09 Emc Corporation Block-based backups for sub-file modifications
US9424137B1 (en) 2013-09-27 2016-08-23 Emc Corporation Block-level backup of selected files
US20160378614A1 (en) 2015-06-26 2016-12-29 Commvault Systems, Inc. Incrementally accumulating in-process performance data and hierarchical reporting thereof for a data stream in a secondary copy operation
US9569446B1 (en) 2010-06-08 2017-02-14 Dell Software Inc. Cataloging system for image-based backup
US20170090770A1 (en) 2015-09-25 2017-03-30 Fujitsu Limited Storage apparatus
US20180095960A1 (en) * 2016-10-04 2018-04-05 Microsoft Technology Licensing, Llc. Automatically uploading image files based on image capture context
WO2018081737A1 (en) 2016-10-28 2018-05-03 Netapp, Inc. Snapshot metadata arrangement for cloud integration
US20180225177A1 (en) 2017-02-08 2018-08-09 Commvault Systems, Inc. Migrating content and metadata from a backup system
US20180295400A1 (en) 2015-10-08 2018-10-11 Koninklijke Kpn N.V. Enhancing A Region Of Interest In Video Frames Of A Video Stream
US10114705B1 (en) 2015-04-14 2018-10-30 EMC IP Holding Company LLC Presenting virtual machine backup files for block and file level restore
US20180322017A1 (en) 2013-09-20 2018-11-08 Amazon Technologies, Inc. Restoring partitioned database tables from backup
US10146629B1 (en) 2015-03-30 2018-12-04 EMC IP Holding Company LLC Extensible workflow manager for backing up and recovering microsoft shadow copy compatible applications
US10241870B1 (en) 2013-02-22 2019-03-26 Veritas Technologies Llc Discovery operations using backup data
WO2019099446A1 (en) 2017-11-14 2019-05-23 Snowflake Computing Inc. Database metadata in immutable storage
US10346256B1 (en) 2014-12-19 2019-07-09 EMC IP Holding Company LLC Client side cache for deduplication backup systems
US10372547B1 (en) 2015-12-29 2019-08-06 Veritas Technologies Llc Recovery-chain based retention for multi-tier data storage auto migration system
US20190278663A1 (en) 2018-03-12 2019-09-12 Commvault Systems, Inc. Recovery point objective (rpo) driven backup scheduling in a data storage management system using an enhanced data agent
US20190324661A1 (en) 2012-12-21 2019-10-24 Commvault Systems, Inc. Reporting using data obtained during backup of primary storage
US10642790B1 (en) 2017-09-22 2020-05-05 EMC IP Holding Company LLC Agentless virtual disk metadata indexing
CN111241062A (en) 2020-01-10 2020-06-05 苏州浪潮智能科技有限公司 A method and device for migrating database backup metadata
US20200245034A1 (en) 2013-01-07 2020-07-30 Gracenote, Inc. Inserting Advertisements Into Video Content
US10769103B1 (en) 2017-10-06 2020-09-08 EMC IP Holding Company LLC Efficient content indexing of incremental block-based backups
US20210133040A1 (en) 2019-10-30 2021-05-06 EMC IP Holding Company LLC System and method for indexing image backups
US20210240569A1 (en) 2020-02-03 2021-08-05 EMC IP Holding Company LLC System and method for intelligent asset classification
US20210326220A1 (en) 2019-10-28 2021-10-21 Rubrik, Inc. Scaling single file snapshot performance across clustered system
US20210406129A1 (en) 2020-06-26 2021-12-30 Netapp Inc. Incremental backup to object store
US20220083426A1 (en) * 2020-09-15 2022-03-17 EMC IP Holding Company LLC Method and system for hybrid incremental file-based backups
US11340824B1 (en) 2021-01-05 2022-05-24 EMC IP Holding Company LLC Efficient object storage management when performing backups to a cloud-based object storage
US20220229739A1 (en) 2020-03-10 2022-07-21 Commvault Systems, Inc. Management database long-term archiving to a recovery manager
US20220245034A1 (en) 2021-02-02 2022-08-04 Commvault Systems, Inc. Back up and restore related data on different cloud storage tiers
US11513921B1 (en) 2021-06-12 2022-11-29 EMC IP Holding Company LLC Leveraging file-based backups to facilitate bare-metal and system-state recovery operations
US20220382641A1 (en) 2021-05-25 2022-12-01 EMC IP Holding Company LLC System and method for file system metadata file region segmentation for deduplication
US20220398161A1 (en) * 2021-06-09 2022-12-15 EMC IP Holding Company LLC System and method for instant access of data in file based backups in a backup storage system using metadata files
US20230094628A1 (en) * 2021-09-27 2023-03-30 EMC IP Holding Company LLC System and method for securing instant access of data in file based backups in a backup storage system using metadata files

Patent Citations (67)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6185574B1 (en) 1996-11-27 2001-02-06 1Vision, Inc. Multiple display file directory and file navigation system for a personal computer
US20040028042A1 (en) 2002-07-25 2004-02-12 Jai Srinivasan Sharing live advanced streaming format indexed files
US20050078196A1 (en) 2003-10-09 2005-04-14 Nec Corporation Apparatus and method for recording an image and computer program for the image recording apparatus
US20050166082A1 (en) 2004-01-09 2005-07-28 T.W. Storage, Inc. Methods and apparatus for searching backup data based on content and attributes
US20050246398A1 (en) 2004-05-02 2005-11-03 Yoram Barzilai System and methods for efficiently managing incremental data backup revisions
US7694103B1 (en) 2006-06-23 2010-04-06 Emc Corporation Efficient use of memory and accessing of stored records
US7873601B1 (en) 2006-06-29 2011-01-18 Emc Corporation Backup of incremental metadata in block based backup systems
US8214406B2 (en) 2006-06-29 2012-07-03 Emc Corporation Backup of incremental metadata in block based backup systems
US20080124050A1 (en) 2006-09-07 2008-05-29 Joseph Deschamp Method and Apparatus for Processing Digital Program Segments
US20090276591A1 (en) 2008-04-30 2009-11-05 Yuedong Paul Mu Extensible application backup system and method
US8037032B2 (en) 2008-08-25 2011-10-11 Vmware, Inc. Managing backups using virtual machines
US20100077161A1 (en) 2008-09-24 2010-03-25 Timothy John Stoakes Identifying application metadata in a backup stream
US8200637B1 (en) 2008-09-30 2012-06-12 Symantec Operating Corporation Block-based sparse backup images of file system volumes
US20100293147A1 (en) * 2009-05-12 2010-11-18 Harvey Snow System and method for providing automated electronic information backup, storage and recovery
WO2011002777A2 (en) 2009-06-30 2011-01-06 Commvault Systems, Inc. Data object store and server for a cloud storage environment
US9569446B1 (en) 2010-06-08 2017-02-14 Dell Software Inc. Cataloging system for image-based backup
WO2013086040A2 (en) 2011-12-05 2013-06-13 Doyenz Incorporated Universal pluggable cloud disaster recovery system
US20140068713A1 (en) * 2012-08-31 2014-03-06 Tweddle Group, Inc. Systems, methods and articles for providing communications and services involving automobile head units and user preferences
US20190324661A1 (en) 2012-12-21 2019-10-24 Commvault Systems, Inc. Reporting using data obtained during backup of primary storage
US20140181579A1 (en) 2012-12-21 2014-06-26 Zetta, Inc. Systems and methods for on-line backup and disaster recovery
US9171002B1 (en) 2012-12-30 2015-10-27 Emc Corporation File based incremental block backup from user mode
US20200245034A1 (en) 2013-01-07 2020-07-30 Gracenote, Inc. Inserting Advertisements Into Video Content
US10241870B1 (en) 2013-02-22 2019-03-26 Veritas Technologies Llc Discovery operations using backup data
US20180322017A1 (en) 2013-09-20 2018-11-08 Amazon Technologies, Inc. Restoring partitioned database tables from backup
US9424137B1 (en) 2013-09-27 2016-08-23 Emc Corporation Block-level backup of selected files
US20150127804A1 (en) 2013-11-01 2015-05-07 Commvault Systems, Inc. Systems and methods for differential health checking of an information management system
WO2015110171A1 (en) 2014-01-24 2015-07-30 Hitachi Data Systems Engineering UK Limited Method, system and computer program product for replicating file system objects from a source file system to a target file system and for de-cloning snapshot-files in a file system
WO2015142676A1 (en) 2014-03-18 2015-09-24 Netapp, Inc. Backing up data to cloud data storage while maintaining storage efficiency
US9348827B1 (en) 2014-03-27 2016-05-24 Emc Corporation File-based snapshots for block-based backups
US9411821B1 (en) 2014-03-27 2016-08-09 Emc Corporation Block-based backups for sub-file modifications
US20160078245A1 (en) * 2014-09-17 2016-03-17 Commvault Systems, Inc. Data storage systems and methods
US20160127307A1 (en) 2014-11-04 2016-05-05 Rubrik, Inc. Cluster-based network file server
US10007445B2 (en) 2014-11-04 2018-06-26 Rubrik, Inc. Identification of virtual machines using a distributed job scheduler
US10346256B1 (en) 2014-12-19 2019-07-09 EMC IP Holding Company LLC Client side cache for deduplication backup systems
US20160188582A1 (en) 2014-12-31 2016-06-30 Netapp, Inc. System and method for monitoring hosts and storage devices in a storage system
US10146629B1 (en) 2015-03-30 2018-12-04 EMC IP Holding Company LLC Extensible workflow manager for backing up and recovering microsoft shadow copy compatible applications
US10114705B1 (en) 2015-04-14 2018-10-30 EMC IP Holding Company LLC Presenting virtual machine backup files for block and file level restore
US20160378614A1 (en) 2015-06-26 2016-12-29 Commvault Systems, Inc. Incrementally accumulating in-process performance data and hierarchical reporting thereof for a data stream in a secondary copy operation
US20170090770A1 (en) 2015-09-25 2017-03-30 Fujitsu Limited Storage apparatus
US20180295400A1 (en) 2015-10-08 2018-10-11 Koninklijke Kpn N.V. Enhancing A Region Of Interest In Video Frames Of A Video Stream
US10372547B1 (en) 2015-12-29 2019-08-06 Veritas Technologies Llc Recovery-chain based retention for multi-tier data storage auto migration system
US20180095960A1 (en) * 2016-10-04 2018-04-05 Microsoft Technology Licensing, Llc. Automatically uploading image files based on image capture context
WO2018081737A1 (en) 2016-10-28 2018-05-03 Netapp, Inc. Snapshot metadata arrangement for cloud integration
US10838821B2 (en) 2017-02-08 2020-11-17 Commvault Systems, Inc. Migrating content and metadata from a backup system
US11467914B2 (en) 2017-02-08 2022-10-11 Commvault Systems, Inc. Migrating content and metadata from a backup system
US20180225177A1 (en) 2017-02-08 2018-08-09 Commvault Systems, Inc. Migrating content and metadata from a backup system
US20220413967A1 (en) 2017-02-08 2022-12-29 Commvault Systems, Inc. Migrating data and metadata from a backup system
US20210026739A1 (en) 2017-02-08 2021-01-28 Commvault Systems, Inc. Migrating content and metadata from a backup system
US10642790B1 (en) 2017-09-22 2020-05-05 EMC IP Holding Company LLC Agentless virtual disk metadata indexing
US10769103B1 (en) 2017-10-06 2020-09-08 EMC IP Holding Company LLC Efficient content indexing of incremental block-based backups
WO2019099446A1 (en) 2017-11-14 2019-05-23 Snowflake Computing Inc. Database metadata in immutable storage
US20190278663A1 (en) 2018-03-12 2019-09-12 Commvault Systems, Inc. Recovery point objective (rpo) driven backup scheduling in a data storage management system using an enhanced data agent
US20210326220A1 (en) 2019-10-28 2021-10-21 Rubrik, Inc. Scaling single file snapshot performance across clustered system
US20210133040A1 (en) 2019-10-30 2021-05-06 EMC IP Holding Company LLC System and method for indexing image backups
CN111241062A (en) 2020-01-10 2020-06-05 苏州浪潮智能科技有限公司 A method and device for migrating database backup metadata
US20210240569A1 (en) 2020-02-03 2021-08-05 EMC IP Holding Company LLC System and method for intelligent asset classification
US20220229739A1 (en) 2020-03-10 2022-07-21 Commvault Systems, Inc. Management database long-term archiving to a recovery manager
US20210406129A1 (en) 2020-06-26 2021-12-30 Netapp Inc. Incremental backup to object store
US20220083426A1 (en) * 2020-09-15 2022-03-17 EMC IP Holding Company LLC Method and system for hybrid incremental file-based backups
US11340824B1 (en) 2021-01-05 2022-05-24 EMC IP Holding Company LLC Efficient object storage management when performing backups to a cloud-based object storage
US20220245034A1 (en) 2021-02-02 2022-08-04 Commvault Systems, Inc. Back up and restore related data on different cloud storage tiers
US20220382641A1 (en) 2021-05-25 2022-12-01 EMC IP Holding Company LLC System and method for file system metadata file region segmentation for deduplication
US20220398161A1 (en) * 2021-06-09 2022-12-15 EMC IP Holding Company LLC System and method for instant access of data in file based backups in a backup storage system using metadata files
US20220398164A1 (en) * 2021-06-09 2022-12-15 EMC IP Holding Company LLC System and method for instant access and management of data in file based backups in a backup storage system using temporary storage devices
US20220398162A1 (en) * 2021-06-09 2022-12-15 EMC IP Holding Company LLC System and method for a specialized backup operation of file based backups based on a target backup storage system
US11513921B1 (en) 2021-06-12 2022-11-29 EMC IP Holding Company LLC Leveraging file-based backups to facilitate bare-metal and system-state recovery operations
US20230094628A1 (en) * 2021-09-27 2023-03-30 EMC IP Holding Company LLC System and method for securing instant access of data in file based backups in a backup storage system using metadata files

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
Jing Xing et al, "Memory Based Metadata Server for Cluster File Systems", 2008 Seventh International Conference on Grid and Cooperative Computing, pp. 287-291 (Year: 2008).
Lipika Deka et al., "Consistent Online Backup in Transactional File Systems", IEEE Transactions on Knowledge and Data Engineering, vol. 26, Issue: 11, Nov. 2014, pp. 2676-2688 (13 pages).

Also Published As

Publication number Publication date
US20230096665A1 (en) 2023-03-30

Similar Documents

Publication Publication Date Title
US12007849B2 (en) System and method for securing instant access of data in file based backups in a backup storage system using metadata files
US11586506B2 (en) System and method for indexing image backups
US11914478B2 (en) System and method for a specialized backup operation of file based backups based on a target backup storage system
US11507474B2 (en) System and method for a backup and recovery of application using containerized backups comprising application data and application dependency information
US20210133248A1 (en) System and method for searching backups
US10943016B2 (en) System and method for managing data including identifying a data protection pool based on a data classification analysis
US20220083426A1 (en) Method and system for hybrid incremental file-based backups
US20240028753A1 (en) Method and system for executing a secure file-level restore from a block-based backup
US10922188B2 (en) Method and system to tag and route the striped backups to a single deduplication instance on a deduplication appliance
GB2632914A (en) Delta anomaly detection for backups of specialized directory service assets
US11074136B2 (en) System and method for a hybrid workflow backup operation of data in a cloud-based service with third-party applications
US11853444B2 (en) System and method for securing instant access of data in file based backups in a backup storage system using metadata files
US12229022B2 (en) Method and system for generating incremental approximation backups of limited access cloud data
US20240236077A9 (en) Method and system for performing authentication and object discovery for on-premises cloud service providers
US20240232025A9 (en) Method and system for generating indexing metadata for object level restoration of limited access cloud data
US20240232404A9 (en) Method and system for automatic data protection for limited access cloud data
US12306792B2 (en) Managing access to file based backups based on storage units and workload use
US12271270B2 (en) Enabling user-based instant access from file based backups
US20250028603A1 (en) Enabling predictive restoration of specialized directory service assets
US20250028605A1 (en) Conceptualizing sub-assets of file based backups based on directory service of the assets
US20240427736A1 (en) Managing access to file based backups based on storage units and workload use
US20240427673A1 (en) Managing use of a shared virtual disk for accessing data in file based backups by multiple virtual machines
US12147384B1 (en) Managing virtual file systems that provide instant access based on a self-destruction criterion
US20240427735A1 (en) Search driven instant access across multiple backup copies
US12282394B2 (en) System and method for optimizing incremental backups of network attached storage file data

Legal Events

Date Code Title Description
FEPP Fee payment procedure

Free format text: ENTITY STATUS SET TO UNDISCOUNTED (ORIGINAL EVENT CODE: BIG.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

AS Assignment

Owner name: EMC IP HOLDING COMPANY LLC, MASSACHUSETTS

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:YADAV, SUNIL;CHOPRA, SHELESH;CHITLOOR, RAVI VIJAYAKUMAR;REEL/FRAME:057636/0902

Effective date: 20210913

STPP Information on status: patent application and granting procedure in general

Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION

STPP Information on status: patent application and granting procedure in general

Free format text: NOTICE OF ALLOWANCE MAILED -- APPLICATION RECEIVED IN OFFICE OF PUBLICATIONS

STPP Information on status: patent application and granting procedure in general

Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION

STPP Information on status: patent application and granting procedure in general

Free format text: NOTICE OF ALLOWANCE MAILED -- APPLICATION RECEIVED IN OFFICE OF PUBLICATIONS

STPP Information on status: patent application and granting procedure in general

Free format text: PUBLICATIONS -- ISSUE FEE PAYMENT RECEIVED

STPP Information on status: patent application and granting procedure in general

Free format text: PUBLICATIONS -- ISSUE FEE PAYMENT VERIFIED

STCF Information on status: patent grant

Free format text: PATENTED CASE

OSZAR »