1. Field of the Invention
The present invention relates in general to the field of information handling system backup services, and more particularly to a system and method for information handling system multilevel authentication for backup services.
2. Description of the Related Art
As the value and use of information continues to increase, individuals and businesses seek additional ways to process and store information. One option available to users is information handling systems. An information handling system generally processes, compiles, stores, and/or communicates information or data for business, personal, or other purposes thereby allowing users to take advantage of the value of the information. Because technology and information handling needs and requirements vary between different users or applications, information handling systems may also vary regarding what information is handled, how the information is handled, how much information is processed, stored, or communicated, and how quickly and efficiently the information may be processed, stored, or communicated. The variations in information handling systems allow for information handling systems to be general or configured for a specific user or specific use such as financial transaction processing, airline reservations, enterprise data storage, or global communications. In addition, information handling systems may include a variety of hardware and software components that may be configured to process, store, and communicate information and may include one or more computer systems, data storage systems, and networking systems.
As individuals and enterprises have grown dependent upon information handling systems, one concern that has arisen is backing up information so that the information is not lost in the event of a catastrophic failure. A variety of backup devices are available to automatically backup information through cable or network interfaces, such as network attached storage (NAS) devices. In order to simplify the setup and use of backup devices, industry has developed the Network Data Management Protocol (NDMP), a standards based mechanism by which a backup application on an information handling system communicates with a file server for backup of the file systems. The NDMP architecture has a data server resident on the file server to be backed up and a backup application known as a Data Management Application (DMA) and a server component that are associated with a backup device. NDMP provides a MD5 hash based authentication mechanism by which a DMA client authenticates with network attached storage (NAS) to access files on NAS for backup or restore actions. User credentials for backup and restore actions are managed by the NDMP data server resident on the file server. The NDMP data server accesses the file system at a few preset permission levels. NDMP credentials are set for the entire NAS file system and are managed for the NAS file system as a whole.
One difficulty that arises with the NDMP architecture is that the credentials of backup and restore actions do not correspond to credentials used by other network solutions. Large scalable file systems having multiple nodes are often aggregated to present a single name space. Various portions of the file system have different sets of credentials. For example, the file system may be divided into different administrative and usage domains that have different access permissions. Thus, a network user who retrieves and stores data to a file server under a given user name and password set of credentials typically cannot retrieve or store data at a NAS file system using the file server credentials. Typically, backup and restore services are separately managed and accessed by information technology personnel who have credentials for the entire NAS file system. Relying upon separate sets of credentials creates inefficiency in network management in several ways. For example, information technology involvement introduces delay and overhead costs for retrieval of specific information by a particular end user. As another example, information technology personnel face complexity when attempting to isolate and retrieve data associated with a particular end user. In addition, information technology personnel who have to maintain multiple administrative and usage domains in a network space face additional labor and complexity by having to maintain independent access permissions for NDMP network space.