1. Technical Field
This invention relates to managing data communication in a distributed computer system. More specifically, the invention relates to agents for logging data communication for audit and security measures and selecting different communication paths based upon these measures.
2. Description of the Prior Art
In a distributed computer system with shared persistent storage, one or more client machines are in communication with data storage through one or more server nodes. FIG. 1 is a prior art block diagram (100) illustrating one example of a distributed computer system. As shown in this example, there is one server node (102), one client machine (104), and a storage network (106). The storage network (106) may include one or more storage devices (not shown). The client machine (104) may access an object or multiple objects stored on file data space of the storage network (106). In opening the contents of an existing file object on the file data space of the storage network (106), the client (104) contacts the server node to obtain metadata and locks. Metadata supplies the client with information about a file, such as its attributes and location on the storage device(s). Locks supply the client with privileges it needs to open a file and read or write data. The server node (102) performs a look-up of metadata information for the requested file within the metadata space of the storage network (106). The server node (102) communicates granted lock information and file metadata to the requesting client machine (104), including the location of the data blocks making up the file. Once the client machine (104) holds a distributed lock and knows the data block location(s), the client machine (104) can access the data for the file directly from a shared storage device attached to the storage network (106).
An agent may be an application that initiates a request to a storage device or a data storage server from a requesting client. In one embodiment, the agent is in the form of an application programming interface (API) that manages storage and initiates a request to a device or a data storage server. FIG. 2 is a prior art block diagram (200) of the distributed system of FIG. 1 showing a client machine (214) in communication with a storage network (216) via a server (212), wherein the server (212) is a proxy agent server with an agent residing thereon. In computer systems, a proxy agent server is a server, computer system, or an application program, which services the requests of its clients by forwarding the request to the intended recipient. As shown herein, all traffic between the client machine (214) and the storage network (216) feeds through the proxy agent server (212), including communication between the client and the server, and communications between the server and the storage network (216). In one embodiment, the proxy agent server (212) maintains an audit log of all client transactions with the storage network (216). Since all management traffic feeds through the proxy agent server (212), this is an appropriate location for an audit log or a role based security repository. However, there are shortcomings associated with the proxy model, including added complexity to deployment, delays, and creation of a bottle neck for time-sensitive data to be communicated from the storage network (216). All network traffic to the storage network (216) passes through the proxy agent server (212). Accordingly, there are limitations associated with the proxy based agent server.
One solution to the limitations of the system shown in FIG. 2 is known in the art as an embedded model wherein the agent is embedded within a storage device in a storage network. In other words, the agent is removed from the server and placed within one or more storage devices. FIG. 3 is a prior art block diagram (300) of a distributed computer system with a client machine (312) in communication with individual agents of storage devices in a storage network (316). As shown, the storage network (316) has N number of storage devices (320), (322), and (324). Each storage device in the storage network (316) has a separate embedded agent. More specifically, as shown, storage device (320) has embedded agent (330), storage device (322) has embedded agent (332), and storage device (324) has embedded agent (334). The client machine (312) may communicate with each embedded agent, but each embedded agent can only communicate with its associated local storage device. Each separate embedded agent (330), (332), and (334) includes the functionality to store audit log data and a role based security repository as in the proxy model shown in FIG. 2. The embedded model mitigates the primary shortcomings of the proxy model by moving the agent to a different location within the network. However, there are issues with the location of the embedded agents (330), (332), and (334) and innate constraints within the storage device (316). In practice, it is not feasible to store extensive logs or role based repositories inside the individual storage devices (320), (332), and (334), and such logs would only represent a specific device's view of the overall storage network activity. By embedding the agents (330), (332), and (334) within the respective storage devices (320), (322), and (324), there is also an added cost to each storage device in a storage network. Furthermore, there is no security associated with the agent, as provided by the proxy model where the agent is embedded in the server. Although the embedded model mitigates some of the shortcomings of the proxy model, issues remain that affect the functionality of the agent within the network structure.
Therefore, there is a need for employing an agent within a distributed system that solves the problems associated with the existing solutions.