1. Technical Field
The present invention relates generally to computer networks and more particularly to the segregation of user groups within a server network which consists of a central server and a set of managed servers running native and non-native operating systems which allows for the creation and control of persistent user groups at the managed servers within a heterogeneous server network.
2. Description of the Related Art
The client-server model of computing is a well-known environment. In the model, the user of a computer utilizes a "client" system. The client system runs any of a number of computer operating systems to manage the basic functions that users execute (such as accessing files, executing programs, system administration and the like) as well as to serve as the base against which programs are written. Well-known client operating systems include Microsoft Windows 3.1, Windows for Workgroups, Windows 95, Windows 98, IBM.RTM. OS/2.RTM. Warp, Apple Macintosh, DOS, many variations of UNIX, and Microsoft Windows NT. The client system serves as the user's workstation, and it may execute programs as well as store some user data.
The server system can also run any of a number of computer operating systems. Well-known server operating systems include Novell Netware, IBM OS/2 Warp Server, IBM AS/400.RTM., Microsoft Windows NT, and many variations of OSF UNIX. The server system is accessed by the client system for specific functions. The functions include, but are not limited to, storage and retrieval of data, storage and execution of applications, and storage of and access to user information.
Server networks are increasingly becoming heterogeneous due to differing problems that can be solved by different servers. User management in these environments requires the creation of different user accounts on the different types of servers. These user accounts eventually have different passwords and possibly different user I.D.'s. A mechanism is needed to allow a single user account definition to be used as the base for any additional user accounts that exist in the network and for a set of user groups to be used as a base for additional user groups in the network. The mechanism needs to go beyond current technology options and allow the accounts and groups on all servers to be continuously updated. While there are advantages to having common user accounts and user groups on the servers, the ability to have a set of user groups on the managed server that are independent of the central server is desirable.
A common term used to refer to a network of related servers is a domain. Within the server domain is a central server acting as the primary domain controller and a plurality of "managed" servers sometimes called secondary servers. Industry standards have been developed (for critical and common functions) to aid in the access from different types of client systems to different types of server systems. The use of these standards on the client and server afford users the opportunity to carry out functions in a consistent manner on a variety of common client and server operating systems. One of the activities that has been standardized is the "authentication" of users. Authentication refers to the process in which a user is validated as being able to complete a log-on and/or access a system. Standard protocols have been defined within the X/Open Server Message Block (SMB) specification and the Open systems Foundation (OSF) Distributed Computing Environment (DCE) specification.
While many products and operating systems have been developed that utilize the standard protocols, not all products have used the standards. When this occurs, either additional work must be done by the other operating system to implement the unique commands used by a vendor, or access to the other new system and/or product is not allowed if the unique commands are not made available to other vendors. When the commands and/or protocol are not made available, that aspect of the system and/or product is sometimes characterized as being "closed". In regards to user management and authentication, the Microsoft Windows NT operating system is becoming an example of a closed server system that is used in many enterprise computer networks.
Server networks are becoming increasingly heterogeneous due to differing application requirements that are solved by different types of servers. Once a server is established, it is desirable to enable access to it without having to manage it completely independent of other servers in the network that are already being utilized. The management of user group access and capability is difficult in a homogeneous server environment where all servers have a common native operating system and, heretofore, it has been virtually impossible to do so in a heterogeneous server environment where servers have native and non-native operating systems. The present invention provides a mechanism to allow establishment of a base set of user groups on a central server in a network that are then used to create and maintain groups across a heterogeneous network of managed servers. The synchronization timing is controlled by the central server and can be done on a real time basis to ensure all servers in the heterogeneous server network are consistent.
While there are many advantages associated with a network of managed servers being controlled by a central server, there are times when it is desirable to keep resources on an additional managed server and secure access to that using a user group based on user accounts or groups known only at that managed server Such would be the case when multiple common users, say payroll specialists, want to be managed as a group rather than individual users and data and/or functions need to exist on the managed server independent of the central server. A mechanism must exist to designate the user group as a persistent user the managed a specified server that are not updated by the central server in the server network. The invention provides a mechanism to identify the user groups on the managed server and a mechanism to exclude them from synchronization updates sent from the central server. This allows specific user groups on a managed server to have resources in which only they have access or privilege unique to members of the group which remain available independent of central server controlled synchronization.