1. Field of the Invention
The present invention relates generally to distributed file systems and, in particular, to a filter file system for such distributed file systems.
1. Description of the Related Art
The merging of computers and communication has given rise to computer networks made up from a large number of separate but interconnected computers. A very common architecture is multiple xe2x80x98clientxe2x80x99 machines being serviced by one or more xe2x80x98serverxe2x80x99 machines. A database is usually associated with the server(s). File transfers and remote file accesses are two of the most common applications in any computer network, and particularly client-server systems. The interconnection of client and server machines may be via wire, laser optics, microwaves or communication satellites creating a local or wide area network (LAN or WAN). A reference herein to xe2x80x9ca clientxe2x80x9d or xe2x80x9ca serverxe2x80x9d is to be understood as meaning a client or server machine or process, respectively.
Database management systems (DBMS) have been developed to control the links between application programs and the data files used by the applications. To better manage the data files, they are often stored in a database accessed by a server connected to the network. Set against this, however, is a need to store external data files in close proximity to the application to reduce network traffic and maximize application performance.
During the past decade, relational database management systems (RDBMS) have become indispensable for their ability to manage traditional xe2x80x98business dataxe2x80x99 with integrity, security, and reliability, and for their flexible data-access capabilities. However, the RDBMS is not an ideal solution when it comes to managing unstructured or semi-structured data (including documents, images, e-mail messages, presentations, engineering drawings, spreadsheets, video clips, and other business formats). Therefore, it is often a requirement for most of these types of data to remain outside the RDBMS in a separate file system.
These xe2x80x98externalxe2x80x99 files are often related in some way to traditional data stored in the RDBMS. The files may further contain structured data that, if stored in a RDBMS along with a reference to the file, could be used for searching and analysis purposes. An overall xe2x80x9ccontent-managementxe2x80x9d system is therefore required that integrates management of the file and its associated data, synchronizing updates, backup and recovery, and other functions across both the RDBMS and the file system. The xe2x80x9ccontent-managementxe2x80x9d system is also required to address referential integrity issues, which include inconsistencies that could be caused by deletion, modification or renaming of external files by other file system applications without updating the references in the database.
An example of this requirement is the ability to link a file containing a photograph of a product (i.e., as it appears in a catalog) to inventory information on the product stored in a database. If the manufacturer stops selling the product, both the photograph and the inventory information should be deleted or archived. However, this level or coordination entails difficulties because the photograph is managed in the file system while the inventory information is managed by the RDBMS. Therefore, there is a need to manage the links between files and relational data, without having to move all of the data into the RDBMS. Primary examples of applications where this is a requirement are Internet and intranet applications.
It is an object of the present invention to substantially overcome, or at least ameliorate, one or more disadvantages of existing arrangements, including those to be described subsequently with reference to FIG. 1.
The invention provides a client-server computing system supporting relational database records and linked external files, wherein the system comprises:
(a) one or more servers storing external files, wherein each server has a filter layer for controlling the servicing of application requests relating to external files;
(b) one or more first type of clients, wherein each first type client has a filter layer adapted to cooperate with server filter layers for controlling the servicing of application requests relating to external files;
(c) one or more second type of clients, wherein each second type client servicing the application requests relating to external files; and
(d) a network interconnecting the servers and the first and second type of clients; and
wherein (i) for any application command of a protected class relating to an external file made to said first type of client, the respective client filter layer determines the validity of the command to a server across said network, whereby if the server filter layer recognizes said command, said server filter layer causes said command to be serviced by the server, and (ii) for any application command of a protected class relating to an external file made to the second type of client, the command will be forwarded across the network to the server filter layer of a server holding the external file and will be blocked from being serviced, and
wherein the first and second type of clients comprise an access control system operable to transparently intercept file-system operations, whereby the operations comprise look-up, file-open, and file-access calls.
The invention further provides, in a client-server computing system comprising (a) one or more servers storing external files, each server having a filter layer for controlling servicing of application requests relating to external files, (b) one or more first type of clients, each first-type client having a filter layer adapted to cooperate with server filter layers for controlling servicing of application requests relating to external files, (c) one or more second type of clients, each second-type client servicing application requests relating to external files, and (d) a network interconnecting the servers and the first and second type of clients, wherein the first and second type of clients comprise an access control system operable to transparently intercept file-system operations, whereby the operations comprise look-up, file-open, and file-access calls, a method for supporting relational database records and linked external files comprising the steps of:
(i) for any application command of a protected class relating to an external file made to the first type of client:
(ia) determining by the respective client filter layer the validity of the command; and
(ib) passing the command to a server across the network, wherein if the server filter layer, recognizes the command, causes it to be serviced by the server; and
(ii) for any application command of a protected class relating to an external file made to the second type of client:
(iia) forwarding the command across the network to the server filter layer of a server holding the external file; and
(iib) blocking the command by the server filter layer from being serviced.
A client filter layer can determine the validity of the command by determining the presence of a valid user token.
The invention further provides a client-server computing system supporting relational database records and linked external files, wherein the system comprises:
(a) a plurality of servers storing external files in a memory, wherein each server has a filter layer for controlling servicing of application requests relating to external files;
(b) a plurality of enabled clients, wherein each enabled client has a filter layer adapted to cooperate with server filter layers for controlling servicing of application requests to external files;
(c) a plurality of non-enabled clients, wherein each non-enabled client servicing application requests relating to external files;
(d) a database for storing relational records relating to the external files such that one or more relational records and one or more external files form a single data record; and
(e) a network interconnecting the servers and the enabled and non-enabled clients; and
wherein (i) for any application command of a protected class relating to a data record made to an enabled client, the application passing the command to the database, and the respective client filter layer determines the presence of a valid user token associated with the command, then passes the command relating to the corresponding external file to a server across the network, whereby if the server filter layer recognizes said command, said server filter layer causes said command to be serviced by the server, and (ii) for any application command of a protected class relating to an external file made to a non-enabled client, the command will be forwarded across the network to the server filter layer of a server holding the external file and will be blocked from being serviced, and
wherein the enabled and non-enabled clients comprise an access control system operable to transparently intercept file-system operations, whereby the operations comprise look-up, file-open, and file-access calls.
Preferably, the client filter layer of both the first and second types of client will pass a non-protected application command relating to an external file to the filter layer of a server containing the external file, and will be serviced by the server.
The client filter layer of the first type of client preferably checks the validity of a token attached to the command strips the token before passing the command to the filter layer of the server containing the external file. Additionally, the client filter layer of the first type of client may perform impersonation for the protected command to the server containing the external file, the impersonation being in the form recognized by the server, the server then servicing the protected command. The computing system also includes a database, linked to the network, storing relational records related to the external files such that one or more relational records and one or more external files form a single data record, and wherein an application of a client of the first or second type also passes the command to the database for execution. Each server includes a storage system in which the external files are stored.
The client preferably includes a cache that can hold the external file and, if the external file is present, the command is executed, else the command is passed to the server filter layer. The command may be to open an external file, or alternatively to remove an external file.
The distribution of filter layer functionality for a set of commands between the clients and the servers preferably favors the servers if a command can be supported with: (i) correctness, or (ii) enforces integrity constraints or access restrictions.