1. Field of the Invention
The present invention relates to the field of data processing. More specifically, embodiments of the present invention relate to methods for updating a cache memory in a client server system.
2. Related Art
Changes in technology have profoundly affected how people use computers. For example, the widespread proliferation of computers prompted the development of computer networks that allow computers to communicate with each other. Networks for personal computers were developed to allow individual users to communicate with each other and share resources. In this manner, a large number of people within a company could communicate at the same time with a central software application running on one computer system. As a result of sharing a software application and other resources with numerous users, policies must be defined and enforced that control the access and use of particular applications and resources on a server system. In addition, storing user policies in an accessible and efficient location has become a challenge.
Referring now to Prior Art FIG. 1, a block diagram 10 of a generic server system is shown. The generic server system comprises a user 20 connected to a server 21 by a data connection 24. Typically, user 20 will access an application 22 that is stored on server 21 over the Internet. In a corporate environment, the user 20 could be connected to the server by an internal network e.g., an Intranet. In addition, server 21 stores a set of user policies in a database 23 for authenticating access to software application 22. Typically, the user policy database 23 comprises user names and associated passwords. When a user provides credentials to access secure applications, the credentials are checked against the stored values.
Users on an Intranet have access to applications that would not typically be accessible to users that are not connected to the corporate network. By limiting the use of applications to users connected to the network, marginal security can be provided because only users inside the corporation can access the applications. Although somewhat secure, users may find the configuration inconvenient because many users need to access applications on a corporate server when they are not at the office, e.g., on a business trip or working from home.
To overcome the problem of not being able to access applications when not connected to the Intranet, some networks are configured to allow remote access to a server over the Internet. To achieve secure remote access to a server, corporations create a “portal” for users to login to the server while not connected to the Intranet. Typically, a user will provide credentials such as a user name and password to gain access to the corporate server over the Internet. Once a user has provided accurate credentials, the server system checks a user policy database to verify if the user should have access to the particular application. Often, it is important for the user policies to be customized for different users because many times users do not need access to all applications stored on the server. In addition, there may be security reasons that prohibit everyone from accessing sensitive data such as payroll information. Often there is a hierarchy established to allow different levels of data security. For example on a low security level, information such as intra-office telephone extensions can be stored. On a medium level of security, employee's home address information can be stored. On the highest level of data security is information such as employee salary and company banking information.
For example, user policies defined for a human resources server prevent other personnel from viewing confidential salary information and other sensitive data. Furthermore, user policies for an engineering server allow authorized personnel from many internal segments of a company to publish and share research and development information. At the same time, the user policies restrict external partners from gaining access to proprietary information.
It is beneficial to create specific user policies for all users because it provides a fully customizable and more secure computing environment; but when a company becomes larger with more users and more applications, the user policy database can become very large and complex. For instance, If there are hundreds of employees accessing hundreds of applications, the size of the user policy database can grow exponentially. In addition, it becomes very difficult to update changes made to the policy database.
Although the specific user policies are beneficial for controlling access to sensitive applications, creating and managing such user policies can be a hindrance on the performance of a server system because the server must access a very large user policy database each time an application is accessed. To overcome the problem of accessing a large database every time a user policy is needed, or to effectively access any kind of data in a client-server environment, many remote servers use a cache memory to store recently used data and user policies. By using a cache memory at the client, a user policy can be quickly retrieved without accessing a large database on a remote server, thus increasing the efficiency and speed of a remote server.
It is well known that a cache memory greatly enhances the performance of remote servers, but there are some problems associated with the use of a cache memory. For example, data coherency is a major concern. When data is changed or updated on the central database, it is important to make sure the data stored in the cache memory at the client reflects the changes also. If the data stored on the cache memory is inaccurate, the level of policy enforcement is compromised.
One way to update cache memory is to do periodically access the data store and refresh the cache to reflect the chances made to the database. FIG. 2 is a prior art illustration 20 a remote server 221 that periodically updates a cache 229 by communicating with a data store 205 this is called “pulling”. There are many ways to implement this type of cache updating process. For example, remote server 221 could be configured to access data store 205 every night to update the cache memory. Another method implementing periodic cache updates is to set a trust period for a data entry. For example, a user login and password can have a trust period of 1 hour. In this case, the data entry stored in the cache memory will be valid for one hour and after that, it will be cleared from the cache and become invalid. If the server needs the information again, it will access the data store for the information, thus ensuring the data will never be inconsistent for more than one hour.
One concern with using periodic updates is setting the trust period for the data. If the trust period is too long, the data may be inconsistent between the cache memory and the data store. If the trust period is too short, the performance of the server is sacrificed because the server is constantly accessing the data store for data. As a result, using a periodic cache update method requires much experimentation. Even after much trial and error, the performance of the remote server is greatly reduced, thus leaving the user desiring an alternative method.
To alleviate the problems associated with periodic updates, many system administrators use a method of updating cache called notification. FIG. 3 is a prior art illustration 30 of a server system using notification for updating cache 229. In this system, a remote server 221 uses a dedicated data link for receiving notification of data changes from data store 205. Notification relies on the data store 205 to notify remote server 221 that data in the cache is inconsistent with the data stored on the data store. Data store 205 maintains a record of what information remote server 221 has in its cache. When changes are made to a piece of data that resides on the cache on the remote server 221, the data store 205 notifies the remote server 221 that data has changed. Accordingly, after receiving notification, the remote server 221 accesses the data store 205 for the data updates. To alleviate performance and security concerns, a dedicated communication link is often used for notification and updates.
Notification greatly reduces the chances of data inconsistencies, but one area of concern is the security issues associated with an open data link. Having an open data link is very costly and in addition, an open data link is a security concern. In a web server environment, it is desirable to have as few open ports as possible. When using a dedicated data link, it is a requirement to audit what information is being transferred and monitor who is accessing the data. Additionally, when notification is used to update cache, too many notifications to the server greatly compromises the performance of the server.