Conventionally, data storage systems have been used as Purpose Built Backup Appliances (PBBA), which communicate with backup agents/clients using protocols such as Network File System (NFS), Common Internet File System (CIFS), Virtual Tape Library (VTL), Network Data Management Protocol (NDMP), etc. for data movement (e.g., backup, replication, migration, restore, etc.) and related operations. Specifically for operations, protocols such as Secure Shell (SSH), Telnet, Hypertext Transfer Protocol (HTTP), HTTP Secure (HTTPS), etc., have been traditionally used. Security authorization related mechanisms natively supported by the data access protocols described above are adequate for traditional use-cases.
However, as the enterprise backup industry experiences a paradigm shift towards Software Defined Storage (SDS), Software Defined Data Center (SDDC), Software Defined Infrastructure (SDI) etc., the security authorization considerations for operations on storage systems have changed. Storage systems are now Cloud enabled, and are ready to be deployed in use cases which enable the storage systems to be used in “as a service” models. The problems and challenges faced with regards to security authorization for operations performed on storage system resources being exposed in this new and evolving paradigm are different. Conventional mechanisms are no longer sufficient to satisfy the security authorization concerns of such environments.