Search

CN-121997347-A - Data access management method, system, electronic equipment and storage medium

CN121997347ACN 121997347 ACN121997347 ACN 121997347ACN-121997347-A

Abstract

The application discloses a data access management method, a system, electronic equipment and a storage medium, and relates to the technical field of clouds. The method comprises the steps of receiving a mounting request of a network attached storage sent by a virtual server, wherein the mounting request carries authentication information corresponding to a user to which the virtual server belongs, the network attached storage comprises a storage instance, the storage instance is used for storing data information of a plurality of users, the data information of each user is respectively stored in a corresponding private file directory, authentication is carried out on the authentication information to obtain an authentication result, and operation corresponding to the authentication result is executed. The embodiment of the application can solve the technical problems that the service users of NAS service provided in the related technology are limited in number and the speed of reading and writing files on NAS by users is slower.

Inventors

  • GAO MING

Assignees

  • 阿里云计算有限公司

Dates

Publication Date
20260508
Application Date
20241101

Claims (19)

  1. 1. A method for managing data access, the method being applied to a storage server, the method comprising: Receiving a mounting request of a network attached storage sent by a virtual server, wherein the mounting request carries authentication information corresponding to a user to which the virtual server belongs; the network attached storage comprises a storage instance, wherein the storage instance is used for storing data information of a plurality of users, and the data information of each user is respectively stored in a corresponding private file directory; And authenticating the authentication information to obtain an authentication result, and executing an operation corresponding to the authentication result.
  2. 2. The method of claim 1, wherein authenticating the authentication information to obtain an authentication result comprises: Acquiring user information and storage information corresponding to network attached storage from the authentication information, and comparing the user information and the storage information with authentication data in an authentication database; if the authentication database has authentication data matched with the user information and the stored information, generating an authentication result of an access path comprising a file directory; and if the authentication database does not have authentication data matched with the user information and the stored information, generating an authentication result of authentication failure.
  3. 3. The method of claim 2, wherein authenticating the authentication information results in an authentication result, further comprising: And acquiring the effective period corresponding to the authentication information, and if the effective period is in an expiration state, generating an authentication result of authentication failure.
  4. 4. A method according to any one of claims 1 to 3, wherein said performing an operation corresponding to said authentication result comprises: Based on the authentication result including an access path of a file directory, mounting the file directory to the virtual server according to the access path; And based on the authentication result as authentication failure, sending feedback information of mounting failure to the virtual server.
  5. 5. A method according to any one of claims 1 to 3, further comprising, prior to receiving the mount request for the network attached storage sent by the virtual server: Acquiring registration information stored by a user aiming at the network attachment, and generating configuration information corresponding to the registration information; and distributing a corresponding file directory for the user according to the configuration information in the network attached storage, and configuring the access authority of the file directory for the user.
  6. 6. The method of claim 5, wherein said assigning a file directory to said user based on said configuration information at said network attached storage and configuring access rights for said file directory to said user comprises: Creating a private file directory corresponding to the user in the network attached storage according to the configuration information; And configuring access rights of the private file directory and the public file directory for the user based on the configuration information, wherein the public file directory is used for storing shared files accessed by a plurality of users.
  7. 7. A method according to any one of claims 1 to 3, further comprising at least one of: Acquiring a first white list with access rights of the network attached storage, and preventing users outside the first white list from accessing the network attached storage; And acquiring a second white list with the access authority of the network auxiliary storage in the target time period, and preventing users outside the second white list from accessing the network auxiliary storage in the target time period.
  8. 8. A method according to any one of claims 1 to 3, wherein prior to receiving a mount request for network attached storage sent by a virtual server, comprising: Receiving a resource acquisition request sent by the virtual server, wherein the resource acquisition request carries user information of the user and storage information corresponding to network attached storage; Generating the authentication information based on the user information and the stored information in response to the resource acquisition request; and sending the authentication information to the virtual server.
  9. 9. The data access management system is characterized by comprising a storage server and a virtual server; The virtual server is used for responding to a resource acquisition request and sending a mounting request of a network attached storage to the storage server, wherein the network attached storage comprises a storage instance, the storage instance is used for storing data information of a plurality of users, and the data information of each user is respectively stored in a corresponding private file catalog; The storage server is used for receiving a mounting request of the network attached storage sent by the virtual server, wherein the mounting request carries authentication information corresponding to a user to which the virtual server belongs, authenticating the authentication information to obtain an authentication result, and executing an operation corresponding to the authentication result.
  10. 10. The management system for data access is characterized by comprising a first cloud server, a second cloud server and a virtual server; the virtual server is used for responding to a resource acquisition request of a target application and sending a mounting request of a network attached storage to the first cloud server, wherein the network attached storage comprises a storage instance, the storage instance is used for storing data information of a plurality of users, and the data information of each user is respectively stored in a corresponding private file catalog; The first cloud server is used for receiving a mounting request of network attached storage sent by the virtual server, wherein the mounting request carries authentication information corresponding to a user to which a target application belongs in the virtual server; The second cloud server is used for receiving the authentication information sent by the first cloud server, authenticating the authentication information and sending an authentication result to the first cloud server.
  11. 11. The system of claim 10, wherein the first cloud server is specifically configured to obtain registration information stored by a user for the network attachment, and send the registration information to the second cloud server; and receiving configuration information fed back by the second cloud service end aiming at the registration information, distributing a corresponding file directory for the user according to the configuration information in the network attached storage, and configuring access rights of the file directory for the user.
  12. 12. The system of claim 11, wherein the first cloud server is specifically configured to create, in the network attached storage, a private file directory corresponding to the user according to the configuration information; And configuring access rights of the private file directory and the public file directory for the user based on the configuration information, wherein the public file directory is used for storing shared files accessed by a plurality of users.
  13. 13. The system of claim 10 or 11, wherein the first cloud server is configured to receive a first whitelist sent by a second cloud server, the first whitelist including users having access to the network attached storage, and/or wherein users outside the first whitelist are prevented from accessing the network attached storage, And receiving a second white list sent by a second cloud service end, wherein the second white list comprises users with the access authority of the network auxiliary storage in a target time period, and preventing users outside the second white list from accessing the network auxiliary storage in the target time period.
  14. 14. The system of claim 10, wherein the second cloud server is specifically configured to receive a resource acquisition request sent by the virtual server, and generate the authentication information in response to the resource acquisition request; and sending the authentication information to the virtual server.
  15. 15. The system according to claim 10 or 14, wherein the second cloud service is specifically configured to obtain, from the authentication information, user information and storage information corresponding to network attached storage, and compare the user information and the storage information with authentication data in an authentication database; if the authentication database has authentication data matched with the user information and the storage information, generating an authentication result of an access path comprising a file directory; and if the authentication database does not have authentication data matched with the user information and the stored information, generating an authentication result of authentication failure.
  16. 16. The system according to claim 10 or 14, wherein the second cloud service side is specifically configured to obtain a validity period corresponding to the authentication information, and if the validity period is in an expired state, generate an authentication result of authentication failure; And sending the prompt information of the reauthentication to the virtual server.
  17. 17. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor runs the computer program to implement the method of any one of claims 1 to 8.
  18. 18. A computer readable storage medium having stored thereon a computer program, wherein the program is executed by a processor to implement the method of any of claims 1 to 8.
  19. 19. A computer program product comprising a computer program, characterized in that the computer program is executed by a processor to implement the method of any one of claims 1 to 8.

Description

Data access management method, system, electronic equipment and storage medium Technical Field The application relates to the field of cloud technology, in particular to a data access management method, a system, electronic equipment and a storage medium. Background With the continuous development of cloud technology, NAS (Network Attached Storage ) realizes data transmission based on standard network protocols, and provides file sharing and data backup for computers of various operating systems in a cloud network. In the related art, a cloud NAS service provider provides NAS services by creating a corresponding NAS instance for each NAS user, and since each NAS instance corresponds to an independent NAS storage and is limited by the NAS storage capacity provided by the NAS service provider, the number of NAS instances that can be supported by providing the NAS service in this way is limited, and cannot support large-scale use by more users. And because of the bandwidth performance of NAS reading and writing of the NAS instance, the storage space corresponding to the NAS instance purchased by the user is positively correlated, when the storage space corresponding to the NAS instance purchased by the user is smaller, the speed of reading and writing files on the NAS by the user is slower, and the user experience is poor. Disclosure of Invention In view of the above problems, the present application provides a method, a system, an electronic device, and a storage medium for managing data access, so as to at least solve the technical problems that the number of service users of NAS services provided in related technologies is limited, and the speed of reading and writing files on NAS by users is slow. According to a first aspect of the embodiment of the application, a data access management method is provided, and is applied to a storage server, a mounting request of a network attached storage sent by a virtual server is received, the mounting request carries authentication information corresponding to a user to which the virtual server belongs, the network attached storage comprises a storage instance, the storage instance is used for storing data information of a plurality of users, the data information of each user is respectively stored in a corresponding private file catalog, authentication is carried out on the authentication information to obtain an authentication result, and operation corresponding to the authentication result is executed. According to a second aspect of the embodiment of the application, a management device for data access is provided and applied to a storage server, and the device comprises a receiving unit, an authentication unit and an authentication unit, wherein the receiving unit is used for receiving a mounting request of a network-attached storage sent by a virtual server, the mounting request carries authentication information corresponding to a user to which the virtual server belongs, the network-attached storage comprises a storage instance, the storage instance is used for storing data information of a plurality of users, the data information of each user is respectively stored in a private file catalog corresponding to each user, and the authentication unit is used for authenticating the authentication information to obtain an authentication result and executing operation corresponding to the authentication result. According to a third aspect of the embodiment of the application, a management system for data access is provided, which comprises a storage server and a virtual server, wherein the virtual server is used for responding to a resource acquisition request and sending a mounting request of a network attached storage to the storage server; The storage server is used for receiving a mounting request of the network attached storage sent by the virtual server, wherein the mounting request carries authentication information corresponding to a user to which the virtual server belongs, authenticating the authentication information to obtain an authentication result, and executing an operation corresponding to the authentication result. According to a fourth aspect of the embodiment of the application, a management system for data access is provided, which comprises a first cloud server, a second cloud server and a virtual server; The virtual server is used for responding to a resource acquisition request of a target application, and sending a mounting request of the network attached storage to the first cloud server, wherein the network attached storage comprises a storage instance, the storage instance is used for storing data information of a plurality of users, and the data information of each user is respectively stored in a corresponding private file catalog; The first cloud server is used for receiving a mounting request of network attached storage sent by the virtual server, wherein the mounting request carries authentication information corresponding to a user t