Search

US-12619754-B2 - Systems and methods for generating consistent global identifiers within a distributed file server environment including examples of global identifiers across domains

US12619754B2US 12619754 B2US12619754 B2US 12619754B2US-12619754-B2

Abstract

Examples described herein are generally directed towards generating, allocating, and assigning consistent file server user identifiers (IDs) (also described herein as a global identifier (GID)) domains subscribed to by file server(s) within a distributed file server environment. In operation, a virtualized file server of a distributed file server system may scan for and identify a trusted domain subscribed to by the virtualized file server. The virtualized file server may allocate to the trusted domain a range of file server user IDs. The virtualized file server may store a mapping between local user security identifiers (SIDs) in the trusted domain and a respective file server user IDs within the allocated range. The virtualized file server may provide the mapping to a replication target, such as during a replication, migration, and/or a disaster recovery event.

Inventors

  • Deepanshu Verma
  • Hemanth Kumar Thummala
  • Manoj Premanand Naik
  • Saji Kumar Vijaya Kumari Rajendran Nair
  • Shilpa Krishnareddy

Assignees

  • Nutanix, Inc.

Dates

Publication Date
20260505
Application Date
20240111
Priority Date
20230927

Claims (20)

  1. 1 . A distributed file server comprising: at least one processor; non-transitory computer-readable storage media encoded with instructions which, when executed by the at least one processor, cause the file server manager to perform actions comprising: scan a plurality of domains, including a domain the distributed file server is subscribed to and trusted domains of the plurality of domains; identify a trusted domain of the plurality of domains, wherein the trusted domain is associated with one or more users, each of the one or more users having a respective security identifier; allocate, to the trusted domain, a range of file server user identifiers (IDs); store a mapping between security identifiers (SIDs) in the trusted domain, including each respective security identifier, to a respective file server user ID within the range of file server user IDs; and provide the mapping to a replication target for the distributed file server.
  2. 2 . The distributed file server of claim 1 , wherein at least one domain serviced by the distributed file server.
  3. 3 . The distributed file server of claim 1 , wherein each file server user ID within the range of file server user IDs is a global identifier (GID).
  4. 4 . The distributed file server of claim 1 , wherein each SID associated with a respective user of the one or more users comprises a domain-specific portion and relative user identifier (RID) portion.
  5. 5 . The distributed file server of claim 1 , wherein the trusted domain is an active directory domain.
  6. 6 . The distributed file server of claim 1 , wherein the distributed file server is a virtualized file server.
  7. 7 . The distributed file server of claim 1 , wherein the replication target is a destination target, a disaster recovery target, or a combination thereof.
  8. 8 . The distributed file server of claim 1 , wherein providing the mapping to the replication target for the distributed file server occurs responsive to a failover event, a disaster recovery event, a replication event, or combinations thereof.
  9. 9 . The distributed file server of claim 1 , wherein the distributed file server is further configured to perform actions comprising: determine that a number of SIDs associated with the trusted domain exceeds a number of file server user IDs allocated to the trusted domain in the range of file server user IDs; dynamically allocate another range of file server user IDs to the trusted domain; and store a mapping between the number of SIDs that exceed the number of file server user IDs allocated to the trusted domain, and the another range of file server user IDs.
  10. 10 . The distributed file server of claim 9 , wherein the another range of file server user IDs is dynamically added to the trusted domain on a per-file share basis.
  11. 11 . The distributed file server of claim 9 , wherein the another range of file server user IDs is dynamically added to the trusted domain on a per-file server basis.
  12. 12 . The distributed file server of claim 9 , wherein the mapping between the number of SIDs that exceed the number of file server user IDs allocated to the trusted domain, and the another range of file server user IDs, the mapping between security identifiers in the trusted domain, including each respective security identifier, to a respective file server user ID within the range of file server user IDs, or a combination thereof, are accessible to each trusted domain.
  13. 13 . The distributed file server of claim 1 , wherein the distributed file server is further configured to perform actions comprising: assign a file server user ID included in the range of file server user IDs to a user of the one or more users of the trusted domain, wherein the user is associated with an assigned SID of the SIDs, and wherein the assigned SID comprises a trusted domain-specific portion and a relative identifier (RID) specific portion.
  14. 14 . A method comprising: scanning one or more domains, including a domain a distributed file server is subscribed to and trusted domains of the one or more domains; allocating a range of file server user identifier (IDs) to each of the one or more domains; storing a mapping between security identifiers (SIDs) in each domain of the one or more domains to a respective file server user ID within each respective range of file server user IDs; and providing the mapping to a replication target for the distributed file server.
  15. 15 . The method of claim 14 , wherein at least one of the one or more domains is an active directory domain.
  16. 16 . The method of claim 14 , wherein each of the one or more domains is a trusted domain.
  17. 17 . The method of claim 14 , wherein each file server user identifier of the file server user IDs is a global identifier (GID).
  18. 18 . The method of claim 16 , wherein each trusted domain is an active directory domain.
  19. 19 . The method of claim 14 , wherein the distributed file server is a virtualized file server.
  20. 20 . The method of claim 14 , wherein the replication target is a destination target, a disaster recovery target, or a combination thereof.

Description

CROSS-REFERENCE TO RELATED APPLICATION(S) This application claims priority to India application No. 202311064851 filed Sep. 27, 2023, which is incorporated herein by reference, in its entirety, for any purpose. TECHNICAL FIELD The present disclosure relates generally to systems and methods for generating consistent file server user identifiers (IDs), also described as global identifiers (GIDs), including use of a distributed file server. Examples of using the distributed file server to identify a trusted domain including a domain the distributed file server is subscribed to, allocate to the trusted domain a range of file server user IDs, and store a mapping between security identifiers (SIDs) in the trusted domain to respective file server user IDs within the allocated range are described. Examples of providing the mapping to a replication target during replication, migration, and/or disaster recovery is also described. BACKGROUND In a networked environment, a domain generally refers to a logical grouping of computing devices, users, and/or resources that are often managed by a centralized directory service like Active Directory. A file server may be a computer or device that is subscribed to the domain that stores and/or manages resources, such as files, folders, storage items, and other data that may be accessible to certain users within that domain. Users may be individuals or entities with accounts in the domain who can access resources on the file server. This relationship is such that users, through their domain accounts, may be granted permissions and access rights by administrators to connect to and interact with the file server. This grant of rights and permissions may allow users to store, retrieve, and/or manipulate the resources stored on the file server within the context of the domain's security and access permissions policies. Traditionally, in various domain and file server systems, a user is assigned a local user identifier. This local user identifier is used for user authentication and resource access. When a new user joins the domain, or when a new user account is created, the new user receives a local user identifier. This local user identifier is one of the primary means of identifying and authenticating users within a domain setting services by a single file server. In traditional systems, local user identifiers are only unique to the file server and domain they are associated with, but may be the same or similar to a local user identifier assigned to local users of other file servers and/or other domains. Because a local user of one file server and domain may have the same local user ID of another local user of a second file server and domain, when replication, migration, and or failover occurs, e.g., during disaster recovery of server replication, ID collision (e.g., two users of the same domain and/or file server) may result. In these cases, it may be impossible to correctly determine which local user has access and/or permissions to various resources. BRIEF DESCRIPTION OF THE DRAWINGS Reference is now made to the following descriptions taken in conjunction with the accompanying drawings, in which: FIG. 1 is a schematic illustration of a system 100 for generating consistent file server user identifiers (IDs) within a distributed file server environment and across domains, arranged in accordance with examples described herein; FIG. 2 is a flowchart of method 200 for generating consistent file server user identifiers (IDs) within a distributed file server environment and across domains, arranged in accordance with examples described herein; FIG. 3 is a flowchart of method 300 for generating consistent file server user identifiers (IDs) within a distributed file server environment and across domains, arranged in accordance with examples described herein; FIG. 4 is a schematic illustration of a clustered virtualization environment 400 implementing a virtualized file server and across domains, arranged in accordance with examples described herein; FIG. 5 is a schematic illustration of a clustered virtualization environment 500, arranged in accordance with examples described herein; FIG. 6 illustrates an example hierarchical structure of a virtual file server (VFS) instance in a cluster, arranged in accordance with examples described herein; FIG. 7 illustrates two example host machines, each providing file storage services for portions of two VFS instances FS1 and FS2, arranged in accordance with examples described herein; FIG. 8 illustrates example interactions between a client and host machines on which different portions of a VFS instance are stored, arranged in accordance with examples described herein; and FIG. 9 is a schematic illustration of a computing system, arranged in accordance with examples described herein. DETAILED DESCRIPTION Certain details are set forth herein to provide an understanding of described embodiments of technology. However, other examples may be practiced wi