Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
1998-08-31
2002-05-14
Hayes, Gail (Department: 2131)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
C709S241000, C709S200000
Reexamination Certificate
active
06389543
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to multi-node computing systems. More particularly, the invention concerns a multi-node computing system where any node in the system may be employed to route commands to a selected group of nodes and initiate local command execution if permitted by local security provisions.
2. Description of the Related Art
In different forms, multiprocessing systems are in widespread use today. As one example, multiprocessing systems include “supercomputers” and other similar machines that utilize many separate high speed processors. This arrangement is popular because collectively, the processors provide a tremendously powerful computing engine. Multiprocessing systems also include “distributed processing systems,” which use typically multiple physically distinct computing machines to cooperatively perform a task. Advantageously, with this arrangement a computing task that is too intensive for any one machine can be spread out and processed in smaller parts by many different machines. In addition to these examples, multiprocessing systems can include a hybrid of the two, or a variety of other arrangements with multiple computers, microprocessors, application program instances, program threads, or other processing elements.
In one popular example of distributed processing system, many servers are networked to provide a data storage system that provides users with many sophisticated data management capabilities. This arrangement may be called a distributed storage system; examples of this approach may be found in various known networks implementing the Adstar Distributed Storage Manager (ADSM) software of International Business Machines Corp. (IBM). Although this and other similar systems constitute a significant advance and even enjoy widespread commercial success today, IBM continually seeks to improve the performance and efficiency of their multiprocessing systems. One area of focus concerns possible improvements to the routing and execution of commands in the system.
One drawback of the known arrangements is the time needed to execute commands. In a system of networked servers, for example, a system administrator may need to execute commands at a number of different networked servers. These tasks may involve making status inquiries, running diagnostics, changing operating settings, etc. In this event, the system administrator logs-in to each desired server and then executes the desired command; in more advanced systems, the system administrator may log-in to the desired servers remotely via one convenient, nearby server. In either case, when many different servers are involved, there is a significant time penalty, since the administrator must take steps to route each command to the desired server and arrange for execution there. The time penalty still applies even if the same command is being executed at each server.
This time inefficiency presents a number of problems. First, it burdens the system administrator with more work, making the system more costly to operate. It may be necessary, for example, to hire more system administrators. Additionally, where data gathering commands are concerned, the resultant data might be stale by the time the system administrator enters the lengthy set of commands to request the data from all servers. As another limitation, the lengthy and repetitive process of manually entering redundant commands at many different servers can be prone to user error. For example, the user may inadvertently forget to enter the command at one server because heishe loses track of his/her progress in the overall process of entering that command at twenty different servers.
Consequently, the known techniques for command routing and execution in distributed processing systems are not completely adequate for some applications due to certain unsolved problems.
SUMMARY OF THE INVENTION
Broadly, the invention concerns a technique to employ any node in a multi-node processing system to route commands to a selected group of one or more nodes and initiate local command execution if permitted by local security provisions. The system includes multiple application nodes interconnected by a network. The application nodes comprise servers, workstations, mainframe computers, personal computers, or other digital processing machines, or even application program instances or a combination of software and hardware. There are also one or more administrator nodes, each coupled to at least one of the application nodes. The administrator nodes may comprise computers, software application programs, communication consoles or terminals remotely located or attached to the application nodes, etc. The administrator nodes are used, for example, by system administrators, and each administrator node has certain security credentials.
The process begins by the administrator node transmitting input to one of the application nodes, referred to as an “entry” node. The input includes a command and routing information specifying a list of desired application nodes to execute the command. The list may identify nodes individually and/or by predefined groups containing multiple nodes. The identified nodes are called “destination” nodes, and may include the entry node itself. In response to this input, the entry node transmits messages to all identified application nodes to (1) log-in to the destination nodes using the originating administrator node's security credentials and (2) direct the destination nodes to execute the command. The transmission of these messages may be expedited by sending the messages a synchronously.
By consulting locally stored security credentials, each destination node determines whether the entry node's log-in should succeed. If so, the destination node continues by consulting locally stored authority information to determine whether the initiating administrator node has authority to execute the requested command. If so, the destination node attempts to execute the command. Ultimately, the destination node returns a response message indicating the outcome of the destination node's actions. The response may indicate, for example, that the log-in failed due to improper security credentials, the log-in succeeded but the command failed, or that the log-in and command succeeded (along with any output from the command). The entry node may receive responses concurrently while still transmitting command and routing information. Ultimately, the entry node organizes the received responses and sends a representative output to storage, the initiating administrator node, or another suitable location.
In one embodiment, the invention may be implemented to provide a method to employ any node in a multi-processing system to route commands to a selected group of one or more nodes and initiate local command execution if permitted by local security provisions. In another embodiment, the invention may be implemented to provide an apparatus, such as a multi-processing system, configured to employ any node in a multi-processing system to route commands to a selected group of one or more nodes and initiate local command execution if permitted by local security provisions. In still another embodiment, the invention may be implemented to provide a signal-bearing medium tangibly embodying a program of machine-readable instructions executable by a digital data processing apparatus to perform method steps to employ any node in a multi-processing system to route commands to a selected group of one or more nodes and initiate local command execution if permitted by local security provisions.
The invention affords its users with a number of distinct advantages. First, the invention enables a system administrator to quickly universally issue a command to many different nodes of a multi-processing system. Money is also saved because fewer system administrators can efficiently manage more application nodes. In addition to saving time, this reduces the potential for committing errors in the otherwise tedious work of repeatedl
Dawson Colin Scott
Kaczmarski Michael Allen
Warren, Jr. Donald Paul
Dan Hubert & Assoc.
Hayes Gail
International Business Machines - Corporation
Revak Christopher A.
LandOfFree
System and method for command routing and execution in a... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System and method for command routing and execution in a..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System and method for command routing and execution in a... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2908532