IDENTIFYING AND ENFORCING STRICT FILE CONFIDENTIALITY IN THE PRESENCE OF SYSTEM AND STORAGE ADMINISTRATORS IN A NAS SYSTEM

摘要

A data storage architecture for networked access by clients includes a file server capable of communication with the clients via the network, physical storage organized as a plurality of logical volumes, and an encryption device in communication with both the file server and the physical storage. The encryption device is operable in response to signaling from the file server to cause encryption of data being moved into the physical storage, and decryption of data being retrieved from storage. Two logical paths are provided for I/O operations. A first path is reserved for use by a first type of requestor, such as file owners. Data retrieved via the first path is decrypted by the encryption device, and Writes via the first path are allowed. A second path is employed for others than the owners, e.g., administrators. Data retrieved via the second path is not decrypted by the encryption device, and attempted Writes via the second first path are denied. Metadata may be delivered in-the-clear via both paths in response to a Read so that legitimate management tasks can be performed.