WO1998009215A1 - Method for controlling resource usage by network users - Google Patents

Method for controlling resource usage by network users Download PDF

Info

Publication number
WO1998009215A1
WO1998009215A1 PCT/US1997/014788 US9714788W WO9809215A1 WO 1998009215 A1 WO1998009215 A1 WO 1998009215A1 US 9714788 W US9714788 W US 9714788W WO 9809215 A1 WO9809215 A1 WO 9809215A1
Authority
WO
WIPO (PCT)
Prior art keywords
resource
network
amount
specific
user
Prior art date
Application number
PCT/US1997/014788
Other languages
French (fr)
Inventor
Eric Jonathan Bauer
Russel W. Schaffer
Original Assignee
At & T Corp.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by At & T Corp. filed Critical At & T Corp.
Publication of WO1998009215A1 publication Critical patent/WO1998009215A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/50Allocation of resources, e.g. of the central processing unit [CPU]
    • G06F9/5005Allocation of resources, e.g. of the central processing unit [CPU] to service a request
    • G06F9/5011Allocation of resources, e.g. of the central processing unit [CPU] to service a request the resources being hardware resources other than CPUs, Servers and Terminals
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2209/00Indexing scheme relating to G06F9/00
    • G06F2209/50Indexing scheme relating to G06F9/50
    • G06F2209/504Resource capping
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Definitions

  • the present invention relates to the field of computer systems. More particularly, the present invention relates to a method and for controlling usage of resources provided by a networked computing system.
  • a local area network allows workstations and personal computers (PCs) to share resources, such as files and printers, that are distributed around the LAN.
  • This type of network is generally referred to as a client/server system or network because requests from the "client” workstations and PCs are processed by a host "server”.
  • FIG. 1 shows a schematic block diagram of an illustrative computing system 10 configured as a conventional client/server system.
  • the network includes a server computer 11 that is connected to a plurality of client personal computers (PCs) 12 and printers 13 via LAN 14.
  • Server computer 11 provides the client Pcs 12 with shared access to data stored on hard disk 15.
  • Network operating systems are increasingly using "network-wide" user identities in which a "network user", such as John Smith, is given a single network-wide identity that is used for uniquely identifying the user anywhere in the network, thus simplifying administrative and other related tasks regardless of network topology or organization.
  • Traditional operating systems maintain locally-meaningful user identifiers, such as UNIX numeric "user identifiers” or “uids”, for tracking local resource ownership, access controls, and usage.
  • Advanced Network Operating System products such the Advanced Server for UNIX Systems ⁇ 'AS/U) network operating system, maintain mappings between '"network- wide" user identities and the particular locally-meaningful user identities on each of the computers in the network.
  • FIG. 2 shows a schematic block diagram of an illustrative computing system 20 providing networked computing.
  • System 20 includes a plurality of server computers 21a-21c connected to a plurality of PCs 22a and a plurality of printers 23a via L.AN 24a.
  • Server computers 21a-21c each provide shared access to data stored on hard disks 25a-25c, respectively.
  • System 20 also includes server computer 21d connected to a plurality of PCs 22d and a plurality of printers 23d via LAN 24d.
  • Server computer 2Id provides shared access to data stored on hard disk 25d.
  • LAN 24d is connected to LAN 24a through gateway 26d.
  • Another LAN 24e connects a plurality of server computers 21e and 21f to a plurality of PCs 22e and a printer 23e.
  • server computer 21e provides shared access to data stored on hard disk 25e.
  • LAN 24e is connected to LAN 24a through gateway 26e. While networked computing obscures details of the location of a resource, users are provided with the advantage of a simpler, more useful view of the network.
  • This particular approach corresponds to the concept of a network home directory for a network user.
  • a problem with this approach is that it severely restricts the ability of a network user to work on files on multiple computers. Further, as computer configurations are changed, an administrator must explicitly reallocate each student's quota appropriately among the different server computers.
  • Another approach for limiting total storage use on the 10 server system by a network user is to grant the network user the same storage quota on all computer systems on which the network user has access. For example, if a network user is allocated Q megabytes of disk storage on each computer system of the network, and has access to X computer systems, then the network user is permitted to use at most Xx.Q megabytes of disk storage on the network as a whole.
  • This approach has an advantage of eliminating the need for the network administrator to allocate users among servers.
  • the limit on disk space per server must be set so low that any particular system may become nearly useless for a particular network user.
  • XxQ may be larger than the total disk space that any one network user is permitted to use in accordance with the university's storage policy. What is needed is a simplified way to control usage of resources provided by networked computing systems.
  • the present invention provides a simplified way of controlling usage of resources of a networked computing system so that network users do not exceed assigned consumption quotas.
  • the present invention provides a method for authorizing the allocation of resources of a computing system to a user on a network-wide basis using network-wide quotas.
  • a resource consumption request is received by a computer system configured with this invention
  • a network- wide maximum-use quota amount of the resource that is associated with the user is compared to a network-wide resource amount that is in-use by the user.
  • the user is authorized to use the requested amount of the resource when the requested amount of the resource and the total amount of this resource that is in use by this user on the network do not exceed the network-wide maximum-use quota amount of the resource for this user.
  • Figure 1 shows a schematic block diagram of an illustrative LAN configured as a conventional client/server system
  • Figure 2 shows a schematic block diagram of an illustrative LAN configured to connect together a plurality of other LANs
  • Figure 3 shows an exemplary structure of how a user account may be stored in an accounts database including network-wide quotas according to the present invention
  • Figure 4 shows a schematic block diagram illustrating an exemplary default per-system quota for a resource type and exemplary resource-specific quota according to the present invention
  • Figure 5 shows a flow diagram illustrating control of resource usage according to the present invention.
  • Figure 6 shows a schematic block diagram illustrating replication of a database containing network-wide quotas according to the present invention.
  • the present invention assigns network-wide resource quotas to each network user for controlling resource usage on a network as a whole.
  • the same authority that defines individual network identities for the network as a whole maintains the network-wide quotas for each network identity.
  • network user accounts are maintained in an accounts database. This accounts database is both distributed and replicated.
  • each account in the accounts database maintains the network-wide quota limits for a particular network identity, as well as information relating to the quantities of resources consumed by the network identity.
  • Figure 3 shows an exemplary structure of how a user account may be stored in an accounts database 30 using network-wide quotas.
  • a set of multiple independent network-wide quotas can be created and maintained for different resource types or classes, such as a disk storage quota and a printer page- count quota, for each network identity.
  • different classes of network identities can be assigned different sets of network-wide quotas. For example, undergraduate students at a university may be assigned one level of network-wide quotas, graduate students may be assigned a higher level of network-wide quotas, and professors may be assigned an even higher, perhaps unlimited, level of network-wide quota.
  • a system administrator may have authority for adjusting individual network-wide quotas for a network identity regardless of the class of the network identity.
  • Network-wide quotas may be assigned as fixed block-type quotas or as an allowance-type quota.
  • a network-wide quota that assigns 100 MB of disk space to a network identity is an example of a fixed block-type quota.
  • a network-wide quota that permits the printing of twenty pages a week is an example of an allowance-type quota.
  • Resources that are controlled by network-wide quotas may be either renewable or non-renewable.
  • Disk space is an example of a renewable resource because a depleted network-wide quota for storage space may be renewed by deleting files.
  • Printed pages are an example of a non-renewable resource, that is, once a page has been printed, it cannot be unprinted.
  • Network-wide quotas can also work in conjunction with per-system quotas and resource-specific quota.
  • One policy for interaction between the various quotas is for the controlling quota for the network identity to be the minimum of the network-wide quota for the network identity and any relevant per-system or resource-specific quota. For example, a student who has been granted a total of ten hours of CPU time on a university's networked computers may be prohibited by a policy associated with the university's supercomputer from consuming more than one of those ten hours on the supercomputer .
  • Figure 4 shows a schematic block diagram illustrating an exemplary default per-system quota and exemplary resource- specific quotas 45 according to the present invention.
  • these quotas 45 are accessed by server 41.
  • Quota 45 indicates that a default quota for a particular class of resource is set to 10 units, while the resource-specific quota for resource 1 is 5 units, and the resource-specific quota for resource 2 is 20 units.
  • the default quota of 10 units applies to resource 3.
  • the types of resources that may be controlled by network-wide quotas are not limited to disk usage or printer usage. Other examples of resources are virtual memory usage, network transmissions, mail messages sent, etc.
  • a network-wide quota q(i,r) is assigned to network identity i and stored in the accounts database.
  • c(i,r) denotes the total usage of resource r by network identity i on computer c. So, if N is the entire set of networked computers to which the network identity i has access, then the network-wide quotas are enforced according to the following inequality:
  • a network identity When a network identity attempts to consume a resource on a particular computer, the operating system on that computer contacts an authority (such as an AS/U server) for determining whether the network-wide quotas assigned to the network identity permit the network identity to consume the resources in question. If network-wide quotas are checked at the time a network identity is authenticated, such as at the time the network identity logs on to the system, for example, a network identity having network-wide quotas permitting printing of up to fifty pages could log onto three separate systems and print a fifty page file from each system after authentication at each system.
  • an authority such as an AS/U server
  • Checking with the authority for resource consumption authorization at the time the resource is requested to be consumed allows, for this example, printing of the first fifty page file and then denies printing of the next two print requests because the appropriate network-wide quota for the network identity is updated after the first request for resource consumption is complete .
  • the server computers 21a-21f in system 20, shown in Figure 2 may be running under the control of the Advanced Server for UNIX Systems (AS/U) network operating system and a location containing the accounts database may be disk drive 25a.
  • the accounts database includes a set of network-wide quotas for each network identity. Resource-specific quota information, such as limits on the number of pages that may be printed by a specific color printer, or limits on the amount of CPU time that may be consumed by a particular computer system connected to a system, may be included in either the accounts database, or on the system hosting the resource.
  • a user at a PC 22d may want to have a printout printed at printer 23d.
  • the accounts database in disk drive 25a is contacted for determining whether user identity for the user has not exceeded the limits imposed by a resource-specific quota for printer 23d.
  • the network-wide maximum-use quota for the resource that is associated with the user is compared to a network-wide resource amount that is in-use by the user. If the limits are not exceeded, then the requested resource is allocated to the user for consumption and the information relating to network-wide resource amount that is in-use or consumed by the user identity is updated when the consumption is complete. If it is determined that the quota has been exceeded, the user is denied consumption of the resource.
  • Figure 5 shows a flow diagram 50 illustrating control of resource usage according to the present invention.
  • a user at a PC 22e desire consume disk storage space on disk drive 25e by copying a file at step 51.
  • the file system queries the accounts database for determining whether the resource request exceeds the storage quota assigned to the user identity for the user. If, at step 53, the storage quota has not been exceeded, the operation is authorized and the file is copied at step 54. The consumption information for the user identity is updated accordingly at step 55. If the storage quota has been exceeded at step 53 , the consumption is denied and the operation fails at step 56.
  • a network-wide quota for a network identity may contain a threshold indicating the quantity of a particular resource that must be requested and evaluated locally before triggering a check with the an authority.
  • a threshold indicating the quantity of a particular resource that must be requested and evaluated locally before triggering a check with the an authority.
  • one resource-specific threshold may indicate that a network identity may print up to ten pages at a specific printer, such as a color printer, before the central authority is contacted for authorization.
  • a network identity may print up to ten pages on any printer in the system before the central authority is contacted for authorization .
  • FIG. 6 shows a schematic block diagram illustrating replication of a database containing network- wide quotas.
  • Primary server 61 replicates the accounts database stored in disk drive 62 in secondary server 63 and disk drive 64.

Abstract

A method for authorizing the allocation of a resource of a computing system to a user on a network-wide basis using network-wide quotas. When a resource consumption request is received by an authority, a network-wide maximum-use quota amount of the resource that is associated with the user is compared to a network-wide resource amount that is in-use by the user. The requested amount of the resource is allocated on a network-wide basis based on when the requested amount of the resource and the network-wide resource amount in-use by the user together do not exceed the network-wide maximum-use quota amount of the resource associated with the user.

Description

METHOD FOR CON ROLLING RESOURCE USAGE BY NETWORK USERS
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to the field of computer systems. More particularly, the present invention relates to a method and for controlling usage of resources provided by a networked computing system.
2. Description of the Related Art A local area network (LAN) allows workstations and personal computers (PCs) to share resources, such as files and printers, that are distributed around the LAN. This type of network is generally referred to as a client/server system or network because requests from the "client" workstations and PCs are processed by a host "server".
Figure 1 shows a schematic block diagram of an illustrative computing system 10 configured as a conventional client/server system. The network includes a server computer 11 that is connected to a plurality of client personal computers (PCs) 12 and printers 13 via LAN 14. Server computer 11 provides the client Pcs 12 with shared access to data stored on hard disk 15.
Network operating systems are increasingly using "network-wide" user identities in which a "network user", such as John Smith, is given a single network-wide identity that is used for uniquely identifying the user anywhere in the network, thus simplifying administrative and other related tasks regardless of network topology or organization. Traditional operating systems maintain locally-meaningful user identifiers, such as UNIX numeric "user identifiers" or "uids", for tracking local resource ownership, access controls, and usage. Advanced Network Operating System products, such the Advanced Server for UNIX Systems ι'AS/U) network operating system, maintain mappings between '"network- wide" user identities and the particular locally-meaningful user identities on each of the computers in the network. Consider the example of a university computer system having limited resources and which is used by a large number of users. It is necessary to limit the resources that any particular user may consume so that the system availability is maximized in some sense. One approach for limiting consumption of resources might be for the system administrators to adopt a policy of assigning each student a resource quota of 100 MB of disk space. Even though the system may have many gigabytes of disk space, no individual student is permitted to store more than their quota limit of 100 MB. In conventional systems, quotas such as these are configured and enforced on a per-machine basis.
For conventional systems like those shown in Figure 1, the concept of quotas is quite useful. However, with evolutions in networked computing, the details of where particular resources are physically hosted have become obscured, that is, the location of the particular server computer offering access to a particular file system or printer is usually not clear to a user. Figure 2 shows a schematic block diagram of an illustrative computing system 20 providing networked computing. System 20 includes a plurality of server computers 21a-21c connected to a plurality of PCs 22a and a plurality of printers 23a via L.AN 24a. Server computers 21a-21c each provide shared access to data stored on hard disks 25a-25c, respectively. System 20 also includes server computer 21d connected to a plurality of PCs 22d and a plurality of printers 23d via LAN 24d. Server computer 2Id provides shared access to data stored on hard disk 25d. LAN 24d is connected to LAN 24a through gateway 26d. Another LAN 24e connects a plurality of server computers 21e and 21f to a plurality of PCs 22e and a printer 23e. Like the other server computers, server computer 21e provides shared access to data stored on hard disk 25e. LAN 24e is connected to LAN 24a through gateway 26e. While networked computing obscures details of the location of a resource, users are provided with the advantage of a simpler, more useful view of the network. At the same time, machine-based quota limitations like those used with conventional systems (Figure 1) are awkward on systems like those shown in Figure 2. For instance, imagine that the university computer system described above is now organized as 10 server computers each having 50 Gigabytes of disk storage. Figure 2 conceptionally shows part of such an exemplary system. The university policy dictates that each student will be granted no more than 100 MB total storage on all of the university's computers. A conventional solution to this problem is to allocate storage quotas for each respective student onto a particular server or servers. For example, a storage quota for a given student may be apportioned with 70 MB on a first server and 30 MB on a second server, with the student being prohibited from storing files on any of the other 8 servers of the system. This particular approach corresponds to the concept of a network home directory for a network user. A problem with this approach is that it severely restricts the ability of a network user to work on files on multiple computers. Further, as computer configurations are changed, an administrator must explicitly reallocate each student's quota appropriately among the different server computers.
Another approach for limiting total storage use on the 10 server system by a network user is to grant the network user the same storage quota on all computer systems on which the network user has access. For example, if a network user is allocated Q megabytes of disk storage on each computer system of the network, and has access to X computer systems, then the network user is permitted to use at most Xx.Q megabytes of disk storage on the network as a whole. This approach has an advantage of eliminating the need for the network administrator to allocate users among servers. However, where the number of computers X is large, the limit on disk space per server must be set so low that any particular system may become nearly useless for a particular network user. If Q is made sufficiently large so that the allocated disk space per computer system is useful, then XxQ may be larger than the total disk space that any one network user is permitted to use in accordance with the university's storage policy. What is needed is a simplified way to control usage of resources provided by networked computing systems.
SUMMARY OF THE INVENTION
The present invention provides a simplified way of controlling usage of resources of a networked computing system so that network users do not exceed assigned consumption quotas.
Advantageously, the present invention provides a method for authorizing the allocation of resources of a computing system to a user on a network-wide basis using network-wide quotas. When a resource consumption request is received by a computer system configured with this invention, a network- wide maximum-use quota amount of the resource that is associated with the user is compared to a network-wide resource amount that is in-use by the user. The user is authorized to use the requested amount of the resource when the requested amount of the resource and the total amount of this resource that is in use by this user on the network do not exceed the network-wide maximum-use quota amount of the resource for this user.
BRIEF DESCRIPTION OF THE DRAWING The present invention is illustrated by way of example and not limitation in the accompanying figures in which like reference numerals indicate similar elements and in which:
Figure 1 shows a schematic block diagram of an illustrative LAN configured as a conventional client/server system;
Figure 2 shows a schematic block diagram of an illustrative LAN configured to connect together a plurality of other LANs;
Figure 3 shows an exemplary structure of how a user account may be stored in an accounts database including network-wide quotas according to the present invention;
Figure 4 shows a schematic block diagram illustrating an exemplary default per-system quota for a resource type and exemplary resource-specific quota according to the present invention;
Figure 5 shows a flow diagram illustrating control of resource usage according to the present invention; and
Figure 6 shows a schematic block diagram illustrating replication of a database containing network-wide quotas according to the present invention. DETAILED DESCRIPTION
The present invention assigns network-wide resource quotas to each network user for controlling resource usage on a network as a whole. According to the invention, the same authority that defines individual network identities for the network as a whole maintains the network-wide quotas for each network identity. For example, in the Advanced Server for UNIX Systems (AS/U) network operating system, network user accounts are maintained in an accounts database. This accounts database is both distributed and replicated.
According to the present invention, information relating to each user's network-wide quotas limiting the total use or consumption of network resources by the user are also maintained in the accounts database. Specifically, each account in the accounts database maintains the network-wide quota limits for a particular network identity, as well as information relating to the quantities of resources consumed by the network identity. Figure 3 shows an exemplary structure of how a user account may be stored in an accounts database 30 using network-wide quotas.
A set of multiple independent network-wide quotas can be created and maintained for different resource types or classes, such as a disk storage quota and a printer page- count quota, for each network identity. Similarly, different classes of network identities can be assigned different sets of network-wide quotas. For example, undergraduate students at a university may be assigned one level of network-wide quotas, graduate students may be assigned a higher level of network-wide quotas, and professors may be assigned an even higher, perhaps unlimited, level of network-wide quota. Of course, a system administrator may have authority for adjusting individual network-wide quotas for a network identity regardless of the class of the network identity. Network-wide quotas may be assigned as fixed block-type quotas or as an allowance-type quota. A network-wide quota that assigns 100 MB of disk space to a network identity is an example of a fixed block-type quota. A network-wide quota that permits the printing of twenty pages a week is an example of an allowance-type quota. Resources that are controlled by network-wide quotas may be either renewable or non-renewable. Disk space is an example of a renewable resource because a depleted network-wide quota for storage space may be renewed by deleting files. Printed pages are an example of a non-renewable resource, that is, once a page has been printed, it cannot be unprinted.
Network-wide quotas can also work in conjunction with per-system quotas and resource-specific quota. One policy for interaction between the various quotas is for the controlling quota for the network identity to be the minimum of the network-wide quota for the network identity and any relevant per-system or resource-specific quota. For example, a student who has been granted a total of ten hours of CPU time on a university's networked computers may be prohibited by a policy associated with the university's supercomputer from consuming more than one of those ten hours on the supercomputer .
Figure 4 shows a schematic block diagram illustrating an exemplary default per-system quota and exemplary resource- specific quotas 45 according to the present invention. In Figure 4, these quotas 45 are accessed by server 41. Quota 45 indicates that a default quota for a particular class of resource is set to 10 units, while the resource-specific quota for resource 1 is 5 units, and the resource-specific quota for resource 2 is 20 units. The default quota of 10 units applies to resource 3.
The types of resources that may be controlled by network-wide quotas are not limited to disk usage or printer usage. Other examples of resources are virtual memory usage, network transmissions, mail messages sent, etc.
For a particular network identity i and a particular class of resource r, a network-wide quota q(i,r) is assigned to network identity i and stored in the accounts database. For a particular computer c, c(i,r) denotes the total usage of resource r by network identity i on computer c. So, if N is the entire set of networked computers to which the network identity i has access, then the network-wide quotas are enforced according to the following inequality:
c i i . i) ≤ qi i , r) c e N
When a network identity attempts to consume a resource on a particular computer, the operating system on that computer contacts an authority (such as an AS/U server) for determining whether the network-wide quotas assigned to the network identity permit the network identity to consume the resources in question. If network-wide quotas are checked at the time a network identity is authenticated, such as at the time the network identity logs on to the system, for example, a network identity having network-wide quotas permitting printing of up to fifty pages could log onto three separate systems and print a fifty page file from each system after authentication at each system. Checking with the authority for resource consumption authorization at the time the resource is requested to be consumed allows, for this example, printing of the first fifty page file and then denies printing of the next two print requests because the appropriate network-wide quota for the network identity is updated after the first request for resource consumption is complete .
As an illustrative example, the server computers 21a-21f in system 20, shown in Figure 2, may be running under the control of the Advanced Server for UNIX Systems (AS/U) network operating system and a location containing the accounts database may be disk drive 25a. The accounts database includes a set of network-wide quotas for each network identity. Resource-specific quota information, such as limits on the number of pages that may be printed by a specific color printer, or limits on the amount of CPU time that may be consumed by a particular computer system connected to a system, may be included in either the accounts database, or on the system hosting the resource.
A user at a PC 22d may want to have a printout printed at printer 23d. At the time of the request, the accounts database in disk drive 25a is contacted for determining whether user identity for the user has not exceeded the limits imposed by a resource-specific quota for printer 23d. The network-wide maximum-use quota for the resource that is associated with the user is compared to a network-wide resource amount that is in-use by the user. If the limits are not exceeded, then the requested resource is allocated to the user for consumption and the information relating to network-wide resource amount that is in-use or consumed by the user identity is updated when the consumption is complete. If it is determined that the quota has been exceeded, the user is denied consumption of the resource.
Figure 5 shows a flow diagram 50 illustrating control of resource usage according to the present invention. A user at a PC 22e desire consume disk storage space on disk drive 25e by copying a file at step 51. At step 52, the file system queries the accounts database for determining whether the resource request exceeds the storage quota assigned to the user identity for the user. If, at step 53, the storage quota has not been exceeded, the operation is authorized and the file is copied at step 54. The consumption information for the user identity is updated accordingly at step 55. If the storage quota has been exceeded at step 53 , the consumption is denied and the operation fails at step 56. Checking with an authority every time that a network identity requests consumption of a resource will likely produce a performance bottleneck in the system depending upon the system size and the number of users of the system. One way to avoid this bottleneck is for a network-wide quota for a network identity to contain a threshold indicating the quantity of a particular resource that must be requested and evaluated locally before triggering a check with the an authority. For example, one resource-specific threshold may indicate that a network identity may print up to ten pages at a specific printer, such as a color printer, before the central authority is contacted for authorization. .Another resource-specific threshold may indicate that a network identity may print up to ten pages on any printer in the system before the central authority is contacted for authorization .
Another way to avoid system performance problems associated with frequent checking of resource usage with an authority is to pre-allocate resources. That is, if a process determines that up to 1 MB of disk space will be consumed on behalf of a network identity, the process could authorize consumption of the necessary memory space, use what was needed, and release the pre-allocated, yet unnecessary remaining space for allocation to another network identity. Yet another way to avoid system performance bottlenecks caused by frequent requests to the authority for authorizing consumption is to have a plurality of databases distributed around system 20 that replicate the accounts database stored in disk drive 25a. Figure 6 shows a schematic block diagram illustrating replication of a database containing network- wide quotas. Primary server 61 replicates the accounts database stored in disk drive 62 in secondary server 63 and disk drive 64.
When consumption of a resource is requested, the request is sent to an appropriate image of the accounts database where it is determined whether the consumption request should be fulfilled. Updates to individual network-wide quotas at the secondary databases are periodically sent to the primary network-wide quota data at disk drive 25a and then replicated at each of the plurality of secondary databases distributed around system 20. while the present invention has been described in connection with the illustrated embodiments, it will be appreciated and understood that modifications may be made without departing from the true spirit and scope of the invention.

Claims

IN THE CLAIMS
1. A method for authorizing allocation of a resource of a computing system to a user, the computing system including a plurality of resources interconnected by a network, the method comprising the steps of: comparing a network-wide maximum-use quota amount of the resource associated with a user to a network-wide resource amount in-use by the user; and authorizing on a network-wide basis allocation of an amount of the resource requested by the user based on when the requested amount of the resource and the network-wide resource amount in-use by the user together do not exceed the network-wide maximum-use quota amount of the resource associated with the user.
2. The method according to claim 1, wherein the step of comparing includes the steps of : obtaining the network-wide maximum-use quota amount of the resource associated with the user from a first database; and obtaining the network-wide resource amount in-use by the user from a second database.
3. The method according to claim 2, further comprising the step of associating a predetermined network-wide maximum- use quota amount of the resource with the user.
4. The method according to claim 2, wherein selected resources form a subsystem of the computing system, and wherein the network-wide maximum-use quota amount associated with the user includes a maximum-use per-subsyste quota amount .
5. The method according to claim 2, wherein the resource includes at least one of disk usage, printer usage, virtual memory usage, network transmissions and mail messages sent .
6. The method according to claim 2, wherein the network-wide maximum-use quota amount includes at least one of a fixed block-type quota and an allowance-type quota.
7. The method according to claim 2, wherein the step of authorizing allocation of the requested amount of the resource includes the step of updating the network-wide amount of the resource in-use by the user after the requested amount of the resource is allocated.
8. The method according to claim 7, wherein the first and second databases are the same database.
9. The method according to claim 7, further comprising the step of receiving a request from the user for use of a requested amount of the resource.
10. The method according to claim 9, further comprising the steps of: determining whether the requested amount of the resource exceeds a predetermined threshold; and sending the request on behalf of the user when the requested amount of the resource exceeds the predetermined threshold.
11. The method according to claim 7, wherein the step of comparing includes comparing a resource -specific naximum- use quota amount associated with the user for a specific resource of the computing system to a resource-specific in- use amount of the specific resource that is in-use by the user; and wherein the step of authorizing allocation of the requested amount of the resource is further based on when the requested amount of the specific resource and the resource- specific in-use amount of the specific resource that is in- use by the user together do not exceed the resource-specific maximum-use quota amount associated with the user for the specific resource.
12. The method according to claim 11, wherein the step of comparing the resource-specific maximum-use quota amount associated with the user for the specific resource to a resource-specific in-use amount of the specific resource that is in-use by the user includes the steps of: obtaining from a third database the resource- specific maximum-use quota amount associated with the user for the specific resource; and obtaining from a fourth database the resource- specific in-use amount of the specific resource that is in- use by the user.
13. The method according to claim 12, wherein the third and fourth databases are the same database .
14. The method according to claim 13, further comprising the step of associating a resource-specific maximum-use quota amount for the specific resource with the user.
15. A method for authorizing allocation of a resource of a plurality of resources of a computing system to a network identity on a network-wide basis, the computing system including a plurality of resources interconnected by a network, the plurality of resources including a plurality of computers N and including a plurality resource classes, the method comprising the steps of: assigning a network-wide quota q(i,r) to a network identity i for a resource class r; storing the assigned network-wide quota q(i,r) in a first database; storing a total usage c(i,r) of the resource class r by network identity i on a computer c in a second database, computer c being one of the plurality of computers N; obtaining the network-wide quota q(i,r) for the network identity i for resource class r from the first database ; obtaining the total usage c(i,r) of the resource class r by network identity i on computer c from the second database; and authorizing allocation of a requested amount of resource class r based on when
∑ c ( i , z) ≤ q( i , r) . c € JV
16. The method according to claim 15, wherein the first and second databases are the same database.
17. The method according to claim 15, further comprising the steps of: updating the total usage c(i,r) of the resource class r by network identity i on computer c with the requested amount of resource class r after the requested amount of the resource claim r is allocated; and storing the updated total usage c(i,r) in the second database.
18. The method according to claim 15, further comprising the steps of : determining whether the requested amount of resource class r exceeds a predetermined threshold; and sending the request from the network identity i at computer c for use of the requested amount of resource class r when the requested amount of resource r exceeds the predetermined threshold.
19. The method according to claim 18, further comprising the step of receiving a request from the network identity i at computer c for use of the requested amount of resource class r.
20. The method according to claim 19, wherein a resource d provides a specific resource in resource class r, wherein the request includes a request for cin amount of the specific resource provided by the resource d; the method further comprising the steps of: assigning a resource-specific maximum-use quota m(i,d) for the network identity i and the resource d; storing the resource-specific maximum-use quota m(i,d) in a third database; and storing a total usage t(i,d) of the resource d by the network identity i in a fourth database; and wherein the step of authorizing allocation of the requested amount of the specific resource is further based on when
t(i,d) < m(i,d).
21. The method according to claim 20, wherein before the step of authorizing allocation of the requested amount of the specific resource, the method further comprises the steps of: obtaining the resource-specific maximum-use quota m(i,d) from the third database; and obtaining the total usage t(i,d) of resource d by the network identity i from the fourth database.
22. The method according to claim 21, further comprising the steps of: updating the total usage t(i,d) of resource d by network identity i with the requested amount of the specific resource provided by the resource d when the requested amount of the specific resource is allocated; and storing the updated total usage t(i,d) in the fourth database.
23. The method according to claim 22, wherein the third and fourth databases are the same database.
24. The method according to claim 15, wherein a resource d provides a specific resource in resource class r, wherein the request includes a request for an amount of the specific resource provided by the resource d; the method further comprising the steps of : assigning a resource-specific maximum-use quota m(i,d) for the network identity i and the resource d; storing the resource-specific maximum-use quota m(i,d) in a third database; and storing a total usage t(i,d) of the resource d by the network identity i in a fourth database; and wherein the step of authorizing allocation of the requested specific resource is further based on when
t(i,d) ≤ m(i,d).
25. The method according to claim 24, wherein before the step of authorizing allocation of the requested amount of the specific resource, the method further comprises the steps of: obtaining the resource-specific maximum-use quota m(i,d) from the third database; and obtaining the total usage t(i,d) of resource d by the network identity i from the fourth database.
26. The method according to claim 25, further comprising the steps of: updating the total usage t(i,d) of resource d by network identity i with the requested amount of the specific resource provided by the resource d; and storing the updated total usage t(i,d) in the fourth database.
27. The method according to claim 26, wherein the third and fourth databases are the same database.
PCT/US1997/014788 1996-08-30 1997-08-22 Method for controlling resource usage by network users WO1998009215A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US08/706,370 1996-08-30
US08/706,370 US5819047A (en) 1996-08-30 1996-08-30 Method for controlling resource usage by network identities

Publications (1)

Publication Number Publication Date
WO1998009215A1 true WO1998009215A1 (en) 1998-03-05

Family

ID=24837265

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US1997/014788 WO1998009215A1 (en) 1996-08-30 1997-08-22 Method for controlling resource usage by network users

Country Status (2)

Country Link
US (1) US5819047A (en)
WO (1) WO1998009215A1 (en)

Families Citing this family (67)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0725340A3 (en) * 1995-02-03 1996-10-02 Ibm Apparatus and method for managing a distributed data processing system workload by limiting the processing capacity consumption
JPH10161823A (en) * 1996-11-27 1998-06-19 Nec Corp Print system
US6393455B1 (en) * 1997-03-28 2002-05-21 International Business Machines Corp. Workload management method to enhance shared resource access in a multisystem environment
US5946686A (en) * 1997-07-11 1999-08-31 International Business Machines Corporation Parallel file system and method with quota allocation
JPH11157179A (en) * 1997-12-02 1999-06-15 Canon Inc Image processor, image processing system, image forming apparatus, storage medium
US6092163A (en) * 1998-12-04 2000-07-18 W. Quinn Associates, Inc. Pageable filter driver for prospective implementation of disk space quotas
US6230204B1 (en) * 1997-12-19 2001-05-08 Micron Electronics, Inc. Method and system for estimating usage of computer resources
ES2546173T3 (en) 1998-03-13 2015-09-21 Canon Kabushiki Kaisha Apparatus and procedure for information processing
JP3740320B2 (en) * 1999-05-31 2006-02-01 キヤノン株式会社 Device search system and device search method
US6615247B1 (en) 1999-07-01 2003-09-02 Micron Technology, Inc. System and method for customizing requested web page based on information such as previous location visited by customer and search term used by customer
US6927869B1 (en) * 1999-07-09 2005-08-09 Hewlett-Packard Development Company, L.P. Purchasing and printing documents from the internet
US6973653B1 (en) * 1999-10-21 2005-12-06 Sony Corporation Method for utilizing resource characterizations to optimize performance in an electronic device
US20100185614A1 (en) 1999-11-04 2010-07-22 O'brien Brett Shared Internet storage resource, user interface system, and method
US6351776B1 (en) 1999-11-04 2002-02-26 Xdrive, Inc. Shared internet storage resource, user interface system, and method
US6732172B1 (en) * 2000-01-04 2004-05-04 International Business Machines Corporation Method and system for providing cross-platform access to an internet user in a heterogeneous network environment
US8086697B2 (en) 2005-06-28 2011-12-27 Claria Innovations, Llc Techniques for displaying impressions in documents delivered over a computer network
US7475404B2 (en) 2000-05-18 2009-01-06 Maquis Techtrix Llc System and method for implementing click-through for browser executed software including ad proxy and proxy cookie caching
JP4049525B2 (en) * 2000-08-16 2008-02-20 富士通株式会社 Distributed processing system
US20030018900A1 (en) * 2000-10-02 2003-01-23 Tomoaki Endoh Peripheral equipment and management method thereof
US7884954B2 (en) * 2000-10-02 2011-02-08 Canon Kabushiki Kaisha Peripheral equipment and management method thereof
US20020065917A1 (en) * 2000-11-30 2002-05-30 Pratt Steven L. Method for managing resources on a per user basis for UNIX based systems
US7778981B2 (en) * 2000-12-01 2010-08-17 Netapp, Inc. Policy engine to control the servicing of requests received by a storage server
US7346928B1 (en) * 2000-12-01 2008-03-18 Network Appliance, Inc. Decentralized appliance virus scanning
US6832248B1 (en) * 2001-05-10 2004-12-14 Agami Systems, Inc. System and method for managing usage quotas
US7320033B2 (en) * 2001-07-27 2008-01-15 Intel Corporation Dynamic local drive and printer sharing
US7245632B2 (en) * 2001-08-10 2007-07-17 Sun Microsystems, Inc. External storage for modular computer systems
US7487233B2 (en) * 2001-12-05 2009-02-03 Canon Kabushiki Kaisha Device access based on centralized authentication
US20030126135A1 (en) * 2001-12-28 2003-07-03 David Gaxiola Remote resource management of local devices
US7852502B2 (en) * 2002-04-12 2010-12-14 Canon Kabushiki Kaisha Management system, image processing apparatus and method for acquiring print job history information
US7010596B2 (en) * 2002-06-28 2006-03-07 International Business Machines Corporation System and method for the allocation of grid computing to network workstations
US20050254652A1 (en) * 2002-07-16 2005-11-17 Haim Engler Automated network security system and method
US7603341B2 (en) 2002-11-05 2009-10-13 Claria Corporation Updating the content of a presentation vehicle in a computer network
US8095500B2 (en) 2003-06-13 2012-01-10 Brilliant Digital Entertainment, Inc. Methods and systems for searching content in distributed computing networks
US7729992B2 (en) * 2003-06-13 2010-06-01 Brilliant Digital Entertainment, Inc. Monitoring of computer-related resources and associated methods and systems for disbursing compensation
US20040267868A1 (en) * 2003-06-26 2004-12-30 International Business Machines Corporation Method for monitoring print jobs in a data processing network
US20040267827A1 (en) * 2003-06-30 2004-12-30 International Business Machines Corporation Method, apparatus, and program for maintaining quota information within a file system
JP4400126B2 (en) 2003-08-08 2010-01-20 株式会社日立製作所 Centralized disk usage control method in virtual centralized network storage system
US8745222B2 (en) * 2003-08-15 2014-06-03 Blackboard Inc. Content system and associated methods
US20050078332A1 (en) * 2003-10-14 2005-04-14 Sharp Laboratories Of America, Inc. System and method for controlling a printer job responsive to attribute analysis
US8170912B2 (en) 2003-11-25 2012-05-01 Carhamm Ltd., Llc Database structure and front end
DE102004037087A1 (en) * 2004-07-30 2006-03-23 Advanced Micro Devices, Inc., Sunnyvale Self-biasing transistor structure and SRAM cells with fewer than six transistors
US8255413B2 (en) 2004-08-19 2012-08-28 Carhamm Ltd., Llc Method and apparatus for responding to request for information-personalization
US8078602B2 (en) 2004-12-17 2011-12-13 Claria Innovations, Llc Search engine for a computer network
US20060168012A1 (en) * 2004-11-24 2006-07-27 Anthony Rose Method and system for electronic messaging via distributed computing networks
US7693863B2 (en) 2004-12-20 2010-04-06 Claria Corporation Method and device for publishing cross-network user behavioral data
US8645941B2 (en) 2005-03-07 2014-02-04 Carhamm Ltd., Llc Method for attributing and allocating revenue related to embedded software
US8073866B2 (en) 2005-03-17 2011-12-06 Claria Innovations, Llc Method for providing content to an internet user based on the user's demonstrated content preferences
US20070156770A1 (en) * 2005-10-18 2007-07-05 Joel Espelien System and method for controlling and/or managing metadata of multimedia
US20070116234A1 (en) * 2005-10-19 2007-05-24 Marco Schneider Methods and apparatus for preserving access information during call transfers
US7643472B2 (en) 2005-10-19 2010-01-05 At&T Intellectual Property I, Lp Methods and apparatus for authorizing and allocating outdial communication services
US7924987B2 (en) * 2005-10-19 2011-04-12 At&T Intellectual Property I., L.P. Methods, apparatus and data structures for managing distributed communication systems
US7839988B2 (en) 2005-10-19 2010-11-23 At&T Intellectual Property I, L.P. Methods and apparatus for data structure driven authorization and/or routing of outdial communication services
US8238327B2 (en) * 2005-10-19 2012-08-07 At&T Intellectual Property I, L.P. Apparatus and methods for subscriber and enterprise assignments and resource sharing
DE102006004409A1 (en) * 2006-01-31 2007-08-09 Advanced Micro Devices, Inc., Sunnyvale SRAM cell with self-stabilizing transistor structures
US8620952B2 (en) 2007-01-03 2013-12-31 Carhamm Ltd., Llc System for database reporting
US7783666B1 (en) 2007-09-26 2010-08-24 Netapp, Inc. Controlling access to storage resources by using access pattern based quotas
DE102008007029B4 (en) * 2008-01-31 2014-07-03 Globalfoundries Dresden Module One Limited Liability Company & Co. Kg Operation of an electronic circuit with body-controlled dual-channel transistor and SRAM cell with body-controlled dual-channel transistor
US20120210205A1 (en) 2011-02-11 2012-08-16 Greg Sherwood System and method for using an application on a mobile device to transfer internet media content
US11647243B2 (en) 2009-06-26 2023-05-09 Seagate Technology Llc System and method for using an application on a mobile device to transfer internet media content
US9195775B2 (en) 2009-06-26 2015-11-24 Iii Holdings 2, Llc System and method for managing and/or rendering internet multimedia content in a network
CN102483742B (en) * 2009-09-04 2016-06-22 Iii控股2有限责任公司 For managing the system and method for internet media content
US8798777B2 (en) 2011-03-08 2014-08-05 Packetvideo Corporation System and method for using a list of audio media to create a list of audiovisual media
US9716580B2 (en) * 2012-05-31 2017-07-25 E&C Holding Company, Llc Virtual classroom management delivery system and method
US9229661B2 (en) * 2013-03-15 2016-01-05 Silicon Graphics International Corp. Total quotas for data storage system
WO2016160065A1 (en) 2015-03-31 2016-10-06 Hewlett-Packard Development Company, L.P. Print reservation
CN107533484B (en) * 2015-05-07 2021-03-02 华为技术有限公司 System and method for dynamically managing virtual network function descriptors
US10089145B1 (en) * 2015-12-28 2018-10-02 Amazon Technologies, Inc. Approximating sequential workloads on resource constrained systems

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0413490A2 (en) * 1989-08-15 1991-02-20 AT&T Corp. Resource allocation scheme
EP0666665A2 (en) * 1994-02-07 1995-08-09 International Business Machines Corporation Method and apparatus for dynamically determining and allocating shared resource access quota

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5421011A (en) * 1991-12-20 1995-05-30 International Business Machines Corporation Method and system for access and accounting control in a data processing system by using a single resource account for a user or a group of users
JP2656741B2 (en) * 1994-01-31 1997-09-24 インターナショナル・ビジネス・マシーンズ・コーポレイション Information management method and bridge node
US5467352A (en) * 1994-02-07 1995-11-14 International Business Machines Corporation Method and apparatus for improved throughput in a multi-node communication system with a shared resource
US5713013A (en) * 1996-01-25 1998-01-27 Apple Computer, Inc. System for establishing and enforcing maximum size of directory by preventing the size of the directory from exceeding the set quota size of the directory

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0413490A2 (en) * 1989-08-15 1991-02-20 AT&T Corp. Resource allocation scheme
EP0666665A2 (en) * 1994-02-07 1995-08-09 International Business Machines Corporation Method and apparatus for dynamically determining and allocating shared resource access quota

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
BETTISON A ET AL: "LIMITS - A SYSTEM FOR UNIX RESOURCE ADMINISTRATION", PROCEEDINGS OF THE SUPERCOMPUTING CONFERENCE, RENO, NOV. 13 - 17, 1989, no. CONF. 2, 13 November 1989 (1989-11-13), INSTITUTE OF ELECTRICAL AND ELECTRONICS ENGINEERS, pages 686 - 692, XP000090938 *

Also Published As

Publication number Publication date
US5819047A (en) 1998-10-06

Similar Documents

Publication Publication Date Title
US5819047A (en) Method for controlling resource usage by network identities
US7171459B2 (en) Method and apparatus for handling policies in an enterprise
US8239540B2 (en) Distributed computing based on multiple nodes with determined capacity selectively joining resource groups having resource requirements
US7444395B2 (en) Method and apparatus for event handling in an enterprise
US5870555A (en) Lan resource manager
US7424475B2 (en) Emergency access interception according to black list
US7036039B2 (en) Distributing manager failure-induced workload through the use of a manager-naming scheme
US7020665B2 (en) File availability in distributed file storage systems
Pearlman et al. The community authorization service: Status and future
US5689708A (en) Client/server computer systems having control of client-based application programs, and application-program control means therefor
US7694082B2 (en) Computer program and method for managing resources in a distributed storage system
US6886035B2 (en) Dynamic load balancing of a network of client and server computer
US6067545A (en) Resource rebalancing in networked computer systems
US20030187866A1 (en) Hashing objects into multiple directories for better concurrency and manageability
US20020129216A1 (en) Apparatus and method for configuring available storage capacity on a network as a logical device
US20050114611A1 (en) Computerized system, method and program product for managing an enterprise storage system
US20050166011A1 (en) System for consolidating disk storage space of grid computers into a single virtual disk drive
US20030200222A1 (en) File Storage system having separation of components
GB2357171A (en) A distributed file sysytem for a multimedia storage network
US20050066134A1 (en) Method of implementation of data storage quota
US20080181415A1 (en) Systems and Arrangements to Adjust Resource Accessibility Based Upon Usage Modes
US8140622B2 (en) Parallel metadata service in storage area network environment
WO1999053415A1 (en) Distributed processing over a network
US20050091215A1 (en) Technique for provisioning storage for servers in an on-demand environment
SE513538C2 (en) Method and apparatus of a data communication network in which services are provided

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): CA JP

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): AT BE CH DE DK ES FI FR GB GR IE IT LU MC NL PT SE

121 Ep: the epo has been informed by wipo that ep was designated in this application
NENP Non-entry into the national phase

Ref country code: JP

Ref document number: 1998511747

Format of ref document f/p: F

NENP Non-entry into the national phase

Ref country code: CA

122 Ep: pct application non-entry in european phase