Externally and internally accessing local NAS data through NSFV3 and 4 interfaces

摘要

A method for secure external access to a collaborative design system is provided that includes establishing a virtual private network (VPN) tunnel between an engagement virtual machine and an external computer system, wherein the external user provides a user id and password for authorization to establish the VPN tunnel, receiving the user id and password in a web interface of the collaborative design system and identifying the engagement virtual machine the external user is allowed to access based on the user id and password, prompting the external user to log into the engagement virtual machine, wherein the user id and password are again received from the external user, issuing a security ticket to the external user when the user logs into the engagement virtual machine, and using the security ticket to authenticate accesses initiated by the external user to engagement files stored in a file system in an intranet.

主权项

1. A process comprising:
(A) assigning from an active directory/Kerberos server to an external user of a collaborative design system a unique external user identification, a unique group identification, and a unique virtual private network identification; (B) receiving from an external user computer a request to establish a virtual private network between the external user computer and a local engagement virtual machine that the external user is authorized to access, the receiving including identifying a particular local engagement virtual machine by the external user's group identification; (C) establishing a virtual private network tunnel between the external user computer and the particular local engagement virtual machine through a firewall separating the external computer user and the particular local engagement virtual machine; (D) receiving the external user identification in a local active directory/Kerberos server to authorize and log the external user computer onto the particular local engagement virtual machine; (E) issuing a Kerberos ticket from the active directory/Kerberos server to the external user computer in response to authorization; (F) accessing project files and data of the collaborative design system stored on a local network attached storage server by the external user computer through an NSFv4 interface of the local network attached storage server, including presenting the Kerberos ticket from the external user computer through the NFSv4 interface to the local network attached storage server for authenticating the external user computer to access the project files and data of the a collaborative design system stored on the local network attached storage server; (G) receiving log in information from an internal user computer in a local computer system coupled to the local network attached storage server and authenticating the log in information using a network information service; and (H) accessing the project files and data of the collaborative design system stored on the local network attached storage server by the internal user computer through an NSFv3 interface of the network attached server without a Kerberos ticket.