Group zoning and access control over a network
First Claim
Patent Images
1. A method for controlling access to a Storage Area Network (SAN), comprising:
- receiving, at a switch, a request to join an initiator to the SAN;
receiving, at the switch, a request to join a target to the SAN;
building, at the switch, a name server table comprising;
an initiator list including the initiator; and
a target list including the target;
sending, from the switch and based on a command requesting the initiator list, a response including the initiator list;
receiving, at the switch, an add zone command from a target joined to the SAN;
in response to receiving the add zone command from the target, creating, at the switch, a Virtual Local Area Network (VLAN) between the initiator and an Internet Small Computer Systems Interface (iSCSI) port of the target joined to the SAN;
assigning, at the switch, an access control list (ACL) to the VLAN;
creating, at the switch, an iSCSI peer zone to control access to the target;
permitting, by the switch and based on the iSCSI peer zone, the initiator to access the iSCSI port of the target; and
denying, by the switch and based on the iSCSI peer zone, a second initiator from accessing the iSCSI port of the target.
3 Assignments
0 Petitions
Accused Products
Abstract
Example implementations relate to hard zoning capabilities for devices using Internet small computer system interface (iSCSI) protocol. For example, a method includes creating a virtual local area network (VLAN) at an Ethernet switch between an initiator and target adapter. The method includes assigning an access control list (ACL) to the VLAN. The method includes segregating a device of a plurality of devices connected to the SAN into a zone group. The method also includes controlling access of a zone group based on the ACL and frame filtering.
26 Citations
5 Claims
-
1. A method for controlling access to a Storage Area Network (SAN), comprising:
-
receiving, at a switch, a request to join an initiator to the SAN; receiving, at the switch, a request to join a target to the SAN; building, at the switch, a name server table comprising; an initiator list including the initiator; and a target list including the target; sending, from the switch and based on a command requesting the initiator list, a response including the initiator list; receiving, at the switch, an add zone command from a target joined to the SAN; in response to receiving the add zone command from the target, creating, at the switch, a Virtual Local Area Network (VLAN) between the initiator and an Internet Small Computer Systems Interface (iSCSI) port of the target joined to the SAN; assigning, at the switch, an access control list (ACL) to the VLAN; creating, at the switch, an iSCSI peer zone to control access to the target; permitting, by the switch and based on the iSCSI peer zone, the initiator to access the iSCSI port of the target; and denying, by the switch and based on the iSCSI peer zone, a second initiator from accessing the iSCSI port of the target. - View Dependent Claims (2, 3, 4, 5)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeHewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
-
Original AssigneeHewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
-
InventorsPuttagunta, Krishna B., Mohan, Rupin T., Agarwal, Vivek, Newfell, Jr., Charles J.
-
Primary Examiner(s)Chang, Jungwon
-
Application NumberUS15/500,035Publication NumberTime in Patent Office1,999 DaysField of Search709225US Class CurrentCPC Class CodesH04L 49/351 for local area network [LAN...H04L 49/354 for supporting virtual loca...H04L 49/356 for storage area networksH04L 49/70 Virtual switchesH04L 63/101 Access control lists [ACL]H04L 67/1097 for distributed storage of ...H04L 69/169 Special adaptations of TCP,...
