Group zoning and access control over a network
First Claim
Patent Images
1. A method for controlling access to a Storage Area Network (SAN), comprising:
- receiving, at a switch, a request to join an initiator to the SAN;
receiving, at the switch, a request to join a target to the SAN;
building, at the switch, a name server table comprising;
an initiator list including the initiator; and
a target list including the target;
sending, from the switch and based on a command requesting the initiator list, a response including the initiator list;
receiving, at the switch, an add zone command from a target joined to the SAN;
in response to receiving the add zone command from the target, creating, at the switch, a Virtual Local Area Network (VLAN) between the initiator and an Internet Small Computer Systems Interface (iSCSI) port of the target joined to the SAN;
assigning, at the switch, an access control list (ACL) to the VLAN;
creating, at the switch, an iSCSI peer zone to control access to the target;
permitting, by the switch and based on the iSCSI peer zone, the initiator to access the iSCSI port of the target; and
denying, by the switch and based on the iSCSI peer zone, a second initiator from accessing the iSCSI port of the target.
3 Assignments
0 Petitions
Accused Products
Abstract
Example implementations relate to hard zoning capabilities for devices using Internet small computer system interface (iSCSI) protocol. For example, a method includes creating a virtual local area network (VLAN) at an Ethernet switch between an initiator and target adapter. The method includes assigning an access control list (ACL) to the VLAN. The method includes segregating a device of a plurality of devices connected to the SAN into a zone group. The method also includes controlling access of a zone group based on the ACL and frame filtering.
26 Citations
5 Claims
-
1. A method for controlling access to a Storage Area Network (SAN), comprising:
-
receiving, at a switch, a request to join an initiator to the SAN; receiving, at the switch, a request to join a target to the SAN; building, at the switch, a name server table comprising; an initiator list including the initiator; and a target list including the target; sending, from the switch and based on a command requesting the initiator list, a response including the initiator list; receiving, at the switch, an add zone command from a target joined to the SAN; in response to receiving the add zone command from the target, creating, at the switch, a Virtual Local Area Network (VLAN) between the initiator and an Internet Small Computer Systems Interface (iSCSI) port of the target joined to the SAN; assigning, at the switch, an access control list (ACL) to the VLAN; creating, at the switch, an iSCSI peer zone to control access to the target; permitting, by the switch and based on the iSCSI peer zone, the initiator to access the iSCSI port of the target; and denying, by the switch and based on the iSCSI peer zone, a second initiator from accessing the iSCSI port of the target. - View Dependent Claims (2, 3, 4, 5)
-
Specification