Method and apparatus for managing access to storage devices in a storage system with access control
First Claim
1. A method for managing access to a shared resource by a plurality of devices that are coupled to the shared resource via a network, the method including acts of:
- (a) in response to a non-media access request by a first of the plurality of devices to a logical device at the shared resource for which the first device has no data access privileges, determining whether the first device is authorized to have non-media access to the logical device; and
(b) authorizing the non-media access request when it is determined in the act (a) that the first device is authorized to have non-media access to the logical device.
8 Assignments
0 Petitions
Accused Products
Abstract
A storage system is provided that includes a plurality of storage devices and a data structure, accessible to the storage system, that includes a plurality of records corresponding to a plurality of network devices that are coupled to the storage system. Each record includes configuration data that identifies each of the plurality of storage devices to which data access by a respective one of the plurality of network devices is authorized. Each record may further include visibility data that identifies whether certain types of non-data access, such as requests for general information relating to a respective storage device, by a respective one of the plurality of network devices is permitted, even though data access to the respective storage device by the respective one of the plurality of network devices is not authorized.
263 Citations
66 Claims
-
1. A method for managing access to a shared resource by a plurality of devices that are coupled to the shared resource via a network, the method including acts of:
-
(a) in response to a non-media access request by a first of the plurality of devices to a logical device at the shared resource for which the first device has no data access privileges, determining whether the first device is authorized to have non-media access to the logical device; and
(b) authorizing the non-media access request when it is determined in the act (a) that the first device is authorized to have non-media access to the logical device. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A method for managing access to a storage system by a plurality of devices that are coupled to the storage system via a network, the storage system including a plurality of logical volumes of data, the method including acts of:
-
(a) maintaining, in a data structure that is accessible to a filter that controls access to each of the plurality of logical volumes, configuration information identifying each logical volume of the plurality of logical volumes to which data access by a first device of the plurality of devices is authorized;
(b) in response to a non-media access request by the first device to a first logical volume for which the first device has no data access privileges, determining whether the first device is authorized to have non-media access to the first logical volume; and
(c) authorizing the non-media access request when it is determined in the act (b) that the first device is authorized to have non-media access to the first logical volume. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
-
-
28. An apparatus for use in a computer system including a plurality of devices, a shared resource, and a network that couples the plurality of devices to the shared resource, the apparatus comprising:
-
an input to be coupled to the network; and
at least one filter, coupled to the input, that is responsive to a non-media access request by a first of the plurality of devices to a logical device at the shared resource for which the first device has no data access privileges, to determine whether the first device is authorized to have non-media access to the logical device, and to authorize the non-media access request when it is determined that the first device is authorized to have non-media access to the logical device. - View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 58)
-
-
43. A computer readable medium, comprising:
-
a data structure relating to access management by a plurality of network devices to data stored on a plurality of logical devices of a shared resource, the data structure including a plurality of records each corresponding to one of the plurality of network devices, a first record of the plurality of records corresponding to a first of the plurality of network devices and including configuration information identifying each logical device of the plurality of logical devices to which data access by the first network device is authorized, the first record further including visibility information identifying whether the first network device is authorized to have non-media access to a first logical device of the plurality of logical devices when the configuration information corresponding to the first network device identifies that no data access to the first logical device from the first network device is authorized. - View Dependent Claims (44, 45, 46, 47)
-
-
48. An apparatus for use in a computer system including a plurality of devices, a storage system, and a network that couples the plurality of devices to the storage system, the apparatus comprising:
-
an input to be coupled to the network;
a data structure that stores configuration information identifying each logical volume of data of a plurality of logical volumes of data stored on the storage system to which data access by a first device of the plurality of devices is authorized; and
at least one filter, coupled to the input, that is responsive to a non-media access request by a first of the plurality of devices to a first logical volume of data of the plurality of logical volumes of data for which the first device has no data access privileges, to determine whether the first device is authorized to have non-media access to the first logical volume of data, and to authorize the non-media access request when it is determined that the first device is authorized to have non-media access to the first logical volume of data. - View Dependent Claims (49, 50, 51, 52, 53, 54, 55, 56, 57, 59)
-
-
60. A storage system, comprising:
-
a plurality of storage devices that store a plurality of logical volumes of data;
a data structure to store configuration information identifying whether a first network device of a plurality of network devices that are coupled to the storage system is authorized to access data on a first logical volume of the plurality of logical volumes; and
a filter, responsive to the configuration information stored in the data structure, to selectively forward non-media access requests from the first network device to the first logical volume when the configuration information identifies that no data access to the first logical volume from the first network device is authorized. - View Dependent Claims (61, 62, 63, 64, 65, 66)
-
Specification