System for controlling access to resources in a storage area network
First Claim
1. A method for implementing security management in a storage area network including at least one storage resource user, a resource provider, and resources controlled by the resource provider, the method comprising the steps of:
- providing notification to the storage resource user that a resource provider is available on the storage area network;
requesting access to the resources by sending identifying indicia from the storage resource user to the resource provider, in response to receiving the notification; and
examining a table of approved entities for the identifying indicia to determine whether any resources are available to the requesting storage resource user;
wherein, if the resources are determined to be available to the storage resource user requesting access to the resources, then allowing the storage resource user to access the resources.
3 Assignments
0 Petitions
Accused Products
Abstract
A method for implementing security management in a storage area network by controlling access to network resources. Initially, a resource provider communicates with potential resource users, such as host computers, servers, and workstations, to allow the users to discover the resources available on the storage area network. Resource users that have not previously logged in to a particular resource supply identification information to the resource provider, which places the information in a ‘not yet approved entity’ table. The ‘not yet approved entity’ table is made available to a management station. An administrator, using the management station, then determines whether to authorize use of resources. If access to the requested resource is allowed, the resource user identification information is stored in an ‘approved entity’ table. A login is then allowed by the resource user to the selected resource. Once a resource user has initially logged in, connection information is maintained in the ‘approved entity’ table facilitating subsequent log-in attempts by the resource user.
118 Citations
20 Claims
-
1. A method for implementing security management in a storage area network including at least one storage resource user, a resource provider, and resources controlled by the resource provider, the method comprising the steps of:
-
providing notification to the storage resource user that a resource provider is available on the storage area network;
requesting access to the resources by sending identifying indicia from the storage resource user to the resource provider, in response to receiving the notification; and
examining a table of approved entities for the identifying indicia to determine whether any resources are available to the requesting storage resource user;
wherein, if the resources are determined to be available to the storage resource user requesting access to the resources, then allowing the storage resource user to access the resources. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 14, 15, 16, 17, 18, 20)
-
-
12. A method for implementing security management in a storage area network including at least one storage resource user, an data storage RAID controller, and a data storage array coupled to the controller, the method comprising the steps of:
-
granting access to data storage areas on disks in the storage array to specific storage resource users of the at least one storage resource user;
storing, in a table of approved entities in non-volatile memory in the controller, indicia of data storage areas on disks in the storage array accessible to any storage resource user that has been granted access to data storage areas on disks in the storage array;
storing, in a table of not-yet-approved entities in volatile memory in the controller, indicia of any of the at least one storage resource user that have not been granted access to data storage areas on disks in the storage array;
requesting access to the areas by sending at least the identifying indicia from the storage resource user to the resource provider; and
examining the table of approved entities for the identifying indicia to determine whether any of the data storage areas are available to the requesting storage resource user;
wherein, if the data storage areas are determined to be available to the storage resource user requesting access to the data storage areas, then allowing the storage resource user to access the data storage areas;
otherwise, if no the data storage areas are determined to be available to the requesting storage resource user, then storing the identifying indicia in the table of not-yet-approved entities.
-
-
19. A system for implementing security management in a storage area network including at least one storage resource user, a resource provider, and resources controlled by the resource provider, the system comprising:
-
a first table of approved entities for storing, in memory in the controller, indicia of data storage areas on disks in the storage array and the storage resource user to which the areas are accessible; and
a second table of not-yet-approved entities for storing, in memory in the controller, indicia identifying indicia for storage resource user entities that are presently not allowed access to any resources on the storage area network;
wherein the storage resource user is allowed to access the specific logical units included in the indicia of data storage areas on disks in the storage array, if the indicia in the first table corresponds to identifying indicia provided by the storage resource user.
-
Specification