Storage device with VLAN support

US 20030101239A1
Filed: 11/27/2001
Published: 05/29/2003
Est. Priority Date: 11/27/2001
Status: Active Grant

First Claim

Patent Images

1. A storage apparatus, comprising:

a processor;

a memory;

at least one of a plurality of storage devices;

a storage controller, coupled with the at least one of a plurality of storage devices;

a network interface connectable to a virtual local area network (VLAN) switch;

wherein the processor is at least intermittently coupled with the memory, the storage controller and the network interface;

wherein the memory comprises configuration information including a correspondence between at least one of a plurality of segments of a virtual local area network (VLAN) connectable by the network interface and at least one of a plurality of virtual volumes of the at least one of a plurality of storage devices; and

wherein the processor, the memory, the storage controller and the network interface are operable to control a virtual local area network (VLAN) switch to map the at least one of a plurality of segments of a virtual local area network (VLAN) connectable by the network interface to the at least one of a plurality of virtual volumes of the at least one of a plurality of storage devices based upon the configuration information.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention provides secure IP protocol capable storage devices using Virtual Local Area Network (VLAN) techniques. Specific embodiments of the present invention provide techniques for securing VLAN aware storage devices, and the like. In specific embodiments, techniques according to the present invention can provide Internet data centers that are responsible for keeping their customer'"'"'s computers and storages safe and secure with the capability to strictly separate LAN access for different customers using VLAN (virtual LAN) technology.

Citations

22 Claims

1. A storage apparatus, comprising:
- a processor;
  
  a memory;
  
  at least one of a plurality of storage devices;
  
  a storage controller, coupled with the at least one of a plurality of storage devices;
  
  a network interface connectable to a virtual local area network (VLAN) switch;
  
  wherein the processor is at least intermittently coupled with the memory, the storage controller and the network interface;
  
  wherein the memory comprises configuration information including a correspondence between at least one of a plurality of segments of a virtual local area network (VLAN) connectable by the network interface and at least one of a plurality of virtual volumes of the at least one of a plurality of storage devices; and
  
  wherein the processor, the memory, the storage controller and the network interface are operable to control a virtual local area network (VLAN) switch to map the at least one of a plurality of segments of a virtual local area network (VLAN) connectable by the network interface to the at least one of a plurality of virtual volumes of the at least one of a plurality of storage devices based upon the configuration information.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The apparatus of claim 1, further comprising an out of band management interface connectable to a second network.
  - 3. The apparatus of claim 1, wherein the network interface connectable to a virtual local area network (VLAN) switch comprises an interface to a VLAN trunk line.
  - 4. The apparatus of claim 3, wherein information carried by the VLAN trunk line is identified using an embedded tag.
  - 5. The apparatus of claim 1, wherein the network interface connectable to a virtual local area network (VLAN) switch comprises an interface to a VLAN switch, the VLAN switch connectible to at least one of a plurality of host computers via at least one of a plurality of VLAN access links.
  - 6. The apparatus of claim 5, wherein information carried by the at least one of a plurality of VLAN access links comprises untagged frames.
  - 7. The apparatus of claim 6, wherein information carried by the at least one of a plurality of VLAN access links is identified using a VLAN Identifier of a receiving port.
  - 8. The apparatus of claim 6, wherein information carried by the at least one of a plurality of VLAN access links is identified using a Media Access Control (MAC) address.
  - 9. The apparatus of claim 6, wherein an untagged frame comprises:
    - a preamble field;
      
      a source MAC field;
      
      a destination MAC field;
      
      a type field;
      
      a data field; and
      
      a CRC field.

10. A method, comprising:
- separating logically a local area network into a plurality of virtual local area networks, including a first virtual local area network and a second virtual local area network;
  
  separating logically a storage device into a plurality of virtual volumes, including a first virtual volume and a second virtual volume;
  
  mapping the first virtual local area network to the first virtual volume and the second virtual local area network to the second virtual volume to form a configuration; and
  
  routing information from the first virtual local area network to the first virtual volume and the second virtual local area network to the second virtual volume based upon the configuration.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The method of claim 10, further comprising at least one of:
    - configuring network parameters;
      
      configuring a new file system;
      
      configuring a designated file system; and
      
      deleting a designated file system.
  - 12. The method of claim 10, further comprising at least one of:
    - updating a management interface IP address;
      
      updating a physical network interface IP address;
      
      updating a VLAN interface IP address and a VLAN tag;
      
      deleting a designated VLAN interface; and
      
      adding a new VLAN interface.
  - 13. The method of claim 10, further comprising at least one of:
    - adding a VLAN to a file system;
      
      removing a VLAN from the file system;
      
      adding a volume to the file system; and
      
      removing a volume from the file system.
  - 14. The method of claim 10, further comprising:
    - authenticating user authority.

15. A computer program product, comprising:
- code for sending and receiving tagged frames to and from a network interface;
  
  code for managing a file system;
  
  code for managing a virtual volume within the file system;
  
  code for controlling data transfer between the network interface and a storage controller of the file system;
  
  code for routing information from a virtual local area network to a virtual volume in the file system based upon a configuration; and
  
  a computer readable storage medium for holding the codes.
- View Dependent Claims (16, 17)
- - 16. The computer program product of claim 15, further comprising at least one of:
    - code for receiving configuration information for the file system;
      
      code for receiving configuration information for the virtual volume; and
      
      code for receiving configuration information for the virtual local area network.
  - 17. The computer program product of claim 16, further comprising at least one of:
    - code for updating configuration information for the file system;
      
      code for updating configuration information for the virtual volume; and
      
      code for updating configuration information for the virtual local area network.

18. A computer apparatus, comprising:
- a means for processing information;
  
  a means for connecting to a virtual local area network (VLAN) switch;
  
  wherein the means for processing and the means for connecting to a virtual local area network (VLAN) switch are connectable to an external storage device having at least one of a plurality of volumes mapped to at least one of a plurality of segments of a virtual local area network (VLAN) based upon configuration information.

19. A storage apparatus, comprising:
- a means for processing information;
  
  a means for storing data;
  
  a means for controlling storing of data;
  
  a means for connecting to a virtual local area network (VLAN) switch;
  
  wherein the means for processing, the means for controlling storing of information and the means for connecting to a virtual local area network (VLAN) switch map at least one of a plurality of segments of a virtual local area network (VLAN) to at least one of a plurality of virtual volumes of the means for storage data based upon configuration information.

20. A system, comprising:
- a storage device;
  
  a virtual local area network (VLAN) switch, coupled to the storage device; and
  
  at least one of a plurality of devices coupled to the virtual local area network (VLAN) switch via at least one of a plurality of virtual local area networks;
  
  wherein the storage device is operable to control the virtual local area network (VLAN) switch to map at least one of a plurality of segments of at least one of a plurality of virtual local area networks to at least one of a plurality of virtual volumes of at least one of a plurality of storage devices based upon configuration information.

21. A method of controlling accesses from servers at a disk subsystem, wherein the disk subsystem is connected to a virtual local area network (VLAN) switch via a VLAN trunk and receives access requests from the servers via the VLAN switch and the VLAN trunk, the method comprising the steps of:
- allocating storage resource to each VLAN segment, receiving a Internet Protocol (IP) packet based access from a server, determining a VLAN segment that the server belongs to, based on a VLAN identification in the IP packet, and permitting the server to access the storage resource allocated to the VLAN segment that the server belongs to.

22. A method, comprising:
- separating a virtual lan into a plurality of segments;
  
  mapping each one of the plurality of segments to a storage device; and
  
  assigning at least one of a plurality of virtual volumes to each one of the plurality of segments.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hitachi, Ltd.
Original Assignee
Hitachi, Ltd.
Inventors
Ishizaki, Takeshi

Granted Patent

US 7,366,784 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/219
CPC Class Codes

H04L 12/4645   Details on frame tagging ro...

H04L 12/467   Arrangements for supporting...

H04L 12/4675   Dynamic sharing of VLAN inf...

H04L 12/4679   Arrangements for the regist...

Storage device with VLAN support

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Storage device with VLAN support

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links