Security for logical unit in storage system

US 20050010735A1
Filed: 08/02/2004
Published: 01/13/2005
Est. Priority Date: 07/13/2001
Status: Active Grant

First Claim

Patent Images

1. A storage system adapted to be coupled to a plurality of host computers, said storage system comprising:

a plurality of disk drives storing data from said host computers, said disk drives are divided into a plurality of regions each to be identified with a region number; and

a controller controlling read/write data from/to said disk drives in response to accesses from said host computers, wherein said controller includes an access management map which includes an identification of a host group having some of said host computers selected from said host computers by an user, a plurality of identifications said host computers and a plurality of renumbered identifications of a plurality of logical units, said renumbered identifications of said logical units being formed by renumbering said region numbers, and wherein said controller controls accesses from said host computers to said logical units in accordance with said access management map.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Tables (FIGS. 11 and 12) for stipulating information (WWN: WorldWide Name) for primarily identifying computers, information (GID: Group ID) for identifying a group of the computers and a logical unit number (LUN) permitting access from the host computer inside storage subsystem, in accordance with arbitrary operation method by a user, and for giving them to host computer. The invention uses management table inside the storage subsystem and gives logical unit inside storage subsystem to host computer group arbitrarily grouped by a user in accordance with the desired form of operation of the user, can decide access approval/rejection to the logical unit inside the storage subsystem in the group unit and at the same time, can provide the security function capable of setting interface of connection in the group unit under single port of storage subsystem without changing existing processing, limitation and other functions of computer.

92 Citations

View as Search Results

13 Claims

1. A storage system adapted to be coupled to a plurality of host computers, said storage system comprising:
- a plurality of disk drives storing data from said host computers, said disk drives are divided into a plurality of regions each to be identified with a region number; and
  
  a controller controlling read/write data from/to said disk drives in response to accesses from said host computers, wherein said controller includes an access management map which includes an identification of a host group having some of said host computers selected from said host computers by an user, a plurality of identifications said host computers and a plurality of renumbered identifications of a plurality of logical units, said renumbered identifications of said logical units being formed by renumbering said region numbers, and wherein said controller controls accesses from said host computers to said logical units in accordance with said access management map.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The storage system according to claim 1, wherein each of said identifications of host computers is a World Wide Name (WWN).
  - 3. The storage system according to claim 1, wherein each of said identifications of said logical units allocated to said host computers begins with 0.
  - 4. The storage system according to claim 1, wherein each of said identification of said logical units allocated to said host computers begins with 0 and increments by 1.
  - 5. The storage system according to claim 1, wherein said controller maps different logical unit numbers to a same identification of each of said logical units for different host computers.
  - 6. The storage system according to claim 1, wherein the same identification of each of said logical units is allocated to different host computers.
  - 7. The storage system according to claim 1, wherein when a first identification of a logical unit accessible from a first host computer is the same as a second identification of a logical unit accessible from a second host computer, a region number corresponding to the first identification is different from a region number corresponding to the second identification.
  - 8. The storage system according to claim 1, wherein when a first host computer and a second host computer commonly use the same logical unit, an identification of a logical unit corresponding to the same logical unit as recognized by said first host computer is different from an identification of a logical unit corresponding to the same logical unit as recognized by said second host computer.
  - 9. The storage system according to claim 1, wherein after accessing a logical unit from a host computer, conversion from said logical unit to a logical unit corresponding to said logical unit is conducted by said controller without intervention by said host computer.
  - 10. The storage system according to claim 1, wherein there are a plurality of identifications of logical units with the same identification 0 under one physical port of said storage system.
  - 11. A storage system according to claim 2, wherein said controller includes a WWN to S_ID conversion table, and wherein said S_ID is a source identification of a host computer.
  - 12. The storage system according to claim 1, wherein said storage system has interface information corresponding to said host group.
  - 13. The storage system according to claim 12, wherein said interface information is the reception to Input/Output, the depth of a reception, or the response content of Inquiry.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Katsuhiro Uchiumi, Koichi Hori, Ryuske Ito, Yoshinori Igarashi, Yoshinori Okami
Original Assignee
Katsuhiro Uchiumi, Koichi Hori, Ryuske Ito, Yoshinori Igarashi, Yoshinori Okami
Inventors
Okami, Yoshinori, Hori, Koichi, Igarashi, Yoshinori, Uchiumi, Katsuhiro, Ito, Ryuske

Granted Patent

US 7,082,503 B2
Time in Patent Office

Days
Field of Search
US Class Current

711/163
CPC Class Codes

G06F 3/0622   in relation to access

G06F 3/0637   Permissions

G06F 3/067   Distributed or networked st...

H04L 63/10   for controlling access to d...

H04L 63/20   for managing network securi...

H04L 67/1097   for distributed storage of ...

Security for logical unit in storage system

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

92 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Security for logical unit in storage system

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

92 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links