Security method and system for storage subsystem
First Claim
1. A storage system adapted to be coupled to a plurality of host computers, said storage system comprising:
- a plurality of disk drives storing data from said host computers, said disk drives forming a plurality of logical units, said logical units each having a logical unit number; and
a controller having an access management map, wherein said access management map includes an identifier of a host group having some of said host computers and said logical units, one or more of said logical unit numbers being mapped to said identifier of said host group, said access management map being used to control access from said host group to said logical units.
1 Assignment
0 Petitions
Accused Products
Abstract
According to the present invention, techniques for performing security functions in computer storage subsystems in order to prevent illegal access by the host computers according to logical unit (LU) identity are provided. In representative embodiments management tables can be used to disclose the Logical Unit in the storage subsystem to the host computers in accordance with the users operational needs. In a specific embodiment, accessibility to a storage subsystem resource can be decided when an Inquiry Command is received, providing systems and apparatus wherein there is no further need to repeatedly determine accessibility for subsequent accesses to the Logical Unit. Many such embodiments can maintain relatively high performance, while providing robust security for each LU.
87 Citations
9 Claims
-
1. A storage system adapted to be coupled to a plurality of host computers, said storage system comprising:
-
a plurality of disk drives storing data from said host computers, said disk drives forming a plurality of logical units, said logical units each having a logical unit number; and
a controller having an access management map, wherein said access management map includes an identifier of a host group having some of said host computers and said logical units, one or more of said logical unit numbers being mapped to said identifier of said host group, said access management map being used to control access from said host group to said logical units. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
Specification
-
- Resources
-
Current AssigneeHitachi, Ltd.
-
Original AssigneeHitachi, Ltd.
-
InventorsOkami, Yoshinori, Ito, Ryusuke
-
Granted Patent
-
Time in Patent OfficeDays
-
Field of Search
-
US Class Current1/1
-
CPC Class CodesG06F 2003/0697 device management, e.g. han...G06F 21/62 Protecting access to data v...G06F 2221/2141 Access rights, e.g. capabil...G06F 3/0601 Interfaces specially adapte...G06F 3/0622 in relation to accessG06F 3/0635 by changing the path, e.g. ...G06F 3/0637 PermissionsG06F 3/0659 Command handling arrangemen...G06F 3/067 Distributed or networked st...H04L 61/103 across network layers, e.g....H04L 67/1097 for distributed storage of ...Y10S 707/954 RelationalY10S 707/99933 Query processing, i.e. sear...Y10S 707/99939 Privileged access
