Security method and system for storage subsystem
First Claim
1. A storage system adapted to be coupled to a plurality of host computers, said storage system comprising:
- a plurality of disk drives storing data from said host computers, said disk drives forming a plurality of logical units, said logical units each having a logical unit number; and
a controller having an access management map, wherein said access management map includes an identifier of a host group having some of said host computers and said logical units, one or more of said logical unit numbers being mapped to said identifier of said host group, said access management map being used to control access from said host group to said logical units.
1 Assignment
0 Petitions
Accused Products
Abstract
According to the present invention, techniques for performing security functions in computer storage subsystems in order to prevent illegal access by the host computers according to logical unit (LU) identity are provided. In representative embodiments management tables can be used to disclose the Logical Unit in the storage subsystem to the host computers in accordance with the users operational needs. In a specific embodiment, accessibility to a storage subsystem resource can be decided when an Inquiry Command is received, providing systems and apparatus wherein there is no further need to repeatedly determine accessibility for subsequent accesses to the Logical Unit. Many such embodiments can maintain relatively high performance, while providing robust security for each LU.
87 Citations
9 Claims
-
1. A storage system adapted to be coupled to a plurality of host computers, said storage system comprising:
-
a plurality of disk drives storing data from said host computers, said disk drives forming a plurality of logical units, said logical units each having a logical unit number; and
a controller having an access management map, wherein said access management map includes an identifier of a host group having some of said host computers and said logical units, one or more of said logical unit numbers being mapped to said identifier of said host group, said access management map being used to control access from said host group to said logical units. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
Specification