Fine granularity access control for a storage area network

US 20060235985A1
Filed: 04/13/2005
Published: 10/19/2006
Est. Priority Date: 04/13/2005
Status: Active Grant

First Claim

Patent Images

1. A method of managing configuration access by a user to resources of a storage network, the method comprising:

receiving discovery results identifying the resources of the of the storage network;

defining one or more administration domains, each administration domain specifying a proper subset of the resources identified in the discovery results, wherein the proper subset of resources includes at least one sub-fabric resource;

associating the user with one or more of the administration domains;

allowing the user to configure a selected resource, if the selected resource is specified in an administration domain associated with the user; and

preventing the user from configuring the selected resource, if the resource is not specified in an administration domain associated with the user.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A SAN management software program controls access to resources in the SAN by associating individual users with one or more administration domains. A user that is associated with an administration domain that includes a port of a SAN switch can configure or otherwise access the port but is restricted from accessing ports outside of that administration domain. Likewise, access to other sub-fabric resources can be restricted and allowed to individual users and users in specific roles or groups. In this manner, the SAN administrative user has very specific control over which users can access which SAN resources and what level of access these users are granted.

Citations

18 Claims

1. A method of managing configuration access by a user to resources of a storage network, the method comprising:
- receiving discovery results identifying the resources of the of the storage network;
  
  defining one or more administration domains, each administration domain specifying a proper subset of the resources identified in the discovery results, wherein the proper subset of resources includes at least one sub-fabric resource;
  
  associating the user with one or more of the administration domains;
  
  allowing the user to configure a selected resource, if the selected resource is specified in an administration domain associated with the user; and
  
  preventing the user from configuring the selected resource, if the resource is not specified in an administration domain associated with the user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 further comprising:
    - discovering the resources of the storage network to generate the discovery results.
  - 3. The method of claim 1 wherein the sub-fabric resource is an individually identified switch in the storage network.
  - 4. The method of claim 1 wherein the sub-fabric resource is an individually identified port of a switch in the storage network.
  - 5. The method of claim 1 wherein the sub-fabric resource is an individually identified logical unit number of a storage device in the storage network.
  - 6. The method of claim 1 wherein the operation of associating the user with one or more of the administration domains comprises:
    - associating the user with a user profile; and
      
      referencing one or more of the administration domains using the user profile.
  - 7. The method of claim 1 wherein the operation of associating the user with one or more of the administration domains comprises:
    - associating the user with a role, wherein multiple users may be grouped within the role; and
      
      associating the role with an administration domain.
  - 8. The method of claim 1 wherein the operation of associating the user with one or more of the administration domains comprises:
    - associating the user with a user profile;
      
      generating a set of resources included in the one or more administration domains; and
      
      referencing the set of resources using the user profile.
  - 9. The method of claim 1 wherein the operation of allowing the user to configure a selected resource comprises:
    - executing a configuration command initiated by the user and targeting the resource.

10. A computer program product encoding a computer program for a computer process that executes on a computer system that manages configuration access by a user to resources of a storage network, the computer process comprising:
- receiving discovery results identifying the resources of the of the storage network;
  
  defining one or more administration domains, each administration domain specifying a proper subset of the resources identified in the discovery results, wherein the proper subset of resources includes at least one of sub-fabric resource;
  
  associating the user with one or more of the administration domains;
  
  allowing the user to configure a selected resource, if the selected resource is specified in an administration domain associated with the user; and
  
  preventing the user from configuring the selected resource, if the resource is not specified in an administration domain associated with the user.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The computer program product of claim 10 wherein the computer process further comprises:
    - discovering the resources of the storage network to generate the discovery results.
  - 12. The computer program product of claim 10 wherein the sub-fabric resource is an individually identified switch in the storage network.
  - 13. The computer program product of claim 10 wherein the sub-fabric resource is an individually identified port of a switch in the storage network.
  - 14. The computer program product of claim 10 wherein the sub-fabric resource is an individually identified logical unit number of a storage device in the storage network.
  - 15. The computer program product of claim 10 wherein the operation of associating the user with one or more of the administration domains comprises:
    - associating the user with a user profile; and
      
      referencing one or more of the administration domains using the user profile.
  - 16. The computer program product of claim 10 wherein the operation of associating the user with one or more of the administration domains comprises:
    - associating the user with a role, wherein multiple users may be grouped within the role; and
      
      associating the role with an administration domain.
  - 17. The computer program product of claim 10 wherein the operation of associating the user with one or more of the administration domains comprises:
    - associating the user with a user profile generating a set of resources included in the one or more administration domains; and
      
      referencing the set of resources using the user profile.
  - 18. The computer program product of claim 10 wherein the operation of allowing the user to configure a selected resource comprises:
    - executing a configuration command initiated by the user and targeting the resource.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Avago Technologies International Sales Pte Limited (Broadcom, Inc.)
Original Assignee
Mcdata Corporation (Broadcom, Inc.)
Inventors
Zhang, Xinyu, Ramkumar, Gurumurthy D., Kejriwal, Parry, Henriquez, Hans Logan, Hamilton, David Brooks

Granted Patent

US 8,762,552 B2
Time in Patent Office

Days
Field of Search
US Class Current

709/229
CPC Class Codes

G06F 16/437   Administration of user prof...

G06F 21/45   Structures or tools for the...

G06F 3/067   Distributed or networked st...

H04L 63/102   Entity profiles

H04L 63/105   Multiple levels of security

H04L 67/1097   for distributed storage of ...

H04L 67/12   specially adapted for propr...

Fine granularity access control for a storage area network

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Fine granularity access control for a storage area network

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links