System and method for out of user space I/O with server authentication

US 20070050591A1
Filed: 08/31/2005
Published: 03/01/2007
Est. Priority Date: 08/31/2005
Status: Active Grant

First Claim

Patent Images

1. A computer program product comprising a computer usable medium having a computer readable program, wherein the computer readable program, when executed on computing device, causes the computing device to:

receive an input/output (I/O) request from an application instance, wherein the I/O request includes a key value for identifying an entry in a translation protection table data structure, and wherein the I/O request targets a portion of a storage device in a remotely located storage system upon which an I/O operation is to be performed;

retrieve an entry from a translation protection table based on the key value, wherein the entry includes an identifier of the storage device and a logical unit number corresponding to the portion of the storage device targeted by the I/O request;

generate a storage command based on the identifier of the storage device and the logical unit number retrieved with the entry from the translation protection table; and

place the storage command in a storage command queue for transmission to the remotely located storage system.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method, and computer program product that enables user space middleware or applications to pass I/O storage requests directly to a network attached storage device via a storage server that performs authentication are provided. A mechanism is provided for using a translation protection table (TPT) data structure, which may include a file name protection table (FNPT) and file extension protection table (FEPT), or logical volume protection table (LVPT), to control user space and out of user space Input/Output (I/O) operations. The storage server performs authentication of an application instance'"'"'s request to open an operating system logical volume and, upon being authenticated, permits the application instance to submit I/O storage requests via the TPT to the opened OS logical volume. I/O storage requests are translated into storage commands using the TPT and the storage commands are encapsulated for transmission via one or more networks to the storage server.

155 Citations

View as Search Results

35 Claims

1. A computer program product comprising a computer usable medium having a computer readable program, wherein the computer readable program, when executed on computing device, causes the computing device to:
- receive an input/output (I/O) request from an application instance, wherein the I/O request includes a key value for identifying an entry in a translation protection table data structure, and wherein the I/O request targets a portion of a storage device in a remotely located storage system upon which an I/O operation is to be performed;
  
  retrieve an entry from a translation protection table based on the key value, wherein the entry includes an identifier of the storage device and a logical unit number corresponding to the portion of the storage device targeted by the I/O request;
  
  generate a storage command based on the identifier of the storage device and the logical unit number retrieved with the entry from the translation protection table; and
  
  place the storage command in a storage command queue for transmission to the remotely located storage system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The computer program product of claim 1, wherein the portion of the storage device is a logical volume comprising one or more logical unit numbers (LUNs) of the storage device.
  - 3. The computer program product of claim 1, wherein the portion of the storage device is a file comprising one or more logical unit numbers (LUNs) of the storage device.
  - 4. The computer program product of claim 1, wherein the computer readable program further causes the computing device to:
    - receive, from the application instance, a request to open the portion of the storage device wherein the request includes an authentication key;
      
      send a command, having the authentication key, to the remotely located storage system to open the portion of the storage device; and
      
      return results of the command to open the portion of the storage device to the application instance, wherein the remotely located storage system performs authentication on the command to open the portion of the storage device based on the authentication key.
  - 5. The computer program product of claim 1, wherein the computer readable program further causes the computing device to:
    - receive, from the application instance, a request to allocate a logical unit of the storage device to the portion of the storage device for input/output operations of the application instance;
      
      send an allocate command, generated based on the received request to allocate the logical unit, to the remotely located storage system; and
      
      receive a response from the remotely located storage system identifying an authentication key for use in opening the logical unit of the portion of the storage device for I/O operations.
  - 6. The computer program product of claim 5, wherein the computer readable program further causes the computing device to:
    - store, in the translation protection table data structure, an identifier of the authentication key in association with an identifier of the portion of the storage device.
  - 7. The computer program product of claim 6, wherein the computer readable program further causes the computing device to:
    - retrieve, from the entry retrieved from the translation protection table, the authentication key;
      
      generate an open command to open the portion of the storage device, wherein the open command includes the authentication key; and
      
      transmit the open command to the remotely located storage system to thereby open the logical unit of the portion of the storage device for I/O operations during a current session between the application instance and the remotely located storage system, wherein the remotely located storage system opens the logical unit of the portion of the storage device for I/O operations only when the remotely located storage system verifies that the application instance is permitted to access the logical unit of the portion of the storage device based on the authentication key in the open command.
  - 8. The computer program product of claim 1, wherein the computer readable program further causes the computing device to:
    - receive a request to create an entry in the translation protection table data structure for the portion of the storage device;
      
      create an entry in the translation protection table data structure for the portion of the storage device; and
      
      return a translation protection table key that corresponds to the created entry.
  - 9. The computer program product of claim 8, wherein the entry includes a storage device identifier number, a logical unit number, an offset, and a length.
  - 10. The computer program product of claim 9, wherein the entry further includes at least one of a protection domain, access control information, or an authentication key.
  - 11. The computer program product of claim 1, wherein the computer readable program further causes the computing device to:
    - receive a request to query an entry in the translation protection table data structure for the portion of the storage device;
      
      identify the entry in the translation protection table data structure for the portion of the storage device; and
      
      return attributes of the entry in the translation protection table data structure.
  - 12. The computer program product of claim 1, wherein the computer readable program further causes the computing device to:
    - receive a request to modify an entry in the translation protection table data structure for the portion of the storage device;
      
      modify the entry in the translation protection table data structure; and
      
      return attributes of the modified entry in the translation protection table.
  - 13. The computer program product of claim 12, wherein the computer readable program further causes the computing device to:
    - determine if there are any active transactions on the entry in the translation protection table data structure, wherein the computing device modifies the entry in the translation protection table data structure only if there are no active transactions on the entry.
  - 14. The computer program product of claim 13, wherein the computer readable program further causes the computing device to:
    - initiate a timer if there is an active transaction on the entry in the translation protection table data structure;
      
      determine if the timer times out prior to a quiescent point being reached; and
      
      generate an error if the timer times out prior to the quiescent point being reached.
  - 15. The computer program product of claim 1, wherein the computer readable program further causes the computing device to:
    - receive a request to delete an entry in the translation protection table data structure for the portion of the storage device; and
      
      mark the entry in the translation protection table data structure as being invalid.
  - 16. The computer program product of claim 15, wherein the computer readable program further causes the computing device to:
    - determine if there are any active transactions on the entry in the translation protection table data structure, wherein the computing device marks the entry in the translation protection table data structure as being invalid only if there are no active transactions on the entry.
  - 17. The computer program product of claim 16, wherein the computer readable program further causes the computing device to:
    - initiate a timer if there is an active transaction on the entry in the translation protection table data structure;
      
      determine if the timer times out prior to a quiescent point being reached; and
      
      generate an error if the timer times out prior to the quiescent point being reached.

18. An apparatus, comprising:
- a processor; and
  
  a memory coupled to the processor, wherein the memory stores instructions which, when executed by the processor, causes the processor to;
  
  receive an input/output (I/O) request from an application instance, wherein the I/O request includes a key value for identifying an entry in a translation protection table data structure, and wherein the I/O request targets a portion of a storage device in a remotely located storage system upon which an I/O operation is to be performed;
  
  retrieve an entry from a translation protection table based on the key value, wherein the entry includes an identifier of the storage device and a logical unit number corresponding to the portion of the storage device targeted by the I/O request;
  
  generate a storage command based on the identifier of the storage device and the logical unit number retrieved with the entry from the translation protection table; and
  
  place the storage command in a storage command queue for transmission to the remotely located storage system.
- View Dependent Claims (19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
- - 19. The apparatus of claim 18, wherein the portion of the storage device is a logical volume comprising one or more logical unit numbers (LUNs) of the storage device.
  - 20. The apparatus of claim 18, wherein the portion of the storage device is a file comprising one or more logical unit numbers (LUNs) of the storage device.
  - 21. The apparatus of claim 18, wherein the instructions further cause the processor to:
    - receive, from the application instance, a request to open the portion of the storage device wherein the request includes an authentication key;
      
      send a command, having the authentication key, to the remotely located storage system to open the portion of the storage device; and
      
      return results of the command to open the portion of the storage device to the application instance, wherein the remotely located storage system performs authentication on the command to open the portion of the storage device based on the authentication key.
  - 22. The apparatus of claim 18, wherein the instructions further cause the processor to:
    - receive, from the application instance, a request to allocate a logical unit of the storage device to the portion of the storage device for input/output operations of the application instance;
      
      send an allocate command, generated based on the received request to allocate the logical unit, to the remotely located storage system; and
      
      receive a response from the remotely located storage system identifying an authentication key for use in opening the logical unit of the portion of the storage device for I/O operations.
  - 23. The apparatus of claim 22, wherein the instructions further cause the processor to:
    - store, in the translation protection table data structure, an identifier of the authentication key in association with an identifier of the portion of the storage device.
  - 24. The apparatus of claim 23, wherein the instructions further cause the processor to:
    - retrieve, from the entry retrieved from the translation protection table, the authentication key;
      
      generate an open command to open the portion of the storage device, wherein the open command includes the authentication key; and
      
      transmit the open command to the remotely located storage system to thereby open the logical unit of the portion of the storage device for I/O operations during a current session between the application instance and the remotely located storage system, wherein the remotely located storage system opens the logical unit of the portion of the storage device for I/O operations only when the remotely located storage system verifies that the application instance is permitted to access the logical unit of the portion of the storage device based on the authentication key in the open command.
  - 25. The apparatus of claim 18, wherein the instructions further cause the processor to:
    - receive a request to create an entry in the translation protection table data structure for the portion of the storage device;
      
      create an entry in the translation protection table data structure for the portion of the storage device; and
      
      return a translation protection table key that corresponds to the created entry.
  - 26. The apparatus of claim 25, wherein the entry includes a storage device identifier number, a logical unit number, an offset, and a length.
  - 27. The apparatus of claim 26, wherein the entry further includes at least one of a protection domain, access control information, or an authentication key.
  - 28. The apparatus of claim 18, wherein the instructions further cause the processor to:
    - receive a request to query an entry in the translation protection table data structure for the portion of the storage device;
      
      identify the entry in the translation protection table data structure for the portion of the storage device; and
      
      return attributes of the entry in the translation protection table data structure.
  - 29. The apparatus of claim 18, wherein the instructions further cause the processor to:
    - receive a request to modify an entry in the translation protection table data structure for the portion of the storage device;
      
      modify the entry in the translation protection table data structure; and
      
      return attributes of the modified entry in the translation protection table.
  - 30. The apparatus of claim 29, wherein the instructions further cause the processor to:
    - determine if there are any active transactions on the entry in the translation protection table data structure, wherein the computing device modifies the entry in the translation protection table data structure only if there are no active transactions on the entry.
  - 31. The apparatus of claim 30, wherein the instructions further cause the processor to:
    - initiate a timer if there is an active transaction on the entry in the translation protection table data structure;
      
      determine if the timer times out prior to a quiescent point being reached; and
      
      generate an error if the timer times out prior to the quiescent point being reached.
  - 32. The apparatus of claim 18, wherein the instructions further cause the processor to:
    - receive a request to delete an entry in the translation protection table data structure for the portion of the storage device; and
      
      mark the entry in the translation protection table data structure as being invalid.
  - 33. The apparatus of claim 32, wherein the instructions further cause the processor to:
    - determine if there are any active transactions on the entry in the translation protection table data structure, wherein the computing device marks the entry in the translation protection table data structure as being invalid only if there are no active transactions on the entry.
  - 34. The apparatus of claim 33, wherein the instructions further cause the processor to:
    - initiate a timer if there is an active transaction on the entry in the translation protection table data structure;
      
      determine if the timer times out prior to a quiescent point being reached; and
      
      generate an error if the timer times out prior to the quiescent point being reached.

35. A method, in a data processing system, for performing input/output (I/O) operations with a remotely located storage system, comprising:
- receive an I/O request from an application instance, wherein the I/O request includes a key value for identifying an entry in a translation protection table data structure, and wherein the I/O request targets a portion of a storage device in the remotely located storage system upon which an I/O operation is to be performed;
  
  retrieve an entry from a translation protection table based on the key value, wherein the entry includes an identifier of the storage device and a logical unit number corresponding to the portion of the storage device targeted by the I/O request;
  
  generate a storage command based on the identifier of the storage device and the logical unit number retrieved with the entry from the translation protection table; and
  
  place the storage command in a storage command queue for transmission to the remotely located storage system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lenovo International Limited (Lenovo Group Ltd.)
Original Assignee
International Business Machines Corporation
Inventors
Vega, Madeline, Boyd, William, Mena, Agustin, Recio, Renato, Hufferd, John

Granted Patent

US 7,500,071 B2
Time in Patent Office

Days
Field of Search
US Class Current

711/171
CPC Class Codes

G06F 21/78   to assure secure storage of...

G06F 3/0622   in relation to access

G06F 3/0637   Permissions

G06F 3/0659   Command handling arrangemen...

G06F 3/067   Distributed or networked st...

G06F 9/461   Saving or restoring of prog...

G06F 9/468   Specific access rights for ...

G06F 9/485   Task life-cycle, e.g. stopp...

System and method for out of user space I/O with server authentication

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

155 Citations

35 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for out of user space I/O with server authentication

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

155 Citations

35 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links