Management of encrypted storage networks

US 20070074292A1
Filed: 09/28/2005
Published: 03/29/2007
Est. Priority Date: 09/28/2005
Status: Abandoned Application

First Claim

Patent Images

1. A storage system comprising:

at least one port in the storage system for being connected via a communications link to at least one port in an external device, the communications link being capable of transferring authenticated communications;

a storage controller coupled to receive data via the at least one port in the storage system;

a plurality of storage media coupled to the storage controller, the storage media being capable of storing encrypted data using an encryption technique;

a management program operating on a computer coupled to the storage controller and to the at least one port of the storage system, the management program operating to determine whether the communications link is authenticated and to determine whether an encryption technique was used in the storage media, and to maintain a record of such determinations; and

a display for displaying the record to a user of the storage system.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and technique for managing security in storage networks is provided. A management server searches the storage system and compiles information about security in the system, including authentication requirements for communications among ports and encryption states of various storage devices. The resulting information is enabled to be displayed to a system administrator enabling a better understanding of the system, and easier provisioning of added storage volumes in the system.

51 Citations

View as Search Results

14 Claims

1. A storage system comprising:
- at least one port in the storage system for being connected via a communications link to at least one port in an external device, the communications link being capable of transferring authenticated communications;
  
  a storage controller coupled to receive data via the at least one port in the storage system;
  
  a plurality of storage media coupled to the storage controller, the storage media being capable of storing encrypted data using an encryption technique;
  
  a management program operating on a computer coupled to the storage controller and to the at least one port of the storage system, the management program operating to determine whether the communications link is authenticated and to determine whether an encryption technique was used in the storage media, and to maintain a record of such determinations; and
  
  a display for displaying the record to a user of the storage system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. A storage system as in claim 1 wherein the management program maintains a record of whether every communications link coupled to the storage system is authenticated, and a record of the encryption status of every storage media is encrypted.
  - 3. A storage system as in claim 2 wherein the management program maintains a record of a type of authentication for each communication link and a record of a type of encryption for every storage media.
  - 4. A storage system as in claim 1 wherein the external device comprises a switch having ports coupled to the storage system and other ports adapted to be coupled to a host computer;
    - and wherein the management program determines whether each communications link between the storage system and the switch and between the switch and the host is authenticated.
  - 5. A storage system as in claim 1 wherein the record comprises a table having entries for each port and each storage media.
  - 6. A storage system as in claim 5 wherein the external device comprises at least one host computer, and the record includes a name for each device, a name for each port, an authentication state for each communications link, a logical unit number for each storage media, and an encryption state for each storage media.
  - 7. A storage system as in claim 1 wherein the communication link comprises a Fibre Channel link.
  - 8. A storage system as in claim 1 wherein the storage media comprise hard disk drives.

9. In a storage system adapted to be coupled to at least one host computer, the storage system having a plurality of communication ports, a plurality of storage media, and being coupled to a management computer in which a management program is executed to implement a method, the method comprising:
- compiling a list of devices within and coupled to the storage system is prepared, the devices having ports;
  
  for each device, collecting information about the ports of the device;
  
  collecting information about the storage media;
  
  collecting information about the at least one host;
  
  preparing a record of any authentication state for each port; and
  
  preparing a record of any encryption state for each storage media.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. A method as in claim 9 wherein the record comprises a table displayed to a user of the system.
  - 11. A method as in claim 9 wherein the step of collecting information about the ports of the device comprises:
    - selecting a port;
      
      determining all ports coupled to the selected port;
      
      determining any authentication policy for communications between the port selected and each port coupled to the selected port;
      
      repeating the steps of selecting a port, determining all ports coupled to the selected port; and
      
      determining any authentication policy for communications between the port selected and each port coupled to the selected port until all ports have been processed.
  - 12. A method as in claim 9 wherein the step of collecting information about the storage media comprises:
    - selecting a port;
      
      determining all storage media coupled to the selected port;
      
      determining any encryption policy for the storage media coupled to the selected port; and
      
      repeating the steps of selecting a port, determining all storage media coupled to the selected port, and determining any encryption policy for the storage media coupled to the selected port, until all ports have been processed.
  - 13. A method as in claim 9 further comprising using the information about the ports to provision additional storage media for the storage system.
  - 14. A method as in claim 13 followed by the step of configuring the additional storage media to have a desired encryption status.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hitachi, Ltd.
Original Assignee
Hitachi, Ltd.
Inventors
Mimatsu, Yasuyuki

Application Number

US11/239,549
Publication Number

US 20070074292A1
Time in Patent Office

Days
Field of Search
US Class Current

726/26
CPC Class Codes

H04L 63/04 for providing a confidentia...

H04L 63/0428 wherein the data content is...

Management of encrypted storage networks

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

51 Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Management of encrypted storage networks

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

51 Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links