VIRTUAL COMPUTER SYSTEM, ACCESS CONTROL METHOD AND COMMUNICATION DEVICE FOR THE SAME
First Claim
1. A computer system comprising:
- a plurality of physical computers;
at least one virtual computer operable to be executed on the physical computers; and
a determination unit operable to determine whether login to an external device from the virtual computer is acceptable or unacceptable,wherein the virtual computer is allocated an identifier for accessing the external device,wherein, upon receiving login inquiry to the external device from a certain virtual computer and referring to allocation information of the identifier allocated to the virtual computer, the determination unit compares the identifier allocated to the certain virtual computer with the identifier allocated to another virtual computer to be executed on a physical computer different from the physical computer on which the certain virtual computer is executed, andwherein the login is rejected when the identifier allocated to the certain virtual computer agrees with the identifier allocated to the another virtual computer, and the login is accepted when the identifier allocated to the certain virtual computer disagrees with the identifier allocated to the another virtual computer.
1 Assignment
0 Petitions
Accused Products
Abstract
In a plural computer system executing a virtual computer, an exterior storage volume may receive unjustly multiple access, and contents of the volume may be destroyed. Provided are: a switch coupling a virtual computer and I/O, a virtual computer managing unit coupled to a computer and the switch, and a determination unit determining a login acceptance/rejection of a virtual computer and I/O. The virtual computer possesses a virtual HBA, and upon receiving a login inquiry to the I/O from a certain virtual computer, a determination unit compares an identifier allocated to the certain virtual computer with an identifier allocated to another virtual computer to be executed on a physical computer different from the physical computer on which the certain virtual computer is executed, and determines login acceptance/rejection. Accordingly, an access control to the I/O is performed.
-
Citations
20 Claims
-
1. A computer system comprising:
-
a plurality of physical computers; at least one virtual computer operable to be executed on the physical computers; and a determination unit operable to determine whether login to an external device from the virtual computer is acceptable or unacceptable, wherein the virtual computer is allocated an identifier for accessing the external device, wherein, upon receiving login inquiry to the external device from a certain virtual computer and referring to allocation information of the identifier allocated to the virtual computer, the determination unit compares the identifier allocated to the certain virtual computer with the identifier allocated to another virtual computer to be executed on a physical computer different from the physical computer on which the certain virtual computer is executed, and wherein the login is rejected when the identifier allocated to the certain virtual computer agrees with the identifier allocated to the another virtual computer, and the login is accepted when the identifier allocated to the certain virtual computer disagrees with the identifier allocated to the another virtual computer. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. An access control method in a virtual computer system including a plurality of physical computers, at least one virtual computer to be executed on the physical computers, and a determination unit for determining whether login to an external device by the virtual computer is acceptable or unacceptable, the access control method comprising the steps of:
-
allocating to the virtual computer an identifier to access the external device; referring by the determination unit to allocation information of the identifier allocated to the virtual computer upon receiving login inquiry to the external device from a certain virtual computer; comparing by the determination unit the identifier allocated to the certain virtual computer with the identifier allocated to another virtual computer to be executed on a physical computer different from the physical computer on which the certain virtual computer is executed; rejecting the login when the identifier allocated to the certain virtual computer agrees with the identifier allocated to the another virtual computer; and accepting the login when the identifier allocated to the certain virtual computer disagrees with the identifier allocated to the another virtual computer. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18)
-
-
19. A communication device comprising:
-
a port possessing a port number; a port-ID allocation unit, and a cache operable to acquire periodically summary information summarizing allocation information of an identifier allocated to a virtual computer on a physical computer, for use in accessing an external device, the cache being operable to hold the summary information, wherein the summary information possesses the port number and an accepted identifier which is an identifier allocated to a virtual computer accepted to login to the port, wherein, upon receiving login inquiry to the external device from a certain virtual computer, the port-ID allocation unit determines whether the combination of a port number included in the received login inquiry and an identifier to use the port and the combination of a port number possessed by the summary information and the accepted identifier are in agreement, and wherein, when the port-ID allocation unit determines that the combinations are in agreement, the login is accepted, and when the port-ID allocation unit determines that the combinations are in disagreement, the login is rejected. - View Dependent Claims (20)
-
Specification