GROUP ZONING AND ACCESS CONTROL OVER A NETWORK

US 20170250990A1
Filed: 10/31/2014
Published: 08/31/2017
Est. Priority Date: 10/31/2014
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

creating, at an Ethernet switch of a Storage Area Network (SAN) and based on a multicast request from a target, a virtual local area network (VLAN) between an initiator and an Internet Small Computer Systems Interface (iSCSI) target port of a target adapter;

assigning an access control list (ACL) to the VLAN, wherein the ACL grants the initiator access to the iSCSI target port;

segregating a device connected to the SAN into a zone group, the zone group corresponding to the ACL; and

controlling access of the zone group based on the access control list and frame filtering.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Example implementations relate to hard zoning capabilities for devices using Internet small computer system interface (iSCSI) protocol. For example, a method includes creating a virtual local area network (VLAN) at an Ethernet switch between an initiator and target adapter. The method includes assigning an access control list (ACL) to the VLAN. The method includes segregating a device of a plurality of devices connected to the SAN into a zone group. The method also includes controlling access of a zone group based on the ACL and frame filtering.

9 Citations

27 Claims

1. A method, comprising:
- creating, at an Ethernet switch of a Storage Area Network (SAN) and based on a multicast request from a target, a virtual local area network (VLAN) between an initiator and an Internet Small Computer Systems Interface (iSCSI) target port of a target adapter;
  
  assigning an access control list (ACL) to the VLAN, wherein the ACL grants the initiator access to the iSCSI target port;
  
  segregating a device connected to the SAN into a zone group, the zone group corresponding to the ACL; and
  
  controlling access of the zone group based on the access control list and frame filtering.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the Ethernet switch comprises an iSCSI Ethernet switch.
  - 3. The method of claim 1, wherein the initiator comprises an iSCSI initiator.
  - 4. The method of claim 1, wherein the target adapter comprises an iSCSI target adapter.
  - 5. The method of claim 1, further comprising the target adapter initiating a multicast command to the Ethernet switch, and receiving a unicast response from the Ethernet switch.
  - 6. The method of claim 5, wherein the multicast command comprises a command asking for a list of initiators, and the unicast response comprises a frame that sends the list of the initiators to the target adapter.
  - 7. The method of claim 1, further comprising sending, from the target adapter to the switch, a predefined “
    - add zone”
      
      command, target port information, and a list of initiators to communicate with the iSCSI target port.
  - 8. The method of claim 1, further comprising transferring information and allowing access to the zone group if a correct frame is sent from the initiator to the target adapter.

9-15. -15. (canceled)

16. A method for controlling access to a Storage Area Network (SAN), comprising:
- receiving, at a switch, a request to join an initiator to the SAN;
  
  receiving, at the switch, a request to join a target to the SAN;
  
  building, at the switch, a name server table comprising;
  
  an initiator list including the initiator; and
  
  a target list including the target;
  
  sending, from the switch and based on a command requesting the initiator list, a response including the initiator list;
  
  in response to receiving an Add Zone command, creating, at the switch, a Virtual Local Area Network (VLAN) between the initiator and an Internet Small Computer Systems Interface (iSCSI) port of the target; and
  
  assigning, at the switch, an access control list (ACL) to the VLAN.
- View Dependent Claims (17, 18, 19, 20, 21)
- - 17. The method of claim 16, further comprising:
    - receiving, at the switch, a command to add a zone group to the SAN;
      
      configuring, at the switch, zone groups across the SAN such that the added zone group includes the iSCSI port of the target; and
      
      configuring the VLAN to enforce zoning based on the zone groups across the SAN.
  - 18. The method of claim 16, further comprising:
    - creating, at the switch, an iSCSI peer zone to control access to the target;
      
      permitting, by the switch and based on the iSCSI peer zone, the initiator to access the iSCSI port of the target; and
      
      denying, by the switch and based on the iSCSI peer zone, a second initiator from accessing the iSCSI port of the target.
  - 19. The method of claim 18, wherein the switch, upon receiving a frame from the second initiator that is destined for the iSCSI port of the target, drops the frame.
  - 20. The method of claim 18, wherein the second initiator and a second iSCSI port of the target comprise a second VLAN.
  - 21. The method of claim 20, wherein the switch, upon receiving a frame from the second initiator that is destined for the second iSCSI port of the target, sends the frame to the target.

22. A non-transitory, computer-readable medium including instructions that, when executed by a processor, cause the processor to:
- send, to a switch, a request to join a Storage Area Network (SAN) fabric;
  
  send, to the switch, a multicast announcement;
  
  send, to the switch, a command requesting an initiator list;
  
  receive, from the switch, a response including the initiator list, wherein the initiator list is based, in part, on the multicast announcement;
  
  map an initiator of the initiator list to a target Internet Small Computer Systems Interface (iSCSI) port of a target adapter;
  
  send, to the switch, a multicast command to add a zone to the SAN fabric based on the mapping between the initiator and the target iSCSI port; and
  
  receive, at the target iSCSI port, a frame from the initiator.
- View Dependent Claims (23, 24, 25, 26, 27)
- - 23. The computer-readable medium of claim 22, wherein the instructions further cause the processor to:
    - map a second initiator of the initiator list to a different target iSCSI port;
      
      send, to the switch, a second multicast command to add a second zone to the SAN fabric based on the mapping between the second initiator and the different target iSCSI port; and
      
      receive, at the different target iSCSI port, a second frame from the second initiator.
  - 24. The computer-readable medium of claim 22, wherein mapping the initiator to the target iSCSI port comprises associating the initiator and the target iSCSI port with a zone group.
  - 25. The computer-readable medium of claim 24, wherein mapping the initiator to the target iSCSI port further comprises provisioning a storage volume to the zone group.
  - 26. The computer-readable medium of claim 22, wherein the SAN fabric is an Ethernet fabric.
  - 27. The computer-readable medium of claim 23, wherein the target adapter is an iSCSI adapter and comprises the target iSCSI port and the different target iSCSI port.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Inventors
PUTTAGUNTA, Krishna B., MOHAN, Rupin T., AGARWAL, Vivek, NEWFELL, JR., Charles J.

Granted Patent

US 10,630,690 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

H04L 49/351   for local area network [LAN...

H04L 49/354   for supporting virtual loca...

H04L 49/356   for storage area networks

H04L 49/70   Virtual switches

H04L 63/101   Access control lists [ACL]

H04L 67/1097   for distributed storage of ...

H04L 69/169   Special adaptations of TCP,...

GROUP ZONING AND ACCESS CONTROL OVER A NETWORK

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

9 Citations

27 Claims

Specification

Use Cases

Quick Links

Others

GROUP ZONING AND ACCESS CONTROL OVER A NETWORK

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

9 Citations

27 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others