Method and system for controlling access share storage devices in a network environment by configuring host-to-volume mapping data structures in the controller memory for granting and denying access to the devices

US 6,343,324 B1
Filed: 09/13/1999
Issued: 01/29/2002
Est. Priority Date: 09/13/1999
Status: Expired due to Term

First Claim

Patent Images

1. In a computer system having a plurality of host computers and at least one hardware device connected to said plurality of host computers, a method for controlling access to said hardware device to maintain data integrity by one of said plurality of host computers, said method comprising:

associating a locally unique identifier with each said plurality of host computers;

defining a data structure in a memory using said locally unique identifiers identifying which particular ones of said host computers may be granted access to said hardware device based on a logical configuration between said host computers and said hardware device selectably allowing one or more of said computers to access said hardware device and selectably denying access to said hardware device by other of said computers, said data structure providing a host-to-volume mapping including host computer identifiers identifying each of said plurality of computers, at least one hardware identifier identifying said at least one hardware device, and permission information for said at least one hardware device indicating for each said host computer whether access to said at least one hardware device is visible or invisible, said data structure making any particular logical volume visible to selected ones of said computers and invisible to other ones of said computers; and

querying said data structure to determine if a requesting one of said computers should be granted access or be denied access to said hardware device in order to maintain data integrity.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention provides structure and method for controlling access to a shared storage device, such as a disk drive storage array, in computer systems and networks having a plurality of host computers. A method for controlling access to a hardware device in a computer system having a plurality of computers and at least one hardware device connected to the plurality of computers. The method includes the steps of associating a locally unique identifier with each the plurality of computers, defining a data structure in a memory identifying which particular ones of the computers based on the locally unique identifier may be granted access to the device; and querying the data structure to determine if a requesting one of the computers should be granted access to the hardware device. In one embodiment, the procedure for defining the data structure in memory includes defining a host computer ID map data structure in the memory; defining a port mapping table data structure comprising a plurality of port mapping table entries in the memory; defining a host identifier list data structure in the memory; defining a volume permission table data structure in the memory; and defining a volume number table data structure in the memory. In one particular embodiment, the memory is a memory of a memory controller controlling the hardware device, and the hardware device is a logical volume of a storage subsystem. The invention also provides an inventive controller structure, and a computer program product implementing the inventive method.

Citations

38 Claims

1. In a computer system having a plurality of host computers and at least one hardware device connected to said plurality of host computers, a method for controlling access to said hardware device to maintain data integrity by one of said plurality of host computers, said method comprising:
- associating a locally unique identifier with each said plurality of host computers;
  
  defining a data structure in a memory using said locally unique identifiers identifying which particular ones of said host computers may be granted access to said hardware device based on a logical configuration between said host computers and said hardware device selectably allowing one or more of said computers to access said hardware device and selectably denying access to said hardware device by other of said computers, said data structure providing a host-to-volume mapping including host computer identifiers identifying each of said plurality of computers, at least one hardware identifier identifying said at least one hardware device, and permission information for said at least one hardware device indicating for each said host computer whether access to said at least one hardware device is visible or invisible, said data structure making any particular logical volume visible to selected ones of said computers and invisible to other ones of said computers; and
  
  querying said data structure to determine if a requesting one of said computers should be granted access or be denied access to said hardware device in order to maintain data integrity.
- View Dependent Claims (2, 3)
- - 2. The method in claim 1, wherein said data structure is defined in a memory of a memory controller controlling said hardware device.
  - 3. The method in claim 1, wherein said hardware device comprises at least one information storage device.

4. In a computer system having a plurality of host computers and at least one hardware device connected to said plurality of computers, a method for controlling access to said hardware device to maintain data integrity by one of said plurality of computers, said method comprising:
- associating a locally unique identifier with each said plurality of computers;
  
  defining a data structure in a memory using said locally unique identifiers identifying which particular ones of said computers may be granted access to said device based on a logical configuration between said computers and said hardware device allowing one or more computers to access said hardware device and denying access to said hardware device by other of said computers, said data structure providing a configuration information that makes any particular logical volume visible to selected ones of said computers and invisible to other ones of said computers;
  
  wherein said defining a data structure in memory further comprises;
  
  defining a host computer ID map data structure in said memory;
  
  defining a port mapping table data structure comprising a plurality of port mapping table entries in said memory;
  
  defining a host identifier list data structure in said memory;
  
  defining a volume permission table data structure in said memory; and
  
  defining a volume number table data structure in said memory; and
  
  querying said data structure to determine if a requesting one of said computers should be granted access or be denied access to said hardware device in order to maintain data integrity.
- View Dependent Claims (5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 5. The method in claim 4, wherein said data structure is defined in a memory of a memory controller controlling said hardware device.
  - 6. The method in claim 5, wherein each of the locally unique identifiers comprise a World Wide Number (WWN), and further comprising:
7. The method in claim 6, further comprising:
- waiting, by the controller, for a host access request to be received;
  
  determining, upon receipt of a host access request by the controller, the command type;
  
  if the command type is an I/O command type, the controller determines the identity of the controller in which the command was received, the host port of the command, and the LUN and corresponding logical volume to which the command is addressed;
  
  locating, the proper port mapping table data structure based on the identity of the controller, the host port I/O processor, and the logical volume;
  
  identifying the host index in the host computer ID map based on a target ID of the command;
  
  examining, by the controller, the volume permission table data structure at the position pointed to by the Host Index of the command to determine if the volume permission table data structure entry pointed to by the Host Index stores a entry having the first logical state or the second logical state; and
  
  if the volume permission table data structure entry has a first logical state, permitting access to the logical volume and processing the command by the controller normally; and
  
  if the volume permission table data structure entry has the second logical value then denying access to the logical volume and responding to the command with an error indication.
8. The method in claim 7, wherein the host identifier list data structure comprises the host WWN list.
9. The method in claim 7, wherein the method includes a procedure that implements predetermined rules in a policy so that:
- (i) a logical volume maps to a single logical unit number only on a specific host port;
  
  (ii) a logical volume maps to the same logical unit number for all hosts that are granted access to the logical device in the volume permission table or host index bit map;
  
  (iii) a logical volume may map to different logical unit numbers on a different controller or different host port; and
  
  (iv) multiple logical volumes may map to any logical unit number on a single host port provided that there is no overlap of the volume permission table or host index bit map for the logical devices.
10. The method in claim 4, wherein said computer identifier comprises a world wide number identifier.
11. The method in claim 4, wherein said hardware device comprises at least one hard disk drive storage device configured as a logical volume.
12. The method in claim 4, wherein said hardware device comprises a RAID storage system and said controller comprises a RAID array controller.
13. The method in claim 4, wherein the method includes a procedure that implements predetermined rules in a policy so that:
- (i) a logical volume maps to a single logical unit number only on a specific host port;
  
  (ii) a logical volume maps to the same logical unit number for all hosts that are granted access to the logical device in the volume permission table or host index bit map;
  
  (iii) a logical volume may map to different logical unit numbers on a different controller or different host port; and
  
  (iv) multiple logical volumes may map to any logical unit number on a single host port provided that there is no overlap of the volume permission table or host index bit map for the logical devices.

14. An interconnected network of computers comprising:
- at least one shared hardware device;
  
  a plurality of host computers coupled to said hardware device by a communications channel and having a locally unique node identifier;
  
  a controller coupled between said plurality of host computers and said at least one shared hardware device and controlling access to said hardware device by said host computers; and
  
  a data structure defined in a memory of said controller and comprising;
  
  (i) a host computer ID map data structure;
  
  (ii) a port mapping table data structure comprising a plurality of port mapping table entries;
  
  (iii) a host identifier list data structure in said memory;
  
  (iv) a volume permission table data structure; and
  
  (v) a volume number table data structure;
  
  said data structure identifying which particular ones of said computers may be granted access to said shared hardware device based on a logical configuration between said computers and said hardware device allowing one or more computers to access said hardware device and denying access to said hardware device by other of said computers, said data structure providing a configuration information that makes any particular hardware device visible to selected ones of said computers and invisible to other ones of said computers.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The interconnected network of computers in claim 14, wherein said at least one shared hardware device comprises an information storage device.
  - 16. The interconnected network of computers in claim 14, wherein said at least one shared hardware device comprises a logical volume of a disk drive storage subsystem.
  - 17. The interconnected network of computers in claim 14, wherein said communications channel comprises a fibre channel arbitrated loop communications channel.
  - 18. The interconnected network of computers in claim 14, wherein said locally unique node identifier comprises a world wide number (WWN) identifier.
  - 19. The interconnected network of computers in claim 14, wherein said hardware device comprises a Storage Area Network.
  - 20. The interconnected network of computers in claim 14, wherein:

21. A controller for controlling access to at least one shared hardware device that is coupled with a plurality of host computers by a communications channel and having a locally unique node identifier, said controller comprising:
- a processor;
  
  a memory coupled to said processor and storing instructions for processing input/output operations with said hardware device and defining a data structure;
  
  said data structure comprising;
  
  (i) a host computer ID map data structure;
  
  (ii) a port mapping table data structure comprising a plurality of port mapping table entries;
  
  (iii) a host identifier list data structure;
  
  (iv) a volume permission table data structure; and
  
  (v) a volume number table data structure; and
  
  said data structure identifying which particular ones of said computers may be granted access to said shared hardware device based on a logical configuration between said computers and said hardware device allowing one or more computers to access said hardware device and denying access to said hardware device by other of said computers, said data structure providing a configuration information that makes any particular hardware device visible to selected ones of said computers and invisible to other ones of said computers.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29)
- - 22. The controller in claim 21, wherein said at least one shared hardware device comprises an information storage device.
  - 23. The controller in claim 21, wherein said at least one shared hardware device comprises a logical volume of a disk drive storage subsystem.
  - 24. The controller in claim 21, wherein said communications channel comprises a fibre channel arbitrated loop communications channel.
  - 25. The controller in claim 21, wherein said locally unique node identifier comprises a world wide number (WWN) identifier.
  - 26. The controller in claim 21, wherein said hardware device comprises a Storage Area Network.
  - 27. The controller in claim 21, wherein:
28. The controller in claim 21, wherein said instructions include instructions for:
- associating a locally unique identifier with each said plurality of computers;
  
  defining a data structure in said memory identifying which particular ones of said computers based on said locally unique identifier may be granted access to said device; and
  
  querying said data structure to determine if a requesting one of said computers should be granted access to said hardware device.
29. The controller in claim 28, wherein said instructions further include instructions for:
- defining a host computer ID map data structure in said memory;
  
  defining a port mapping table data structure comprising a plurality of port mapping table entries in said memory;
  
  defining a host identifier list data structure in said memory;
  
  defining a volume permission table data structure in said memory; and
  
  defining a volume number table data structure in said memory.

30. A computer program product for use in conjunction with a computer system having a plurality of host computers and at least one shared hardware device, the computer program product comprising a computer readable storage medium and a computer program mechanism embedded therein, the computer program mechanism comprising:
- a program module for controlling access to said shared hardware device by one of said plurality of host computers;
  
  the program module including instructions for;
  
  associating a locally unique identifier with each said plurality of host computers;
  
  defining a data structure in a memory using said locally unique identifiers identifying which particular ones of said host computers may be granted access to said hardware device based on a logical configuration between said host computers and said hardware device selectably allowing one or more of said computers to access said hardware device and selectably denying access to said hardware device by other of said computers, said data structure providing a host-to-volume mapping including host computer identifiers identifying each of said plurality of computers, at least one hardware identifier identifying said at least one hardware device, and permission information for said at least one hardware device indicating for each said host computer whether access to said at least one hardware device is visible or invisible, said data structure making any particular logical volume visible to selected ones of said computers and invisible to other ones of said computers; and
  
  querying said data structure to determine if a requesting one of said computers should be granted access or be denied access to said hardware device in order to maintain data integrity.
- View Dependent Claims (31, 32)
- - 31. The computer program product of claim 30, wherein said program module further including instructions for:
32. The computer program product of claim 30, wherein said hardware device comprises a Storage Area Network.

33. A computer program product for use in conjunction with a computer system having a plurality of host computers and at least one shared hardware device, the computer program product comprising a computer readable storage medium and a computer program mechanism embedded therein, the computer program mechanism comprising:
- a program module for controlling access to said shared hardware device by one of said plurality of host computers;
  
  the program module including instructions for;
  
  associating a locally unique identifier including a world wide number (WWN) with each said plurality of computers;
  
  defining a data structure in a memory of a controller controlling said at least one shared hardware device, wherein defining comprises using said locally unique identifiers identifying which particular ones of said computers may be granted access to said device based on a logical configuration between said computers and said hardware device allowing one or more computers to access said hardware device and denying access to said hardware device by other of said computers, said data structure providing a configuration information that makes any particular logical volume visible to selected ones of said computers and invisible to other ones of said computers;
  
  querying said data structure to determine if a requesting one of said computers should be granted access or be denied access to said hardware device in order to maintain data integrity;
  
  determining whether there has been an attempt by a host to login;
  
  when a host login attempt is detected, searching for the WWN of the host attempting the login in the host identifier list data structure;
  
  if the WWN of the host attempting the login is found in the host identifier list data structure, the position of the host'"'"'s WWN in the host identifier list data structure is a host index;
  
  but if the WWN is not found in the host identifier list data structure, the WWN of the host attempting the login is added to the end of the host identifier list data structure and that position is the host index;
  
  placing the host index into the host computer ID map at the position indicated by the host'"'"'s channel loop ID;
  
  collecting, by the controller, information from a channel I/O processor to allow the controller to identify the correct port mapping table data structure which contains the volume permission table data structure for a logical volume for which a request by the host was targeted, said information including;
  
  the controller, the I/O Processor on which the request was made, and that logical volume;
  
  searching, by the controller, the volume number table data structure associated with that logical volume to determine if that host attempting the login is allowed to access that logical volume; and
  
  if the WWN of the host attempting the login is found in the volume number table data structure for that logical volume, setting by the controller, the volume permission table data structure entry pointed to by the host index to a first logical state;
  
  but if the WWN of the host attempting the login is not found for that logical volume, setting the volume permission table data structure entry pointed to by host index to a second logical state.
- View Dependent Claims (34)
- - 34. The method in claim 33, further comprising:

35. In a computer system having a plurality of host computers and at least one hardware device connected to said plurality of computers, a method for controlling access to said hardware device by one of said plurality of computers, said method comprising:
- associating a locally unique identifier including a world wide number (WWN) with each said plurality of computers;
  
  defining a data structure in a memory of a controller controlling said hardware device, wherein defining comprises using said locally unique identifiers identifying which particular ones of said computers may be granted access to said device based on a logical configuration between said computers and said hardware device allowing one or more computers to access said hardware device;
  
  said data structure comprising;
  
  (i) defining a host computer ID map data structure in said memory, (ii) defining a port mapping table data structure comprising a plurality of port mapping table entries, (iii) defining a host identifier list data structure, (iv) defining a volume permission table data structure, and (v) defining a volume number table;
  
  determining whether there has been a request by a host to login;
  
  querying said data structure to determine if a requesting one of said host computers should be granted access to said hardware device;
  
  said defining of said data structure and said querying of said data structure further including;
  
  when a host login attempt is detected, searching for the WWN of the host attempting the login in the host identifier list data structure;
  
  if the WWN of the host attempting the login is found in the host identifier list data structure, the position of the host'"'"'s WWN in the host identifier list data structure is a host index;
  
  but if the WWN is not found in the host identifier list data structure, the WWN of the host attempting the login is added to the end of the host identifier list data structure and that position is the host index;
  
  placing the host index into the host computer ID map at the position indicated by the host'"'"'s channel loop ID;
  
  collecting, by the controller, information from a channel I/O processor to allow the controller to identify the correct port mapping table data structure which contains the volume permission table data structure for a logical volume for which a request by the host was targeted, said information including;
  
  the controller, the I/O Processor on which the request was made, and that logical volume;
  
  searching, by the controller, the volume number table data structure associated with that logical volume to determine if that host attempting the login is allowed to access that logical volume; and
  
  if the WWN of the host attempting the login is found in the volume number table data structure for that logical volume, setting by the controller, the volume permission table data structure entry pointed to by the host index to a first logical state;
  
  but if the WWN of the host attempting the login is not found for that logical volume, setting the volume permission table data structure entry pointed to by host index to a second logical state.
- View Dependent Claims (36, 37)
- - 36. The method in claim 35, further comprising:
37. The method in claim 36, wherein the method reduces the number of required searches by building the volume permission table data structure associated with each logical volume at login;
- and by defining the data structure such that only a single logical element of the data structure is examined before access privileges can be verified and a read or write operation scheduled.

38. A computer program product for use in conjunction with a computer system having a plurality of host computers and at least one shared hardware device, the computer program product comprising a computer readable storage medium and a computer program mechanism embedded therein, the computer program mechanism comprising:
- a program module for controlling access to said shared hardware device by one of said plurality of host computers;
  
  the program module including instructions for;
  
  associating a locally unique identifier with each said plurality of computers;
  
  defining a data structure in a memory using said locally unique identifiers identifying which particular ones of said computers may be granted access to said device based on a logical configuration between said computers and said hardware device allowing one or more computers to access said hardware device and denying access to said hardware device by other of said computers, said data structure providing a configuration information that makes any particular logical volume visible to selected ones of said computers and invisible to other ones of said computers;
  
  defining a host computer ID map data structure in a memory;
  
  defining a port mapping table data structure comprising a plurality of port mapping table entries in said memory;
  
  defining a host identifier list data structure in said memory;
  
  defining a volume permission table data structure in said memory; and
  
  defining a volume number table data structure in said memory; and
  
  querying said data structure to determine if a requesting one of said computers should be granted access or be denied access to said hardware device in order to maintain data integrity.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Twitter Inc (X Holdings Corp.)
Original Assignee
International Business Machines Corporation
Inventors
Hubis, Walter A., Deitz, William G.
Primary Examiner(s)
Luu, Le Hien
Assistant Examiner(s)
Jaroenchonwanit, Bunjob

Application Number

US09/394,220
Time in Patent Office

869 Days
Field of Search

709/229, 709/212, 709/249, 709/251, 709/226, 711/112, 711/114, 711/206, 711/111, 711/207, 711/220, 711/221, 714/1, 714/10, 714/11, 714/12, 714/6, 710/200, 710/107, 710/36, 713/150, 713/151, 713/200, 713/201
US Class Current

709/229
CPC Class Codes

G06F 21/62   Protecting access to data v...

G06F 21/6209   to a single file or object,...

G06F 21/6218   to a system of files or obj...

G06F 21/80   in storage media based on m...

G06F 21/805   using a security table for ...

G06F 2221/2129   Authenticate client device ...

G06F 2221/2141   Access rights, e.g. capabil...

G06F 3/0622   in relation to access

G06F 3/0637   Permissions

G06F 3/0689   Disk arrays, e.g. RAID, JBOD

Method and system for controlling access share storage devices in a network environment by configuring host-to-volume mapping data structures in the controller memory for granting and denying access to the devices

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

38 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for controlling access share storage devices in a network environment by configuring host-to-volume mapping data structures in the controller memory for granting and denying access to the devices

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

38 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links