Security for logical unit in storage subsystem

US 6,779,083 B2
Filed: 02/19/2002
Issued: 08/17/2004
Est. Priority Date: 07/13/2001
Status: Expired due to Fees

First Claim

Patent Images

1. A storage system adapted to be coupled to a plurality of host computers comprising:

a plurality of storage devices which store data from said host computers, wherein said storage devices have a plurality of storage regions;

a plurality of logical units including said storage regions;

a storage control device controlling read/write of data to said logical units;

a host-hostgroup conversion table which sets a corresponding relation between an identifier of a host computer and an identifier of a host group including said host computer, wherein said host-hostgroup conversion table is used to search for an identifier of a host group including said host computer based on said identifier of said host computer; and

a Logical Unit Number (LUN) access management table which sets a corresponding relation between said identifier of said host group and logical units allocated to said identifier of said host group, wherein said LUN access management table is used to search for logical units allocated to said identifier of said host group based on said identifier of said host group.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Tables (FIGS. 11 and 12) for stipulating information (WWN: WorldWide Name) for primarily identifying computers, information (GID: Group ID) for identifying a group of the computers and a logical unit number (LUN) permitting access from the host computer inside storage subsystem, in accordance with arbitrary operation method by a user, and for giving them to host computer. The invention uses management table inside the storage subsystem and gives logical unit inside storage subsystem to host computer group arbitrarily grouped by a user in accordance with the desired form of operation of the user, can decide access approval/rejection to the logical unit inside the storage subsystem in the group unit and at the same time, can provide the security function capable of setting interface of connection in the group unit under single port of storage subsystem without changing existing processing, limitation and other functions of computer.

185 Citations

68 Claims

1. A storage system adapted to be coupled to a plurality of host computers comprising:
- a plurality of storage devices which store data from said host computers, wherein said storage devices have a plurality of storage regions;
  
  a plurality of logical units including said storage regions;
  
  a storage control device controlling read/write of data to said logical units;
  
  a host-hostgroup conversion table which sets a corresponding relation between an identifier of a host computer and an identifier of a host group including said host computer, wherein said host-hostgroup conversion table is used to search for an identifier of a host group including said host computer based on said identifier of said host computer; and
  
  a Logical Unit Number (LUN) access management table which sets a corresponding relation between said identifier of said host group and logical units allocated to said identifier of said host group, wherein said LUN access management table is used to search for logical units allocated to said identifier of said host group based on said identifier of said host group.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The storage system according to claim 1, wherein said identifier of said host computer is a Source Identifier (S_ID).
  - 3. The storage system according to claim 1, wherein said host-hostgroup conversion table further sets a corresponding relation between said identifier of said host computer, a world wide name (WWN) of said host computer, and said identifier of said host group including said host computer.
  - 4. The storage system according to claim 1, wherein said host-hostgroup conversion table is made at Port Login (PLOGI) sequence.
  - 5. The storage system according to claim 1, wherein said LUN access management table is used to search for said logical units allocated to said identifier of said host group based on said identifier of said host group at INQUIRY sequence.
  - 6. The storage system according to claim 1, wherein said logical units are formed by renumbering said storage regions.
  - 7. The storage system according to claim 1, wherein said logical units allocated to said identifier of said host group start with LUN0.
  - 8. The storage system according to claim 1, wherein different host computers each having a different Operating System (OS) are in the same host group.
  - 9. The storage system according to claim 1, wherein at least one of said host computers belongs to different host groups.
  - 10. The storage system according to claim 1, wherein a LUN accessible from a first host computer is the same LUN accessible from a second host computer.
  - 11. The storage system according to claim 1, wherein when a first LUN accessible from a first host computer is the same LUN accessible from a second host computer, a storage region corresponding to the first LUN is different from a storage region corresponding to the second LUN.
  - 12. The storage system according to claim 1, wherein when a first host computer and a second host computer commonly use a same logical unit, a LUN corresponding to said same logical unit as recognized by said first host computer is different from a LUN corresponding to said same logical unit as recognized by said second host computer.
  - 13. The storage system according to claim 1, wherein after accessing a logical unit from a host computer, conversion from said logical unit to a storage region corresponding to said logical unit is conducted by said storage control device without intervention by said host computer.
  - 14. The storage system according to claim 1, wherein there are a plurality of LUN0'"'"'s under one physical port of said storage system.

15. A storage system adapted to be coupled to a plurality of host computers comprising:
- a plurality of storage devices which store data from said host computers, wherein said storage devices have a plurality of storage regions;
  
  a plurality of logical units including said storage regions;
  
  a storage control device controlling read/write of data to said logical units;
  
  a host-hostgroup conversion table which sets a corresponding relation between an identifier of a host computer and an identifier of a host group including said host computer, wherein said host-hostgroup conversion table is made at Port Login (PLOGI); and
  
  a Logical Unit Number (LUN) access management table which sets a corresponding relation between said identifier of said host group and logical units allocated to said identifier of said host group, wherein said LUN access management table is used to search for logical units allocated to said identifier of said host group based on said identifier of said host group at INQUIRY sequence.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
- - 16. The storage system according to claim 15, wherein said identifier of said host computer is a Source Identifier (S_ID).
  - 17. The storage system according to claim 15, wherein said host-hostgroup conversion table further sets a corresponding relation between said identifier of said host computer, a world wide name (WWN) of said host computer, and said identifier of said host group including said host computer.
  - 18. The storage system according to claim 15, wherein said logical units are formed by renumbering said storage regions.
  - 19. The storage system according to claim 15, wherein said logical units allocated to said identifier of said host group start with LUN0.
  - 20. The storage system according to claim 15, wherein different host computers each having a different Operating System (OS) are in the same host group.
  - 21. The storage system according to claim 15, wherein at least one of said host computers belongs to different host groups.
  - 22. The storage system according to claim 15, wherein a LUN accessible from a first host computer is the same LUN accessible from a second host computer.
  - 23. The storage system according to claim 15, wherein when a first LUN accessible from a first host computer is the same LUN accessible from a second host computer, a storage region corresponding to the first LUN is different from a storage region corresponding to the second LUN.
  - 24. The storage system according to claim 15, wherein when a first host computer and a second host computer commonly use a same logical unit, a LUN corresponding to said same logical unit as recognized by said first host computer is different from a LUN corresponding to said same logical unit as recognized by said second host computer.
  - 25. The storage system according to claim 15, wherein after accessing a logical unit from a host computer, conversion from said logical unit to a storage region corresponding to said logical unit is conducted by said storage control device without intervention by said host computer.
  - 26. The storage system according to claim 15, wherein there are a plurality of LUN0'"'"'s under one physical port of said storage system.

27. A storage system adapted to be coupled to a plurality of host computers comprising:
- a plurality of storage devices which store data from said host computers, wherein said storage devices have a plurality of storage regions;
  
  a plurality of logical units including said storage regions;
  
  a storage control device controlling read/write of data to said logical units;
  
  a host-hostgroup conversion relationship which sets a corresponding relation between an identifier of a host computer and an identifier of a host group including said host computer, wherein said host-hostgroup conversion relationship is used to search for said identifier of said host group including said host computer based on said identifier of said host computer; and
  
  a Logical Unit Number (LUN) access management relationship which sets a corresponding relation between said identifier of said host group and logical units allocated to said identifier of said host group, wherein said LUN access management relationship is used to search for logical units allocated to said identifier of said host group based on said identifier of said host group.
- View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40)
- - 28. The storage system according to claim 27, wherein said identifier of said host computer is a Source Identifier (S_ID).
  - 29. The storage system according to claim 27, wherein said host-hostgroup conversion relationship further sets a corresponding relation between said identifier of said host computer, a world wide name (WWN) of said host computer, and said identifier of said host group including said host computer.
  - 30. The storage system according to claim 27, wherein said host-hostgroup conversion relationship is made at Port Login (PLOGI) sequence.
  - 31. The storage system according to claim 27, wherein said LUN access management relationship is used to search for said logical units allocated to said identifier of said host group based on said identifier of said host group at INQUIRY sequence.
  - 32. The storage system according to claim 27, wherein said logical units are formed by renumbering said storage regions.
  - 33. The storage system according to claim 27, wherein said logical units allocated to said identifier of said host group start with LUN0.
  - 34. The storage system according to claim 27, wherein different host computers each having a different Operating System (OS) are in the same host group.
  - 35. The storage system according to claim 27, wherein at least one of said host computers belongs to different host groups.
  - 36. The storage system according to claim 27, wherein a LUN accessible from a first host computer is the same LUN accessible from a second host computer.
  - 37. The storage system according to claim 27, wherein when a first LUN accessible from a first host computer is the same LUN accessible from a second host computer, a storage region corresponding to the first LUN is different from a storage region corresponding to the second LUN.
  - 38. The storage system according to claim 27, wherein when a first host computer and a second host computer commonly use a same logical unit, a LUN corresponding to said same logical unit as recognized by said first host computer is different from a LUN corresponding to said same logical unit as recognized by said second host computer.
  - 39. The storage system according to claim 27, wherein after accessing a logical unit from a host computer, conversion from said logical unit to a storage region corresponding to said logical unit is conducted by said storage control device without intervention by said host computer.
  - 40. The storage system according to claim 27, wherein there are a plurality of LUN0'"'"'s under one physical port of said storage system.

41. A storage system adapted to be coupled to a plurality of host computers comprising:
- a plurality of storage devices which store data from said host computers, wherein said storage devices have a plurality of storage regions;
  
  a plurality of logical units including said storage regions; and
  
  a storage control device controlling read/write of data to said logical units, wherein said storage control device searches for an identifier of a host group including a host computer with an identifier of said host computer forming part of a command from said host computer, searches for Logical Unit Number'"'"'s (LUNs) allocated to said identifier of said host group based on said identifier of said host group, judges whether a LUN forming a part of said command from said host computer corresponds to any of said LUNs allocated to said identifier of said host group, and acknowledges an access from said host computer to said LUN if said LUN corresponds to any of said LUNs allocated to said identifier of said host group.
- View Dependent Claims (42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54)
- - 42. The storage system according to claim 41, wherein said identifier of said host computer is a Source Identifier (S_ID).
  - 43. The storage system according to claim 41, wherein a corresponding relation is set between said identifier of said host computer, a world wide name (WWN) of said host computer, and said identifier of host group including said host computer.
  - 44. The storage system according to claim 41, wherein a corresponding relation between said identifier of said host computer and said identifier of said host group including said host computer is set at Port Login (PLOGI) sequence.
  - 45. The storage system according to claim 41, wherein said search for said logical units allocated to said identifier of said host group based on said identifier of said host group is made at INQUIRY sequence.
  - 46. The storage system according to claim 41, wherein said logical units are formed by renumbering said storage regions.
  - 47. The storage system according to claim 41, wherein said logical units allocated to said identifier of said host group start with LUN0.
  - 48. The storage system according to claim 41, wherein different host computers each having a different Operating System (OS) are in the same host group.
  - 49. The storage system according to claim 41, wherein at least one of said host computers belongs to different host groups.
  - 50. The storage system according to claim 41, wherein a LUN accessible from a first host computer is the same LUN accessible from a second host computer.
  - 51. The storage system according to claim 41, wherein when a first LUN accessible from a first host computer is the same LUN accessible from a second host computer, a storage region corresponding to the first LUN is different from a storage region corresponding to the second LUN.
  - 52. The storage system according to claim 41, wherein when a first host computer and a second host computer commonly use a same logical unit, a LUN corresponding to said same logical unit as recognized by said first host computer is different from a LUN corresponding to said same logical unit as recognized by said second host computer.
  - 53. The storage system according to claim 41, wherein after accessing a logical unit from a host computer, conversion from said logical unit to a storage region corresponding to said logical unit is conducted by said storage control device without intervention by said host computer.
  - 54. The storage system according to claim 41, wherein there are a plurality of LUN0'"'"'s under one physical port of said storage system.

55. A storage system adapted to be coupled to a plurality of host computers comprising:
- a plurality of storage devices which store data from said host computers, wherein said storage devices have a plurality of storage regions;
  
  a plurality of logical units including said storage regions; and
  
  a storage control device controlling read/write of data to said logical units, wherein said storage control device searches for an identifier of a host group including a host computer with an identifier of said host computer forming a part of a command from said host computer in a host-hostgroup conversion table which sets a corresponding relation between said identifier of said host computer and said identifier of said host group, searches for Logical Unit Number'"'"'s (LUNs) allocated to said identifier of host group based on said identifier of said host group in a LUN access management table which sets a corresponding relation between said identifier of said host group and logical units allocated to said identifier of said host group, judges whether a LUN forming a part of said command from said host computer corresponds to any of said LUNs allocated to said identifier of said host group, and acknowledges an access from said host computer to said LUN if said LUN corresponds to any of said LUNs allocated to said identifier of said host group.
- View Dependent Claims (56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68)
- - 56. The storage system according to claim 55, wherein said identifier of said host computer is a Source Identifier (S_ID).
  - 57. The storage system according to claim 55, wherein said host-hostgroup conversion table further sets a corresponding relation between said identifier of said host computer, a world wide name (WWN) of said host computer, and said identifier of said host group including said host computer.
  - 58. The storage system according to claim 55, wherein said host-hostgroup conversion table is made at Port Login (PLOGI) sequence.
  - 59. The storage system according to claim 55, wherein said LUN access conversion table is used to search for said logical units allocated to said identifier of said host group based on said identifier of said host group at INQUIRY sequence.
  - 60. The storage system according to claim 55, wherein said logical units are formed by renumbering said storage regions.
  - 61. The storage system according to claim 55, wherein said logical units allocated to said identifier of said host group start with LUN0.
  - 62. The storage system according to claim 55, wherein different host computers each having a different Operating System (OS) are in the same host group.
  - 63. The storage system according to claim 55, wherein at least one of said host computers belongs to different host groups.
  - 64. The storage system according to claim 55, wherein a LUN accessible from a first host computer is the same LUN accessible from a second host computer.
  - 65. The storage system according to claim 55, wherein when a first LUN accessible from a first host computer is the same LUN accessible from a second host computer, a storage region corresponding to the first LUN is different from a storage region corresponding to the second LUN.
  - 66. The storage system according to claim 55, wherein when a first host computer and a second host computer commonly use a same logical unit, a LUN corresponding to said same logical unit as recognized by said first host computer is different from a LUN corresponding to said same logical unit as recognized by said second host computer.
  - 67. The storage system according to claim 55, wherein after accessing a logical unit from a host computer, conversion from said logical unit to a storage region corresponding to said logical unit is conducted by said storage control device without intervention by said host computer.
  - 68. The storage system according to claim 55, wherein there are a plurality of LUN0'"'"'s under one physical port of said storage system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hitachi, Ltd.
Original Assignee
Hitachi, Ltd.
Inventors
Okami, Yoshinori, Hori, Koichi, Igarashi, Yoshinori, Uchiumi, Katsuhiro, Ito, Ryuske
Primary Examiner(s)
Portka, Gary
Assistant Examiner(s)
Ross, John M.

Application Number

US10/076,553
Publication Number

US 20030014600A1
Time in Patent Office

910 Days
Field of Search

711/114, 711/111, 711/112, 711/163, 709/229
US Class Current

711/114
CPC Class Codes

G06F 3/0622   in relation to access

G06F 3/0637   Permissions

G06F 3/067   Distributed or networked st...

H04L 63/10   for controlling access to d...

H04L 63/20   for managing network securi...

H04L 67/1097   for distributed storage of ...

Security for logical unit in storage subsystem

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

185 Citations

68 Claims

Specification

Solutions

Use Cases

Quick Links

Security for logical unit in storage subsystem

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

185 Citations

68 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links