Security method and system for storage subsystem
First Claim
1. A storage system adapted to be coupled to a plurality of host computers, said storage system comprising:
- a plurality of disk drives storing data from said host computers, said disk drives forming a plurality of logical units, said logical units having logical unit numbers; and
a controller controlling read/write of data from/to said disk drives in response to access from said host computers to said logical units by using a map, wherein said map includes an identifier of a host group having some of said host computers and a plurality of virtual logical unit numbers, one or more of said virtual logical unit numbers being mapped to said identifier of said host group and each of said virtual logical unit numbers being a renumbered identifier of one of said logical unit numbers.
0 Assignments
0 Petitions
Accused Products
Abstract
According to the present invention, techniques for performing security functions in computer storage subsystems in order to prevent illegal access by the host computers according to logical unit (LU) identity are provided. In representative embodiments management tables can be used to disclose the Logical Unit in the storage subsystem to the host computers in accordance with the users operational needs. In a specific embodiment, accessibility to a storage subsystem resource can be decided when an Inquiry Command is received, providing systems and apparatus wherein there is no further need to repeatedly determine accessibility for subsequent accesses to the Logical Unit. Many such embodiments can maintain relatively high performance, while providing robust security for each LU.
93 Citations
37 Claims
-
1. A storage system adapted to be coupled to a plurality of host computers, said storage system comprising:
-
a plurality of disk drives storing data from said host computers, said disk drives forming a plurality of logical units, said logical units having logical unit numbers; and
a controller controlling read/write of data from/to said disk drives in response to access from said host computers to said logical units by using a map, wherein said map includes an identifier of a host group having some of said host computers and a plurality of virtual logical unit numbers, one or more of said virtual logical unit numbers being mapped to said identifier of said host group and each of said virtual logical unit numbers being a renumbered identifier of one of said logical unit numbers.
-
-
2. A storage system adapted to be coupled to a plurality of host computers, said storage system comprising:
-
a plurality of disk drives storing data from said host computers, said disk drives forming a plurality of logical units, said logical units having logical unit numbers; and
a controller having an access management map, wherein said access management map includes an identifier of a host group having some of said host computers and a plurality of virtual logical unit numbers, one or more of said virtual logical unit numbers being mapped to said identifier of said host group and each of said virtual logical unit numbers being a renumbered identifier of one of said logical unit numbers, said access management map being used to control access from said host group to said logical units. - View Dependent Claims (3, 4, 5, 6, 7, 8)
-
-
9. A storage system adapted to be coupled to a plurality of host computers, said storage system comprising:
-
a plurality of disk drives storing data from said host computers, said disk drives forming a plurality of logical units, said logical units having logical unit numbers; and
a controller having an access management table, wherein said access management table includes an identifier of a host group having some of said host computers and a plurality of virtual logical unit numbers, one or more of said virtual logical unit numbers being mapped to said identifier of said host group and each of said virtual logical unit numbers being a renumbered identifier of one of said logical unit numbers, said access management table being used to control access from said host group to said logical units. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A storage system adapted to be coupled to a plurality of host computers, said storage system comprising:
-
a plurality of disk drives storing data from said host computers, said disk drives forming a plurality of logical units, said logical units having logical unit numbers; and
a controller controlling read/write of data from/to said disk drives in response to access from said host computers to said logical units by using an access management map, wherein said access management map includes an identifier of a host group having some of said host computers and a plurality of virtual logical unit numbers, one or more of said virtual logical unit numbers being mapped to said identifier of said host group rind each of said virtual logical unit numbers being a renumbered identifier of one of said logical unit numbers. - View Dependent Claims (16, 17, 18, 19, 20)
-
-
21. A storage system adapted to be coupled to a plurality of host computers, said storage system comprising:
-
a plurality of disk drives storing data from said host computers, said disk drives forming a plurality of logical units, said logical units having logical unit numbers; and
a controller controlling read/write of data from/to said disk drives in response to accesses from said host computers to said logical units by using an access management table, wherein said access management table includes an identifier of a host group having some of said host computers and a plurality of virtual logical unit numbers, one or more of said virtual logical unit numbers being mapped to said identifier of said host group and each of said virtual logical unit numbers being a renumbered identifier of one of said logical unit numbers. - View Dependent Claims (22, 23, 24, 25, 26, 27)
-
-
28. A storage system adapted to be coupled to a plurality of host computers, said storage system comprising:
-
a plurality of disk drives storing data from said host computers, said disk drives forming a plurality of logical units, said logical units having logical unit numbers; and
a controller controlling read/write of data from/to said disk drives in response to accesses from said host computers to said logical units;
wherein said controller includes an access management map which includes a plurality of identifiers each of said identifiers corresponding to a host group having some of said host computers and a plurality of virtual logical unit numbers, each being a renumbered identifier of one of said logical unit numbers, wherein some of said virtual logical unit numbers allocated to each said host group begin with zero and others begin with a non-zero number, and wherein said controller controls access from said host group to said logical units in accordance with said access management map. - View Dependent Claims (29, 30, 31, 32)
-
-
33. A storage system adapted to be coupled to a plurality of host computers, said storage system comprising:
-
a plurality of disk drives storing data from said host computers, said disk drives forming a plurality of logical units, said logical units having logical unit numbers; and
a controller controlling read/write of data from/to said disk drives in response to accesses from said host computers to said logical units;
wherein said controller includes an access management table which maps an identifier of a host group having some of said host computers and a plurality of virtual logical unit numbers, each being a renumbered identifier of one of said logical unit numbers, wherein said virtual logical unit numbers begin with a non-zero number, and wherein said controller controls access from said host group to said logical units in accordance with said access management table. - View Dependent Claims (34, 35, 36, 37)
-
Specification