Security method and system for storage subsystem

US 6,947,938 B2
Filed: 12/15/2003
Issued: 09/20/2005
Est. Priority Date: 01/14/2000
Status: Expired due to Fees

First Claim

Patent Images

1. A storage system adapted to be coupled to a plurality of host computers, said storage system comprising:

a plurality of disk drives storing data from said host computers, said disk drives forming a plurality of logical units, said logical units having logical unit numbers; and

a controller controlling read/write of data from/to said disk drives in response to access from said host computers to said logical units by using a map, wherein said map includes an identifier of a host group having some of said host computers and a plurality of virtual logical unit numbers, one or more of said virtual logical unit numbers being mapped to said identifier of said host group and each of said virtual logical unit numbers being a renumbered identifier of one of said logical unit numbers.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

According to the present invention, techniques for performing security functions in computer storage subsystems in order to prevent illegal access by the host computers according to logical unit (LU) identity are provided. In representative embodiments management tables can be used to disclose the Logical Unit in the storage subsystem to the host computers in accordance with the users operational needs. In a specific embodiment, accessibility to a storage subsystem resource can be decided when an Inquiry Command is received, providing systems and apparatus wherein there is no further need to repeatedly determine accessibility for subsequent accesses to the Logical Unit. Many such embodiments can maintain relatively high performance, while providing robust security for each LU.

93 Citations

View as Search Results

37 Claims

1. A storage system adapted to be coupled to a plurality of host computers, said storage system comprising:
- a plurality of disk drives storing data from said host computers, said disk drives forming a plurality of logical units, said logical units having logical unit numbers; and
  
  a controller controlling read/write of data from/to said disk drives in response to access from said host computers to said logical units by using a map, wherein said map includes an identifier of a host group having some of said host computers and a plurality of virtual logical unit numbers, one or more of said virtual logical unit numbers being mapped to said identifier of said host group and each of said virtual logical unit numbers being a renumbered identifier of one of said logical unit numbers.

2. A storage system adapted to be coupled to a plurality of host computers, said storage system comprising:
- a plurality of disk drives storing data from said host computers, said disk drives forming a plurality of logical units, said logical units having logical unit numbers; and
  
  a controller having an access management map, wherein said access management map includes an identifier of a host group having some of said host computers and a plurality of virtual logical unit numbers, one or more of said virtual logical unit numbers being mapped to said identifier of said host group and each of said virtual logical unit numbers being a renumbered identifier of one of said logical unit numbers, said access management map being used to control access from said host group to said logical units.
- View Dependent Claims (3, 4, 5, 6, 7, 8)
- - 3. The storage system according to claim 2, wherein said access management map permits mapping of different logical unit numbers to a same virtual logical unit number for different host groups.
  - 4. The storage system according to claim 2, wherein said access management map does not permit mapping of different logical unit numbers to one host group at a same virtual logical unit number.
  - 5. The storage system according to claim 2, wherein said virtual logical unit numbers allocated to each host group begin with 0, and wherein each of said virtual logical unit numbers is a renumbered identifier of one of said logical unit numbers.
  - 6. The storage system according to claim 2, wherein said virtual logical unit numbers allocated to each host group begin with 0 and increment by 1, and wherein each of said virtual logical unit numbers is a renumbered identifier of one of said logical unit numbers.
  - 7. The storage system according to claim 2,wherein each of said virtual logical unit numbers can be specified by a user.
  - 8. The storage system according to claim 2, wherein said host computers included in said host group are related to each other.

9. A storage system adapted to be coupled to a plurality of host computers, said storage system comprising:
- a plurality of disk drives storing data from said host computers, said disk drives forming a plurality of logical units, said logical units having logical unit numbers; and
  
  a controller having an access management table, wherein said access management table includes an identifier of a host group having some of said host computers and a plurality of virtual logical unit numbers, one or more of said virtual logical unit numbers being mapped to said identifier of said host group and each of said virtual logical unit numbers being a renumbered identifier of one of said logical unit numbers, said access management table being used to control access from said host group to said logical units.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The storage system according to claim 9, wherein said access management table permits mapping of different logical unit numbers to a same virtual logical unit number for different host groups.
  - 11. The storage system according to claim 9, wherein said access management table does not permit mapping of different logical unit numbers to one host group at a same virtual logical unit number.
  - 12. The storage system according to claim 9, wherein said virtual logical unit numbers allocated to each host group begin with 0, and wherein each of said virtual logical unit numbers is a renumbered identifier of one of said logical unit numbers.
  - 13. The storage system according to claim 9, wherein said virtual logical unit numbers allocated to each host group begin with 0 and increment by 1, and wherein each of said virtual logical unit numbers is a renumbered identifier of one of said logical unit numbers.
  - 14. The storage system according to claim 9, wherein each of said virtual logical unit numbers can be specified by a user.

15. A storage system adapted to be coupled to a plurality of host computers, said storage system comprising:
- a plurality of disk drives storing data from said host computers, said disk drives forming a plurality of logical units, said logical units having logical unit numbers; and
  
  a controller controlling read/write of data from/to said disk drives in response to access from said host computers to said logical units by using an access management map, wherein said access management map includes an identifier of a host group having some of said host computers and a plurality of virtual logical unit numbers, one or more of said virtual logical unit numbers being mapped to said identifier of said host group rind each of said virtual logical unit numbers being a renumbered identifier of one of said logical unit numbers.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The storage system according to claim 15, wherein said access management map permits mapping of different logical unit numbers to a same virtual logical unit number for different host groups.
  - 17. The storage system according to claim 15, wherein said access management map does not permit mapping of different logical unit numbers to one host group at a same virtual logical unit number.
  - 18. The storage system according to claim 15, wherein said virtual logical unit numbers allocated to each host group begin with 0, and wherein each of said virtual logical unit numbers is a renumbered identifier of one of said logical unit numbers.
  - 19. The storage system according to claim 15, wherein said virtual logical unit numbers allocated to each host group begin with 0 and increment by 1, and wherein each of said virtual logical unit numbers is a renumbered identifier of one of said logical unit numbers.
  - 20. The storage system according to claim 15, wherein each of said virtual logical unit numbers can be specified by a user.

21. A storage system adapted to be coupled to a plurality of host computers, said storage system comprising:
- a plurality of disk drives storing data from said host computers, said disk drives forming a plurality of logical units, said logical units having logical unit numbers; and
  
  a controller controlling read/write of data from/to said disk drives in response to accesses from said host computers to said logical units by using an access management table, wherein said access management table includes an identifier of a host group having some of said host computers and a plurality of virtual logical unit numbers, one or more of said virtual logical unit numbers being mapped to said identifier of said host group and each of said virtual logical unit numbers being a renumbered identifier of one of said logical unit numbers.
- View Dependent Claims (22, 23, 24, 25, 26, 27)
- - 22. The storage system according to claim 21, wherein said access management table permits mapping of different logical unit numbers to a same virtual logical unit number for different host groups.
  - 23. The storage system according to claim 21, wherein said access management table does not permit mapping of different logical unit numbers to one host group at a same virtual logical unit number.
  - 24. The storage system according to claim 21, wherein said virtual logical unit numbers allocated to each host group begin with 0, and wherein each of said virtual logical unit numbers is a renumbered identifier of one of said logical unit numbers.
  - 25. The storage system according to claim 21, wherein said virtual logical unit numbers allocated to each host group begin with 0 and increment by 1, and wherein each of said virtual logical unit numbers is a renumbered identifier of one of said logical unit numbers.
  - 26. The storage system according to claim 21, wherein each of said virtual logical unit numbers can be specified by a user.
  - 27. The storage system according to claim 21, wherein said host computers included in said host group are related to each other.

28. A storage system adapted to be coupled to a plurality of host computers, said storage system comprising:
- a plurality of disk drives storing data from said host computers, said disk drives forming a plurality of logical units, said logical units having logical unit numbers; and
  
  a controller controlling read/write of data from/to said disk drives in response to accesses from said host computers to said logical units;
  
  wherein said controller includes an access management map which includes a plurality of identifiers each of said identifiers corresponding to a host group having some of said host computers and a plurality of virtual logical unit numbers, each being a renumbered identifier of one of said logical unit numbers, wherein some of said virtual logical unit numbers allocated to each said host group begin with zero and others begin with a non-zero number, and wherein said controller controls access from said host group to said logical units in accordance with said access management map.
- View Dependent Claims (29, 30, 31, 32)
- - 29. The storage system according to claim 28, wherein said access management map permits mapping of different logical unit numbers to a same virtual logical unit number for different host groups.
  - 30. The storage system according to claim 28, wherein said access management map does not permit mapping of different logical unit numbers to one host group at a same virtual logical unit number.
  - 31. The storage system according to claim 28, wherein some of said virtual logical unit numbers corresponding to said host group increment by 1.
  - 32. The storage system according to claim 28, wherein each of said virtual logical unit numbers can be specified by a user.

33. A storage system adapted to be coupled to a plurality of host computers, said storage system comprising:
- a plurality of disk drives storing data from said host computers, said disk drives forming a plurality of logical units, said logical units having logical unit numbers; and
  
  a controller controlling read/write of data from/to said disk drives in response to accesses from said host computers to said logical units;
  
  wherein said controller includes an access management table which maps an identifier of a host group having some of said host computers and a plurality of virtual logical unit numbers, each being a renumbered identifier of one of said logical unit numbers, wherein said virtual logical unit numbers begin with a non-zero number, and wherein said controller controls access from said host group to said logical units in accordance with said access management table.
- View Dependent Claims (34, 35, 36, 37)
- - 34. The storage system according to claim 33, wherein said access management table permits mapping of different logical unit numbers to a same virtual logical unit number for different host groups.
  - 35. The storage system according to claim 33, wherein said access management table does not permit mapping of different logical unit numbers to one host group at a same virtual logical unit number.
  - 36. The storage system according to claim 33, wherein said virtual logical unit numbers corresponding to said host group begin with said non-zero number and increment by 1.
  - 37. The storage system according to claim 33, wherein each of said virtual logical unit numbers can be specified by a user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hitachi, Ltd.
Original Assignee
Hitachi, Ltd.
Inventors
Okami, Yoshinori, Ito, Ryusuke
Primary Examiner(s)
Breene, John E.
Assistant Examiner(s)
Liang, Gwen

Application Number

US10/737,641
Publication Number

US 20040128311A1
Time in Patent Office

645 Days
Field of Search

707/100, 707/9, 707/10, 709/229, 709/211, 709/238, 710/107, 711/152, 711/100
US Class Current

1/1
CPC Class Codes

G06F 2003/0697   device management, e.g. han...

G06F 21/62   Protecting access to data v...

G06F 2221/2141   Access rights, e.g. capabil...

G06F 3/0601   Interfaces specially adapte...

G06F 3/0622   in relation to access

G06F 3/0635   by changing the path, e.g. ...

G06F 3/0637   Permissions

G06F 3/0659   Command handling arrangemen...

G06F 3/067   Distributed or networked st...

H04L 61/103   across network layers, e.g....

H04L 67/1097   for distributed storage of ...

Y10S 707/954   Relational

Y10S 707/99933   Query processing, i.e. sear...

Y10S 707/99939   Privileged access

Security method and system for storage subsystem

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

93 Citations

37 Claims

Specification

Use Cases

Quick Links

Others

Security method and system for storage subsystem

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

93 Citations

37 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others