Storage system which controls access to logical devices by permitting attribute modes for logical devices to be set
First Claim
Patent Images
1. A storage system which communicates with one or more outer units, comprising:
- a plurality of physical devices having storage regions;
a plurality of logical devices that are logical units formed by using partial storage regions of said physical storage devices;
access attribute mode setting means that sets one or more access attribute modes for each logical device, wherein the set access attribute mode is selected from a plurality of predetermined access attribute modes; and
access control means that controls access to a logical device designated by an outer unit according to the one or more access attribute modes set for the designated logical device when a command from said outer unit requesting access to the logical device is received, and that outputs a response having information about a result of the requested access,wherein said plurality of predetermined access attribute modes include one or more device recognition control modes for applying a predetermined restriction to a device recognition operation by which an outer unit recognizes a logical device itself or preset characteristics of the logical device in the storage system according to a set one of a plurality of device recognition control modes in response to a device recognition command which requests a device recognition operation of the logical device,wherein the access control means includes device recognition control means for outputting to an outer unit, when a received command from the outer unit is a device recognition command requesting a device recognition operation and the set access attribute mode of the designated logical device designated in the received command is a device recognition control mode, an output response having information about the effect of said predetermined restriction on said device recognition operation, andwherein said device recognition control modes includes a read capacity “
0”
mode which allows an outer unit to recognize the logical device but not conduct read or write operations to the logical device and an inquiry restricted mode which does not allow an outer unit to recognize the logical device nor conduct read or write operations to the logical device, andwherein said plurality of predetermined access attribute modes includes a secondary volume disable mode which allows an outer unit to recognize the logical device and conduct read or write operations to the logical device but does not allow the logical device to be used as a secondary volume for another logical device in a copy pair operation.
1 Assignment
0 Petitions
Accused Products
Abstract
There is provided a storage system suitable for an open system which has advanced security functions for logical devices. In a storage system such as a RAID system, 6 types of access attributes which are Readable/Writable, Read Only, Unreadable/Unwritable, Read Capacity 0, Inquiry Restricted, and S-vol Disable, can be set for each logical device. Read Capacity 0 makes a response “capacity 0” upon inquiries from hosts about capacity. Inquiry Restricted does not permit the hosts to recognize logical devices. S-vol Disable does not permit pair forming for duplication of a logical device with another device as the destination of copying. Upon receipt of commands from hosts of the open system, the storage system changes command processes and responses, depending on the difference in operation system, vendor, version, or the like, between hosts.
44 Citations
8 Claims
-
1. A storage system which communicates with one or more outer units, comprising:
-
a plurality of physical devices having storage regions; a plurality of logical devices that are logical units formed by using partial storage regions of said physical storage devices; access attribute mode setting means that sets one or more access attribute modes for each logical device, wherein the set access attribute mode is selected from a plurality of predetermined access attribute modes; and access control means that controls access to a logical device designated by an outer unit according to the one or more access attribute modes set for the designated logical device when a command from said outer unit requesting access to the logical device is received, and that outputs a response having information about a result of the requested access, wherein said plurality of predetermined access attribute modes include one or more device recognition control modes for applying a predetermined restriction to a device recognition operation by which an outer unit recognizes a logical device itself or preset characteristics of the logical device in the storage system according to a set one of a plurality of device recognition control modes in response to a device recognition command which requests a device recognition operation of the logical device, wherein the access control means includes device recognition control means for outputting to an outer unit, when a received command from the outer unit is a device recognition command requesting a device recognition operation and the set access attribute mode of the designated logical device designated in the received command is a device recognition control mode, an output response having information about the effect of said predetermined restriction on said device recognition operation, and wherein said device recognition control modes includes a read capacity “
0”
mode which allows an outer unit to recognize the logical device but not conduct read or write operations to the logical device and an inquiry restricted mode which does not allow an outer unit to recognize the logical device nor conduct read or write operations to the logical device, andwherein said plurality of predetermined access attribute modes includes a secondary volume disable mode which allows an outer unit to recognize the logical device and conduct read or write operations to the logical device but does not allow the logical device to be used as a secondary volume for another logical device in a copy pair operation. - View Dependent Claims (3, 4, 7)
unit mode setting means that selects a unit mode corresponding to the specification of each of the outer units from a plurality of predetermined unit modes, and sets the selected unit mode corresponding to said each of the outer units; mode dependent process storage means that stores, for a predetermined command, a plurality of predetermined mode dependent processes which are respectively associated with said plurality of predetermined unit modes; mode dependent response storage means that stores, for a predetermined command processing result, a plurality of predetermined mode dependent responses which are respectively associated with said plurality of predetermined unit modes; command processing means that receives a command from each outer unit and processes the received command; and command responding means that outputs a response indicating a result of processing of the received command by said command processing means to said each outer unit, wherein said command processing means is arranged so that when the received command from said each outer unit is said predetermined command, said command processing means selects from said plurality of predetermined mode dependent processes, a mode dependent process which is associated with the unit mode of said each outer unit, and performs the selected mode dependent process, and wherein said responding means is arranged so that when the result of processing of the received command is said predetermined command processing result, said command responding means selects from said plurality of predetermined mode dependent responses, a mode dependent response which is associated with the unit mode of said each outer unit, and outputs the selected response to said each outer unit.
-
-
2. A storage system which communicates with one or more outer units, comprising:
-
a plurality of physical devices having storage regions; a plurality of logical devices that are logical units formed by using partial storage regions of said physical storage devices; access attribute mode setting means that sets one or more access attribute modes for each logical device, wherein the set access attribute mode is selected from a plurality of predetermined access attribute modes; and access control means that controls access to a logical device designated by an outer unit according to the one or more access attribute modes set for the designated logical device when a command from said outer device requesting access to the logical device is received, and that outputs a response having information about a result of the requested access, wherein said plurality of predetermined access attribute modes include one or more device recognition control modes for applying a predetermined restriction to a device recognition operation by which an outer unit recognizes a logical device itself or the capacity thereof, wherein the access control means includes device recognition control means for outputting to an outer unit, when a received command from that outer unit is a device recognition operation and the set access attribute mode of the designated logical device designated in that command is a device recognition control mode, an output response having information about the effect of said predetermined restriction on said device recognition operation, and wherein one of the device recognition control modes is a zero reading capacity mode, and when the device recognition operation is a request to recognize the capacity of a designated logical device and the set access attribute mode of the designated logical device is said zero reading capacity mode, the output response includes information indicating that the capacity of the designated logical device is zero.
-
-
5. A storage system which communicates with one or more outer units, comprising:
-
a plurality of physical devices having storage regions; a plurality of logical devices that are logical units formed by using partial storage regions of said physical storage devices; access attribute mode setting means that sets one or more access attribute modes for each logical device, wherein the set access attribute modes are selected from a plurality of predetermined access attribute modes; and access control means that controls access to a logical device designated by an outer unit according to the one or more access attribute modes set for said designated logical device, when a command from said outer unit requesting access to that logical device is received, and that outputs to said outer unit a response having information about a result of the requested access, wherein said plurality of predetermined access attribute modes include one or more copy pair forming control mode for applying predetermined restriction to a copy pair forming operation for forming a copy pair with another logical device which has said designated logical device as a secondary volume, and wherein the access control means comprises copy pair forming control means for outputting to an outer unit, a response having information about the effect of said predetermined restriction on said copy pair forming operation, when a received command from that outer unit is a copy pair forming operation and the set access attribute mode of the logical device designated in that command is a copy pair forming control mode.
-
-
6. A storage system which communicates with one or more outer units, comprising
a plurality of physical devices having storage regions; -
a plurality of logical devices that are logical units formed by using partial storage regions of said physical storage devices; access attribute mode setting means that sets one or more access attribute modes for each logical device, wherein the set access attribute modes are selected from a plurality of predetermined access attribute modes; and access control means that controls access to a logical device designated by an outer unit according to the one or more access attribute modes set for said designated logical device, when a command from said outer unit requesting access to that logical device is received, and that outputs to said outer unit a response having information about a result of the requested access, wherein said plurality of predetermined access attribute modes include one or more copy pair forming control mode for applying predetermined restriction to a copy pair forming operation for forming a copy pair with another logical device which has said designated logical device as a secondary volume, wherein the access control means comprises copy pair forming control means for outputting to an outer unit a response having information about the effect of said predetermined restriction on said copy pair forming operation when a received command from that outer unit is a copy pair forming operation and the set access attribute mode of the logical device designated in that command is a copv pair forming control mode, wherein said plurality of predetermined access attribute modes further includes one or more data manipulation control modes for controlling operations for reading or writing data from/to the designated logical device, and/or one or more device recognition control modes for applying a predetermined restriction to operations for recognizing a logical device itself or the capacity thereof, and wherein the access attribute mode setting means is capable of setting on the same logical device, a copy pair forming control mode in addition to either a data manipulation control mode or a device recognition control mode.
-
-
8. A computer system comprising a plurality of outer units of different types and a storage system which communicates with the outer units, said storage system includes a plurality of logical devices,
wherein each of the plurality of outer units is installed with an application program which uses the storage system, and a storage management program for performing management control including setting and controlling one or more security functions in each of the logical devices included in the storage system in response to the application program, wherein said one or more security functions for each logical device includes a function for applying a predetermined restriction to a device recognition operation by which an outer unit recognizes said each logical device itself or the capacity thereof, wherein each of the plurality of outer units is arranged to use its application program to automatically perform said management control via said storage management program, and wherein said storage system includes another program which sets or changes information of said one or more security functions in said storage system.
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeHitachi, Ltd.
-
Original AssigneeHitachi, Ltd.
-
InventorsHomma, Hisao, Nagasoe, Yasuyuki
-
Primary Examiner(s)Peugh, Brian R.
-
Assistant Examiner(s)Diller, Jesse
-
Application NumberUS10/769,887Publication NumberTime in Patent Office987 DaysField of Search711/163, 711/203US Class Current711/163CPC Class CodesG06F 3/0605 by facilitating the interac...G06F 3/0623 in relation to contentG06F 3/0632 by initialisation or re-ini...G06F 3/0637 PermissionsG06F 3/067 Distributed or networked st...Y10S 707/99939 Privileged access
