Secure storage system
First Claim
1. A storage system having a storage device and a client connected to a virtual private network (“
- VPN”
) using the storage device, the system comprising;
a management apparatus that manages the storage device by means of a logical volume assigned to the storage device;
a conversion apparatus that converts between a protocol corresponding to the storage device and a protocol used for the virtual private network; and
a mapping means that stores a VPN identifier allocated to the client and an access address range in the logical volume of the storage device corresponding to the virtual private network.
1 Assignment
0 Petitions
Accused Products
Abstract
A secure storage system for securely accessing a storage device on a network and improving volume management scalability, consisting of a client having a VPN capability; a storage device in an SAN; a management apparatus having a means for managing a storage capacity and a logical volume allocated to the storage device; a converter for converting a protocol used in the SAN to a protocol used in a LAN/MAN/WAN and vice versa; and a conversion apparatus having the VPN capability. A VPN is provided between the client and the conversion apparatus. The conversion apparatus is provided with a mapping between the VPN and an access range of the storage device. A VPN-ID is used for identifying the VPN. An address in the logical volume is used for the access range of the storage device.
42 Citations
20 Claims
-
1. A storage system having a storage device and a client connected to a virtual private network (“
- VPN”
) using the storage device, the system comprising;a management apparatus that manages the storage device by means of a logical volume assigned to the storage device; a conversion apparatus that converts between a protocol corresponding to the storage device and a protocol used for the virtual private network; and a mapping means that stores a VPN identifier allocated to the client and an access address range in the logical volume of the storage device corresponding to the virtual private network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 19)
- VPN”
-
12. A conversion apparatus connected to a storage device, wherein
the conversion apparatus is connected to a client using the storage device via a virtual private network (“ - VPN”
), wherein the conversion apparatus comprises;a protocol conversion means for converting between a protocol corresponding to the storage device and a protocol used for the virtual private network; and a mapping means that stores a VPN identifier allocated to the client and an access address range in the logical volume of the storage device corresponding to the virtual private network. - View Dependent Claims (13, 14, 20)
- VPN”
-
15. A storage system comprising a storage device, a client connected to a virtual private network (“
- VPN”
), a management apparatus that manages the storage device by means of a logical volume assigned to the storage device, a mapping means that stores a VPN identifier allocated to the client and an access address range in the logical volume of the storage device corresponding to the virtual private network, a conversion apparatus that is connected to the client via the virtual private network and converts between a protocol for the storage device and a protocol used for the virtual private network, and the mapping means that stores the VPN identifier allocated to the client and the access address range in the logical volume of the storage device corresponding to the virtual private network, whereinthe conversion apparatus, upon reception of an access request from the client via the virtual private network, writes data to the storage device connected to the conversion apparatus based on a check result of the VPN identifier; and the conversion apparatus, upon reception of a response for write termination from the storage device, returns the response for write termination to the client to terminate a process to write data from the client.
- VPN”
-
16. A storage system comprising a storage device, a client connected to a virtual private network (“
- VPN”
), a management apparatus that manages the storage device by means of a logical volume assigned to the storage device, a mapping means that stores a VPN identifier allocated to the client and an access address range in the logical volume of the storage device corresponding to the virtual private network, a conversion apparatus that is connected to the client via the virtual private network and converts between a protocol for the storage device and a protocol used for the virtual private network, and a backup conversion apparatus that is connected to the conversion apparatus and a backup storage device and that converts between a protocol for the backup storage device and a protocol used for the conversion apparatus, whereinthe conversion apparatus, upon reception of an access request from the client via the virtual private network, sends the access request to the backup conversion apparatus specified in a conversion table based on a first check result of the VPN identifier; the conversion apparatus writes data to the storage device connected to the conversion apparatus; the conversion apparatus, upon reception of a response for write termination from the storage device, returns the response for write termination to the client; the backup conversion apparatus, upon reception of an access request from the conversion apparatus, writes data to the backup storage device connected to the backup conversion apparatus based on a second check result of the VPN identifier and, upon reception of a response for write termination from the backup storage device, returns the response for write termination to the conversion apparatus; and the conversion apparatus, upon reception of a response from the backup conversion apparatus, terminates the process to write data from the client.
- VPN”
-
17. A storage system comprising a storage device, a client connected to a virtual private network (“
- VPN”
), a management apparatus that manages the storage device by means of a logical volume assigned to the storage device, a mapping means that stores a VPN identifier allocated to the client and an access address range in the logical volume of the storage device corresponding to the virtual private network, a conversion apparatus that is connected to the client via the virtual private network and converts between a protocol for the storage device and a protocol used for the virtual private network, and a backup conversion apparatus that is connected to the conversion apparatus and a backup storage device and that converts between a protocol for the backup storage device and a protocol used for the conversion apparatus, whereinthe conversion apparatus, upon reception of an access request from the client via the virtual private network, sends a request to read data to the storage device connected to the conversion apparatus based on a first check result of the VPN identifier; the conversion apparatus, upon unsuccessful reception of data from the storage device, sends an access request to the backup conversion apparatus connected to the conversion apparatus; the backup conversion apparatus, upon reception of an access request from the conversion apparatus, reads data from the backup storage device connected to the backup conversion apparatus based on a second check result of the VPN identifier and, upon reception of data from the backup storage device, sends the data from the backup storage device to the conversion apparatus; and the conversion apparatus, upon reception of data from the backup conversion apparatus, sends the data from the backup storage device to the client. - View Dependent Claims (18)
- VPN”
Specification