System and method for access control on a storage router
First Claim
1. A method for controlling access to a target on a storage area network, the method comprising:
- providing an access control list to an iSCSI router of a storage router, the access control list having a set of one or more entries, each entry having an access control type and an access control value;
receiving a request to access the target from an initiator;
receiving a set of one or more initiator authentication values, each of said initiator authentication values having an initiator authentication type;
for each of the initiator authentication types, searching the access control list for a matching authentication control type; and
if a matching control type exists in the access control list for an authentication type, then if the authentication value does not match the access control value for the access control denying access to the target.
2 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods control access to an iSCSI target on a storage area network. The systems and methods include an access control list having a set of one or more entries. Each entry may have an access control type and an access control value. Requests may be received from an initiator on a host connected to the system through a network interface. The request may include a set of one or more initiator authentication values, each of the initiator authentication values having an initiator authentication type. The access control list may be searched for an entry matching the authentication type and value. If such an entry is not found, access to the target may be denied.
-
Citations
34 Claims
-
1. A method for controlling access to a target on a storage area network, the method comprising:
-
providing an access control list to an iSCSI router of a storage router, the access control list having a set of one or more entries, each entry having an access control type and an access control value; receiving a request to access the target from an initiator; receiving a set of one or more initiator authentication values, each of said initiator authentication values having an initiator authentication type; for each of the initiator authentication types, searching the access control list for a matching authentication control type; and if a matching control type exists in the access control list for an authentication type, then if the authentication value does not match the access control value for the access control denying access to the target. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system for controlling access to an iSCSI target, the system comprising:
-
a storage router having a processor, a memory and at least one network interface; a SCSI router component executing on the processor and the memory and operable to receive a request to access a target from an initiator through the network interface; and an access control list accessible to the SCSI router, said access control list having a set of one or more entries, each entry having an access control type and an access control value; wherein the SCSI router is operable to perform the tasks of; receive a set of one or more initiator authentication values, each of said initiator authentication values having an initiator authentication type; for each of the initiator authentication types, search the access control list for a matching authentication control type; and if a matching control type exists in the access control list for an authentication type, then if the authentication value does not match the access control value for the access control denying access to the target. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A computer-readable medium having computer-executable instructions for performing a method for controlling access to a target on a storage area network, the method comprising:
-
providing an access control list to an iSCSI router component of a storage router, the access control list having a set of one or more entries, each entry having an access control type and an access control value; receiving a request to access the target from an initiator; receiving a set of one or more initiator authentication values, each of said initiator authentication values having an initiator authentication type; for each of the initiator authentication types, searching the access control list for a matching authentication control type; and if a matching control type exists in the access control list for an authentication type, then if the authentication value does not match the access control value for the access control denying access to the target. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26)
-
-
27. A system for controlling access to an iSCSI target, the system comprising:
-
means for providing an access control list to an iSCSI router of a storage router, the access control list having a set of one or more entries, each entry having an access control type and an access control value; means for receiving a request to access the iSCSI target from an initiator; means for receiving a set of one or more initiator authentication values, each of said initiator authentication values having an initiator authentication type; and means for searching the access control list, for a matching authentication control type; wherein if a matching control type exists in the access control list for an authentication type, then if the authentication value does not match the access control value for the access control denying access to the target. - View Dependent Claims (28, 29, 30, 31, 32, 33, 34)
-
Specification