Method for out of user space I/O with server authentication
First Claim
1. A method, in a data processing system, for performing input/output (I/O) operations with a remotely located storage system, comprising:
- receiving an I/O request from an application instance, wherein the I/O request includes a key value for identifying an entry in a translation protection table data structure, and wherein the I/O request targets a portion of a storage device in the remotely located storage system upon which an I/O operation is to be performed;
retrieving an entry from a translation protection table based on the key value, wherein the entry includes an identifier of the storage device and a logical unit number corresponding to the portion of the storage device targeted by the I/O request;
generating a storage command based on the identifier of the storage device and the logical unit number retrieved with the entry from the translation protection table;
placing the storage command in a storage command queue for transmission to the remotely located storage system;
receiving, from the application instance, a request to open the portion of the storage device wherein the request includes an authentication key;
sending a command, having the authentication key, to the remotely located storage system to open the portion of the storage device;
returning results of the command to open the portion of the storage device to the application instance;
receiving, from the application instance, a request to allocate a logical unit of the storage device to the portion of the storage device for input/output operations of the application instance;
sending an allocate command, generated based on the received request to allocate the logical unit, to the remotely located storage system; and
receiving a response from the remotely located storage system identifying an authentication key for use in opening the logical unit of the portion of the storage device for I/O operations, wherein the remotely located storage system performs authentication on the command to open the portion of the storage device based on the authentication key, and wherein the authentication key is an authentication key generated and provided by the remotely located storage system to the application instance and is stored in a storage device of the data processing system that is only accessible by the application instance.
2 Assignments
0 Petitions
Accused Products
Abstract
A method that enables user space middleware or applications to pass I/O storage requests directly to a network attached storage device via a storage server that performs authentication is provided. A mechanism is provided for using a translation protection table (TPT) data structure, which may include a file name protection table (FNPT) and file extension protection table (FEPT), or logical volume protection table (LVPT), to control user space and out of user space Input/Output (I/O) operations. The storage server performs authentication of an application instance'"'"'s request to open an operating system logical volume and, upon being authenticated, permits the application instance to submit I/O storage requests via the TPT to the opened OS logical volume. I/O storage requests are translated into storage commands using the TPT and the storage commands are encapsulated for transmission via one or more networks to the storage server.
-
Citations
15 Claims
-
1. A method, in a data processing system, for performing input/output (I/O) operations with a remotely located storage system, comprising:
-
receiving an I/O request from an application instance, wherein the I/O request includes a key value for identifying an entry in a translation protection table data structure, and wherein the I/O request targets a portion of a storage device in the remotely located storage system upon which an I/O operation is to be performed; retrieving an entry from a translation protection table based on the key value, wherein the entry includes an identifier of the storage device and a logical unit number corresponding to the portion of the storage device targeted by the I/O request; generating a storage command based on the identifier of the storage device and the logical unit number retrieved with the entry from the translation protection table; placing the storage command in a storage command queue for transmission to the remotely located storage system; receiving, from the application instance, a request to open the portion of the storage device wherein the request includes an authentication key; sending a command, having the authentication key, to the remotely located storage system to open the portion of the storage device; returning results of the command to open the portion of the storage device to the application instance; receiving, from the application instance, a request to allocate a logical unit of the storage device to the portion of the storage device for input/output operations of the application instance; sending an allocate command, generated based on the received request to allocate the logical unit, to the remotely located storage system; and receiving a response from the remotely located storage system identifying an authentication key for use in opening the logical unit of the portion of the storage device for I/O operations, wherein the remotely located storage system performs authentication on the command to open the portion of the storage device based on the authentication key, and wherein the authentication key is an authentication key generated and provided by the remotely located storage system to the application instance and is stored in a storage device of the data processing system that is only accessible by the application instance. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method, in a data processing system, for performing input/output (I/O) operations with a remotely located storage system, comprising:
-
receiving an I/O request from an application instance, wherein the I/O request includes a key value for identifying an entry in a translation protection table data structure, and wherein the I/O request targets a portion of a storage device in the remotely located storage system upon which an I/O operation is to be performed; retrieving an entry from a translation protection table based on the key value, wherein the entry includes an identifier of the storage device and a logical unit number corresponding to the portion of the storage device targeted by the I/O request; generating a storage command based on the identifier of the storage device and the logical unit number retrieved with the entry from the translation protection table; placing the storage command in a storage command queue for transmission to the remotely located storage system; receiving, from the application instance, a request to open the portion of the storage device wherein the request includes an authentication key; sending a command, having the authentication key, to the remotely located storage system to open the portion of the storage device; returning results of the command to open the portion of the storage device to the application instance; receiving a request to modify an entry in the translation protection table data structure for the portion of the storage device; modifying the entry in the translation protection table data structure; returning attributes of the modified entry in the translation protection table; and determining if there are any active transactions on the entry in the translation protection table data structure, wherein the data processing system modifies the entry in the translation protection table data structure only if there are no active transactions on the entry, wherein the remotely located storage system performs authentication on the command to open the portion of the storage device based on the authentication key, and wherein the authentication key is an authentication key generated and provided by the remotely located storage system to the application instance and is stored in a storage device of the data processing system that is only accessible by the application instance. - View Dependent Claims (13)
-
-
14. A method, in a data processing system, for performing input/output (I/O) operations with a remotely located storage system, comprising:
-
receiving an I/O request from an application instance, wherein the I/O request includes a key value for identifying an entry in a translation protection table data structure, and wherein the I/O request targets a portion of a storage device in the remotely located storage system upon which an I/O operation is to be performed; retrieving an entry from a translation protection table based on the key value, wherein the entry includes an identifier of the storage device and a logical unit number corresponding to the portion of the storage device targeted by the I/O request; generating a storage command based on the identifier of the storage device and the logica1 unit number retrieved with the entry from the translation protection table; placing the storage command in a storage command queue for transmission to the remotely located storage system; receiving, from the application instance, a request to open the portion of the storage device wherein the request includes an authentication key; sending a command, having the authentication key, to the remotely located storage system to open the portion of the storage device; returning results of the command to open the portion of the storage device to the application instance; receiving a request to delete an entry in the translation protection table data structure for the portion of the storage device; marking the entry in the translation protection table data structure as being invalid; and determining if there are any active transactions on the entry in the translation protection table data structure, wherein the data processing system marks the entry in the translation protection table data structure as being invalid only if there are no active transactions on the entry, wherein the remotely located storage system performs authentication on the command to open the portion of the storage device based on the authentication key, and wherein the authentication key is an authentication key generated and provided by the remotely located storage system to the application instance and is stored in a storage device of the data processing system that is only accessible by the application instance. - View Dependent Claims (15)
-
Specification