Methods and apparatus for establishing communications with a data storage system

US 7,624,265 B1
Filed: 12/24/2001
Issued: 11/24/2009
Est. Priority Date: 02/14/2001
Status: Active Grant

First Claim

Patent Images

1. In a computer system, a method comprising:

receiving, from a data storage system, a request to establish a communications session with the data storage system;

providing data storage system search criteria including user authentication information to a connection monitor computer system to produce a set of data storage system identities that meet the data storage system search criteria;

receiving a set of data storage system identities including identities of data storage systems to which a user, identified by the user authentication information, is allowed to establish a packet communications session;

allowing the user to select at least one data storage system identity from the set of data storage system identities;

establishing a first packet communications session from the computer system to a data communications device capable of communicating with the data storage system;

establishing a second packet communications session from the data communications device to a service processor associated with the data storage system; and

performing packet communications between the computer system and the service processor associated with the data storage system using the first and second packet communications sessions.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Mechanisms and techniques allow for the establishment of secure, authenticated packet-based communications sessions between a computer system and a processor, such as a service processor, within a data storage system. The computer system is configured with a connection process connection process that operates under user control and that can establish a first packet communications session to a data communications device such as a router within a first computer network such as a vendor computer network. The connection process connection process can then cause the data communications device to establish a second packet communications session between the data communications device and the processor within the data storage system in a secure, reliable and authenticated manner. Using a unique handshaking technique, the connection process connection process in the computer system, the data communications device, and a service process operating in a service processor on the data storage system can negotiate the establishment of the packet communications sessions to allow applications in these components of to make use of standardized communications techniques such as TCP/IP.

Citations

30 Claims

1. In a computer system, a method comprising:
- receiving, from a data storage system, a request to establish a communications session with the data storage system;
  
  providing data storage system search criteria including user authentication information to a connection monitor computer system to produce a set of data storage system identities that meet the data storage system search criteria;
  
  receiving a set of data storage system identities including identities of data storage systems to which a user, identified by the user authentication information, is allowed to establish a packet communications session;
  
  allowing the user to select at least one data storage system identity from the set of data storage system identities;
  
  establishing a first packet communications session from the computer system to a data communications device capable of communicating with the data storage system;
  
  establishing a second packet communications session from the data communications device to a service processor associated with the data storage system; and
  
  performing packet communications between the computer system and the service processor associated with the data storage system using the first and second packet communications sessions.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The method of claim 1 wherein the step of receiving a request to establish a communications session with a data storage system comprises:
    - receiving user authentication information for a user of the computer system;
      
      authenticating an identity of the user based on the user authentication information.
  - 3. The method of claim 2 wherein:
    - the request to establish a communications session with a data storage system includes the identity of the data storage system to which a communications session is to be established; and
      
      wherein the identity specifies at least one of;
      
      i) a phone number of a service processor modem associated with the data storage system;
      
      ii) a serial number of the data storage system; and
      
      iii) customer information related to a customer operating the data storage system.
  - 4. The method of claim 1 wherein:
    - the data storage system search criteria is received from at least one of;
      
      i) a user of the computer system;
      
      ii) a service ticket identifying a data storage system.
  - 5. The method of claim 1 wherein establishing a first packet communications session comprises:
    - obtaining connection information for the data communications device, wherein the obtaining comprises;
      
      initiating the first packet communications session from the computer system to the data communications using the connection information for the data communications device;
      
      providing, to the data communications device, the user authentication information such that the data communication device can determine if a user of the computer system is authorized to establish the first packet communications session; and
      
      providing, to a connection monitor computer system, a request for an address of a data communications device, the request including data communications device selection criteria allowing the connection monitor computer system to select and return an address of an available data communications device that is authorized to establish the second packet communications session to the data storage system; and
      
      receiving the address of the data communications device selected by the connection monitor computer system.
  - 6. The method of claim 5 wherein the request for an address of the data communications device includes at least one of:
    - i) a portion of the user authentication information;
      
      ii) customer information concerning a customer operating the data storage system; and
      
      iii) connection information associated with the data storage system; and
      
      wherein the connection monitor computer system compares the request for an address against user and customer data to determine what data storage systems a user providing the request is allowed to access.
  - 7. The method of claim 5 wherein receiving a request to initiate a communications session with the data storage system further comprises:
    - receiving a service ticket from the data storage system; and
      
      analyzing the service ticket to determine an identity of the data storage system to which a packet communications session is to be established from the computer system.
  - 8. The method of claim 1 wherein:
    - the step of initiating the first packet communications session establishes an internet protocol communications session between the computer system and the data communications device; and
      
      wherein the step of providing, to the data communications device, first packet communications session authentication information passes user authentication information from the computer system to the data communications device to allow the data communications device to authorize the internet protocol communications session.
  - 9. The method of claim 8 wherein the step of providing, to the data communications device, first packet communications session authentication information causes the data communications device to communicate with a user account computer system to verify if the user of the computer system identified in the user authentication information is authorized to cause the data communications device to establish the first and second packet communications sessions from the computer system, through the data communications device, to the data storage system.
  - 10. The method of claim 1 wherein the step of establishing a second packet communications session from the data communications device to the data storage system comprises:
    - providing, to the data communications device, second packet communications session connection information allowing the data communications device to initiate the second packet communications session from the data communications device to the data storage system; and
      
      receiving second packet communications session state information indicating a state of the second packet communication session between the data communications device and the data storage system.
  - 11. The method of claim 10 wherein:
    - the second packet communications session connection information includes data storage system connection information associated with the data storage system and user authentication information of the user of the computer system; and
      
      wherein the step of providing the second packet communications session connection information to the data communications device causes the data communications device to perform the steps of;
      
      initiating the second packet communications session from the data communications device to the data storage system using the data storage system connection information;
      
      providing the user authentication information to a remote access server associated with the data storage system to allow the remote access server to authorize the establishment of the second packet communications session from the data communications device to the data storage system;
      
      receiving data storage system address information at the data communications device identifying an address of the data storage system to allow the data communications device to establish the second packet communications session; and
      
      forwarding second packet communications session state information to the computer system from the data communications device to allow the computer system to perform packet communications with the computer system and data storage system using the first and second packet communications sessions.
  - 12. The method of claim 11 wherein the data storage system address information is a pre-configured network address assigned to the service processor associated with the data storage system.
  - 13. The method of claim 11 wherein:
    - the second packet communications session connection information includes data storage system connection information including a phone number of a service processor modem associated with the service processor associated with the data storage system; and
      
      wherein the step of initiating the second packet communications session from the data communications device to the data storage system causes the data communications device to instruct a modem to dial the phone number of a service processor modem in order to establish a dial up connection to the data storage system from the data communications device.
  - 14. The method of claim 11 wherein:
    - the second packet communications session state information includes the data storage system address information and includes data storage system connection bandwidth information; and
      
      wherein the step of forwarding second packet communications session state information to the computer system from the data communications device causes the data communications device to perform the step of;
      
      forwarding the second packet communications session state information to a network manager computer system which receives the second packet communications session state information and forwards routing information to the computer system so that the computer system can perform packet communications with the data storage system.
  - 15. The method of claim 11 wherein performing packet communications between the computer system and the service processor associated with the data storage system comprises:
    - receiving the second packet communications session state information in response to the step of forwarding second packet communication session state information to the computer system from the data communication device;
      
      adjusting connection bandwidth associated with the first packet communications session to match connection bandwidth associated with the second packet communications session;
      
      providing computer system address information to the data storage system so that the data storage system can establish a route to the computer system; and
      
      using the first packet communications session between the computer system and the data communications device and the second packet communications session between the data communications device and the service processor associated with the data storage system to perform packet communications between the computer system and the service processor associated with the data storage system.
  - 16. The method of claim 1 further comprising activating a security client on said service processor to block out TCP data packets that have not been encrypted by a predetermined gateway server.
  - 17. The method of claim 1 wherein said data storage system comprises a plurality of data storage devices which collectively operate under the control of at least one software driven microprocessor to access data in accordance with data access requests.

18. In a processor in a data storage system, a method for establishing a packet communications session with a computer system, the method comprising:
- sending, to the computer system, a request to establish a communications session with the data storage system, the request including user authentication information needed to establish the communications session;
  
  receiving a request to initiate a packet communications session, the request to initiate a packet communications session including the user authentication information;
  
  providing data storage system search criteria including user authentication information to a connection monitor computer system to produce a set of data storage system identities that meet the data storage system search criteria;
  
  receiving a set of data storage system identities including identities of data storage systems to which a user, identified by the user authentication information, is allowed to establish a packet communications session;
  
  allowing the user to select at least one data storage system identity from the set of data storage system identities;
  
  providing data storage system address information to an initiator of the request;
  
  receiving computer system address information to allow a processor in the data storage system to perform packet communications with the computer system; and
  
  establishing a packet communications session with the computer system based on the computer system address information.
- View Dependent Claims (19, 20, 21, 22)
- - 19. The method of claim 18, comprising:
    - authorizing, based on the user authentication information, the establishment of the packet communications session with the computer system.
  - 20. The method of claim 19 wherein the processor is a service processor in the data storage system and the data storage system address information is a pre-configured network address assigned to the service processor associated with the data storage system by a vendor of the data storage system.
  - 21. The method of claim 18 wherein:
    - the request to initiate a packet communications session is sent from a data communications device interconnected with the computer system; and
      
      wherein the step of providing data storage system address information provides a network address of the processor in the data storage system to the data communications device for receipt by the computer system to allow the computer system to perform packet communications to the data storage system.
  - 22. The method of claim 18 wherein the step of establishing a packet communications session with the computer system establishes route information within the data storage system based on the computer system address information to allow the processor to perform packet communications with the computer system.

23. A computer program product having a computer-readable medium including computer program logic instructions encoded thereon that when performed on a computer processor in a computer system, causes the processor to perform the operations of:
- receiving, from a data storage system, a request to establish a communications session with the data storage system, the request including user authentication information needed to establish the communications session;
  
  providing data storage system search criteria including user authentication information to a connection monitor computer system to produce a set of data storage system identities that meet the data storage system search criteria;
  
  receiving a set of data storage system identities including identities of data storage systems to which a user, identified by the user authentication information, is allowed to establish a packet communications session;
  
  establishing a first packet communications session from the computer system to a data communications device capable of communicating with the data storage system;
  
  establishing a second packet communications session from the data communications device to a service processor associated with the data storage system; and
  
  performing packet communications between the computer system and the service processor associated with the data storage system using the first and second packet communications sessions.
- View Dependent Claims (24, 25, 26, 27, 28)
- - 24. The computer program product of claim 23 wherein the computer program logic further includes instructions that, when performed on the processor, cause the processor to perform the operations of:
    - obtaining connection information for the data communications device that is capable of communicating with the data storage system;
      
      initiating the first packet communications session from the computer system to the data communications device using the connection information for the data communications device;
      
      providing, to the data communications device, the user authentication information such that the data communications device c an determine if a user of the computer system is authorized to establish the first packet communications session; and
      
      if the user of the computer system is authorized to establish the first packet communications session, allowing the computer system to perform the step of establishing a second packet communications session from the data communications device to the data storage system; and
      
      if the user of the computer system is not authorized to establish the first packet first packet communications session, denying the ability of the computer system to perform the step of establishing a second packet communications session from the data communications device to the data storage system.
  - 25. The computer program product of claim 23 wherein the computer program logic further includes instructions that, when performed on the processor, cause the processor to perform the operations of:
    - providing, to the data communications device, second packet communications session connection information allowing the data communications device to initiate the second packet communications session from the data communications device to the data storage system; and
      
      receiving second packet communications session state information indicating a state of the second packet communication session between the data communications device and the data storage system.
  - 26. The computer program product of claim 25 wherein the data storage system address information is a pre-configured network address assigned to the service processor associated with the data storage system.
  - 27. The computer program product of claim 23 wherein the computer program logic further includes instructions that, when performed on the processor, causes the processor to perform the operations of:
    - receiving the second packet communications session state information in response to the step of forwarding second packet communication session state information to the computer system from the data communication device;
      
      adjusting connection bandwidth associated with the first packet communications session to match connection bandwidth associated with the second packet communications session;
      
      providing computer system address information to the data storage system so that the data storage system can establish a route to the computer system; and
      
      using the first packet communications session between the computer system and the data communications device and the second packet communications session between the data communications device and the data storage system to perform packet communications between the computer system and the data storage system.
  - 28. The computer program product of claim 23 wherein said data storage system comprises a plurality of data storage devices which collectively operate under the control of at least one software driven microprocessor to access data in accordance with data access requests.

29. A computer program product having a computer-readable medium including computer program logic encoded thereon that when performed on a computer processor in a data storage system, the computer program logic causes the processor to perform the operations of:
- sending, to a computer system, a request to establish a communications session with the data storage system, the request including user authentication information needed to establish the communications session;
  
  providing data storage system search criteria including user authentication information to a connection monitor computer system to produce a set of data storage system identities that meet the data storage system search criteria;
  
  receiving a set of data storage system identities including identities of data storage systems to which a user, identified by the user authentication information, is allowed to establish a packet communications session;
  
  receiving a request to initiate a packet communications session, the request to initiate a packet communications session including the user authentication information;
  
  providing data storage system address information to an initiator of the request;
  
  receiving computer system address information to allow a processor in the data storage system to perform packet communications with the computer system; and
  
  establishing a packet communications session with the computer system based on the computer system address information.
- View Dependent Claims (30)
- - 30. The computer program product of claim 29 wherein the processor is a service processor in the data storage system and the data storage system address information is a pre-configured network address assigned to the service processor associated with the data storage system by a vendor of the data storage system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Emc IP Holding Company LLC (Dell Technologies Inc.)
Original Assignee
EMC Corporation (Dell Technologies Inc.)
Inventors
Slyva, William D., Carraher, Gerard T., An, Tuan Q., Emerson, Jeff, Martin, Kristen D., Thibodeau, Neil J., McCain, Timothy F.
Primary Examiner(s)
Barron, Jr.; Gilberto
Assistant Examiner(s)
HERRING, VIRGIL A

Application Number

US10/036,333
Time in Patent Office

2,892 Days
Field of Search

None
US Class Current

713/168
CPC Class Codes

H04L 63/08 for authentication of entit...

Methods and apparatus for establishing communications with a data storage system

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and apparatus for establishing communications with a data storage system

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links