Security for logical unit in storage subsystem
First Claim
1. A storage system adapted to be coupled to a plurality of host computers, said storage system comprising:
- a plurality of disk drives storing data from said host computers, said disk drives being related to a plurality of storage areas, each of said storage areas to be identified with a storage area number; and
a controller controlling read/write of data from/to said disk drives in response to accesses from said host computers,wherein said controller includes management information which includes, in corresponding relation, an identification of a host group including some of said host computers selected by a user from said host computers, an identification of each host computer of said some of said host computers included in said host group, and said storage area numbers, wherein said some of said host computers included in said host group have a host computer executing a first type of operating system (OS) and a host computer executing a second type of OS being different from said first type of OS,wherein said controller controls to transfer a response frame, including information corresponding to an approval or a rejection of an access to one of said storage areas, to said each host computer of said some of said host computers in response to a command from said each host computer of said some of said host computers to said one of said storage areas in accordance with said management information,wherein connection interface information is set for each host group on a host group basis under a single port inside said storage system, andwherein connection interface information represents a depth of a reception queue and a response content of an inquiry.
1 Assignment
0 Petitions
Accused Products
Abstract
Mapping tables are for stipulating information for primarily identifying computers, information for identifying a group of the computers and a logical unit number permitting access from the host computer inside storage subsystem, in accordance with arbitrary operation method by a user, and for giving them to host computer. The invention uses management table inside the storage subsystem and allocates logical units inside the storage subsystem to a host computer group arbitrarily grouped by a user in accordance with the desired form of operation of the user, can decide access approval/rejection to the logical unit inside the storage subsystem in the group unit and at the same time, can provide the security function capable of setting interface of connection in the group unit under single port of storage subsystem without changing existing processing, limitation and other functions of computer.
111 Citations
11 Claims
-
1. A storage system adapted to be coupled to a plurality of host computers, said storage system comprising:
-
a plurality of disk drives storing data from said host computers, said disk drives being related to a plurality of storage areas, each of said storage areas to be identified with a storage area number; and a controller controlling read/write of data from/to said disk drives in response to accesses from said host computers, wherein said controller includes management information which includes, in corresponding relation, an identification of a host group including some of said host computers selected by a user from said host computers, an identification of each host computer of said some of said host computers included in said host group, and said storage area numbers, wherein said some of said host computers included in said host group have a host computer executing a first type of operating system (OS) and a host computer executing a second type of OS being different from said first type of OS, wherein said controller controls to transfer a response frame, including information corresponding to an approval or a rejection of an access to one of said storage areas, to said each host computer of said some of said host computers in response to a command from said each host computer of said some of said host computers to said one of said storage areas in accordance with said management information, wherein connection interface information is set for each host group on a host group basis under a single port inside said storage system, and wherein connection interface information represents a depth of a reception queue and a response content of an inquiry. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
Specification