Security for logical unit in storage subsystem

US 7,657,727 B2
Filed: 04/21/2006
Issued: 02/02/2010
Est. Priority Date: 01/14/2000
Status: Expired due to Fees

First Claim

Patent Images

1. A storage system adapted to be coupled to a plurality of host computers, said storage system comprising:

a plurality of disk drives storing data from said host computers, said disk drives being related to a plurality of storage areas, each of said storage areas to be identified with a storage area number; and

a controller controlling read/write of data from/to said disk drives in response to accesses from said host computers,wherein said controller includes management information which includes, in corresponding relation, an identification of a host group including some of said host computers selected by a user from said host computers, an identification of each host computer of said some of said host computers included in said host group, and said storage area numbers, wherein said some of said host computers included in said host group have a host computer executing a first type of operating system (OS) and a host computer executing a second type of OS being different from said first type of OS,wherein said controller controls to transfer a response frame, including information corresponding to an approval or a rejection of an access to one of said storage areas, to said each host computer of said some of said host computers in response to a command from said each host computer of said some of said host computers to said one of said storage areas in accordance with said management information,wherein connection interface information is set for each host group on a host group basis under a single port inside said storage system, andwherein connection interface information represents a depth of a reception queue and a response content of an inquiry.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Mapping tables are for stipulating information for primarily identifying computers, information for identifying a group of the computers and a logical unit number permitting access from the host computer inside storage subsystem, in accordance with arbitrary operation method by a user, and for giving them to host computer. The invention uses management table inside the storage subsystem and allocates logical units inside the storage subsystem to a host computer group arbitrarily grouped by a user in accordance with the desired form of operation of the user, can decide access approval/rejection to the logical unit inside the storage subsystem in the group unit and at the same time, can provide the security function capable of setting interface of connection in the group unit under single port of storage subsystem without changing existing processing, limitation and other functions of computer.

111 Citations

View as Search Results

11 Claims

1. A storage system adapted to be coupled to a plurality of host computers, said storage system comprising:
- a plurality of disk drives storing data from said host computers, said disk drives being related to a plurality of storage areas, each of said storage areas to be identified with a storage area number; and
  
  a controller controlling read/write of data from/to said disk drives in response to accesses from said host computers,wherein said controller includes management information which includes, in corresponding relation, an identification of a host group including some of said host computers selected by a user from said host computers, an identification of each host computer of said some of said host computers included in said host group, and said storage area numbers, wherein said some of said host computers included in said host group have a host computer executing a first type of operating system (OS) and a host computer executing a second type of OS being different from said first type of OS,wherein said controller controls to transfer a response frame, including information corresponding to an approval or a rejection of an access to one of said storage areas, to said each host computer of said some of said host computers in response to a command from said each host computer of said some of said host computers to said one of said storage areas in accordance with said management information,wherein connection interface information is set for each host group on a host group basis under a single port inside said storage system, andwherein connection interface information represents a depth of a reception queue and a response content of an inquiry.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The storage system according to claim 1, wherein said identification of each host computer of said some of said host computers included in said host group is a World Wide Name (WWN).
  - 3. The storage system according to claim 1, wherein each of said storage area numbers of storage areas allocated to said host computers begins with 0.
  - 4. The storage system according to claim 1, wherein each of said storage area numbers of storage areas allocated to said host computers begins with 0 and increments by 1.
  - 5. The storage system according to claim 1, wherein said controller maps different storage area numbers to a same storage area number of each of said storage areas for different host computers.
  - 6. The storage system according to claim 1, wherein a same identification of each of said storage areas is allocated to different host computers.
  - 7. The storage system according to claim 1, wherein when a first storage area number of a storage area accessible from a first host computer is the same as a second storage area number of a storage area accessible from a second host computer, an identification of the first host computer and an identification of the second host computer is different from each other.
  - 8. The storage system according to claim 1, wherein when a first host computer and a second host computer commonly use a same storage area, a storage area number of a storage area corresponding to the same storage area as recognized by said first host computer is different from a storage area number of a storage area corresponding to the same storage area as recognized by said second host computer.
  - 9. The storage system according to claim 1, wherein there is a plurality of storage area numbers of storage areas with the same storage area number 0 under one physical port of said storage system.
  - 10. The storage system according to claim 2, wherein there is a plurality of storage area numbers of storage areas with the same storage area number 0 under one physical port of said storage system.
  - 11. A storage system according to claim 2, wherein said controller includes a WWN to S_ID conversion table, andwherein said S_ID is a source identification of a host computer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hitachi, Ltd.
Original Assignee
Hitachi, Ltd.
Inventors
Okami, Yoshinori, Hori, Koichi, Igarashi, Yoshinori, Uchiumi, Katsuhiro, Ito, Ryusuke
Primary Examiner(s)
Kim; Matt
Assistant Examiner(s)
DUDEK JR, EDWARD J

Application Number

US11/407,978
Publication Number

US 20060190696A1
Time in Patent Office

1,383 Days
Field of Search

711/221
US Class Current

711/221
CPC Class Codes

G06F 21/805   using a security table for ...

G06F 3/0622   in relation to access

G06F 3/0637   Permissions

G06F 3/067   Distributed or networked st...

H04L 63/10   for controlling access to d...

H04L 63/20   for managing network securi...

H04L 67/1097   for distributed storage of ...

Security for logical unit in storage subsystem

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

111 Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Security for logical unit in storage subsystem

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

111 Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links