Security for logical unit in storage subsystem

US 7,908,459 B2
Filed: 12/03/2009
Issued: 03/15/2011
Est. Priority Date: 01/14/2000
Status: Expired due to Fees

First Claim

Patent Images

1. A storage system adapted to be coupled to a plurality of host computers, said storage system comprising:

a plurality of disk drives storing data from said host computers, said disk drives are divided into a plurality of storage areas each to be identified with a storage area number; and

a controller controlling read/write of data from/to said disk drives in response to accesses from said host computers,wherein said controller includes an access management map which includes an identification of a host group having been grouped to include some of said host computers selected from said host computers by an user, and said storage area numbers,wherein said controller controls accesses from said host computers to said storage areas in accordance with said access management map,wherein a connection interface information is set for each host group on a host group basis under a single port inside said storage system, andwherein the connection interface information represents a depth of a reception queue and a response content of an inquiry.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Mapping tables are for stipulating information for primarily identifying computers, information for identifying a group of the computers and a logical unit number permitting access from the host computer inside storage subsystem, in accordance with arbitrary operation method by a user, and for giving them to host computer. The invention uses management table inside the storage subsystem and allocates logical units inside the storage subsystem to a host computer group arbitrarily grouped by a user in accordance with the desired form of operation of the user, can decide access approval/rejection to the logical unit inside the storage subsystem in the group unit and at the same time, can provide the security function capable of setting interface of connection in the group unit under single port of storage subsystem without changing existing processing, limitation and other functions of computer.

94 Citations

View as Search Results

19 Claims

1. A storage system adapted to be coupled to a plurality of host computers, said storage system comprising:
- a plurality of disk drives storing data from said host computers, said disk drives are divided into a plurality of storage areas each to be identified with a storage area number; and
  
  a controller controlling read/write of data from/to said disk drives in response to accesses from said host computers,wherein said controller includes an access management map which includes an identification of a host group having been grouped to include some of said host computers selected from said host computers by an user, and said storage area numbers,wherein said controller controls accesses from said host computers to said storage areas in accordance with said access management map,wherein a connection interface information is set for each host group on a host group basis under a single port inside said storage system, andwherein the connection interface information represents a depth of a reception queue and a response content of an inquiry.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The storage system according to claim 1, wherein said identification of a host group is a World Wide Name (WWN).
  - 3. The storage system according to claim 1, wherein each of said storage area numbers of storage areas allocated to said host computers begins with 0.
  - 4. The storage system according to claim 1, wherein each of said storage area numbers of storage areas allocated to said host computers begins with 0 and increments by 1.
  - 5. The storage system according to claim 1, wherein said controller maps different storage area numbers to a same storage area number of each of said storage areas for different host computers.
  - 6. The storage system according to claim 1, wherein a same identification of each of said storage areas is allocated to different host computers.
  - 7. The storage system according to claim 1, wherein when a first storage area number of a storage area accessible from a first host computer is the same as a second storage area number of a storage area accessible from a second host computer.
  - 8. The storage system according to claim 1, wherein when a first host computer and a second host computer commonly use the same storage area, a storage area number of a storage area corresponding to the same storage area as recognized by said first host computer is different from a storage area number of a storage area corresponding to the same storage area as recognized by said second host computer.
  - 9. The storage system according to claim 1, wherein there is a plurality of storage area numbers of storage areas with the same storage area number 0 under one physical port of said storage system.
  - 10. The storage system according to claim 2, wherein there is a plurality of storage area numbers of storage areas with the same storage area number 0 under one physical port of said storage system.
  - 11. A storage system according to claim 2, wherein said controller includes a WWN to S_ID conversion table, andwherein said S_ID is a source identification of a host computer.
  - 12. The storage system according to claim 1, wherein said storage system has interface information corresponding to said host group.
  - 13. The storage system according to claim 12, wherein said interface information is the reception to Input/Output, the depth of a reception, or the response content of Inquiry.

14. A storage system adapted to be coupled to a plurality of host computers, said storage system comprising:
- a plurality of disk drives storing data from said host computers, said disk drives are divided into a plurality of areas each to be identified with an area number; and
  
  a controller controlling read/write of data from/to said disk drives in response to accesses from said host computers,wherein said controller includes an access management map which includes an identification of a host group having been grouped to include some of said host computers selected from said host computers by an user and said area numbers,wherein said controller controls accesses from said host computers to areas in accordance with said access management map,wherein a connection interface information is set for each host group on a host group basis under a single port inside said storage system, andwherein the connection interface information represents a depth of a reception queue and a response content of an inquiry.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The storage system according to claim 14, wherein each of identifications of host computers of said host group is a World Wide Name (WWN).
  - 16. The storage system according to claim 14, wherein each of said area numbers of said areas allocated to said host computers begins with 0.
  - 17. The storage system according to claim 14, wherein each of said area numbers of said areas allocated to said host computers begins with 0 and increments by 1.
  - 18. The storage system according to claim 14, wherein said controller maps different area numbers to a same area number of each of said areas for different host computers.
  - 19. The storage system according to claim 14, wherein the same area number of each of said areas is allocated to different host computers.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hitachi, Ltd.
Original Assignee
Hitachi, Ltd.
Inventors
Okami, Yoshinori, Hori, Koichi, Igarashi, Yoshinori, Uchiumi, Katsuhiro, Ito, Ryusuke
Primary Examiner(s)
Kim; Matt
Assistant Examiner(s)
Dudek, Jr.; Edward J

Application Number

US12/630,303
Publication Number

US 20100082902A1
Time in Patent Office

467 Days
Field of Search

711/221, 711/152, 711/E12.002
US Class Current

711/221
CPC Class Codes

G06F 21/805   using a security table for ...

G06F 3/0622   in relation to access

G06F 3/0637   Permissions

G06F 3/067   Distributed or networked st...

H04L 63/10   for controlling access to d...

H04L 63/20   for managing network securi...

H04L 67/1097   for distributed storage of ...

Security for logical unit in storage subsystem

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

94 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Security for logical unit in storage subsystem

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

94 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links