Method and system for governing access to storage device on SAN

US 7,917,712 B2
Filed: 09/30/2005
Issued: 03/29/2011
Est. Priority Date: 09/30/2005
Status: Active Grant

First Claim

Patent Images

1. A method of governing access to a storage device connected to a storage area network (SAN), the method comprising:

at initial setting up of the storage device in relation to a rest of the SAN;

obtaining a first list at the storage device from a SAN repository having stored thereon the first list, repository, wherein access to the storage device by other devices is governed at least in part at the storage device based upon the first list, and wherein each of the other devices is at least one of fully precluded from accessing the storage device, partly precluded from accessing the storage device, and allowed to access the storage device; and

during operation of the SAN;

checking the first list for a requesting device and performing a requested action if the requesting device is not at least partly precluded from accessing the storage device;

if it is time to update the first list after checking the first list and performing the requested action, then querying the SAN to determine if at least one additional other device has entered into communication with the SAN; and

automatically updating the first list to reflect the at least one additional other device so that access to the storage device by the at least one additional other device is also governed at least in part based upon the first list.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention in at least some embodiments relates to improved methods and systems for governing access to SAN data storage devices (or simply “SAN devices”) employed in SAN systems. In some embodiments, the method involves storing a list at a SAN device. The list can be an exclusion list identifying devices that are not allowed to access the SAN device. During normal operation, the SAN device automatically contacts the SAN (or a component of the SAN, such as a SAN switch) to determine the identities of new devices that have entered into communication with the SAN. The SAN device then automatically updates the exclusion list to include those new devices such that, without further instructions, the SAN device is not accessible by those new devices. The method further can relate to the setup and failure recovery of SAN devices employed in SAN systems.

34 Citations

View as Search Results

32 Claims

1. A method of governing access to a storage device connected to a storage area network (SAN), the method comprising:
- at initial setting up of the storage device in relation to a rest of the SAN;
  
  obtaining a first list at the storage device from a SAN repository having stored thereon the first list, repository, wherein access to the storage device by other devices is governed at least in part at the storage device based upon the first list, and wherein each of the other devices is at least one of fully precluded from accessing the storage device, partly precluded from accessing the storage device, and allowed to access the storage device; and
  
  during operation of the SAN;
  
  checking the first list for a requesting device and performing a requested action if the requesting device is not at least partly precluded from accessing the storage device;
  
  if it is time to update the first list after checking the first list and performing the requested action, then querying the SAN to determine if at least one additional other device has entered into communication with the SAN; and
  
  automatically updating the first list to reflect the at least one additional other device so that access to the storage device by the at least one additional other device is also governed at least in part based upon the first list.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method of claim 1, further comprising:
    - querying the SAN to obtain a second list of the other devices that are in communication with the SAN, prior to the querying of the SAN to determine if the at least one additional other device has entered into communication with the SAN.
  - 3. The method of claim 2, further comprising:
    - storing the second list, wherein the second list is stored in at least one of a first memory device associated with the storage device and a backup memory device.
  - 4. The method of claim 2, wherein the second list is updated to reflect information received based upon the querying of the SAN to determine if the at least one additional other device has entered into communication with the SAN.
  - 5. The method of claim 4, wherein the querying of the SAN is repeated on at least one of a substantially periodic basis and a substantially continuous basis, such that the second list is updated on at least one of a substantially periodic basis and a substantially continuous basis.
  - 6. The method of claim 1, wherein the first list is an exclusion list, and the storage device is configured to fully preclude at least one of the other devices that are identified on the exclusion list from accessing the storage device.
  - 7. The method of claim 6, wherein the automatic updating of the first list results in the exclusion list being updated to reflect the at least one additional other device and wherein, subsequent to the updating of the first list, the storage device fully precludes the at least one additional other device from accessing the storage device.
  - 8. The method of claim 1, wherein the first list is a granted list, and the storage device is configured to allow the other devices identified on the granted list to access the storage device.
  - 9. The method of claim 1, wherein the querying of the SAN involves contacting a SAN switch that has available information regarding the other devices that are in communication with the SAN.
  - 10. The method of claim 1, wherein the first list is at least one of obtained from, and modified based upon, at least one input signal received from a user interface.
  - 11. The method of claim 1, further comprising:
    - storing the first list on a backup memory device; and
      
      after an occurrence of an event, recovering the first list from the backup memory device.
  - 12. The method of claim 11, wherein the storage device precludes the other devices listed on the recovered first list from accessing the storage device.
  - 13. The method of claim 11, further comprising:
    - storing a second list on the backup memory device;
      
      after the occurrence of the event, recovering the second list from the backup memory device;
      
      querying the SAN to obtain information regarding the other devices that are currently in communication with the SAN;
      
      comparing the recovered second list with the obtained information; and
      
      updating the second list to include any of the other devices that are currently in communication with the SAN that are not on the recovered second list.
  - 14. The method of claim 11, wherein the event is a failure causing a loss of at least a portion of information that was stored on the storage device prior to the event.
  - 15. The method of claim 1,wherein the storage device includes at least one of a hard disk drive, a tape data storage device, a CD-ROM device, an electronic memory device, and another memory device, andwherein the other devices include at least one of a computer, a workstation, a controller, and a data storage device.
  - 16. The method of claim 1, wherein at least one of the first list, at least one attribute, and other information is at least one of obtained from and stored in an additional repository.

17. A method of governing access to a storage device connected to a storage area network (SAN) that is in communication with a plurality of other devices, the method comprising:
- storing, on a first backup memory device, a first list stored on a SAN switch received at the storage device from the SAN switch, the first list regarding at least one of the other devices that is in communication with the SAN;
  
  recovering and storing the first list at the storage device after a failure has occurred;
  
  based upon the recovered first list, determining whether the at least one other device is at least one of precluded from accessing the storage device, partly allowed to access the storage device, and fully allowed to access the storage device, and only updating the recovered first list if it is time to update the recovered first list;
  
  storing, on at least one of the first backup memory device and a second backup memory device, a second list of each of the other devices that are in communication with the SAN;
  
  recovering the second list after the failure has occurred;
  
  comparing the recovered second list with further information obtained from the SAN after the failure has occurred; and
  
  determining based upon the comparison whether the other devices in communication with the SAN have changed between a first time prior to the failure and a second time after the failure.
- View Dependent Claims (18, 19)
- - 18. The method of claim 17, wherein the first list is at least one of an exclusion list and a granted list.
  - 19. The method of claim 17, further comprising:
    - updating the first list to include at least one newly-added device, if it is determined based upon the comparison that the other devices in communication with the SAN have changed between the first and second times so as to include the at least one newly-added device.

20. A data storage device for implementation in connection with a storage area network (SAN) that is also in communication with a plurality of other devices, the data storage device comprising:
- first means for storing data that is capable of being provided onto the SAN;
  
  second means for storing a first list of at least one of the other devices that is in communication with the SAN, wherein the first means and second means are respective subportions of a single memory device, wherein the first list is received form a SAN switch having stored thereon the first list; and
  
  a control device in communication with each of the first means and the second means, wherein the control device determines whether at least a portion of the data stored by the first means can be accessed by the at least one other device based at least in part upon the first list stored at the second means of the data storage device, wherein the first list is automatically updated to reflect the at least one of the other devices and wherein, subsequent to the automatic updating of the first list, the storage device fully precludes the at least one of the other devices from accessing the storage device.
- View Dependent Claims (21, 22, 23)
- - 21. The data storage device of claim 20, wherein the second means also stores a second list of the plurality of other devices, wherein the data storage device is configured to automatically and repeatedly query the SAN to identify changes in the plurality of other devices and, when the changes are identified, to automatically update each of the first and second lists.
  - 22. A SAN system comprising the data storage device, the SAN, and the plurality of other devices of claim 20, the SAN system further comprising:
    - a user interface coupled to at least one of the data storage device and the SAN, wherein at least one of the first list and a second list are determined based at least in part upon an exclusion list provided by a user.
  - 23. The SAN system of claim 22, further comprising:
    - a backup memory device coupled at least indirectly to the data storage device, wherein at least one of the first list and the second list are stored on the backup memory device.

24. A data storage device for implementation in connection with a storage area network (SAN) that is also in communication with a plurality of other devices, the data storage device comprising:
- a primary memory component, wherein data that is capable of being provided onto the SAN is stored in the primary memory component;
  
  a second memory component, wherein information regarding at least one of the other devices that is in communication with the SAN is stored in the second memory component, wherein the data and the information are both received at the data storage device from a SAN switch and the information is checked when it is time to update the information; and
  
  a controller that is in communication with each of the first and second memory components,wherein a decision made by the controller regarding whether the primary memory component can be accessed by the other devices depends at least in part upon the information stored in the second memory component of the data storage device;
  
  wherein the information is received from a SAN switch having stored thereon the information.
- View Dependent Claims (25, 26, 27, 28, 29)
- - 25. The data storage device of claim 24, wherein the information includes at least one of an exclusion list, a granted list, a partial granted list, a set of characteristics, a set of attributes, a set of policies, and an array.
  - 26. The data storage device of claim 24, wherein each of the first and second components is a cache, a hard disk drive, a tape data storage device, a CD-ROM device, an electronic memory device, and another memory device.
  - 27. The data storage device of claim 24, wherein the information is obtained from at least one of a user interface, one of the other devices on the SAN, a SAN switch, and a repository.
  - 28. The data storage device of claim 27, wherein the first and second memory components are portions of a single memory device, and wherein the data storage device further includes a communication link by which the data storage device can communicate with the user interface.
  - 29. The data storage device of claim 24, further comprising a backup memory device that stores both a first list and a second list.

30. A non-transitory computer-readable medium embodying instructions for a processor to perform a method of managing a data storage device to operate in connection with a storage area network (SAN) that is also in communication with a plurality of other devices, the method comprising:
- initially obtaining a first set of information at the data storage device from a SAN switch having stored thereon the first set of information, wherein access to the storage device by the other devices is governed at least in part based on the first set;
  
  causing the data storage device to query the SAN to determine if at least one additional other device has entered into communication with the SAN; and
  
  automatically updating the first set to reflect the at least one additional other device so that access to the storage device by the at least one additional other device is also governed at least in part based upon the first set, wherein the automatic updating of the first set results in an exclusion list being updated to reflect the at least one additional other device and wherein, subsequent to the updating of the first set, the storage device fully precludes the at least one additional other device from accessing the storage device; and
  
  a communication link for use in communicating information with a user interface, a backup memory device, and a non-SAN communication link for communicating with a repository that is not in communication with the SAN.
- View Dependent Claims (31, 32)
- - 31. The non-transitory computer readable medium of claim 30, wherein the method to be performed by the processor further includes at least one of:
    - communicating with an external device to obtain at least one of the first set and a second set; and
      
      receiving a backup copy of the first set from a backup memory device subsequent to an occurrence of a failure.
  - 32. The non-transitory computer readable medium of claim 30, wherein the method to be performed by the processor further includes:
    - determining based upon the first set that at least some data from the data storage device can be provided onto the SAN in response to an access request received off of the SAN from at least one of the other devices; and
      
      causing a communication of the at least some data onto the SAN.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Wildt, Jason A., Collins, Kevin, Gold, Stephen
Primary Examiner(s)
Ellis; Kevin L
Assistant Examiner(s)
Parikh; Kalpit

Application Number

US11/240,120
Publication Number

US 20070079091A1
Time in Patent Office

2,006 Days
Field of Search

711/162
US Class Current

711/162
CPC Class Codes

G06F 11/1451   by selection of backup cont...

G06F 12/1483   using an access-table, e.g....

G06F 21/805   using a security table for ...

G06F 3/0614   Improving the reliability o...

G06F 3/0622   in relation to access

G06F 3/0632   by initialisation or re-ini...

G06F 3/067   Distributed or networked st...

H04L 63/101   Access control lists [ACL]

H04L 67/1097   for distributed storage of ...

Method and system for governing access to storage device on SAN

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

34 Citations

32 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for governing access to storage device on SAN

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

34 Citations

32 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links