Method and apparatus for compression of data on storage units using devices inside a storage area network fabric

US 8,041,941 B2
Filed: 03/31/2009
Issued: 10/18/2011
Est. Priority Date: 10/31/2002
Status: Active Grant

First Claim

Patent Images

1. A switched fabric device, comprising:

hardware configured to process a received storage frame comprising a frame header and a frame payload, the frame payload comprising a storage header and a storage payload;

wherein the hardware decompresses, decrypts, or decompresses and decrypts the frame payload to produce an unencrypted and uncompressed frame payload including an unencrypted storage header; and

wherein the hardware further performs an encryption of the storage payload after production of the unencrypted and uncompressed frame payload, with the storage header remaining unencrypted.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The capability to encrypt or compress the traffic over network links, thus improving the security of the link on the performance of the links, and the capability to encrypt/decrypt data stored on the storage devices without requiring specialized hosts or storage devices. In a first embodiment, traffic to be routed over a selected link needing encryption and/or compression is routed to hardware which performs the encryption and/or compression and returned for transmission over the link. A complementary unit at the second end of the link routes the received frames to complementary hardware to perform the decryption and/or decompression. The recovered frames are then routed to the target device in a normal fashion. In a variation of this first embodiment the hardware is developed using an FPGA. This allows simple selection of the desired feature or features present in the switch. The switch can be easily configured to perform encryption, compression or both, allowing great flexibility to a system administrator. In a second embodiment frames can be encrypted by a switch and then provided to the storage device in this encrypted manner. The frames from the storage device are decrypted before provision to the requesting host. By performing the encryption and decryption in the switch, conventional hosts and storage devices can be utilized.

28 Citations

View as Search Results

36 Claims

1. A switched fabric device, comprising:
- hardware configured to process a received storage frame comprising a frame header and a frame payload, the frame payload comprising a storage header and a storage payload;
  
  wherein the hardware decompresses, decrypts, or decompresses and decrypts the frame payload to produce an unencrypted and uncompressed frame payload including an unencrypted storage header; and
  
  wherein the hardware further performs an encryption of the storage payload after production of the unencrypted and uncompressed frame payload, with the storage header remaining unencrypted.
- View Dependent Claims (2, 3, 4)
- - 2. The switched fabric device of claim 1, wherein the hardware is further configured to provide the unencrypted storage header and the encrypted storage payload to a physical storage device.
  - 3. The switched fabric device of claim 1, wherein the frame header comprises a source address indicative of an encrypted and/or compressed link.
  - 4. The switched fabric device of claim 1, wherein the frame header comprises an unknown destination address indicative of an encrypted and/or compressed link source.

5. A switched fabric device, comprising:
- hardware configured to process a received storage frame comprising a frame header and a frame payload, the frame payload comprising a storage header and a storage payload;
  
  wherein the hardware decompresses, decrypts, or decompresses and decrypts the frame payload to produce an unencrypted and uncompressed frame payload including an unencrypted storage header; and
  
  wherein the hardware further performs a decryption of the storage payload after production of the unencrypted and uncompressed frame payload, with the unencrypted storage header remaining unaltered by the storage payload decryption.
- View Dependent Claims (6, 7, 8, 9)
- - 6. The switched fabric device of claim 5, wherein the hardware is further configured to provide the unencrypted storage header and the unencrypted storage payload to a device other than a physical storage device.
  - 7. The switched fabric device of claim 6, wherein the unencrypted storage header and the unencrypted storage payload are provided as data from a virtualized storage device.
  - 8. The switched fabric device of claim 5, wherein the frame header comprises a source address indicative of an encrypted and/or compressed link.
  - 9. The switched fabric device of claim 5, wherein the frame header comprises an unknown destination address indicative of an encrypted and/or compressed link source.

10. A switching device that performs a data encryption and/or decryption method, the switching device comprising:
- hardware;
  
  wherein the hardware identifies a source address of a received storage frame as being indicative of an encrypted and/or compressed link, the received frame comprising a frame header and a frame payload, the frame payload comprising a storage header and a storage payload;
  
  wherein the hardware decompresses, decrypts, or decompresses and decrypts the frame payload, producing an unencrypted and uncompressed frame payload including an unencrypted storage header; and
  
  wherein the hardware encrypts the storage payload after producing the unencrypted and uncompressed frame payload, with the storage header remaining unencrypted.
- View Dependent Claims (11, 12, 13)
- - 11. The switching device of claim 10, wherein the hardware further provides the unencrypted storage header and the encrypted storage payload to a physical storage device.
  - 12. The switching device of claim 10, wherein the frame header comprises a source address indicative of an encrypted and/or compressed link.
  - 13. The switching device of claim 10, wherein the frame header comprises an unknown destination address indicative of an encrypted and/or compressed link source.

14. A switching device that performs a data encryption and/or decryption method, the switching device comprising:
- hardware;
  
  wherein the hardware identifies a source address of a received storage frame as being indicative of an encrypted and/or compressed link, the received frame comprising a frame header and a frame payload, the frame payload comprising a storage header and a storage payload;
  
  wherein the hardware decompresses, decrypts, or decompresses and decrypts the frame payload, producing an unencrypted and uncompressed frame payload including an unencrypted storage header; and
  
  wherein the hardware encrypts the storage payload after producing the unencrypted and uncompressed frame payload, with the unencrypted storage header remaining unaltered by the storage payload decryption.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The switching device of claim 14, wherein the hardware further provides the unencrypted storage header and the unencrypted storage payload to a device other than a physical storage device.
  - 16. The switched fabric device of claim 15, wherein the unencrypted storage header and the unencrypted storage payload are provided as data from a virtualized storage device.
  - 17. The switching device of claim 14, wherein the frame header comprises a source address indicative of an encrypted and/or compressed link.
  - 18. The switching device of claim 14, wherein the frame header comprises an unknown destination address indicative of an encrypted and/or compressed link source.

19. A network switching device, comprising:
- means for compressing and decompressing at least part of a received frame, the received frame comprising a frame header and a frame payload, the frame payload comprising a storage header and a storage payload; and
  
  means for encrypting and decrypting at least part of the received frame coupled to the compressing and decompressing means;
  
  wherein said compressing and decompressing means decompresses, said encrypting and decrypting means decrypts, or said compressing and decompressing means decompresses and said encrypting and decrypting means decrypts the frame payload to produce an unencrypted and uncompressed frame payload including an unencrypted storage header; and
  
  wherein said encrypting and decrypting means further performs an encryption of the storage payload after production of the unencrypted and uncompressed frame payload, with the unencrypted storage header remaining unencrypted.
- View Dependent Claims (20, 21, 22)
- - 20. The network switching device of claim 19, further comprising means for providing the unencrypted storage header and the encrypted storage payload to a physical storage device.
  - 21. The network switching device of claim 19, wherein the frame header comprises a source address indicative of an encrypted and/or compressed link.
  - 22. The network switching device of claim 19, wherein the frame header comprises an unknown destination address indicative of an encrypted and/or compressed link source.

23. A network switching device, comprising:
- means for compressing and decompressing at least part of a received frame, the received frame comprising a frame header and a frame payload, the frame payload comprising a storage header and a storage payload; and
  
  means for encrypting and decrypting at least part of the received frame coupled to the compressing and decompressing means;
  
  wherein said compressing and decompressing means decompresses, said encrypting and decrypting means decrypts, or said compressing and decompressing means decompresses and said encrypting and decrypting means decrypts the frame payload to produce an unencrypted and uncompressed frame payload including an unencrypted storage header; and
  
  wherein said encrypting and decrypting means further performs a decryption of the storage payload after production of the unencrypted and uncompressed frame payload, with the unencrypted storage header remaining unaltered by the storage payload decryption.
- View Dependent Claims (24, 25, 26, 27)
- - 24. The network switching device of claim 23, further comprising means for providing the unencrypted storage header and the unencrypted storage payload to a device other than a physical storage device.
  - 25. The network switching device of claim 24, wherein the unencrypted storage header and the unencrypted storage payload are provided as data from a virtualized storage device.
  - 26. The network switching device of claim 23, wherein the frame header comprises a source address indicative of an encrypted and/or compressed link.
  - 27. The network switching device of claim 23, wherein the frame header comprises an unknown destination address indicative of an encrypted and/or compressed link source.

28. A data encryption/decryption method, comprising:
- identifying a source address of a received storage frame as being indicative of an encrypted and/or compressed link, the received frame comprising a frame header and a frame payload, the frame payload comprising a storage header and a storage payload;
  
  decompressing, decrypting, or decompressing and decrypting the frame payload, producing an unencrypted and uncompressed frame payload including an unencrypted storage header; and
  
  encrypting the storage payload after producing the unencrypted and uncompressed frame payload, with the storage header remaining unencrypted.
- View Dependent Claims (29, 30, 31)
- - 29. The method of claim 28, further comprising providing the unencrypted storage header and the encrypted storage payload to a physical storage device.
  - 30. The method of claim 28, wherein the frame header comprises a source address indicative of an encrypted and/or compressed link.
  - 31. The method of claim 28, wherein the frame header comprises an unknown destination address indicative of an encrypted and/or compressed link source.

32. A data encryption/decryption method, comprising:
- identifying a source address of a received storage frame as being indicative of an encrypted and/or compressed link, the received frame comprising a frame header and a frame payload, the frame payload comprising a storage header and a storage payload;
  
  decompressing, decrypting, or decompressing and decrypting the frame payload, producing an unencrypted and uncompressed frame payload including an unencrypted storage header; and
  
  decrypting the storage payload after producing the unencrypted and uncompressed frame payload, with the unencrypted storage header remaining unaltered by the storage payload decryption.
- View Dependent Claims (33, 34, 35, 36)
- - 33. The method of claim 32, further comprising providing the unencrypted storage header and the unencrypted storage payload to a device other than a physical storage device.
  - 34. The method of claim 33, wherein the unencrypted storage header and the unencrypted storage payload are provided as data from a virtualized storage device.
  - 35. The method of claim 32, wherein the frame header comprises a source address indicative of an encrypted and/or compressed link.
  - 36. The method of claim 32, wherein the frame header comprises an unknown destination address indicative of an encrypted and/or compressed link source.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Avago Technologies International Sales Pte Limited (Broadcom, Inc.)
Original Assignee
Brocade Communications Systems, Inc. (Broadcom, Inc.)
Inventors
Walter, Richard A, Isip, L. Vincent M.
Primary Examiner(s)
Abrishamkar; Kaveh

Application Number

US12/415,597
Publication Number

US 20090185678A1
Time in Patent Office

931 Days
Field of Search

None
US Class Current

713/153
CPC Class Codes

H04L 63/0428 wherein the data content is...

H04L 63/0485 Networking architectures fo...

Method and apparatus for compression of data on storage units using devices inside a storage area network fabric

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

28 Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for compression of data on storage units using devices inside a storage area network fabric

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

28 Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links