Method and apparatus for compression of data on storage units using devices inside a storage area network fabric
First Claim
1. A switched fabric device, comprising:
- hardware configured to process a received storage frame comprising a frame header and a frame payload, the frame payload comprising a storage header and a storage payload;
wherein the hardware decompresses, decrypts, or decompresses and decrypts the frame payload to produce an unencrypted and uncompressed frame payload including an unencrypted storage header; and
wherein the hardware further performs an encryption of the storage payload after production of the unencrypted and uncompressed frame payload, with the storage header remaining unencrypted.
5 Assignments
0 Petitions
Accused Products
Abstract
The capability to encrypt or compress the traffic over network links, thus improving the security of the link on the performance of the links, and the capability to encrypt/decrypt data stored on the storage devices without requiring specialized hosts or storage devices. In a first embodiment, traffic to be routed over a selected link needing encryption and/or compression is routed to hardware which performs the encryption and/or compression and returned for transmission over the link. A complementary unit at the second end of the link routes the received frames to complementary hardware to perform the decryption and/or decompression. The recovered frames are then routed to the target device in a normal fashion. In a variation of this first embodiment the hardware is developed using an FPGA. This allows simple selection of the desired feature or features present in the switch. The switch can be easily configured to perform encryption, compression or both, allowing great flexibility to a system administrator. In a second embodiment frames can be encrypted by a switch and then provided to the storage device in this encrypted manner. The frames from the storage device are decrypted before provision to the requesting host. By performing the encryption and decryption in the switch, conventional hosts and storage devices can be utilized.
-
Citations
36 Claims
-
1. A switched fabric device, comprising:
-
hardware configured to process a received storage frame comprising a frame header and a frame payload, the frame payload comprising a storage header and a storage payload; wherein the hardware decompresses, decrypts, or decompresses and decrypts the frame payload to produce an unencrypted and uncompressed frame payload including an unencrypted storage header; and wherein the hardware further performs an encryption of the storage payload after production of the unencrypted and uncompressed frame payload, with the storage header remaining unencrypted. - View Dependent Claims (2, 3, 4)
-
-
5. A switched fabric device, comprising:
-
hardware configured to process a received storage frame comprising a frame header and a frame payload, the frame payload comprising a storage header and a storage payload; wherein the hardware decompresses, decrypts, or decompresses and decrypts the frame payload to produce an unencrypted and uncompressed frame payload including an unencrypted storage header; and wherein the hardware further performs a decryption of the storage payload after production of the unencrypted and uncompressed frame payload, with the unencrypted storage header remaining unaltered by the storage payload decryption. - View Dependent Claims (6, 7, 8, 9)
-
-
10. A switching device that performs a data encryption and/or decryption method, the switching device comprising:
-
hardware; wherein the hardware identifies a source address of a received storage frame as being indicative of an encrypted and/or compressed link, the received frame comprising a frame header and a frame payload, the frame payload comprising a storage header and a storage payload; wherein the hardware decompresses, decrypts, or decompresses and decrypts the frame payload, producing an unencrypted and uncompressed frame payload including an unencrypted storage header; and wherein the hardware encrypts the storage payload after producing the unencrypted and uncompressed frame payload, with the storage header remaining unencrypted. - View Dependent Claims (11, 12, 13)
-
-
14. A switching device that performs a data encryption and/or decryption method, the switching device comprising:
-
hardware; wherein the hardware identifies a source address of a received storage frame as being indicative of an encrypted and/or compressed link, the received frame comprising a frame header and a frame payload, the frame payload comprising a storage header and a storage payload; wherein the hardware decompresses, decrypts, or decompresses and decrypts the frame payload, producing an unencrypted and uncompressed frame payload including an unencrypted storage header; and wherein the hardware encrypts the storage payload after producing the unencrypted and uncompressed frame payload, with the unencrypted storage header remaining unaltered by the storage payload decryption. - View Dependent Claims (15, 16, 17, 18)
-
-
19. A network switching device, comprising:
-
means for compressing and decompressing at least part of a received frame, the received frame comprising a frame header and a frame payload, the frame payload comprising a storage header and a storage payload; and means for encrypting and decrypting at least part of the received frame coupled to the compressing and decompressing means; wherein said compressing and decompressing means decompresses, said encrypting and decrypting means decrypts, or said compressing and decompressing means decompresses and said encrypting and decrypting means decrypts the frame payload to produce an unencrypted and uncompressed frame payload including an unencrypted storage header; and wherein said encrypting and decrypting means further performs an encryption of the storage payload after production of the unencrypted and uncompressed frame payload, with the unencrypted storage header remaining unencrypted. - View Dependent Claims (20, 21, 22)
-
-
23. A network switching device, comprising:
-
means for compressing and decompressing at least part of a received frame, the received frame comprising a frame header and a frame payload, the frame payload comprising a storage header and a storage payload; and means for encrypting and decrypting at least part of the received frame coupled to the compressing and decompressing means; wherein said compressing and decompressing means decompresses, said encrypting and decrypting means decrypts, or said compressing and decompressing means decompresses and said encrypting and decrypting means decrypts the frame payload to produce an unencrypted and uncompressed frame payload including an unencrypted storage header; and wherein said encrypting and decrypting means further performs a decryption of the storage payload after production of the unencrypted and uncompressed frame payload, with the unencrypted storage header remaining unaltered by the storage payload decryption. - View Dependent Claims (24, 25, 26, 27)
-
-
28. A data encryption/decryption method, comprising:
-
identifying a source address of a received storage frame as being indicative of an encrypted and/or compressed link, the received frame comprising a frame header and a frame payload, the frame payload comprising a storage header and a storage payload; decompressing, decrypting, or decompressing and decrypting the frame payload, producing an unencrypted and uncompressed frame payload including an unencrypted storage header; and encrypting the storage payload after producing the unencrypted and uncompressed frame payload, with the storage header remaining unencrypted. - View Dependent Claims (29, 30, 31)
-
-
32. A data encryption/decryption method, comprising:
-
identifying a source address of a received storage frame as being indicative of an encrypted and/or compressed link, the received frame comprising a frame header and a frame payload, the frame payload comprising a storage header and a storage payload; decompressing, decrypting, or decompressing and decrypting the frame payload, producing an unencrypted and uncompressed frame payload including an unencrypted storage header; and decrypting the storage payload after producing the unencrypted and uncompressed frame payload, with the unencrypted storage header remaining unaltered by the storage payload decryption. - View Dependent Claims (33, 34, 35, 36)
-
Specification