iSCSI name forwarding technique
First Claim
1. A method for allowing a security appliance, having a processor and a memory, to assume Internet Small Computer System Interface (iSCSI) names of one or more clients and one or more storage systems in a network, the method comprising:
- intercepting a first discovery request issued by a client at the security appliance configured to perform at least one of encrypting and decrypting data transmitted between the one or more clients and the one or more storage systems, the first discovery request destined to the storage system and configured to request iSCSI target names exported by the system to the client;
extracting, by the security appliance, an iSCSI initiator name of the client from the first discovery request;
storing, at the security appliance, the iSCSI initiator name, extracted from the first discovery request, in an iSCSI name mapping table of the security appliance;
querying the storage system with a second discovery request issued by the security appliance to retrieve the iSCSI target names exported to the client;
populating the iSCSI name mapping table with the exported iSCSI target names at the security appliance; and
forwarding the exported iSCSI target names from the security appliance to the client, thereby presenting the security appliance as storage accessible by the client.
3 Assignments
0 Petitions
Accused Products
Abstract
An iSCSI name forwarding technique allows a security appliance to assume iSCSI names of one or more clients and one or more storage systems in a network. The security appliance is coupled between each client and storage system, and is configured to intercept a data access request issued by the client that is destined for the storage system. Each iSCSI name of the storage system is an iSCSI target name associated with secure storage, i.e., a cryptainer, served by the storage system, whereas the iSCSI name of the client is an iSCSI initiator name of the network entity, i.e., the client, which initiates the data access request to access data stored on the cryptainer.
-
Citations
20 Claims
-
1. A method for allowing a security appliance, having a processor and a memory, to assume Internet Small Computer System Interface (iSCSI) names of one or more clients and one or more storage systems in a network, the method comprising:
-
intercepting a first discovery request issued by a client at the security appliance configured to perform at least one of encrypting and decrypting data transmitted between the one or more clients and the one or more storage systems, the first discovery request destined to the storage system and configured to request iSCSI target names exported by the system to the client; extracting, by the security appliance, an iSCSI initiator name of the client from the first discovery request; storing, at the security appliance, the iSCSI initiator name, extracted from the first discovery request, in an iSCSI name mapping table of the security appliance; querying the storage system with a second discovery request issued by the security appliance to retrieve the iSCSI target names exported to the client; populating the iSCSI name mapping table with the exported iSCSI target names at the security appliance; and forwarding the exported iSCSI target names from the security appliance to the client, thereby presenting the security appliance as storage accessible by the client. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A security appliance configured to assume Internet Small Computer System Interface (iSCSI) names of one or more clients and one or more storage systems in a network, the security appliance comprising:
-
one or more network adapters configured to couple the security appliance to each client and storage system, where the security appliance is configured to perform at least one of encrypting data and decrypting data transmitted between the one or more clients and the one or more storage systems; a processor coupled to each network adapter and configured to execute software processes and modules; and a memory configured to store an iSCSI module configured to acquire the iSCSI names of a client and a storage system through interception of a first discovery request issued by the client and issuance of a second discovery request by the security appliance to the storage system, and a box manager process configured to create an iSCSI name mapping table for storing the acquired iSCSI names, the iSCSI module further configured to utilize the acquired iSCSI names to access storage served by the storage system on behalf of the client. - View Dependent Claims (8)
-
-
9. An apparatus configured to allow a security appliance, having a processor and a memory, to assume Internet Small Computer System Interface (iSCSI) names of one or more clients and one or more storage systems in a network, the apparatus comprising:
-
means for extracting, by the security appliance, an iSCSI initiator name from a client issued first discovery request intercepted by the security appliance, wherein the security appliance is configured to perform at least one of encrypting data and decrypting data transmitted between the one or more clients and the one or more storage system; means for storing the extracted iSCSI initiator name in an iSCSI name mapping table of the security appliance; means for querying the storage system with a second discovery request issued by the security appliance to retrieve the iSCSI target names exported to the client and for populating the iSCSI name mapping table with the exported iSCSI target names at the security appliance; and means for forwarding the exported iSCSI target names from the security appliance to the client, thereby presenting the security appliance as storage accessible by the client. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A non-transitory computer readable medium containing executable program instructions executed by a processor, comprising:
-
program instructions that intercept a first discovery request issued by a client at a security appliance, the first discovery request destined to a storage system and configured to request Internet Small Computer System Interface (iSCSI) target names exported by the storage system to the client, wherein the security appliance is configured to perform at least one of encrypting data and decrypting data transmitted between the client and the storage system; program instructions that extract by the security appliance and store at the security appliance an iSCSI initiator name of the client from the request; program instructions that query the storage system with a second discovery request issued by the security appliance to retrieve the iSCSI target names exported to the client; and program instructions that forward the exported iSCSI target names from the security appliance to the client, thereby presenting the security appliance as storage accessible by the client. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification