Storage security appliance with out-of-band management capabilities
First Claim
Patent Images
1. A method comprising:
- intercepting, at a data security appliance, out-of-band control traffic from a computing device directed to a data storage device, wherein the out-of-band control traffic includes a command to change a configuration of the data storage device;
forwarding the out-of-band control traffic from the data security appliance to the data storage device;
intercepting, at the data security appliance, a response from the data storage device that indicates the command was successfully executed; and
reconfiguring automatically and without user interaction, by the data security appliance, a parameter of the data security appliance associated with communication with the data storage device in accordance with the command in order to conform with a new configuration of the data storage device, wherein the reconfiguring is performed as a result of intercepting the response from the data storage device.
2 Assignments
0 Petitions
Accused Products
Abstract
A data security appliance intercepts out-of-band control traffic directed to a data storage device, wherein the out-of-band control traffic includes a command to change a configuration of the data storage device. The data security appliance is reconfigured in accordance with the command in order to conform with a new configuration of the data storage device.
-
Citations
21 Claims
-
1. A method comprising:
-
intercepting, at a data security appliance, out-of-band control traffic from a computing device directed to a data storage device, wherein the out-of-band control traffic includes a command to change a configuration of the data storage device; forwarding the out-of-band control traffic from the data security appliance to the data storage device; intercepting, at the data security appliance, a response from the data storage device that indicates the command was successfully executed; and reconfiguring automatically and without user interaction, by the data security appliance, a parameter of the data security appliance associated with communication with the data storage device in accordance with the command in order to conform with a new configuration of the data storage device, wherein the reconfiguring is performed as a result of intercepting the response from the data storage device. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A non-transitory machine readable medium including instructions that, when executed by a machine, cause the machine to perform a method comprising:
-
intercepting, at a data security appliance, communication traffic from a computing device directed to a data storage device; forwarding the communication traffic from the data security appliance to the data storage device; intercepting, at the data security appliance, a response from the data storage device that indicates a command was successfully executed; and if the communication traffic includes out-of-band control traffic having a command to change a configuration of the data storage device, reconfiguring automatically and without user interaction, a parameter of the data security appliance associated with communication with the data storage device in accordance with the command, wherein the reconfiguring is performed as a result of intercepting the response from the data storage device. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A security apparatus comprising:
-
a control proxy to intercept out-of-band control traffic transmitted between a storage device and a computing device, the computing device being at least one of a host or an administration station, wherein the control proxy is configured to forward the out-of-band control traffic from the security apparatus to the storage device; the control proxy to intercept a response from the storage device, the response indicating whether the configuration of the storage device has changed, and to forward the response to at least one of the host or the administration station; and a management module, connected with the control proxy, to examine control traffic from the storage device to determine whether a configuration of the storage device has changed, and to reconfigure automatically and without user interaction, a parameter of the security apparatus associated with communication with the storage device if the configuration of the storage device has changed. - View Dependent Claims (16, 17, 18, 19)
-
-
20. A method comprising:
-
intercepting, at a security appliance, data traffic and out-of-band control traffic transmitted from a host to a storage device, the out-of-band control traffic being formatted according to a first protocol and including a command to change a configuration of the storage device, and the data traffic being formatted according to a second protocol and including at least one of a read command or a write command, the host being a computing device; forwarding the out-of-band control traffic from the security appliance to the storage device; intercepting, at the security appliance, a response from the storage device that indicates the command was successfully executed; and reconfiguring automatically and without user interaction, by the security appliance, a parameter of the security appliance associated with communication with the storage device in accordance with the command in order to conform with a changed Configuration of the storage device, wherein the reconfiguring is performed upon intercepting the response from the data storage device.
-
-
21. A security apparatus comprising:
-
a first port to send unencrypted data traffic to, and receive unencrypted data traffic from, a host; a second port to send encrypted data traffic to, and to receive encrypted data traffic from, a storage device; a data proxy connected with the first port and the second port, the data proxy to manage encryption, decryption and transmission of data traffic; a third port to send out-of-band control traffic to, and to receive out-of-band control traffic from, one or more of a host, an administration station, and a storage device; a control proxy connected with the first port to receive the out-of-band control traffic, to modify the out-of-band control traffic to remove identifying information of at least one of the host, the administration station, or the storage device, and to examine control traffic from the storage device to determine whether a configuration of the storage device has changed; and a management module connected with the control proxy and with the data proxy, the management module to automatically and without user interaction, direct a reconfiguration parameter of the data proxy associated with communication with the storage device if the configuration of the storage device has changed.
-
Specification