Providing client access to devices over a network

US 8,554,914 B2
Filed: 06/27/2012
Issued: 10/08/2013
Est. Priority Date: 08/21/2003
Status: Expired due to Fees

First Claim

Patent Images

1. A computing system within a computerized network environment that includes a client system, a network provider, and one or more devices that can be accessed locally or over a network, the computing system comprising:

at least one processor; and

one or more storage medium having stored instructions which, when executed by the at least one processor, implement a method for providing the client system access to one or more of the devices through the network provider, wherein the method includes;

an act of identifying the one or more devices that can be accessed locally or over a network that includes a plurality of devices having unique device identifiers, wherein the one or more devices includes at least one device that is a virtual SCSI device accessible through an iSCSI protocol;

an act of generating a target that identifies a set of the one or more devices, and that includes at least one corresponding unique device identifier, wherein the set of one or more devices is determined based on each of the devices having at least one common group of clients authorized to access the device, and wherein a plurality of numbers are assigned to the unique device identifier corresponding to the set of one or more devices, which a SCSI bus is capable of using to differentiate between devices, the plurality of numbers being relevant only within the target corresponding to the set of one or more devices, such that multiple devices, partitions, and files can be assigned at least a same number;

an act of associating client authorization information identified by the network provider with the target that identifies the set of the one or more devices; and

an act of dynamically assigning the target to a port through a protocol-independent port driver at the network provider, such that only clients authorized by the associated client information are allowed to access the assigned port, thereby allowing only the clients access to the set of the one or more devices through the target, wherein the assignment of the port is dependent upon load balancing the network provider.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A centralized service identifies a pool of devices that can be accessed by clients over a network. Devices can include a local or network-accessible device, and a configurable file that represents a portion of a device (e.g., a SCSI storage device). In some cases, the devices (or the file representing a portion of the device) can be identified by an assigned logical unit number. The centralized service assigns one or more devices to a target, and associates client information with the target. The centralized service also can also assign the target a logical unit number, and assign the target to a protocol-independent portal, which further operates through protocol-dependent miniports. In one embodiment, a client accesses a network device by accessing the appropriate port through an appropriate miniport protocol (e.g., Ethernet, fiber channel, etc.), and by submitting appropriate target authorization.

11 Citations

View as Search Results

20 Claims

1. A computing system within a computerized network environment that includes a client system, a network provider, and one or more devices that can be accessed locally or over a network, the computing system comprising:
- at least one processor; and
  
  one or more storage medium having stored instructions which, when executed by the at least one processor, implement a method for providing the client system access to one or more of the devices through the network provider, wherein the method includes;
  
  an act of identifying the one or more devices that can be accessed locally or over a network that includes a plurality of devices having unique device identifiers, wherein the one or more devices includes at least one device that is a virtual SCSI device accessible through an iSCSI protocol;
  
  an act of generating a target that identifies a set of the one or more devices, and that includes at least one corresponding unique device identifier, wherein the set of one or more devices is determined based on each of the devices having at least one common group of clients authorized to access the device, and wherein a plurality of numbers are assigned to the unique device identifier corresponding to the set of one or more devices, which a SCSI bus is capable of using to differentiate between devices, the plurality of numbers being relevant only within the target corresponding to the set of one or more devices, such that multiple devices, partitions, and files can be assigned at least a same number;
  
  an act of associating client authorization information identified by the network provider with the target that identifies the set of the one or more devices; and
  
  an act of dynamically assigning the target to a port through a protocol-independent port driver at the network provider, such that only clients authorized by the associated client information are allowed to access the assigned port, thereby allowing only the clients access to the set of the one or more devices through the target, wherein the assignment of the port is dependent upon load balancing the network provider.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The computing system as recited in claim 1, wherein the set of the one or more devices can be accessed locally through a local access protocol.
  - 3. The computing system as recited in claim 1, wherein the set of the one or more devices is a network device that can be accessed on a network through a network access protocol.
  - 4. The computing system as recited in claim 1, wherein the act of identifying a set of one or more devices further includes an act of creating one or more devices that can be accessed over the network.
  - 5. The computing system as recited in claim 4, wherein the act of creating one or more devices includes an act of identifying at least one of a partition or file, wherein the at least one of a partition or file represents at least a portion or file can be configured by the network provider to provide the client modifiable access to the portion of the set of one of the one or more devices, and wherein the at least one of the partition or file is assigned one of the numbers.
  - 6. The computing system as recited in claim 1, the method further comprising an act of providing client access to one or more of a port, a WWN, and a portal through the protocol-independent port driver, such that the protocol-independent port driver is accessed though one or more protocol-dependent mini-ports.
  - 7. The computing system as recited in claim 6, wherein the protocol-independent port driver and one or more protocol-dependent mini-port drivers are managed by the centralized service, and wherein the one or more protocol-dependent mini port drivers plug-in to the protocol-independent port driver.
  - 8. The computing system as recited in claim 7, wherein at least one of the one or more protocol-dependent miniport drivers communicates through one or more of an Ethernet, Token Ring, fiber channel, USB, or wireless protocol.
  - 9. The computing system as recited in claim 1, wherein the virtual SCSI device is a storage device, and the network comprises a storage area network, wherein the storage device is one or more of an internal or external magnetic storage medium, an optical storage medium, and a tape backup drive.
  - 10. The computing system as recited in claim 1, wherein the network provider manages one or more targets, one or more drivers, and authentication information for one or more clients through a centralized directory service.
  - 11. The computing system as recited in claim 10, wherein the network device identifier is identified by a target name and a (Logical Unit Number) LUN that has been assigned to the at least one device by the centralized directory service.
  - 12. The computing system as recited in claim 1, wherein each of the plurality of numbers is a Logical Unit Number (LUN).

13. A computing system within a computerized network environment that includes a client system, a network provider, and one or more devices that can be accessed locally or over a network, the computing system comprising:
- at least one processor; and
  
  one or more storage medium having stored instructions which, when executed by the at least one processor, implement a method for providing the client system access to one or more of the devices over the network through the network provider, the method including;
  
  an act of identifying a set of the one or more partitions or files representing portions of devices that can be accessed locally or over a network, the set being based on one or more partitions or files having commonly authorized client access and consisting of only partitions or files to which the client has been assigned and to which the client is to be provided access, wherein the one or more partitions or files are on at least one device that is a virtual SCSI device accessible through an iSCSI protocol;
  
  an act of generating a target that identifies the set of the one or more partitions or files, and that includes at least one corresponding device identifier, wherein the set of one or more partitions or files is identified based on each of the devices having at least one common group of clients authorized to access the devices, and wherein the at least one corresponding device identifier is assignable to multiple different partitions and files, and which is given relevance only when associated with the device identifier;
  
  an act of associating client authorization information identified by the network provider with the target that identifies the set of the one or more partitions or files; and
  
  a step for dynamically exposing the set of the one or more partitions or files to the client through a specific one of a dynamically assigned network port, a WWN, and a portal, such that the client can access the set of the one or more partitions or files identified by the target when the client has access to the specific one of a dynamically assigned network port, a WWN, and portal, and when (the client presents the associated client authorization to the network provider.
- View Dependent Claims (14, 15)
- - 14. The computing system as recited in claim 13, wherein the step for exposing the set of the one or more devices to the client through a specific one of a network port, a WWN, and a portal comprises:
    - an act of assigning the target to a port through a protocol-independent port driver at the network provider; and
      
      an act of providing client access to the specific one of a port, a WWN, and a portal through the protocol-independent port driver, such that the protocol-independent port driver is accessed through one or more protocol-dependent mini-ports, wherein the client is provided access to the specific one of a port, a WWN, and a portal by virtue of being authenticated at one or more of a local centralized service provider, and a remote authentication database.
  - 15. The computing system as recited in claim 13, wherein the device identifier is a Logical Unit Number (LUN), such that said same number is also a LUN.

16. A computing system within a computerized network environment that includes a client computer and a storage service provider on a storage area network that includes one or more storage devices:
- at least one processor; and
  
  one or more storage medium having stored instructions which, when executed by the at least one processor, implement a method of providing the client computer with access to one or more of the storage devices on the storage service provider, the method including;
  
  an act of identifying one or more device identifiers corresponding to one or more partitions or files representing storage devices on a storage service provider, wherein the partitions or files allow access to portions of the storage devices and enable a first device type to emulate a second device type, wherein the one or more device identifiers includes a target name and an identifier that has been assigned to the one or more partitions or files by a centralized directory service;
  
  an act of receiving from the centralized directory service a modifiable client resource that identifies client authorization to access the storage device, and a portion of the storage device that the client can access, wherein the centralized directory maintains authentication information for the client, and at least one of a work group identity, network location, and physical location, and further maintains identifier information for the one or more partitions or files and configuration information defining how the client accesses a partition or file representing a storage device, wherein the centralized directory service includes the same identifier assigned to multiple, different partitions or files, such that the same identifier has relevancy only within a particular target;
  
  an act of creating a target containing a plurality of logical unit numbers that have been assigned to the identified device identifiers, the target consisting of only logical units numbers to which the client has been assigned and to which the client is to be provided access, wherein the client can access only those storage devices represented by a logical unit number contained in the target using storage service provider, and wherein access to the target is provided according to the modifiable client resource;
  
  an act of providing the client computer access to the file or partition representing the storage device identified by the target through a client-restricted port on the storage service provider, wherein the client restricted port is dynamically assigned by the centralized directory service based on storage service provider load balancing and failover protection, such that when the client has knowledge of, access to, the client-restricted port, the client can access the storage device by providing the storage service provider with client authorization and a Uniform Resource Locator including the dynamically assigned port number.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The computing system as recited in claim 16, wherein the identifier is a Logical Unit Number.
  - 18. The computing system as recited in claim 16, wherein the client-restricted port is managed by the centralized directory service and a protocol-independent port driver that receives network traffic through one or more protocol-dependent mini-port drivers.
  - 19. The computing system as recited in claim 18, wherein the one or more protocol-dependent mini-port drivers are plug-ins to the protocol-independent port driver.
  - 20. The computing system as recited in claim 19, wherein at least one of the one or more mini-port drivers communicates through a Token Ring protocol.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Warwick, Alan, Ramasubramanian, Narasimham, Dai, Chung Lang
Primary Examiner(s)
MACILWINEN, JOHN MOORE JAIN

Application Number

US13/534,949
Publication Number

US 20120265880A1
Time in Patent Office

468 Days
Field of Search

709/223, 709/225, 709/229
US Class Current

709/225
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/10   for controlling access to d...

H04L 67/1097   for distributed storage of ...

Providing client access to devices over a network

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

11 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Providing client access to devices over a network

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

11 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links