System and method for supporting block-based protocols on a virtual storage appliance executing within a physical storage appliance

US 8,230,085 B2
Filed: 04/12/2004
Issued: 07/24/2012
Est. Priority Date: 04/12/2004
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a processor;

a memory coupled to the processor;

a storage operating system resident in the memory and executed by the processor, the storage operating system implementing a file system configured to provide storage service of information stored on the system;

a plurality of network interfaces configured to process received block-based protocol data access requests, each network interface assigned to one or more network addresses, each network interface further assigned an identifier that binds the network interface to an address space that includes the one or more network addresses; and

a plurality of context data structures stored in the memory and containing configuration information to establish a plurality of instances of virtual servers executed by the processor, each virtual server allocated resources that include a partitioning of the network interfaces and assigned network addresses to establish a distinct security domain for that virtual server that enables controlled access to the allocated network interfaces and assigned network addresses, each virtual server further configured to share access to the file system to service the block-based protocol data access requests by converting the block-based protocol data access requests to appropriate file system data requests when providing the storage service of the information stored on the system.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An architecture provides the ability to create and maintain multiple instances of virtual servers, such as virtual filers (vfilers), within a server, such as a storage appliance. A vfiler is a logical partitioning of network and storage resources of the storage appliance platform to establish an instance of a multi-protocol server. Each vfiler is allocated a subset of dedicated units of storage resources, such as volumes or logical sub-volumes (qtrees), and one or more network address resources. Each vfiler is also allowed shared access to a file system resource of a storage operating system. To ensure controlled access to the allocated and shared resources, each vfiler is further assigned its own security domain for each access protocol. A vfiler boundary check is performed by the file system to verify that a current vfiler is allowed to access certain storage resources for a requested file stored on the filer platform.

83 Citations

View as Search Results

18 Claims

1. A system comprising:
- a processor;
  
  a memory coupled to the processor;
  
  a storage operating system resident in the memory and executed by the processor, the storage operating system implementing a file system configured to provide storage service of information stored on the system;
  
  a plurality of network interfaces configured to process received block-based protocol data access requests, each network interface assigned to one or more network addresses, each network interface further assigned an identifier that binds the network interface to an address space that includes the one or more network addresses; and
  
  a plurality of context data structures stored in the memory and containing configuration information to establish a plurality of instances of virtual servers executed by the processor, each virtual server allocated resources that include a partitioning of the network interfaces and assigned network addresses to establish a distinct security domain for that virtual server that enables controlled access to the allocated network interfaces and assigned network addresses, each virtual server further configured to share access to the file system to service the block-based protocol data access requests by converting the block-based protocol data access requests to appropriate file system data requests when providing the storage service of the information stored on the system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The system of claim 1 further comprising storage media configured to store information as units of storage resources, the units of storage resources allocated among each of the virtual servers.
  - 3. The system of claim 2 wherein the units of storage resources comprise volumes.
  - 4. The system of claim 2 wherein the units of storage resources comprise qtrees.
  - 5. The system of claim 2 wherein the file system is configured to perform a boundary check to verify that a request is allowed to access certain units of the storage resources on the storage media, each virtual server further configured to create virtual disks within the units of storage resources and wherein each of the virtual disks is associated with one or more of the virtual servers.
  - 6. The system of claim 5 wherein the storage operating system further comprises a user interface having a command set configured to operate on the virtual disks, and wherein the command set executes within a context of a virtual server.
  - 7. The system of claim 6 wherein the user interfaces comprises a command line interface (CLI) configured to support the command set.
  - 8. The system of claim 7 wherein the CLI comprises a lun command configured to perform operations to a virtual disk associated with the context of the virtual server.
  - 9. The system of claim 8 wherein the lun command creates a logical unit number on the file system, the logical unit number being associated with the context of the virtual server.
  - 10. The system of claim 7 wherein the CLI comprises an igroup command that generates a set of file system primitives for binding an initiator group to one or more initiator addresses and wherein the initiator group is associated with the context of the virtual server.
  - 11. The system of claim 1 wherein the block-based protocol comprises Internet Small Computer System Interface (iSCSI).
  - 12. The system of claim 1 wherein the block-based protocol comprises Fibre Channel Protocol (FCP).
  - 13. The system of claim 1 wherein the system is further configured to process data access requests in response to one or more file-level protocols.

14. A method comprising:
- executing, by a processor, a storage operating system resident in a memory of a storage system, the storage operating system implementing a file system configured to provide storage service of information stored on the storage system;
  
  processing, by the processor coupled to a plurality of network interfaces, received block-based protocol data access requests;
  
  assigning each network interface to one or more network addresses;
  
  assigning each network interface an identifier that binds that network interface to an address space that includes the one or more network addresses;
  
  storing a plurality of context data structures in the memory, where each context data structure contains configuration information to establish a plurality of instances of virtual servers executed by the processor;
  
  allocating resources that include a partitioning of the network interfaces and assigned network addresses to each virtual server to establish a distinct security domain for that virtual server that enables controlled access to the allocated network interfaces and assigned network addresses; and
  
  sharing, amongst the virtual servers, access to the file system to service the block-based protocol data access requests by converting the block-based protocol data access requests to appropriate file system data requests when providing the storage service of the information stored on the storage system.
- View Dependent Claims (15, 16, 17)
- - 15. The method of claim 14 further comprising configuring storage media to store information as units of storage resources, the units of storage resources allocated among each of the virtual servers.
  - 16. The method of claim 15 wherein the units of storage resources comprise volumes.
  - 17. The method of claim 15 wherein the units of storage resources comprises qtrees.

18. A non-transitory computer readable medium containing executable program instructions executed by a processor, comprising:
- program instructions that execute a storage operating system resident in a memory of a storage system, the storage operating system implementing a file system configured to provide storage service of information stored on the storage system;
  
  program instructions that process block-based protocol data access requests received at a plurality of network interfaces;
  
  program instructions that assign each network interface to one or more network addresses;
  
  program instructions that assign each network interface an identifier that binds that network interface to an address space that includes the one or more network addresses;
  
  program instructions that store a plurality of context data structures in the memory, where each context data structure contains configuration information to establish a plurality of instances of virtual servers executed by the processor;
  
  program instructions that allocate resources that include a partitioning of the network interfaces and assigned network addresses to each virtual server to establish a distinct security domain for that virtual server that enables controlled access to the allocated network interfaces and assigned network addresses; and
  
  program instructions that share, amongst the virtual servers, access to the file system to service the block-based protocol data access requests by converting the block-based protocol data access requests to appropriate file system data requests when providing the storage service of the information stored on the storage system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NetApp, Inc.
Original Assignee
NetApp, Inc.
Inventors
Roa, Guillermo
Primary Examiner(s)
Neurauter, George C

Application Number

US10/822,431
Publication Number

US 20050228835A1
Time in Patent Office

3,025 Days
Field of Search

709/229, 709245-246, 711/6
US Class Current

709/229
CPC Class Codes

G06F 3/0605   by facilitating the interac...

G06F 3/0661   Format or protocol conversi...

G06F 3/067   Distributed or networked st...

System and method for supporting block-based protocols on a virtual storage appliance executing within a physical storage appliance

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

83 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for supporting block-based protocols on a virtual storage appliance executing within a physical storage appliance

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

83 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links