`
`1. A storage router for providing
`virtual local storage on remote
`storage devices to devices, comprising:
`
`a buffer providing memory work space
`for the storage router;
`
`U.S. Patent No. 6,219,771 to Kikuchi,
`et al., filed August 18, 1997, issued
`April 17, 2001
`"Data storage apparatus with
`improved security process and
`partition allocation functions"
`The '771 invention describes virtual
`local storage:
`"Furthermore, with the move to large
`volume disk apparatus, it is possible to
`consider partitioning a single disk and then
`having each host use a different partition,
`but with conventional disk apparatus it has
`not been possible, while using a single
`interface, to identifY a host device and then
`have each host devic~use a different
`partition." [1 :58-63]
`
`"With the invention of the fourth apparatus,
`the disk apparatus is able to identifY a host
`device from the host address imbedded
`within the command sent from the host
`device. Moreover because a partition offset
`information value is stored for each host
`device, the disk apparatus is able to allocate
`a different disk partition to each host device.
`Consequently, a single disk apparatus can
`essentially appear as a different disk to
`each host device, enabling the efficient
`usage of modem largevolume disk
`apparatus." [8:37-45]
`The '771 invention includes a buffer
`providing memory work space for the
`storage router:
`"With this third apparatus, host information
`relating to access authorization is not stored
`internally beforehand, but rather is sent
`from the host devices which control the disk
`at the point of disk startup. Consequently,
`the amount of non volatile memory set aside
`for data storage can be reduced." [3: 1-5]
`
`"A RAM (randomaccess memory) 109 is
`memory which is used, as required, for
`
`(cid:20)(cid:3)(cid:82)(cid:73)(cid:3)(cid:20)(cid:19)
`
` CROSSROADS EXHIBIT 2014
`Oracle Corp. et al v Crossroads Systems, Inc.
` IPR2014-01177
`
`
`
`a first controller operable to connect to
`and interface with a first transport
`medium;
`
`:;;::
`::::
`
`a second controller operable to
`connect to and interface with a second
`transport medium; and
`
`temporarily storing data during execution
`of a program." [5:21-23]
`The '771 invention includes a Fibre
`Channel controller operable to connect
`to and interface with a Fibre Channel
`transport medium:
`"Common ways of connecting the host
`device and the disk apparatus include a
`SCSI (Small Computer System Interface)
`and Fibre Channel." [1:31-33]
`
`"A first apparatus according to the present
`invention comprises: a host device interface
`for sending and receiving data to and from a
`plurality ofhost devices, a data storage
`device for storing data to be sent to a host
`device, and a control device for controlling
`the writing of data to, and the reading of
`data from, the data storage device." [2:7-12]
`
`"With a third apparatus, a construction is
`adopted where in addition to the items
`which characterize the second apparatus, the
`host check unit incorporates a startup setting
`function which requests host information
`from a plurality of host devices when the
`control device is activated." [2:63-67]
`
`"A host device interface 112 is an interface
`for exchanging commands and data from a
`host device with the disk apparatus 101. In
`the case of a disk array, a SCSI is used for
`both the host device interface 112 and for
`the disk interface 111, but generally it is
`acceptable for the host device interface 112
`and the disk interface Ill to be of different
`types.
`
`"For example, a Fibre Channel could be
`used for the host device interface 112 and a
`SCSI used for the disk interface 111." [30-
`39]
`The '771 invention includes a SCSI
`controller operable to connect to and
`inteiface with a SCSI bus transport
`medium:
`
`2
`
`(cid:21)(cid:3)(cid:82)(cid:73)(cid:3)(cid:20)(cid:19)
`
`
`
`"Common ways of connecting the host
`device and the disk apparatus include a
`SCSI (Small Computer System Interface)
`and Fibre Channel." [1:31-33]
`
`"A first apparatus according to the present
`invention comprises: a host device interface
`for sending and receiving data to and from a
`plurality of host devices, a data storage
`device for storing data to be sent to a host
`device, and a control device for controlling
`the writing of data to, and the reading of
`data from, the data storage device." [2:7-12]
`
`"A disk interface 111 is an interface for
`exchanging data and commands between
`the CPU and a data storage unit 1 05 which
`will be either a disk or some other storage
`medium." [5:26-29]
`
`"A host device interface 112 is an interface
`for exchanging commands and data from a
`host device with the disk apparatus 101. In
`the case of a disk array, a SCSI is used for
`both the host device interface 112 and for
`the disk interface Ill, but generally it is
`acceptable for the host device interface 112
`and the disk interface Ill to be of different
`types.
`
`"For example, a Fibre Channel could be
`used for the host device interface 112 and a
`SCSI used for the disk interface Ill." [30-
`39]
`The '771 invention's functions are
`generally performed in hosts, which
`suggests moving this function to an
`internal supervisor unit:
`"A first apparatus according to the present
`invention comprises: a host device interface
`for sending and receiving data to and from a
`plurality of host devices, a data storage
`device for storing data to be sent to a host
`device, and a control device for controlling
`the writing of data to, and the reading of
`data from, the data storage device." [2:7-121
`
`3
`
`(cid:22)(cid:3)(cid:82)(cid:73)(cid:3)(cid:20)(cid:19)
`
`a supervisor unit coupled to the first
`controller, the second controller and the
`buffer,
`
`
`
`the supervisor unit operable to map
`between devices connected to the first
`transport medium and the storage
`devices,
`
`"With this third apparatus, host information
`relating to access authorization is not stored
`internally beforehand, but rather is sent
`from the host devices which control the disk
`at the point of disk startup. Consequently,
`the amount of non volatile memory set aside
`for data storage can be reduced." [3: 1-5]
`
`"An example configuration of the above
`embodiment which uses a general purpose
`CPU (central processing unit) is shown in
`FIG. 3. A disk apparatus 101 comprises a
`CPU 1 06 which performs the centralized
`function of controlling reading and writing.
`The CPU 106 is connected to various
`circuit devices via a bus 107. Of these
`devices, a ROM (read only memory) 108 is
`memory solely for reading, and stores
`various programs and fixed data." rs:13-20l
`The '771 invention maintains a
`configuration for SCSI storage devices
`connected to the SCSI bus transport
`medium that maps between Fibre
`Channel devices and SCSI storage
`devices:
`"Furthermore, with the move to large
`volume disk apparatus, it is possible to
`consider partitioning a single disk and then
`having each host use a different partition,
`but with conventional disk apparatus it has
`not been possible, while using a single
`interface, to identifY a host device and then
`have each host device use a different
`partition." [ 1 :58-63]
`
`"The control device comprises an address
`registration unit, in which the host address
`of each host device has been registered in
`advance, for the purpose of authorizing
`access, a command interpretation and
`execution unit which on receipt of a
`command from a host device via the host
`device interface outputs the host address of
`the host device based on the command, and
`an address verification unit for verifying the
`
`4
`
`(cid:23)(cid:3)(cid:82)(cid:73)(cid:3)(cid:20)(cid:19)
`
`
`
`host address output from the command
`interpretation and execution unit against the
`host address registered in the address
`registration unit, and for determining
`whether or not the particular host device has
`access authorization." [2:13-23]
`
`"As a second apparatus according to the
`present invention a construction is adopted
`where, in addition to the items which
`characterize the first apparatus, a host
`information storage unit in which
`information about the hosts such as host
`names and passwords is stored, is
`incorporated into the address registration
`unit, and a host check unit which, on receipt
`of host information from a host, determines
`whether or not that particular host has
`access authorization based on the host
`information received from the host and the
`host information stored in the host
`information storage unit, is incorporated
`into the command interpretation and
`execution unit, and this host check unit
`incorporates an address registration
`function which registers the access
`authorization based on the host information,
`and the host address determined for the host
`device, in the address registration unit."
`[2:37-51]
`
`"With this second apparatus, when a host
`device logs in to the disk apparatus seeking
`authorization to use the disk, the address is
`registered in the address registration unit,
`and subsequently, the host address is
`extracted from any commands sent from the
`host device and verified against the host
`address registered in the address
`registration unit, and in those cases where
`access is authorized the command
`interpretation and execution unit transmits
`the command from the host device to the
`data storage unit and executes the
`command. In this way, any alterations in
`host address can be easily accommodated."
`
`5
`(cid:24)(cid:3)(cid:82)(cid:73)(cid:3)(cid:20)(cid:19)
`
`
`
`[2:52-62]
`
`"As a fourth apparatus according to the
`present invention a construction is adopted
`where, in addition to the items which
`characterize the first apparatus, the control
`device comprises: an offset information
`generation unit, which on the basis of a host
`address output from the command
`interpretation and execution unit generates
`offiet information for the disk partition for
`that particular host device, and an actual
`partition address generation unit which on
`the basis of the address for reading and
`writing to the disk apparatus, and the offset
`information, generates an actual disk
`partition address and then outputs that
`actual partition address to the command
`interpretation and execution unit." [3:6-17]
`
`"With this fourth apparatus, the disk
`capacity is partitioned amongst the various
`host devices, and the various host addresses
`and the offiet iriformation for each partition
`are coordinated beforehand. When a
`command is received from a host device,
`the command interpretation and execution
`unit extracts the host address from the
`command and sends it to the offset
`information generation unit. The offset
`information generation unit then uses a
`correlation chart of host devices and offiet
`iriformation which has been stored in
`advance, and generates offset information
`which corresponds to the particular host
`device and sends this information to the
`actual partition address generation unit. The
`actual partition address generation unit
`combines the theoretical disk address
`included in the command from the host
`device and the offset information, and
`generates an actual disk partition address.
`In this way, the disk partition
`corresponding to the host device from which
`the command was sent is accessed." [3: 18-
`351
`
`6
`(cid:25)(cid:3)(cid:82)(cid:73)(cid:3)(cid:20)(cid:19)
`
`
`
`to implement access controls for
`storage space on the storage devices
`and
`to process data in the buffer to
`interface between the first controller
`and the second controller to allow
`access from devices connected to the
`first transport medium to the storage
`devices
`
`"The technique for determining access
`authorization could for example involve the
`registration of the host addresses of those
`host devices for which access is authorized
`in the address registration unit I 04 and
`comparison of these address with the host
`address extracted from each command, with
`authorization being given in the case of a
`matching address. Alternatively, the host
`addresses of those host devices for which
`access is not authorized could be registered
`in the address registration unit I 04, and
`authorization given if the host address
`extracted from the command did not match
`any of the registered addresses." r4:35-45l
`
`The '771 invention processes data in the
`buffer to interface between the Fibre
`Channel controller and the SCSI
`controller to allow access from Fibre
`Channel initiator devices to SCSI
`storage devices:
`"A conventional disk apparatus 201
`comprises a command interpretation and
`execution unit 202 which interprets
`commands from a host device as well as
`executing those commands, and a data
`storage unit 203 in which data is stored."
`[1:19-23]
`
`"With this first apparatus, the host address
`is extracted from the command sent from a
`host device and verified against those host
`addresses registered in the address
`registration unit for the purpose of
`determining access authorization. As a
`result, if access is authorized, the disk
`apparatus accepts the command which has
`been sent and disk read/write functions are
`performed. In this way, only authorized host
`devices gain access to the data storage
`unit." [2:29-36]
`
`7
`
`(cid:26)(cid:3)(cid:82)(cid:73)(cid:3)(cid:20)(cid:19)
`
`
`
`'
`
`using native low level, block
`protocols.
`
`"With a SCSI generally the host device
`interface is the initiator and the disk
`apparatus interface the target. When
`sending a command to the disk apparatus,
`the host device interface, the initiator,
`secures the bus in the arbitration phase,
`selects the disk apparatus in the selection
`phase, and then enters the information
`transfer phase for sending the command or
`data." r2:52-58l
`The '771 invention uses native low
`level, block protocols in accordance
`with the corifiguration:
`"The command interpretation and execution
`unit 202, in the case of a read command for
`example, interprets the command, and
`recognizing the command as a read
`command directs the data storage unit 203
`to read. The data storage unit 203 reads the
`stored data based on the read directions
`from the command interpretation and
`execution unit 202, and then transfers the
`data to the host device." [1: 23-30]
`
`"With this first apparatus, the host address
`is extracted from the command sent from a
`host device and verified against those host
`addresses registered in the address
`registration unit for the purpose of
`determining access authorization. As a
`result, if access is authorized, the disk
`apparatus accepts the command which has
`been sent and disk read/write functions are
`performed. In this way, only authorized host
`devices gain access to the data storage unit."
`[2:29-36]
`
`"In those instances where a disk drive with
`a SCSI interface is used as the data storage
`unit, the commands which can be sent from
`the command interpretation and execution
`unit 1 02 to the data storage unit 105 are not
`limited to just read and write commands for
`data, but can also indicate commands in
`general retained by the SCSI interface."
`[5:55-60]
`
`8
`
`(cid:27)(cid:3)(cid:82)(cid:73)(cid:3)(cid:20)(cid:19)
`
`
`
`2. The storage router of claim 1,
`wherein the supervisor unit maintains
`an allocation of subsets of storage space
`to associated devices connected to the
`first transport medium, wherein each
`subset is only accessible by the
`associated device connected to the first
`transport medium.
`
`The '771 invention includes an
`allocation ofsubsets of storage space to
`associated Fibre Channel devices,
`wherein each subset is only accessible
`by the associated Fibre Channel device:
`"The apparatus enables access authorization
`to be assigned solely to specific host
`devices." [Abstract]
`
`"With conventional disk apparatus, a
`problem arises that in the case where a
`single disk is able to be accessed by a
`plurality ofhosts devices, access
`authorization can not be restricted to
`specific host devices." [1 :54-57]
`
`"It is an object of the present invention to
`improve the deficiencies inherent in the
`conventional devices discussed above, and
`in particular to provide a disk apparatus in
`which each host device can be treated
`differently, so that for example access
`authorization can be assigned solely to
`speczjic host devices, or furthermore, each
`host device can gain access to a different
`partition while using the same interface. "
`[1 :66-2:6]
`
`"The present invention is configured and
`functions in the manner outlined above,
`with the invention of the first apparatus
`enabling the provision of a highly secure
`and advanced disk apparatus of a type not
`currently available, wherein determination
`ofaccess authorization for a host device is
`based on the host address imbedded in the
`command sent from that particular host
`device, thus enabling commands to be
`accepted only from specified host devices."
`[8:10-16]
`
`The '771 invention includes hard disk
`
`9
`
`(cid:28)(cid:3)(cid:82)(cid:73)(cid:3)(cid:20)(cid:19)
`
`3. The storage router of claim 2,
`wherein the devices connected to the
`first transport medium comprise
`workstations.
`4. The storage router of claim 2,
`
`
`
`drives:
`"The present invention relates to a disk
`apparatus, and in particular to a disk
`apparatus which can be accessed by a
`plurality of host devices." ri :8-101
`
`wherein the storage devices comprise
`hard disk drives.
`
`5. The storage router of claim 1,
`wherein the first controller comprises:
`a first protocol unit operable to
`connect to the first transport medium;
`a frrst-in-first-out queue coupled to
`the first protocol unit; and
`a direct memory access (DMA)
`interface coupled to the first-in-first-
`out queue and to the buffer.
`6. The storage router of claim 1,
`wherein the second controller
`comprises:
`a second protocol unit operable to
`connect to the second transport
`medium;
`an internal buffer coupled to the
`second protocol unit; and
`a direct memory access (DMA)
`interface coupled to the internal buffer
`and to the buffer of the storage router.
`
`10
`(cid:20)(cid:19)(cid:3)(cid:82)(cid:73)(cid:3)(cid:20)(cid:19)
`
`