`It0 et al.
`
`USOO6684209B1
`(10) Patent No.:
`US 6,684,209 B1
`(45) Date of Patent:
`Jan. 27, 2004
`
`(54) SECURITY METHOD AND SYSTEM FOR
`STORAGE SUBSYSTEM
`
`(75)
`
`Inventors: Ryusuke Ito, Odawara (JP); Yoshinori
`Okami, Odawara (JP)
`(73) Assignee: Hitachi, Ltd., Tokyo (JP)
`(*) Notice:
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`U.S.C. 154(b) by 0 days.
`
`(21) Appl. No.:
`09/561,404
`Apr. 27, 2000
`(22) Filed:
`Foreign Application Priority Data
`(30)
`Jan. 14, 2000 (JP) ....................................... 2000-0101.15
`(51) Int. Cl." ................................................ G06F 17/30
`(52) U.S. Cl. ................
`... 707/9; 707/10
`(58) Field of Search ................................. 711/153, 100,
`711/152, 5, 114; 345/418; 707/9, 10; 703/23;
`713/201
`
`(56)
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`
`3/2002 Robbins et al. ............. 711/114
`2002/0O29319 A1
`FOREIGN PATENT DOCUMENTS
`
`2/1998
`12/1998
`
`O 881560 A2
`EP
`JP
`10-333839
`* cited by examiner
`Primary Examiner Kim Vu
`ASSistant Examiner-Gwen Liang
`(74) Attorney, Agent, or Firm Townsend and Townsend
`and Crew LLP
`ABSTRACT
`(57)
`According to the present invention, techniques for perform
`ing Security functions in computer Storage Subsystems in
`order to prevent illegal access by the host computers accord
`ing to logical unit (LU) identity are provided. In represen
`tative embodiments management tables can be used to
`disclose the Logical Unit in the Storage Subsystem to the host
`computers in accordance with the users operational needs. In
`a specific embodiment, accessibility to a storage Subsystem
`resource can be decided when an Inquiry Command is
`received, providing Systems and apparatus wherein there is
`no further need to repeatedly determine accessibility for
`Subsequent accesses to the Logical Unit. Many Such
`embodiments can maintain relatively high performance,
`while providing robust security for each LU.
`
`6,260,120 B1 *
`6,295,575 B1 *
`
`7/2001 Blumenau et al. .......... 711/152
`9/2001 Blumenau et al. ............. 711/5
`
`38 Claims, 23 Drawing Sheets
`
`2101
`
`-R - induiry Command
`
`* SLD
`Target LUN
`
`"WWN-S D Conversion Table"
`
`2102
`
`
`
`Searches for the Virtual LUN
`using the WWN as a key
`
`2107
`
`l
`2106
`
`S FCPDATA(Inquiry data)
`
`Petitioners Microsoft Corporation and HP Inc. - Ex. 1020, p. 1
`
`
`
`U.S. Patent
`
`Jan. 27, 2004
`
`Sheet 1 of 23
`
`US 6,684,209 B1
`
`FIG.1
`
`
`
`105
`
`106
`
`107
`
`Host computers A
`
`Host computers B
`
`Host computers C
`
`108 N \o
`
`110
`
`111
`
`Fiber channe
`
`112
`1
`
`Storage
`Subsystem
`
`103
`
`Communication
`Control unit
`
`123
`
`Maintenance
`terminal unit
`
`Non volatile
`memory
`
`119
`
`Cache
`
`120
`
`Storage control unit
`
`117
`
`Petitioners Microsoft Corporation and HP Inc. - Ex. 1020, p. 2
`
`
`
`U.S. Patent
`
`Jan. 27, 2004
`
`Sheet 2 of 23
`
`US 6,684,209 B1
`
`FIG.2
`
`2O2
`
`203
`
`201
`
`204
`
`205 206
`
`2O7
`208
`31-24 bit 23-16 bit
`0 word RCTL
`/
`
`15-8 bit
`DID
`
`
`
`7-0 bit
`
`
`
`
`
`
`
`
`
`
`
`Petitioners Microsoft Corporation and HP Inc. - Ex. 1020, p. 3
`
`
`
`U.S. Patent
`
`Jan. 27, 2004
`
`Sheet 3 of 23
`
`US 6,684,209 B1
`
`FIG.3
`
`1
`30
`
`
`
`3O2
`
`303
`
`
`
`
`
`
`
`
`
`
`
`
`
`307
`
`308
`
`
`
`
`
`
`
`
`
`31-24 bit 23-16 bit
`0 word RCTL
`/
`
`15-8 bit
`DID
`
`7-0 bit
`
`
`
`
`
`contents
`
`Size
`
`N Port Name
`
`Reserved
`Vendor Version Level
`
`16Bye
`16 Byte
`
`
`
`
`
`
`
`
`
`Petitioners Microsoft Corporation and HP Inc. - Ex. 1020, p. 4
`
`
`
`U.S. Patent
`
`Jan. 27, 2004
`
`Sheet 4 of 23
`
`US 6,684,209 B1
`
`FIG.4
`
`401
`
`402
`
`LOGIN requesting unit
`
`LOGIN receiving unit
`
`PLOG frame
`NPort Name
`Node Name
`SID
`
`
`
`When accepting LOGIN
`ACC frame
`
`404
`
`
`
`When rejecting LOGIN
`LS RJT frame
`
`405
`
`
`
`
`
`
`
`
`
`
`
`
`
`Petitioners Microsoft Corporation and HP Inc. - Ex. 1020, p. 5
`
`
`
`U.S. Patent
`
`Jan. 27, 2004
`
`Sheet 5 of 23
`
`US 6,684,209 B1
`
`FIG.5
`
`
`
`502
`
`501
`
`503
`
`Data Field
`
`31-24 bit 23-16 bit?
`O word RCTL |
`/
`
`15-8 bit
`DID
`
`7-0 bit
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`FCPCMND
`FCPLUN FCP CNTL |
`
`
`
`FCP CDB (Inquiry)
`
`FCP DL
`
`507
`
`508
`
`509
`
`510
`
`Petitioners Microsoft Corporation and HP Inc. - Ex. 1020, p. 6
`
`
`
`U.S. Patent
`
`Jan. 27, 2004
`
`Sheet 6 of 23
`
`US 6,684,209 B1
`
`FIG.6
`
`602
`contents-1
`Location I-1
`Device Type Code (5 bits)
`Qualifier (3bits)
`(the remaining omitted)
`
`
`
`
`
`
`
`Logical Unit Status
`
`The unit defined as a logical unit is an
`input/Output device belonging to the type shown
`by the Device Type Code field. (However this unit
`is not necessarily in the ready status)
`The logical unit is an input/Output device belong
`ing to the type shown in the Device Type Code
`field, however, no actual input/Output device is
`Connected to the logical unit.
`The specified logical unit is not supported.
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`605
`
`
`
`
`
`Code
`(binary)
`
`606
`
`O11
`
`608
`
`609
`
`
`
`Code
`(hexadecimal)
`
`O1h
`
`Device Type
`Direct Access Device (Ex.:Magnetic Disk Device)
`Sequential Access Device (Ex.:Magnetic Tape Device)
`
`O9h
`Communication Device (Ex.:Communication Line
`ine)
`.
`OAh - OBh (Reserved for Graphic Devices)
`OB
`OCha- OEh (Reserved)
`1 Fh
`Undefined or Not Connected Device
`
`610
`
`Petitioners Microsoft Corporation and HP Inc. - Ex. 1020, p. 7
`
`
`
`U.S. Patent
`
`Jan. 27, 2004
`
`Sheet 7 of 23
`
`US 6,684,209 B1
`
`FIG.7
`
`
`
`701
`
`702
`
`Host computer
`
`Storage Subsystem
`
`Inquiry (FCPCMND)
`SID
`Destination LUN
`(FCPLUN)
`
`704
`
`When the specified
`LUN is installed
`Inquiry Data (FCPDATA)
`Qualifier:000b
`(Status of the Logical Unit)
`Device Type
`(EX.:00h/Direct Access
`Device)
`
`When the specified LUN 705
`is not installed
`Inquiry Data (FCPDATA)
`Oualifier.001b or 0.11b.
`(Status of the Logical Unit)
`Device Type
`(1 Fh/Undefined or Not
`Connected Device)
`
`Petitioners Microsoft Corporation and HP Inc. - Ex. 1020, p. 8
`
`
`
`U.S. Patent
`
`Jan. 27, 2004
`
`Sheet 8 of 23
`
`US 6,684,209 B1
`
`FIG.8
`
`START
`
`The "LUN Access Management Table" that links the WWN
`assigned to the host computer, the LUN in the storage sub
`system and the Virtual LUN corresponding to the LUN is created
`in advance and stored in the storage subsystem.
`
`The "WWN-S D Conversion Table" that links the WWN
`assigned to the host computer and the SID dynamically and
`uniquely assigned is created and stored in the storage
`subsystem.
`
`802
`
`
`
`
`
`When receiving the Inquiry Command issued by a host computer
`to a specific LU in the storage subsystem, the SID is obtained
`from the Command Data and the "WWN-S D Conversion
`Table" is searched for the WWN using the SID as a key.
`
`Next, the Virtual LUN corresponding to the WWN which was
`searched from the "LUNAccess Management Table".
`
`804
`
`
`
`
`
`
`
`ls the Virtual LUN Concerned
`found in the "LUNAccess
`Management Table"
`?
`
`805
`
`Responds to the host
`Computer that the LU con
`Cerned is accessible.
`
`Responds to said host
`computer that the speci
`fied LU is not accessible.
`
`Thereafter, while the PLOG is valid, the
`command from the host computer to the
`LU Concerned is accessible.
`
`
`
`END
`
`Petitioners Microsoft Corporation and HP Inc. - Ex. 1020, p. 9
`
`
`
`U.S. Patent
`
`Jan. 27, 2004
`
`Sheet 9 of 23
`
`US 6,684,209 B1
`
`FIG.9
`
`901
`
`
`
`
`
`902
`903
`904
`
`
`
`O 123456789ABCDEE 34 7
`O123456789ABCDED 56
`
`Petitioners Microsoft Corporation and HP Inc. - Ex. 1020, p. 10
`
`
`
`U.S. Patent
`
`Jan. 27, 2004
`
`Sheet 10 Of 23
`
`US 6,684,209 B1
`
`FG.10
`
`O 123456789ABCDBB
`
`LUN
`
`FIG.11
`
`1102 Host computer A
`
`ae
`
`
`
`1101
`
`% LU Group defined under a port
`
`Ele
`
`P O t E.
`
`
`
`1103 Host computer B
`
`22
`
`2 % 2 2
`
`Lu o2
`Lu 25
`
`Lu 4 S
`
`1104 Host computer C
`
`1105 Š
`Hubt sw.
`Z 2
`Switch 2
`
`2
`
`Petitioners Microsoft Corporation and HP Inc. - Ex. 1020, p. 11
`
`
`
`U.S. Patent
`
`Jan. 27, 2004
`
`Sheet 11 of 23
`
`US 6,684,209 B1
`
`FIG. 12
`
`
`
`
`
`FIG.13
`
`
`
`
`
`1301
`
`Z222
`
`ZZZZZZZzate
`
`LU 0 Z.
`LU 12
`2ZZZZZ
`ZzZ
`É2 1307
`zza?
`2Z.
`ZZZZZZZZZ Z
`
`
`
`
`
`
`
`1302 Host computer A
`
`
`
`
`
`
`
`
`
`
`
`Port
`1306
`
`
`
`
`
`
`
`Hub/
`SWitch
`
`22 %
`
`2 % %
`
`Petitioners Microsoft Corporation and HP Inc. - Ex. 1020, p. 12
`
`
`
`U.S. Patent
`
`Jan. 27, 2004
`
`Sheet 12 of 23
`
`US 6,684,209 B1
`
`FIG.14
`
`1401
`
`1415
`
`
`
`
`
`
`
`1402
`1403
`1404
`1405
`
`1406
`
`1407
`
`-
`3O 31 32 33 34
`35 36 37 38
`
`O123456789ABCDBB O 1 3 5 7
`1498 o23456789ABCDAA to 2 4 6
`199 o23456789ABCDo
`. . .
`.
`. . .
`.
`1410
`. . .
`10 11 12 13 14 15
`O123456789ABCD2E 0 1 2 3 4 5
`10 11 12 13 14 15
`1411 o23456789ABCD2F To 1 2 3 4 5
`.
`. . .
`1412
`. . .
`.
`. . .
`8 9 10 1 1 12 13 14 15
`O 123456789ABCD31 0 1 2 3 4 5 6 7
`1413 oz.34567 asABcog2 is g o 11 2 3 4 is a g o 11 2 3 4 is
`
`.
`
`.
`
`1414 O 123456789ABCD4E 0 1 2 3
`
`4 8 12 16
`
`Petitioners Microsoft Corporation and HP Inc. - Ex. 1020, p. 13
`
`
`
`U.S. Patent
`
`Jan. 27, 2004
`
`Sheet 13 of 23
`
`US 6,684,209 B1
`
`FIG.15
`15O1
`
`7- 1502
`
`O123456789ABCDC1 0 1 2 3
`
`3 4 5 14
`
`
`
`
`
`1505
`1506
`1507
`
`FIG.16
`
`1601
`
`
`
`Host computer A
`1602
`
`Virtual LU Group under a port
`1607
`N-
`2ZZZZZZZZ
`
`Real LU Group
`1608
`N
`ZZ222
`
`%
`2
`
`Port
`1606
`
`22222222
`
`Z2 2 2ZŽ
`%
`1% 2
`ZŽ
`a2zac 22Z
`
`1603
`
`
`
`
`
`2
`
`s
`&
`
`Host computer C
`1604
`
`
`
`2
`
`22 %
`%
`
`2
`
`1605 |
`3
`Hub/
`Switch s
`
`Razz
`
`2
`
`22222222
`
`Petitioners Microsoft Corporation and HP Inc. - Ex. 1020, p. 14
`
`
`
`U.S. Patent
`
`Jan. 27, 2004
`
`Sheet 14 of 23
`
`US 6,684,209 B1
`
`FIG.17
`
`START
`
`
`
`1701
`
`ls the security setting finished for
`all ports in the storage subsystem
`that need it
`2
`
`
`
`1702
`
`
`
`
`
`
`
`For all host computers that need security
`Control to the LUN under the port concerned,
`the WWN (Port Name:known) is registered
`in the "LUN Access Management Table"
`, and the LU to be assigned to the WWN is
`defined combining it with the Virtual LUNs.
`
`1703
`
`The created "LUN Access Management
`Table" is stored in the non volatile memory.
`
`END
`
`Petitioners Microsoft Corporation and HP Inc. - Ex. 1020, p. 15
`
`
`
`U.S. Patent
`
`Jan. 27, 2004
`
`Sheet 15 Of 23
`
`US 6,684,209 B1
`
`FIG.18
`
`START
`
`A PLOG frame is received
`from a host Computer.
`
`1801
`
`The SID is obtained from the
`PLOG Frame Header.
`
`1802
`
`The WWN is obtained from the
`PLOG Data Field.
`
`1803
`
`The "WWN-S D Conversion Table"
`which shows the correspondence of
`the WWN and S D is created.
`
`
`
`The created "WWN-S JD
`Conversion Table" is stored in
`the non volatile memory.
`
`1804
`
`1805
`
`An ACC frame is transferred
`to the host computer.
`
`1806
`
`END
`
`Petitioners Microsoft Corporation and HP Inc. - Ex. 1020, p. 16
`
`
`
`U.S. Patent
`
`Jan. 27, 2004
`
`Sheet 16 of 23
`
`US 6,684,209 B1
`
`FIG.19
`
`1901
`
`FFFFO1
`FFFFO2
`FFFF03
`
`
`
`
`
`O123456789ABCDEF
`O 123456789ABCDEE
`O123456789ABCDED
`
`Petitioners Microsoft Corporation and HP Inc. - Ex. 1020, p. 17
`
`
`
`U.S. Patent
`
`Jan. 27, 2004
`
`Sheet 17 of 23
`
`US 6,684,209 B1
`
`FIG.20A
`
`START
`
`The FCPCMND is received
`from a host computer
`
`The Contents of the
`FCP CMND is checked.
`
`2001
`
`2002
`
`2003
`
`
`
`2004
`
`
`
`
`
`ls the Command
`concerned Inquiry
`Comgand
`Y
`The S_ID is obtained from the
`FCPCMND Frame Header.
`
`The requested LUN is obtained
`from the FCPLUN in the
`FCPCMND Data field.
`
`The Command
`ConCerned is
`executed.
`
`200
`
`2006
`
`The "WWN-S D Conversion
`Table" in the non volatile memory 2007
`is searched for the WWN using
`the SD as a key.
`
`
`
`The information on the Virtual
`LUN to which said WWN is
`permitted to access is obtained
`from the "WWN Access Man
`agement Table" stored in the
`non volatile memory
`
`2008
`
`Petitioners Microsoft Corporation and HP Inc. - Ex. 1020, p. 18
`
`
`
`U.S. Patent
`
`Jan. 27, 2004
`
`Sheet 18 of 23
`
`US 6,684,209 B1
`
`FIG.20B
`
`2009
`
`
`
`ls it registered as
`accessible the
`Virtual LUN
`
`
`
`
`
`
`
`The followings are set in the
`Inquiry Data to inform the
`host computer of them.
`(1) Qualifier = 000b.
`(2)Device Type = the Device
`Type concerned.
`
`
`
`
`
`
`
`
`
`The followings are set in the
`Inquiry Data to inform the
`host computer of them.
`(1) Qualifier = 001 b (011b).
`(2) Device Type = 1 Fh.
`
`The Inquiry Data is stored in the
`FCP DATA frame and is trans
`ferred to the host computer.
`
`
`
`
`
`The FCP RSP frame is trans
`ferred to the host computer.
`
`2013
`
`Petitioners Microsoft Corporation and HP Inc. - Ex. 1020, p. 19
`
`
`
`U.S. Patent
`
`Jan. 27, 2004
`
`Sheet 19 of 23
`
`US 6,684,209 B1
`
`FIG.21
`
`2101
`
`-R inquiry Command
`S_ID
`Target LUN
`
`
`
`"WWN-S D Conversion Table"
`
`2102
`
`
`
`
`
`Searches for the WWN EFFF03C0123456C
`using the SID as a key
`-
`T -
`nJ
`
`
`
`
`
`2103
`
`"LUNAccess Management Table"
`
`
`
`2104
`
`
`
`Searches for the Virtual LUN
`using the WWN as a key
`
`2107
`
`- CPDATA(Inquiry data)
`
`0123456d 0 (D2 166218
`HTF Y
`
`2105
`
`21 O6
`
`Petitioners Microsoft Corporation and HP Inc. - Ex. 1020, p. 20
`
`
`
`U.S. Patent
`
`Jan. 27, 2004
`
`Sheet 20 Of 23
`
`US 6,684,209 B1
`
`FIG.22
`
`22O1
`
`O101
`(4bit)
`
`Company ID
`(24 bit)
`
`WSID:Vendor Specific Identifier
`(36 bit)
`
`FIG.23
`
`
`
`23O2
`
`2301
`
`2303
`
`2304
`
`Company ID (hex)
`
`Virtual LUN
`
`OOOOE1
`
`O 1 2 3
`
`0 1 2 3
`
`
`
`
`
`OOOA10
`
`O 8 16 24
`
`9 10 11 12
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`
`Petitioners Microsoft Corporation and HP Inc. - Ex. 1020, p. 21
`
`
`
`U.S. Patent
`
`Jan. 27, 2004
`
`Sheet 21 of 23
`
`US 6,684,209 B1
`
`FIG.24
`
`The "LUNAccess Management Table" that links a common Company ID 2401
`which is common to the host computers made by the same vendor, the
`LUN in the storage subsystem, and the virtual LUN Corresponding to the
`LUN, is created in advance and stored in the Storage Subsystem.
`
`When the PLOGI issued by the host computer is received, the "WWN
`S D Conversion Table" that links the WWN assigned to the host
`computer and the dynamically assigned SID, is Created and stored in
`the storage subsystem.
`
`2402
`
`When receiving the Inquiry Command issued by the host computer to
`a specific LU in the storage subsystem, the S D is obtain from the
`Command, the "WWN-S ID Conversion Table" is searched for the WW
`using the SID as key.
`
`The Company ID is extracted from the searched WWN.
`
`The Virtual LU is obtained from the "LUNAccess Management Table"
`using the extracted Company ID as a search key.
`
`24O6
`
`
`
`
`
`ls the Virtual LUN Concerned found in
`the "LUNAccess Management Table"
`
`2403
`
`2404
`
`2405
`
`24O7
`
`
`
`Responds to the host
`computer that the specified
`LU is accessible
`
`Responds to the host
`computer that the specified
`LU is not accessible
`
`24O9
`
`Thereafter while the PLOG is valid, the specified LU can
`access commands from the host computer.
`
`Petitioners Microsoft Corporation and HP Inc. - Ex. 1020, p. 22
`
`
`
`U.S. Patent
`
`Jan. 27, 2004
`
`Sheet 22 of 23
`
`US 6,684,209 B1
`
`FIG.25
`
`2501
`
`-R? Inquiry Command
`• SID
`Target LUN
`
`"WWN-S D Conversion Table"
`
`2502
`
`
`
`Searches for the WWN EFFEO3CO23456C
`using the SD as a key . . .
`. T.
`.
`.
`.
`nu
`
`
`
`2503
`
`2504.
`
`The Company ID is extracted from the WWN
`
`
`
`2505
`
`
`
`"LUNAccess Management Table"
`Company Dvirtual LUN LUN
`
`Searches for the Virtual LUN
`using the Company ID as a key
`
`
`
`
`
`a
`Y |
`
`Jim
`| Y
`
`2508
`
`2506
`
`25O7
`
`S FCP DATA(Inquiry data)
`
`Petitioners Microsoft Corporation and HP Inc. - Ex. 1020, p. 23
`
`
`
`U.S. Patent
`
`Jan. 27, 2004
`
`Sheet 23 of 23
`
`US 6,684,209 B1
`
`FIG.26
`26O1
`
`
`
`2703 27O3 2703
`
`3 4 5 14
`
`2701
`
`Virtual LU Group
`2712 under a port
`N-
`
`Real LU Group
`2713
`N -
`
`a222222
`
`Z222
`
`2709 271 O 2711
`
`Z2
`Z
`
`Petitioners Microsoft Corporation and HP Inc. - Ex. 1020, p. 24
`
`
`
`1
`SECURITY METHOD AND SYSTEM FOR
`STORAGE SUBSYSTEM
`
`US 6,684,209 B1
`
`2
`response, the Storage Subsystem determines whether the
`requesting host computer may permissibly access the logical
`unit requested based upon the virtual logical unit identifier
`and the identity information from the request.
`In Specific embodiments of the computer System, identity
`information corresponding to the one or more host comput
`erS further comprises a dynamically assignable identifier.
`The Storage Subsystem determines a unique identifier for the
`one or more host computers from the identity information in
`the request; and then determines whether the host computer
`requesting acceSS may permissibly access the logical unit
`based upon the virtual logical unit identifier and the unique
`identifier.
`In another representative embodiment according to the
`present invention, a Storage Subsystem is provided. The
`Storage Subsystem can comprise a management table that
`defines relationships among the information WWN which
`uniquely identifies the accessing host computer, a Logical
`Unit Number (LUN) in the storage subsystem which the host
`computer is permitted to access, and a Virtual Logical Unit
`Number (Virtual LUN) which is created from the LUN
`identifiers in any way of numbering in accordance with
`user's convenience. Specific embodiments can also include
`a management table that defines the linkages between a
`Management Number (S ID) dynamically assigned by the
`Storage Subsystem to identify a host computer, and a World
`Wide Name (WWN) which uniquely identifies the accessing
`host computer. The management tables can be Stored in a
`non Volatile memory, for example. Some specific embodi
`ments can comprise more than one Storage unit, and the like.
`A Storage control unit to control the read/write operations
`from/to Said Storage units can also be part of the Storage
`Subsystem. Specific embodiments can also include more
`than one communication port to connect to a plurality of host
`computers, and Logical Units corresponding to the Storage
`areas in Said Storage units.
`In a Specific embodiment according to the present
`invention, in the Storage Subsystem, the assigned S ID is
`used as an identity information of the host computer instead
`of the WWN. Such embodiments do not require checking
`the accessibility to the LUN each time an I/O operation is
`executed, resulting in leSS Overhead in each I/O operation.
`Also, users are free to rearrange LUNs in any desired way
`by making use of the Virtual LUNs.
`In a further representative embodiment according to the
`present invention, the Storage Subsystem retrieves an iden
`tity information, Such as the Company ID, that is common
`to a certain group of host computers, partially from the
`WWN. By performing the accessibility control on the basis
`of the group having the common identity information, the
`Storage Subsystem provides the host computer with Storage
`resource format, application, Service, and Specific pressing
`valid only for that particular host computer group.
`Numerous benefits are achieved by way of the present
`invention over conventional techniques. The present inven
`tion can provide the Security functions that prevent illegal
`accesses by limiting accessibility of Logical Units by each
`host computer, without additional modification of the cur
`rent operation of the host computer. Many embodiments can
`also provide the Security function to prevent illegal accesses
`by limiting accessible Logical Units according to each
`vendor of the host computers, without additional modifica
`tion of the current operation on the host computer Side.
`Further, Select embodiments according to the present inven
`tion can provide permission to access Storage resources
`based on Security functions to host computer groupS. Such
`
`CROSS-REFERENCES TO RELATED
`APPLICATIONS
`This application claims priority from Japanese Patent
`Application Reference No. P00-010115, filed Jan. 14, 2000,
`the entire content of which is incorporated herein by refer
`ence for all purposes.
`
`BACKGROUND OF THE INVENTION
`The present invention relates generally to Storage
`Subsystems, and in particular to techniques for providing
`access to Logical Units within a storage Subsystem by host
`computers.
`Conventionally, Security methodologies designed to pre
`vent an illegal access to a storage Subsystem by host
`computers depend on the functions of OS (Operating
`System), middleware or application Software on the host
`Side.
`On the other hand, as the fiber channel protocol has been
`Standardized in recent years, the various Standard protocols
`Such as SCSI, ESCON, and TCP/IP have become available
`to be used as the interface between the host computers and
`the Storage Subsystem, resulting in more and more efficient
`use of the Storage resources within the Storage Subsystem.
`However, because more than one host computer accesses
`one Storage Subsystem, the traditional Security approaches
`that depend on operating System (OS), middleware, or
`application Software on the host computer Side, are increas
`ingly recognized as providing insufficient Security for the
`resources in modern Storage Subsystems.
`What is really needed are techniques for performing
`Security functions in computer Storage Subsystems con
`nected to one or more host computers via high performance
`channel interfaces.
`
`15
`
`25
`
`35
`
`40
`
`45
`
`SUMMARY OF THE INVENTION
`According to the present invention, techniques for per
`forming Security functions in computer Storage Subsystems
`in order to prevent illegal acceSS by the host computers
`according to logical unit (LU) identity are provided. In
`representative embodiments management tables can be used
`to disclose the Logical Unit in the Storage Subsystem to the
`host computers in accordance with the users operational
`needs. In a Specific embodiment, accessibility to a Storage
`Subsystem resource can be decided when an Inquiry Com
`50
`mand is received, providing Systems and apparatus wherein
`there is no further need to repeatedly determine accessibility
`for Subsequent accesses to the Logical Unit. Many Such
`embodiments can maintain relatively high performance,
`while providing robust Security for each Logical Unit.
`In a representative embodiment according to the present
`invention, a computer System is provided. The computer
`System can comprise a variety of components, Such as one
`or more host computers and one or more Storage Subsystems.
`Each Storage Subsystem can comprise one or more logical
`units, for example. A data channel can interconnect the host
`computers with the Storage Subsystem. The host computers
`can request availability of one or more of the logical unit in
`one of the Storage Subsystems. Such request can comprise
`identity information corresponding to the particular host
`computer, and a virtual logical unit identifier of the logical
`unit, the availability of which is being requested. In
`
`55
`
`60
`
`65
`
`Petitioners Microsoft Corporation and HP Inc. - Ex. 1020, p. 25
`
`
`
`25
`
`3
`permission can be according to vendor, and Service can be
`Specifically tailored for the group. Specific embodiments can
`provide highly efficient use of the Storage resources and fast
`accessibility judgment logic.
`These and other benefits are described throughout the
`present specification. A further understanding of the nature
`and advantages of the invention herein may be realized by
`reference to the remaining portions of the Specification and
`the attached drawings.
`BRIEF DESCRIPTION OF THE DRAWINGS
`FIG. 1 illustrates a representative hardware configuration
`in which the present invention may be readily embodied;
`FIG. 2 illustrates a representative Frame Format and
`Frame Header in a particular embodiment of the present
`invention;
`FIG. 3 illustrates the Frame Format, Frame Header and a
`Data Field in a particular embodiment of the present inven
`tion;
`FIG. 4 illustrates a representative LOGIN process in a
`particular embodiment of the present invention;
`FIG. 5 illustrates a representative Frame format for trans
`mitting an Inquiry Command in a particular embodiment of
`the present invention;
`FIG. 6 illustrates a representative format for Inquiry Data
`used when transferring Inquiry Data responsive to the
`Inquiry Command which is shown in FIG. 5;
`FIG. 7 illustrates a representative Sequence for inquiring
`about the accessibility of a Logical Unit using an Inquiry
`Command in a particular embodiment of the present inven
`tion;
`FIG. 8 illustrates an outline of a representative processing
`sequence for the LUN Security in a particular embodiment
`of the present invention;
`FIG. 9 illustrates an “LUNAccess Management Table” in
`a particular embodiment of the present invention;
`FIG. 10 illustrates a format of an incomplete “LUN
`Access Management Table” which can arise when the
`40
`present invention is not applied.
`FIG. 11 illustrates the condition shown in FIG. 10;
`FIG. 12 illustrates another example in which a format of
`an incomplete “LUN Access Management Table” which can
`arise when the present invention is not applied.
`FIG. 13 illustrates the condition shown in FIG. 12;
`FIG. 14 illustrates a representative format of a “LUN
`Access Management Table' in a particular embodiment of
`the present invention;
`50
`FIG. 15 illustrates a representative format of the “LUN
`Access Management Table' in a particular embodiment of
`the present invention;
`FIG. 16 illustrates a representative technique for provid
`ing LUN Security in a particular embodiment of the present
`invention;
`FIG. 17 illustrates a representative Sequence to create the
`“LUN Access Management Table” in a particular embodi
`ment of the present invention;
`FIG. 18 illustrates a representative Sequence to create a
`“WWN-S ID Conversion Table” in a particular embodi
`ment of the present invention;
`FIG. 19 illustrates a representative format for a “WWN
`S ID Conversion Table” in a particular embodiment of the
`present invention;
`FIG.20A illustrates a representative Sequence to judge the
`accessibility of a LUN as a response to an Inquiry Command
`
`45
`
`55
`
`60
`
`65
`
`US 6,684,209 B1
`
`15
`
`35
`
`4
`transferred from a host computer for providing LUN Secu
`rity in a particular embodiment of the present invention;
`FIG.20B illustrates a representative sequence to judge the
`accessibility of LUN as a response to an Inquiry Command
`transferred from a host computer for providing LUN Secu
`rity in a particular embodiment of the present invention;
`FIG. 21 illustrates relations among information in a
`plurality of tables for providing LUN Security in a particular
`embodiment of the present invention;
`FIG. 22 illustrates an example of the WWN format in a
`particular embodiment of the present invention;
`FIG. 23 illustrates a representative format of a “LUN
`Access Management Table' for controlling access based
`upon a vendor identity in a particular embodiment of the
`present invention;
`FIG. 24 illustrates an outline of a representative process
`ing Sequence for providing LUN Security based upon a
`vendor identity in a particular embodiment of the present
`invention;
`FIG. 25 illustrates relations among information in a
`plurality of tables for providing LUN Security based upon
`vendor identity in a particular embodiment of the present
`invention;
`FIG. 26 illustrates a representative format of a “LUN
`Access Management Table' for controlling access based
`upon a vendor identity in a particular embodiment of the
`present invention; and
`FIG. 27 illustrates a representative technique for provid
`ing LUN Security according to Vendor identity in a particu
`lar embodiment of the present invention.
`DESCRIPTION OF THE SPECIFIC
`EMBODIMENTS
`The present invention provides techniques for performing
`Security functions in computer Storage Subsystems in order
`to prevent illegal acceSS by the host computers according to
`logical unit (LU) identity. In representative embodiments
`management tables can be used to disclose the Logical Unit
`in the Storage Subsystem to the host computers in accordance
`with the users operational needs. In a Specific embodiment,
`accessibility to a storage Subsystem resource can be decided
`when an Inquiry Command is received, providing Systems
`and apparatus wherein there is no further need to repeatedly
`determine accessibility for Subsequent accesses to the Logi
`cal Unit. Many Such embodiments can maintain relatively
`high performance, while providing robust Security for each
`Logical Unit.
`According to one example of Storage Subsystem access
`Security, before the host computer is Started, the Storage
`Subsystem establishes a table which manages the combina
`tion of an accessible Logical Unit in the Storage Subsystem
`and N Port Name. The N Port Name uniquely identi
`fies the host computer which may access the Storage Sub
`system. When the host computer is started, it issues a SCSI
`command consisting of an information unit called a frame
`which is specified by the fiber channel protocols. The
`Storage Subsystem checks details each time this SCSI com
`mandis received and extracts the N Port Name which
`identifies the accessing host computer.
`The extracted N Port Name is searched for in a com
`bination table of the Logical Units and said N Port
`Names, and when an expected entry exists, the host com
`puter is permitted to access the Logical Unit. Otherwise,
`when no associated entry exists, the host computer is refused
`access to the Logical Unit. For a detailed description of one
`
`Petitioners Microsoft Corporation and HP Inc. - Ex. 1020, p. 26
`
`
`
`S
`example of a Security means for a storage Subsystem
`resource (the Logical Unit), reference may be had to a
`Japanese unexamined patent application, publication
`10-333839, the entire contents of which are incorporated
`herein by reference for all purposes.
`The present invention is explained with reference to
`Specific embodiments employing a fiber channel as an
`interface protocol between a Storage Subsystem and host
`computers, and the SCSI command Set as a command
`interface operational under the interface protocol, as
`examples. However, the application of the present invention
`is not limited to the combination of the fiber channel and
`SCSI command set. Any protocol which provides similar
`function and structure of LOGIN, Inquiry, and the like may
`apply techniques according to the present invention.
`In a representative embodiment according to the present
`invention, a fiber channel protocol is employed as an inter
`face between Storage Subsystem and one or more host
`computers. Because the fiber channel is a relatively new
`interface protocol, details of a representative embodiment
`employing fiber channel protocol will be outlined herein.
`The fiber channel protocol utilizes serial type of data
`transfer and can make use of the band width of the trans
`mission medium effectively because of the asynchronous
`transfer method. The fiber channel doesn't have its own
`command Set and instead adopts the command Sets Such as
`the SCSI, ESCON, HIPPI, IPI-3, IP and so on, as its
`command Set infrastructure. Therefore, it is possible to
`inherit the traditional protocol resources and to realize faster,
`more reliable, and Versatile data transfer.
`The fiber channel is an interface having characteristics of
`both of So called Channel Interface and Network Protocols.
`In the fiber channel, once the transferring unit and receiving
`unit are fixed, high Speed data transferring is available with
`the least transferring delay. This feature can provide a
`desirable data transfer rates in Specific embodiments using
`Such channel interfaces.
`Also, any unit who wants communication can enter into
`a communication over the network on any optional occasion
`and can initiate the communication by exchanging agree
`ment information about communication conditions with
`another unit. These are Some of the characteristics of Such
`networks. The procedure to reach agreement about the
`communication condition with another unit, as described
`above, is specifically called LOGIN.
`A unit that interfaces with the fiber channel is called a
`node and a physical entrance of the node, that is, the actual
`interface, is called a port. A node can have one or more ports.
`The number of the ports which can participate Simulta
`neously in the whole system of the fiber channel is defined
`by the number of 24-bit addresses, i.e. about 16,770,000
`maximum in a particular embodiment. The hardware which
`mediates these connections is called fabric. Actually,
`however, both transferring and receiving ports are not
`required to be aware of the fabric, they are need only operate
`according to the information eXchanged with each other.
`The identifier, which is unique all over the world, is
`allocated based on a consistent rule by the Standardization
`group (IEEE), and is maintained in each node and port. This
`identifier is equivalent to the MAC address traditionally
`used in the TCP/IP and so on and the address information is
`fixed by hardware. This address comp