US20030229689A1 - Method and system for managing stored data on a computer network - Google Patents
Method and system for managing stored data on a computer networkDownload PDFInfo
- Publication number
- US20030229689A1 US20030229689A1US10/164,950US16495002AUS2003229689A1US 20030229689 A1US20030229689 A1US 20030229689A1US 16495002 AUS16495002 AUS 16495002AUS 2003229689 A1US2003229689 A1US 2003229689A1
- Authority
- US
- United States
- Prior art keywords
- logical volume
- computer
- storage device
- name
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
- 238000000034methodMethods0.000titleclaimsabstractdescription31
- 238000013500data storageMethods0.000description10
- 238000007726management methodMethods0.000description9
- 238000004891communicationMethods0.000description8
- 238000005516engineering processMethods0.000description4
- 238000013475authorizationMethods0.000description3
- 239000000835fiberSubstances0.000description3
- 230000006870functionEffects0.000description3
- 238000003491arrayMethods0.000description2
- 230000008859changeEffects0.000description2
- 230000003287optical effectEffects0.000description2
- 230000008569processEffects0.000description2
- 239000000284extractSubstances0.000description1
- 230000005055memory storageEffects0.000description1
- 230000006855networkingEffects0.000description1
- 238000005192partitionMethods0.000description1
- 230000035755proliferationEffects0.000description1
- 230000004044responseEffects0.000description1
- 230000007723transport mechanismEffects0.000description1
Images
Classifications
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L61/00—Network arrangements, protocols or services for addressing or naming
- H04L61/45—Network directories; Name-to-address mapping
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
Definitions
- the present inventionrelates generally to data storage on computer networks and, more particularly, to data storage schemes that involve the use of friendly names for storage elements, in which the friendly names are independent of the actual addresses or paths of the storage elements.
- Name serviceshave been in use on computer networks for many years.
- the main function of a name serviceis to map a name, such as a file name, or network domain name, to some arbitrary data record, such as a file or a network address.
- a name servicecan, for example, receive a “look-up request” that includes a name, such as a textual name of a web site, from a requesting client and return information associated with the name, such as the IP address of the web site, to the requesting party.
- DNSDomain Naming Service
- One function of a name serviceis to define a namespace for computers on a network that is independent of the physical addresses used by the network. For example, if the website www.foo.com changes its IP address from 100.0.0.1 to 100.0.0.2, the website simply registers the change with the nearest DNS server. The DNS server responds by de-associating www.foo.com from the IP address 100.0.0.1 and creates a new association between wwvw.foo.com and 100.0.0.2. Thus, the rest of the world remains unaware that there was ever any change, and continues to type www.foo.com in their web browsers and achieve the desired result of reaching the website.
- a data storage devicesuch as a magnetic disk drive
- DNSname service
- data storage technologyhas become increasingly sophisticated.
- storage networkssuch as so-called Storage Area Networks (SAN)
- SANStorage Area Networks
- FIG. 1shows an example of a computer network in which the invention may be practiced
- the terms “computer,” “device,” and “computing device” as used hereininclude personal computers (PCs), hand-held devices, multi-processor systems, microprocessor-based programmable consumer electronics, network PCs, PC servers, minicomputers, mainframe computers and the like.
- PCspersonal computers
- the inventionmay also be employed in distributed computing environments, where tasks are performed by remote processing devices that are linked through a communications network.
- modulesmay be located in both local and remote memory storage devices.
- the computing device 100typically includes at least one processing unit 112 and memory 114 .
- the memory 114may be volatile (such as RAM), nonvolatile (such as ROM or flash memory) or some combination of the two.
- This most basic configurationis illustrated in FIG. 2 by dashed line 106 .
- the computing devicemay also have additional features/functionality.
- computing device 100may also include additional storage (removable and/or non-removable) including, but not limited to, magnetic or optical disks or tape.
- Computer storage mediaincludes volatile and non-volatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules, or other data.
- Computer storage mediaincludes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disk (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to stored the desired information and which can be accessed by the computing device 100 . Any such computer storage media may be part of computing device 100 .
- Computing device 100may also have input devices such as a keyboard, mouse, pen, voice input device, touch input device, etc.
- Output devicessuch as a display 118 , speakers, a printer, etc. may also be included. All these devices are well known in the art and need not be discussed at length here.
- the inventionis generally directed to a method and system for managing stored data on a computer network, in which the data is divided up into logical volumes, and each volume is separately addressable via a name service.
- Each logical volumemay correspond to an individual computer-readable storage element, such as a disk, or may be stored across multiple storage elements.
- the name servicecan maintain security of the data on the network by restricting the ability of devices on the network to resolve the friendly names of logical volumes into physical paths.
- the network 150includes one or more computing devices, represented by a computing device 152 and a domain controller 154 .
- the domain controller 154has access to a computer-readable medium 156 , which may be physically located within the domain controller 154 (within a magnetic hard drive, for example) or may be external to the domain controller 154 .
- the network 150also includes one or more storage devices, represented in FIG. 3 by storage devices 158 and 160 . Each storage device manages computer-readable media and organizes the computer-readable media into logical volumes. Each logical volume represents a collection of data, and is separately recognized by the network 150 .
- each logical volumerepresents a separately removable computer-readable medium.
- the storage device 158is shown as being a Redundant Array of Independent Disks (RAID) unit having three removable disks 162 , 164 and 166 .
- RAIDRedundant Array of Independent Disks
- Each disk of the storage device 158may, itself, constitute a logical volume.
- logical volumesmay be striped across multiple disks.
- the logical volume 174is shown as example of such striping.
- the storage device 160is assumed to be a magnetic hard drive with a single disk 176 .
- the disk 176 of the storage device 160is shown as having multiple logical volumes 178 , 180 , and 182 .
- a logical volumemay, for example, span multiple data storage devices.
- an array of multiple, identical diskscan be organized into logical volumes. For example, suppose that a RAID 5 unit has five identical disks. As is known in the art, the capacity of this unit is four (five minus one) times the capacity of each individual disk. The unit can be partitioned into individual volumes. Thus, if each disk is 100 Gigabytes (GB), giving an overall capacity of 400 GB for the RAID 5 unit, then the unit could be partitioned into two logical volumes of 200 GB each.
- GBGigabytes
- the registration messagecontains a unique identifier, such as a world-wide name, that uniquely identifies the storage device 158 .
- the registration messagealso includes the identification number and the path of the logical volume on the storage device. If the storage device 158 is a SCSI device, the logical volume may be identified in the registration message by its logical unit number (LUN). The logical volume may also be identified by a world-wide name. As used herein, the term “world-wide name” refers to an effectively unique number of reasonably large size (256 bits, for example).
- the registration messagemay also contain additional information, such as the characteristics of the storage device 158 or its location on the topology of the network 150 and the path needed to access it.
- the request messagecan also provide information such as a Public/Private Key pair for authorization or for encryption of the channel over which communication with the storage device 158 is taking place.
- the domain controller 154When the domain controller 154 receives the registration message, it initiates the process of assigning a name to the logical volume 174 . In doing so, the domain controller 154 references a data structure 157 to determine whether the storage device 158 has ever registered with the domain controller 154 before. In determining whether the storage device 158 has previously registered, the domain controller 154 may require the storage device 158 to authenticate itself. For example, the domain controller 154 may ask the storage device 158 for a security key, a hash of a certain key value, or a hash of a network attribute in order to verify that the storage device 158 had, in fact, previously registered. If the domain controller 154 determines that it has, then the domain controller 154 may simply continue the naming system previously used with the storage device 158 . Otherwise, the domain controller 154 establishes a new naming system for volumes on the storage device 158 .
- the domain controller 154then enters the name, referred to hereinafter as the “friendly name,” into the data structure 157 and associates the friendly name with the identification number of the storage device 158 , and with the path and world-wide name of the logical volume 174 .
- the domain controller 154may send a message to the storage device 158 to acknowledge receipt of the registration message or to confirm registration of the logical volume 174 .
- the domain controller 154may also send other information to the storage device 158 , such as an Access Control List (ACL) that identifies which computer systems are permitted to access the storage device 158 .
- ACLAccess Control List
- users or programs wishing to obtain access to particular logical volumes stored on a networkare required to pass through one or more security checks. These security checks may be enforced by the domain controller 154 of FIG. 3, and/or by some centralized authority such as a MICROSOFT® ACTIVE DIRECTORY® server or MICROSOFT® Passport. Additionally, the domain controller 154 may, itself be a MICROSOFT® ACTIVE DIRECTORY® server. In some embodiments of the invention, the domain controller 154 controls access to storage devices (such as the storage device 158 ) through the use of the data structure 157 .
- storage devicessuch as the storage device 158
- the data structure 157contains information that indicates which devices on the network 150 are authorized to gain access to the various logical volumes on the computer network. For example, if the computing device 152 needs to access the logical volume 174 on the storage device 158 , it first sends a request to the domain controller 154 .
- the requestincludes the friendly name of the logical volume 174 and, in some implementations, authentication data such as a certificate or password.
- the domain controller 154refers to the data structure 157 to determine whether the computing device 152 and/or the user of the computing device 152 is authorized to access the logical volume 174 . In doing so, the domain controller 154 performs such actions as checking an access control list within the data structure 157 and verifying any authentication data received from the computing device 152 .
- Other possible ways of determining whether the user and/or the computing device 152 are authorized to access the logical volume 174include a challenge/response and a public/private key exchange.
- the domain controllermay, in addition to the procedures described, publish certain storage devices and/or logical volumes. In this way, the computer systems that do not have physical access to the storage devices and/or logical volumes can learn about them and automatically modify their network topologies or connections to gain access to them.
- FIG. 4an example of how an embodiment of the invention operates will now be described.
- LANlocal area network
- SANstorage area network
- a host computer 204 and a SAN domain controller 206are each communicatively linked to both the LAN 200 and the SAN 202 .
- Storage devices 240 and 260are also communicatively linked to the SAN 202 .
- the storage device 240has access to computer-readable medium 242 .
- a first logical volume of data 244 and a second logical volume of data 245are stored on the computer readable medium 242 .
- the host computer 204administers a name service on the storage area network 202 that maps friendly names of logical volumes to their physical paths.
- the host computer 204has a file system module 208 for managing files, a SAN management filter driver module 210 for enabling commands and data to be sent to and received from the storage area network 202 , a client-side SAN API module 214 for allowing the host computer 204 to make function calls to its counterpart on the domain controller 206 , and a storage stack module 212 for enabling the host computer 204 to translate messages in accordance with a storage standard. Possible storage standards include Small Computer System Interface (SCSI), Internet SCSI (iSCSI), serial, Advanced Technology Attachment (ATA), and Fibre Channel.
- the host computer 206has access to a computer-readable medium 246 , which has stored thereon a data structure 248 .
- the SAN domain controller 206executes several program modules, including a security module 218 for authenticating hosts and controlling access to storage devices on the storage area network 202 , a discovery module 220 for enabling storage devices on the storage area network 202 to be automatically recognized by the SAN domain controller 206 , a LUN management module 222 for keeping track of the logical unit numbers of various logical volumes on the storage area network 202 and a name space management module 224 for keeping track of how friendly names are mapped to network paths for the various logical volumes on the network.
- the SAN domain controller 206also executes a SAN provider API module 230 , which allows the SAN domain controller 206 to communicate with various storage devices on the storage area network 202 .
- the SAN provider API module 230abstracts the specifics of each storage device so that the domain controller 206 can communicate with each storage device using a single, common language.
- the SAN domain controller 206executes a server-side SAN API module 216 for communicating with clients, such as host computers.
- clientssuch as host computers.
- the SAN domain controller 206is depicted as a single unit in FIG. 4, it may be implemented as multiple machines.
- the SAN domain controller 206could be implemented as a cluster to give it fault tolerance for an internet-based storage system.
- the SAN domain controller 206executes a first storage provider module 232 and a second storage provider module 234 for communicating with the different storage providers made by different manufacturers.
- storage providersinclude switches, disk arrays, so-called JBODs (“just a bunch of disks”), tape libraries and juke boxes.
- the SAN domain controller 206executes a disk array provider module 236 and a tape provider module 238 to allow the domain controller 206 to communicate with different disk arrays and tape devices manufactured by different vendors.
- the storage device 240is physically connected to the SAN 202 .
- the SAN domain controller 206recognizes the presence of the storage device 240 (through Universal Plug and Play, for example) and queries it for information about itself (Arrow A).
- the storage device 240then responds by sending a registration message to the SAN domain controller 206 that includes information such as its manufacturer, its world-wide name (according to the Fibre Channel standard, for example), the fact that it has two logical volumes (the first and second logical volumes 244 and 245 ), the world-wide name of each of the two logical volumes, and information regarding the path of each logical volume on the computer-readable medium 242 (Arrow B).
- the path informationmay include a SCSI channel number, port number, SCSI ID and logical unit number (LUN) of each logical volume.
- the discovery module 220receives the registration message and generates an acknowledgement message, which the domain controller 206 sends to the storage device 240 (Arrow C).
- the discovery module 220then passes the information contained in the registration message to the name space management module 224 .
- the name space management module 224coordinates with the LUN management module 222 to determine whether there is already an entry for the storage device 240 in the data structure 248 . If there is not already an entry, the name space management module 224 generates a friendly name for each of the first and second logical volumes 244 and 245 , or asks the system administrator (via a user interface) to create the names.
- the name space management module 224 and the LUN management module 222then define a new object for the first and second logical volumes 244 and 245 within in the data structure 248 .
- the new objectassociates the friendly name generated for the first and second logical volumes 244 and 245 with the world-wide name of the storage device 240 , and with the world-wide names and paths of the first and second logical volumes 244 and 245 .
- the security module 218can screen the storage device 240 to determine whether it should be permitted to participate in the name service.
- the host computer 204To write and read data to and from the first logical volume 244 , for example, the host computer 204 first registers with the SAN domain controller 206 , if it has not already done so in the past. It does this by sending a registration message to the SAN domain controller 206 (Arrow D). The registration message includes a request to attach to the SAN, as well as the host computer's authorization credentials (if needed). The security module 218 then executes a security procedure to determine whether the host computer 204 should be permitted to be registered. For example, the security module 218 may determine whether the host computer 204 has authorization to access the SAN 202 and which pieces of hardware the host computer 204 is permitted to access.
- the SAN domain controller 206If the SAN domain controller 206 accepts the registration request, it responds with an acknowledgment message to the host computer 204 (Arrow E). The SAN domain controller 206 then creates a virtualization (a directory tree, for example) of the resources that the host computer 204 is permitted to access, and provides the virtualization to the host computer 204 . Once the host computer 204 registers, it can then attempt to access the first logical volume 244 . To do so, the host computer 204 determines the friendly name of the first logical volume 244 . It may do this by searching a well-known directory located on the LAN 200 . The host computer 204 then sends a look-up request to the SAN domain controller 206 .
- a virtualizationa directory tree, for example
- the look-up requestincludes the friendly name of the first logical volume 244 (Arrow F).
- the security module 218 of the SAN domain controller 206responds to the request by referencing the data structure 248 to determine whether the host computer 204 is authorized to have access to the first logical volume 244 . In making this determination, the security module 218 may analyze authentication data included in the look-up request. For example, the security module 218 may compare a certificate received with the look-up request to those of an access control list maintained in the data structure 248 . If the request is approved, the security module 218 extracts the appropriate path information regarding the first logical volume 244 from the data structure 248 . The SAN domain controller 206 then sends the path information to the host computer 204 (Arrow G). The host computer 204 then uses the path information to access the first logical volume 244 via the storage area network 202 (Arrow H).
- the security module 218determines that the host computer 204 is not permitted to have access to the first logical volume 244 , then the SAN domain controller 206 sends a denial message to the host computer 204 . There may be a variety of reasons for denying access to the host computer 204 . For example it may be desirable to prevent the host computer 204 from corrupting the data in the first logical volume 244 .
- the SAN domain controller 206keeps track of the paths of the various logical volumes stored on the SAN 202 . For example, if the first logical volume 244 is moved from the storage device 240 to the storage device 260 , the SAN domain controller 206 discovers the move, either automatically or via a manual update, and updates the corresponding path information in the data structure 248 . It could then correctly correlate the name of the first logical volume 244 to the storage device 260 and thereby have the ability to respond correctly to future look-up requests regarding the first logical volume 244 . Thus, the fact that the first logical volume 244 had physically moved would be hidden from the host computer 204 , as well as all of the other host computers of the LAN 200 .
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
Description
- The present invention relates generally to data storage on computer networks and, more particularly, to data storage schemes that involve the use of friendly names for storage elements, in which the friendly names are independent of the actual addresses or paths of the storage elements.[0001]
- Name services have been in use on computer networks for many years. In general, the main function of a name service is to map a name, such as a file name, or network domain name, to some arbitrary data record, such as a file or a network address. A name service can, for example, receive a “look-up request” that includes a name, such as a textual name of a web site, from a requesting client and return information associated with the name, such as the IP address of the web site, to the requesting party. One of the most popular name services in use today is the Domain Naming Service (DNS).[0002]
- One function of a name service is to define a namespace for computers on a network that is independent of the physical addresses used by the network. For example, if the website www.foo.com changes its IP address from 100.0.0.1 to 100.0.0.2, the website simply registers the change with the nearest DNS server. The DNS server responds by de-associating www.foo.com from the IP address 100.0.0.1 and creates a new association between wwvw.foo.com and 100.0.0.2. Thus, the rest of the world remains unaware that there was ever any change, and continues to type www.foo.com in their web browsers and achieve the desired result of reaching the website.[0003]
- A data storage device, such as a magnetic disk drive, can be coupled to or integrated with an individual computer on a network and, therefore, can effectively have its own IP address and participate in a name service such as DNS. However, data storage technology has become increasingly sophisticated. With the proliferation of storage networks, such as so-called Storage Area Networks (SAN), multiple computer systems can now be connected to networks of multiple data storage devices. Although efforts have been made to create a DNS-like naming system for Internet storage systems [see, for example, the Internet Storage Name Service (iSNS), which is documented in various Internet Engineering Task Force (IETF) drafts], there is currently no effective way for a data storage device to divide its computer-readable media (its magnetic disks, for example) into logical volumes and to have each of those volumes be recognized as a separately addressable entity in a name service. Also, there is currently no effective way to build a SAN name space that makes the physical location of a storage device transparent to computer systems that need to access the storage device.[0004]
- The invention is generally directed to a method and system for managing stored data on a computer network, in which the data is organized into logical volumes, and each logical volume has a friendly name associated with it. A logical volume may correspond to an individual computer-readable storage element or to a multiple storage elements. For example, a logical volume can represent a single spindle (a physical hard disk), an entire disk array, or a logical partition of a disk array. A domain controller keeps track of the friendly names of the logical volumes and associates those friendly names with the actual physical paths of the logical volumes. When a client computer on the network wishes to access a logical volume, it sends a look-up request, which includes the friendly name, to the domain controller. The domain controller may fulfill the request by sending the path of the logical volume to the client computer.[0005]
- Additional features and advantages of the invention will be made apparent from the following detailed description of illustrative embodiments that proceeds with reference to the accompanying figures.[0006]
- While the appended claims set forth the features of the present invention with particularity, the invention, together with its objects and advantages, may be best understood from the following detailed description taken in conjunction with the accompanying drawings of which:[0007]
- FIG. 1 shows an example of a computer network in which the invention may be practiced;[0008]
- FIG. 2 shows an example of a computer on which at least some parts of the invention may be implemented; and[0009]
- FIGS. 3 and 4 show example embodiments of the invention.[0010]
- Prior to proceeding with a description of the various embodiments of the invention, a description of the computer and networking environment in which various embodiments of the invention may be practiced will be provided. Although it is not required, the present invention may be implemented by program modules that are executed by a computer. Generally, program modules include routines, objects, components, data structures and the like that perform particular tasks or implement particular abstract data types. The term “program” as used herein may connote a single program module or multiple program modules acting in concert. The invention may be implemented on a variety of types of computers. Accordingly, the terms “computer,” “device,” and “computing device” as used herein include personal computers (PCs), hand-held devices, multi-processor systems, microprocessor-based programmable consumer electronics, network PCs, PC servers, minicomputers, mainframe computers and the like. The invention may also be employed in distributed computing environments, where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, modules may be located in both local and remote memory storage devices.[0011]
- An example of a networked environment in which the invention may be used will now be described with reference to FIG. 1. The example network includes[0012]
several computers 100 communicating with one another over anetwork 102, represented by a cloud. Network102 may include many well-known components, such as routers, gateways, hubs, etc. and may allow thecomputers 100 to communicate via wired and/or wireless media. Thenetwork 102 may have one or moredata storage devices 107 linked to it. Thecomputers 100 may also havedata storage devices 103 attached directly to them, or may be communicatively linked to astorage area network 104, which includes one or moredata storage devices 105. - Referring to FIG. 2, an example of a basic configuration for a computing device on which the system described herein may be implemented is shown. In its most basic configuration, the[0013]
computing device 100 typically includes at least oneprocessing unit 112 andmemory 114. Depending on the exact configuration and type of thecomputing device 100, thememory 114 may be volatile (such as RAM), nonvolatile (such as ROM or flash memory) or some combination of the two. This most basic configuration is illustrated in FIG. 2 bydashed line 106. Additionally, the computing device may also have additional features/functionality. For example,computing device 100 may also include additional storage (removable and/or non-removable) including, but not limited to, magnetic or optical disks or tape. Computer storage media includes volatile and non-volatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules, or other data. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disk (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to stored the desired information and which can be accessed by thecomputing device 100. Any such computer storage media may be part ofcomputing device 100. - [0014]
Computing device 100 may also contain communications connections that allow the device to communicate with other devices. A communication connection is an example of a communication medium. Communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media. By way of example, and not limitation, communication media includes wired media such as a wired network or direct-wired connection, and wireless media such as acoustic, RF, infrared and other wireless media. The term computer readable media as used herein includes both storage media and communication media. - [0015]
Computing device 100 may also have input devices such as a keyboard, mouse, pen, voice input device, touch input device, etc. Output devices such as adisplay 118, speakers, a printer, etc. may also be included. All these devices are well known in the art and need not be discussed at length here. - The invention is generally directed to a method and system for managing stored data on a computer network, in which the data is divided up into logical volumes, and each volume is separately addressable via a name service. Each logical volume may correspond to an individual computer-readable storage element, such as a disk, or may be stored across multiple storage elements. As the physical location of a volume changes, its physical location can be re-registered with the name service. Thus, devices on the computer network can continue to access the volume via the name service using the volume's “friendly” name. In various embodiments of the invention, the name service can maintain security of the data on the network by restricting the ability of devices on the network to resolve the friendly names of logical volumes into physical paths.[0016]
- Various embodiments of the invention will now be described in the context of an example network, shown in FIG. 3. The network, generally labeled[0017]150, includes one or more computing devices, represented by a
computing device 152 and adomain controller 154. Thedomain controller 154 has access to a computer-readable medium 156, which may be physically located within the domain controller154 (within a magnetic hard drive, for example) or may be external to thedomain controller 154. Thenetwork 150 also includes one or more storage devices, represented in FIG. 3 bystorage devices network 150. An example of a type of logical volume is a disk volume. In some embodiments of the invention, each logical volume represents a separately removable computer-readable medium. For example, thestorage device 158 is shown as being a Redundant Array of Independent Disks (RAID) unit having threeremovable disks storage device 158 may, itself, constitute a logical volume. Alternatively, logical volumes may be striped across multiple disks. Thelogical volume 174 is shown as example of such striping. In another example, thestorage device 160 is assumed to be a magnetic hard drive with asingle disk 176. Thedisk 176 of thestorage device 160 is shown as having multiplelogical volumes - The logical volume examples of FIG. 3 are not meant to be exhaustive. A logical volume may, for example, span multiple data storage devices. In another example, an array of multiple, identical disks can be organized into logical volumes. For example, suppose that a RAID 5 unit has five identical disks. As is known in the art, the capacity of this unit is four (five minus one) times the capacity of each individual disk. The unit can be partitioned into individual volumes. Thus, if each disk is 100 Gigabytes (GB), giving an overall capacity of 400 GB for the RAID 5 unit, then the unit could be partitioned into two logical volumes of 200 GB each.[0018]
- Referring to FIG. 3, an example of how the[0019]
logical volume 174 of thestorage device 158 is registered with the domain controller will now be described. Upon being connected to thestorage area network 150, a registration message is sent to thedomain controller 154. The registration message may be generated in a variety of ways. For example, thestorage device 158 itself might broadcast the message as soon as it is connected to thenetwork 150. In some embodiments, thestorage device 158 will be connected to a switch, such as a Fibre Channel switch, and, upon detecting the presence of thestorage device 158, the switch obtains the relevant information from thestorage device 158 and sends the registration message to thedomain controller 154. In other embodiments, thedomain controller 154 discovers thestorage device 158 and obtains the relevant information from it. The registration message can be sent according to a variety of protocols. A protocol suitable for the discovery, enumeration and configuration of devices may be used, including Universal Plug and Play (UPnP) and Simple Service Discovery Protocol (SSDP). - The registration message contains a unique identifier, such as a world-wide name, that uniquely identifies the[0020]
storage device 158. The registration message also includes the identification number and the path of the logical volume on the storage device. If thestorage device 158 is a SCSI device, the logical volume may be identified in the registration message by its logical unit number (LUN). The logical volume may also be identified by a world-wide name. As used herein, the term “world-wide name” refers to an effectively unique number of reasonably large size (256 bits, for example). The registration message may also contain additional information, such as the characteristics of thestorage device 158 or its location on the topology of thenetwork 150 and the path needed to access it. The request message can also provide information such as a Public/Private Key pair for authorization or for encryption of the channel over which communication with thestorage device 158 is taking place. - When the[0021]
domain controller 154 receives the registration message, it initiates the process of assigning a name to thelogical volume 174. In doing so, thedomain controller 154 references adata structure 157 to determine whether thestorage device 158 has ever registered with thedomain controller 154 before. In determining whether thestorage device 158 has previously registered, thedomain controller 154 may require thestorage device 158 to authenticate itself. For example, thedomain controller 154 may ask thestorage device 158 for a security key, a hash of a certain key value, or a hash of a network attribute in order to verify that thestorage device 158 had, in fact, previously registered. If thedomain controller 154 determines that it has, then thedomain controller 154 may simply continue the naming system previously used with thestorage device 158. Otherwise, thedomain controller 154 establishes a new naming system for volumes on thestorage device 158. - If required, a name is generated for the[0022]
logical volume 174. The name may be generated in a variety of ways. For example, thedomain controller 154 itself may generate the name automatically. Alternatively, a human administrator could choose the name. The name that is chosen for thelogical volume 174 may be completely arbitrary, or may convey data concerning the logical volume. For example, the logical volume may be named Finance_vol—1_DataCenter—5_RAID_ unit—3″ to indicate that the volume is one that is intended to store data generated by the finance department, is the first volume used in that department, and is physically located in Data Center 5 on RAID (Redundant Array of Independent Disks) unit 3. Thedomain controller 154 then enters the name, referred to hereinafter as the “friendly name,” into thedata structure 157 and associates the friendly name with the identification number of thestorage device 158, and with the path and world-wide name of thelogical volume 174. At some point during, or after, the registration process, thedomain controller 154 may send a message to thestorage device 158 to acknowledge receipt of the registration message or to confirm registration of thelogical volume 174. Thedomain controller 154 may also send other information to thestorage device 158, such as an Access Control List (ACL) that identifies which computer systems are permitted to access thestorage device 158. - According to various embodiments of the invention, users or programs wishing to obtain access to particular logical volumes stored on a network are required to pass through one or more security checks. These security checks may be enforced by the[0023]
domain controller 154 of FIG. 3, and/or by some centralized authority such as a MICROSOFT® ACTIVE DIRECTORY® server or MICROSOFT® Passport. Additionally, thedomain controller 154 may, itself be a MICROSOFT® ACTIVE DIRECTORY® server. In some embodiments of the invention, thedomain controller 154 controls access to storage devices (such as the storage device158) through the use of thedata structure 157. In those embodiments, thedata structure 157 contains information that indicates which devices on thenetwork 150 are authorized to gain access to the various logical volumes on the computer network. For example, if thecomputing device 152 needs to access thelogical volume 174 on thestorage device 158, it first sends a request to thedomain controller 154. The request includes the friendly name of thelogical volume 174 and, in some implementations, authentication data such as a certificate or password. Thedomain controller 154 refers to thedata structure 157 to determine whether thecomputing device 152 and/or the user of thecomputing device 152 is authorized to access thelogical volume 174. In doing so, thedomain controller 154 performs such actions as checking an access control list within thedata structure 157 and verifying any authentication data received from thecomputing device 152. Other possible ways of determining whether the user and/or thecomputing device 152 are authorized to access thelogical volume 174 include a challenge/response and a public/private key exchange. - In the previous example, the domain controller may, in addition to the procedures described, publish certain storage devices and/or logical volumes. In this way, the computer systems that do not have physical access to the storage devices and/or logical volumes can learn about them and automatically modify their network topologies or connections to gain access to them.[0024]
- Referring to FIG. 4, an example of how an embodiment of the invention operates will now be described. In this example, it is assumed that there is a local area network (LAN)[0025]200 and a storage area network (SAN)202. A
host computer 204 and aSAN domain controller 206 are each communicatively linked to both theLAN 200 and theSAN 202.Storage devices SAN 202. Thestorage device 240 has access to computer-readable medium 242. A first logical volume ofdata 244 and a second logical volume ofdata 245 are stored on the computerreadable medium 242. Thehost computer 204 administers a name service on thestorage area network 202 that maps friendly names of logical volumes to their physical paths. Thehost computer 204 has afile system module 208 for managing files, a SAN managementfilter driver module 210 for enabling commands and data to be sent to and received from thestorage area network 202, a client-sideSAN API module 214 for allowing thehost computer 204 to make function calls to its counterpart on thedomain controller 206, and astorage stack module 212 for enabling thehost computer 204 to translate messages in accordance with a storage standard. Possible storage standards include Small Computer System Interface (SCSI), Internet SCSI (iSCSI), serial, Advanced Technology Attachment (ATA), and Fibre Channel. Thehost computer 206 has access to a computer-readable medium 246, which has stored thereon adata structure 248. - The[0026]
SAN domain controller 206 executes several program modules, including asecurity module 218 for authenticating hosts and controlling access to storage devices on thestorage area network 202, adiscovery module 220 for enabling storage devices on thestorage area network 202 to be automatically recognized by theSAN domain controller 206, aLUN management module 222 for keeping track of the logical unit numbers of various logical volumes on thestorage area network 202 and a namespace management module 224 for keeping track of how friendly names are mapped to network paths for the various logical volumes on the network. TheSAN domain controller 206 also executes a SANprovider API module 230, which allows theSAN domain controller 206 to communicate with various storage devices on thestorage area network 202. The SANprovider API module 230 abstracts the specifics of each storage device so that thedomain controller 206 can communicate with each storage device using a single, common language. TheSAN domain controller 206 executes a server-sideSAN API module 216 for communicating with clients, such as host computers. Although theSAN domain controller 206 is depicted as a single unit in FIG. 4, it may be implemented as multiple machines. For example, theSAN domain controller 206 could be implemented as a cluster to give it fault tolerance for an internet-based storage system. - The[0027]
SAN domain controller 206 executes a firststorage provider module 232 and a secondstorage provider module 234 for communicating with the different storage providers made by different manufacturers. Examples of storage providers include switches, disk arrays, so-called JBODs (“just a bunch of disks”), tape libraries and juke boxes. For example, in FIG. 4, theSAN domain controller 206 executes a diskarray provider module 236 and atape provider module 238 to allow thedomain controller 206 to communicate with different disk arrays and tape devices manufactured by different vendors. - An example of how the[0028]
SAN domain controller 206 manages the logical volume244 (FIG. 4) according to an embodiment of the invention will now be described. Thestorage device 240 is physically connected to theSAN 202. TheSAN domain controller 206 recognizes the presence of the storage device240 (through Universal Plug and Play, for example) and queries it for information about itself (Arrow A). Thestorage device 240 then responds by sending a registration message to theSAN domain controller 206 that includes information such as its manufacturer, its world-wide name (according to the Fibre Channel standard, for example), the fact that it has two logical volumes (the first and secondlogical volumes 244 and245), the world-wide name of each of the two logical volumes, and information regarding the path of each logical volume on the computer-readable medium242 (Arrow B). The path information may include a SCSI channel number, port number, SCSI ID and logical unit number (LUN) of each logical volume. Thediscovery module 220 receives the registration message and generates an acknowledgement message, which thedomain controller 206 sends to the storage device240 (Arrow C). Thediscovery module 220 then passes the information contained in the registration message to the namespace management module 224. The namespace management module 224 coordinates with theLUN management module 222 to determine whether there is already an entry for thestorage device 240 in thedata structure 248. If there is not already an entry, the namespace management module 224 generates a friendly name for each of the first and secondlogical volumes space management module 224 and theLUN management module 222 then define a new object for the first and secondlogical volumes data structure 248. The new object associates the friendly name generated for the first and secondlogical volumes storage device 240, and with the world-wide names and paths of the first and secondlogical volumes security module 218 can screen thestorage device 240 to determine whether it should be permitted to participate in the name service. - To write and read data to and from the first[0029]
logical volume 244, for example, thehost computer 204 first registers with theSAN domain controller 206, if it has not already done so in the past. It does this by sending a registration message to the SAN domain controller206 (Arrow D). The registration message includes a request to attach to the SAN, as well as the host computer's authorization credentials (if needed). Thesecurity module 218 then executes a security procedure to determine whether thehost computer 204 should be permitted to be registered. For example, thesecurity module 218 may determine whether thehost computer 204 has authorization to access theSAN 202 and which pieces of hardware thehost computer 204 is permitted to access. If theSAN domain controller 206 accepts the registration request, it responds with an acknowledgment message to the host computer204 (Arrow E). TheSAN domain controller 206 then creates a virtualization (a directory tree, for example) of the resources that thehost computer 204 is permitted to access, and provides the virtualization to thehost computer 204. Once thehost computer 204 registers, it can then attempt to access the firstlogical volume 244. To do so, thehost computer 204 determines the friendly name of the firstlogical volume 244. It may do this by searching a well-known directory located on theLAN 200. Thehost computer 204 then sends a look-up request to theSAN domain controller 206. The look-up request includes the friendly name of the first logical volume244 (Arrow F). Thesecurity module 218 of theSAN domain controller 206 responds to the request by referencing thedata structure 248 to determine whether thehost computer 204 is authorized to have access to the firstlogical volume 244. In making this determination, thesecurity module 218 may analyze authentication data included in the look-up request. For example, thesecurity module 218 may compare a certificate received with the look-up request to those of an access control list maintained in thedata structure 248. If the request is approved, thesecurity module 218 extracts the appropriate path information regarding the firstlogical volume 244 from thedata structure 248. TheSAN domain controller 206 then sends the path information to the host computer204 (Arrow G). Thehost computer 204 then uses the path information to access the firstlogical volume 244 via the storage area network202 (Arrow H). - If the[0030]
security module 218 determines that thehost computer 204 is not permitted to have access to the firstlogical volume 244, then theSAN domain controller 206 sends a denial message to thehost computer 204. There may be a variety of reasons for denying access to thehost computer 204. For example it may be desirable to prevent thehost computer 204 from corrupting the data in the firstlogical volume 244. - Referring again to FIG. 4, the[0031]
SAN domain controller 206 keeps track of the paths of the various logical volumes stored on theSAN 202. For example, if the firstlogical volume 244 is moved from thestorage device 240 to thestorage device 260, theSAN domain controller 206 discovers the move, either automatically or via a manual update, and updates the corresponding path information in thedata structure 248. It could then correctly correlate the name of the firstlogical volume 244 to thestorage device 260 and thereby have the ability to respond correctly to future look-up requests regarding the firstlogical volume 244. Thus, the fact that the firstlogical volume 244 had physically moved would be hidden from thehost computer 204, as well as all of the other host computers of theLAN 200. - It can thus be seen that a new a useful method and system for managing stored data on a computer network has been provided. In view of the many possible embodiments to which the principles of this invention may be applied, it should be recognized that the embodiments described herein with respect to the drawing figures is meant to be illustrative only and should not be taken as limiting the scope of invention. For example, those of skill in the art will recognize that the elements of the illustrated embodiments shown in software may be implemented in hardware and vice versa or that the illustrated embodiments can be modified in arrangement and detail without departing from the spirit of the invention. Therefore, the invention as described herein contemplates all such embodiments as may come within the scope of the following claims and equivalents thereof.[0032]
Claims (25)
1. A method for managing stored data on a computer network, the computer network comprising at least a first and a second node, the first node comprising a server, the second node comprising a storage device, the method comprising:
at the server, receiving, from the storage device and over the network, a registration message that identifies a logical volume of computer-readable media managed by the storage device, wherein the registration message comprises a path by which a user of the computer network can access the logical volume;
creating an association between the path of the logical volume and a name; and
storing the association in a data structure on a computer-readable medium accessible by the server.
2. A computer-readable medium having stored thereon computer executable instructions for performing the method ofclaim 1 .
3. The method ofclaim 1 , wherein the logical volume represents a single disk of the storage device.
4. The method ofclaim 1 , wherein the logical volume represents a logical disk that is striped across multiple physical disks.
5. The method ofclaim 1 , wherein the storage device is one of a plurality of storage devices, and the logical volume represents data that is striped across the plurality of storage devices.
6. The method ofclaim 1 , wherein the registration message further comprises a world-wide name, the method further comprising creating an association between the world-wide name and the name.
7. The method ofclaim 1 , wherein the registration message further comprises a logical unit number, and wherein the creating step comprises creating an association between the logical unit number and the name.
8. The method ofclaim 1 , further comprising creating an access control list for the logical volume, the access control list specifying which computers are permitted to access the logical volume.
9. The method ofclaim 1 , further comprising:
discovering the existence of the storage device; and
discovering the existence of the logical volume.
10. The method ofclaim 1 , further comprising:
controlling access by host computers on the network to the storage device.
11. A method for managing stored data on a computer network, the computer network comprising at least a first, a second, and a third node, the first node comprising a server, the second node comprising a storage device, and the third node comprising a client computer, the method comprising:
the server computer receiving, from the client computer, a request for the path of a logical volume stored on the computer network, the request including a name of the logical volume;
the server computer referencing a data structure comprising an association between the name of the logical volume and a path of the logical volume; and
the server computer providing the path to the client computer, thereby permitting the client computer to access the logical volume via the computer network.
12. A computer-readable medium having stored thereon computer-executable instructions for performing the method ofclaim 11 .
13. The method ofclaim 1 1, further comprising:
the server computer determining whether the client computer is permitted to have access to the logical volume; and
the server computer performing the providing step based on the determining step.
14. The method ofclaim 13 , wherein the determining step comprises referencing an access control list.
15. The method ofclaim 13 , wherein the determining step comprises verifying a certificate received from the client computer.
16. The method ofclaim 13 , wherein the determining step comprises referencing permission information in the data structure.
17. The method ofclaim 11 , wherein the referencing step comprises:
locating the name of the logical volume in the data structure;
determining the identity of a storage device on the network that is responsible for and maintaining the logical volume; and
determining which logical unit number of the storage device corresponds to the logical volume,
wherein the providing step comprises transmitting, to the client computer, the identity of the storage device and the logical unit number.
18. The method ofclaim 11 , wherein the referencing step comprises:
locating the world-wide name of the logical volume in the data structure; and
determining the identity of a storage device on the network that is responsible for maintaining the logical volume,
wherein the providing step comprises transmitting, to the client computer, the identity of the storage device and the world-wide name of the logical volume.
19. A name service for a storage network, the name service comprising:
a storage device linked to the storage network for storing computer-readable data;
a domain controller linked to the network for maintaining an association between the path of a logical volume of data stored on the storage device and a friendly name; and
a client computer linked to the domain controller.
20. The name service ofclaim 19 , wherein the domain controller executes software for performing the steps of:
receiving a request from the client computer for the path of the logical volume, the request including the friendly name;
using the association between the friendly name and the path to determine the path of the logical volume; and
transmitting data regarding the path to the client computer.
21. The name service ofclaim 19 , wherein the domain controller executes software for performing steps comprising:
receiving a request from the client computer for the path of the logical volume;
determining whether or not the client computer is permitted to have access to the logical volume; and
granting or denying the request based on the determining step.
22. The name service ofclaim 19 , wherein the domain controller executes software for performing steps comprising:
reviewing a request from the storage device to register the logical volume;
determining whether or not the storage device is permitted to participate in the storage network; and
granting or denying the request based on the determining step.
23. The name service ofclaim 19 , wherein the logical volume corresponds to a single removable computer-readable medium.
24. The name service ofclaim 19 , wherein the logical volume corresponds to a single disk of the storage device.
25. The name service ofclaim 19 , wherein the logical volume corresponds to a block of data that is striped across multiple disks of the storage device.
Priority Applications (4)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US10/164,950US20030229689A1 (en) | 2002-06-06 | 2002-06-06 | Method and system for managing stored data on a computer network |
| US11/236,256US7676564B2 (en) | 2002-06-06 | 2005-09-27 | Managing stored data on a computer network |
| US11/236,233US20060026263A1 (en) | 2002-06-06 | 2005-09-27 | Managing stored data on a computer network |
| US12/652,207US8224947B2 (en) | 2002-06-06 | 2010-01-05 | Managing stored data on a computer network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US10/164,950US20030229689A1 (en) | 2002-06-06 | 2002-06-06 | Method and system for managing stored data on a computer network |
Related Child Applications (2)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| US11/236,256DivisionUS7676564B2 (en) | 2002-06-06 | 2005-09-27 | Managing stored data on a computer network |
| US11/236,233DivisionUS20060026263A1 (en) | 2002-06-06 | 2005-09-27 | Managing stored data on a computer network |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| US20030229689A1true US20030229689A1 (en) | 2003-12-11 |
Family
ID=29710318
Family Applications (4)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| US10/164,950AbandonedUS20030229689A1 (en) | 2002-06-06 | 2002-06-06 | Method and system for managing stored data on a computer network |
| US11/236,233AbandonedUS20060026263A1 (en) | 2002-06-06 | 2005-09-27 | Managing stored data on a computer network |
| US11/236,256Expired - Fee RelatedUS7676564B2 (en) | 2002-06-06 | 2005-09-27 | Managing stored data on a computer network |
| US12/652,207Expired - Fee RelatedUS8224947B2 (en) | 2002-06-06 | 2010-01-05 | Managing stored data on a computer network |
Family Applications After (3)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| US11/236,233AbandonedUS20060026263A1 (en) | 2002-06-06 | 2005-09-27 | Managing stored data on a computer network |
| US11/236,256Expired - Fee RelatedUS7676564B2 (en) | 2002-06-06 | 2005-09-27 | Managing stored data on a computer network |
| US12/652,207Expired - Fee RelatedUS8224947B2 (en) | 2002-06-06 | 2010-01-05 | Managing stored data on a computer network |
Country Status (1)
| Country | Link |
|---|---|
| US (4) | US20030229689A1 (en) |
Cited By (34)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040083284A1 (en)* | 2002-10-25 | 2004-04-29 | Yuval Ofek | System and method for providing data awareness across multiple domains |
| US20040117546A1 (en)* | 2002-12-11 | 2004-06-17 | Makio Mizuno | iSCSI storage management method and management system |
| US20040210791A1 (en)* | 2003-04-21 | 2004-10-21 | Etsutaro Akagawa | Medium for recording network management program, management computer and managing method |
| US6839746B1 (en)* | 2003-06-03 | 2005-01-04 | Veritas Operating Corporation | Storage area network (SAN) device logical relationships manager |
| US20050138466A1 (en)* | 2003-12-19 | 2005-06-23 | Spry Andrew J. | Method and apparatus for supporting legacy mode fail-over driver with ISCSI network entity including multiple redundant controllers |
| US20050138418A1 (en)* | 2003-12-19 | 2005-06-23 | Spry Andrew J. | Methods for defining and naming iSCSI targets using volume access and security policy |
| US20050149748A1 (en)* | 2003-12-19 | 2005-07-07 | Spry Andrew J. | Method and apparatus for identifying IPsec security policy in iSCSI |
| US20050198224A1 (en)* | 2004-03-02 | 2005-09-08 | Emiko Kobayashi | Storage network system and control method thereof |
| US20050234941A1 (en)* | 2004-04-20 | 2005-10-20 | Naoki Watanabe | Managing method for storage subsystem |
| EP1598737A2 (en) | 2004-05-20 | 2005-11-23 | Hitachi Ltd. | A management method and a management system for a storage volume |
| US20060036786A1 (en)* | 2004-08-13 | 2006-02-16 | Barrett Kreiner | Logical remapping of storage devices |
| US20060059307A1 (en)* | 2004-09-13 | 2006-03-16 | Akira Fujibayashi | Storage system and information system using the storage system |
| US20060075470A1 (en)* | 2004-10-06 | 2006-04-06 | Toru Tanaka | Storage network system and access control method |
| US20060080465A1 (en)* | 2004-10-12 | 2006-04-13 | Conzola Vincent C | Apparatus, system, and method for presenting a mapping between a namespace and a set of computing resources |
| US20060109850A1 (en)* | 2004-11-24 | 2006-05-25 | Hitachi, Ltd. | IP-SAN network access control list generating method and access control list setup method |
| US20060190522A1 (en)* | 2005-02-18 | 2006-08-24 | Mitsuhiro Nagata | Method for controlling a computer |
| US20060239452A1 (en)* | 2005-04-25 | 2006-10-26 | Samsung Electronics Co., Ltd. | Apparatus and method for providing security service |
| US20060271579A1 (en)* | 2005-05-10 | 2006-11-30 | Arun Batish | Storage usage analysis |
| US7197489B1 (en)* | 2002-12-31 | 2007-03-27 | Emc Corporation | Methods and apparatus for maintaining object data for components in a network |
| US20070150939A1 (en)* | 2005-12-22 | 2007-06-28 | Jeffrey Aaron | Methods, communication networks, and computer program products for selecting an endpoint and/or a midpoint path resource for traffic associated with a network element based on whether the network element can be trusted |
| US20070147262A1 (en)* | 2005-12-22 | 2007-06-28 | Jeffrey Aaron | Methods, communication networks, and computer program products for storing and/or logging traffic associated with a network element based on whether the network element can be trusted |
| US20070195447A1 (en)* | 2006-02-21 | 2007-08-23 | Spectra Logic Corporation | Optional data encryption by partition for a partitionable data storage library |
| US20080307065A1 (en)* | 2007-06-06 | 2008-12-11 | Hitachi, Ltd. | Method for starting up file sharing system and file sharing device |
| US20090049117A1 (en)* | 2007-08-17 | 2009-02-19 | At&T Bls Intellectual Property, Inc | Systems and Methods for Localizing a Network Storage Device |
| US20090083484A1 (en)* | 2007-09-24 | 2009-03-26 | Robert Beverley Basham | System and Method for Zoning of Devices in a Storage Area Network |
| US20090083423A1 (en)* | 2007-09-26 | 2009-03-26 | Robert Beverley Basham | System and Computer Program Product for Zoning of Devices in a Storage Area Network |
| US7562162B2 (en) | 2007-04-25 | 2009-07-14 | At&T Intellectual Property I, L.P. | Systems and methods for distributed computing utilizing a smart memory apparatus |
| US20120179776A1 (en)* | 2011-01-12 | 2012-07-12 | Fujitsu Limited | Communication control apparatus, communication system, information processing apparatus, and communication control method |
| US20130054907A1 (en)* | 2011-08-22 | 2013-02-28 | Fujitsu Limited | Storage system, storage control apparatus, and storage control method |
| US20140337847A1 (en)* | 2011-10-25 | 2014-11-13 | Fujitsu Technology Solutions Intellectual Property Gmbh | Cluster system and method for executing a plurality of virtual machines |
| US9134921B1 (en)* | 2007-04-23 | 2015-09-15 | Netapp, Inc. | Uniquely naming storage devices in a global storage environment |
| US9891845B2 (en) | 2015-06-24 | 2018-02-13 | International Business Machines Corporation | Reusing a duplexed storage resource |
| US10318194B2 (en)* | 2014-10-02 | 2019-06-11 | Hitachi Vantara Corporation | Method and an apparatus, and related computer-program products, for managing access request in multi-tenancy environments |
| EP2297921B1 (en)* | 2008-07-10 | 2021-02-24 | Juniper Networks, Inc. | Network storage |
Families Citing this family (67)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8352400B2 (en) | 1991-12-23 | 2013-01-08 | Hoffberg Steven M | Adaptive pattern recognition based controller apparatus and method and human-factored interface therefore |
| US7904187B2 (en) | 1999-02-01 | 2011-03-08 | Hoffberg Steven M | Internet appliance system and method |
| US7817583B2 (en)* | 2003-04-28 | 2010-10-19 | Hewlett-Packard Development Company, L.P. | Method for verifying a storage area network configuration |
| DE602004010098T3 (en) | 2003-05-06 | 2014-09-04 | Apple Inc. | METHOD FOR MODIFYING A MESSAGE STORAGE AND TRANSMISSION NETWORK SYSTEM AND DATA ANSWERING SYSTEM |
| US8144618B2 (en)* | 2005-01-31 | 2012-03-27 | Hewlett-Packard Development Company, L.P. | Method and apparatus for automatic verification of a zone configuration and network access control construct for a plurality of network switches |
| US7693887B2 (en)* | 2005-02-01 | 2010-04-06 | Strands, Inc. | Dynamic identification of a new set of media items responsive to an input mediaset |
| EP1849099B1 (en) | 2005-02-03 | 2014-05-07 | Apple Inc. | Recommender system for identifying a new set of media items responsive to an input set of media items and knowledge base metrics |
| EP1844386A4 (en) | 2005-02-04 | 2009-11-25 | Strands Inc | System for browsing through a music catalog using correlation metrics of a knowledge base of mediasets |
| WO2006114451A1 (en)* | 2005-04-22 | 2006-11-02 | Musicstrands, S.A.U. | System and method for acquiring and aggregating data relating to the reproduction of multimedia files or elements |
| US7877387B2 (en) | 2005-09-30 | 2011-01-25 | Strands, Inc. | Systems and methods for promotional media item selection and promotional program unit generation |
| WO2007044389A2 (en)* | 2005-10-04 | 2007-04-19 | Strands, Inc. | Methods and apparatus for visualizing a music library |
| US20070088917A1 (en)* | 2005-10-14 | 2007-04-19 | Ranaweera Samantha L | System and method for creating and maintaining a logical serial attached SCSI communication channel among a plurality of storage systems |
| EP2437158A1 (en) | 2005-12-19 | 2012-04-04 | Apple Inc. | User-to-user recommender |
| US20070244880A1 (en)* | 2006-02-03 | 2007-10-18 | Francisco Martin | Mediaset generation system |
| BRPI0621315A2 (en) | 2006-02-10 | 2011-12-06 | Strands Inc | dynamic interactive entertainment |
| US7743009B2 (en)* | 2006-02-10 | 2010-06-22 | Strands, Inc. | System and methods for prioritizing mobile media player files |
| US8521611B2 (en)* | 2006-03-06 | 2013-08-27 | Apple Inc. | Article trading among members of a community |
| EP2410446A1 (en)* | 2006-10-20 | 2012-01-25 | Colwood Technology, LLC | Personal music recommendation mapping |
| US8019938B2 (en) | 2006-12-06 | 2011-09-13 | Fusion-I0, Inc. | Apparatus, system, and method for solid-state storage as cache for high-capacity, non-volatile storage |
| US8782047B2 (en)* | 2009-10-30 | 2014-07-15 | Hitachi Data Systems Corporation | Fixed content storage within a partitioned content platform using namespaces |
| US8533155B2 (en)* | 2009-10-30 | 2013-09-10 | Hitachi Data Systems Corporation | Fixed content storage within a partitioned content platform, with replication |
| US8671000B2 (en)* | 2007-04-24 | 2014-03-11 | Apple Inc. | Method and arrangement for providing content to multimedia devices |
| US7836226B2 (en) | 2007-12-06 | 2010-11-16 | Fusion-Io, Inc. | Apparatus, system, and method for coordinating storage requests in a multi-processor/multi-thread environment |
| US20090276351A1 (en)* | 2008-04-30 | 2009-11-05 | Strands, Inc. | Scaleable system and method for distributed prediction markets |
| JP2010049522A (en)* | 2008-08-22 | 2010-03-04 | Hitachi Ltd | Computer system and method for managing logical volumes |
| US8914384B2 (en) | 2008-09-08 | 2014-12-16 | Apple Inc. | System and method for playlist generation based on similarity data |
| EP2374066A4 (en) | 2008-10-02 | 2013-12-04 | Apple Inc | Real-time visualization of user consumption of media items |
| US8156300B2 (en)* | 2008-11-18 | 2012-04-10 | Microsoft Corporation | Delete notifications for an entire storage volume |
| US8255641B2 (en)* | 2008-11-18 | 2012-08-28 | Microsoft Corporation | Modifying delete notifications in a storage stack |
| US8261030B2 (en)* | 2008-11-18 | 2012-09-04 | Microsoft Corporation | Using delete notifications to free related storage resources |
| US9733962B2 (en) | 2009-07-23 | 2017-08-15 | Brocade Communications Systems, Inc. | Method and apparatus for determining the identity of a virtual machine |
| US20110029928A1 (en)* | 2009-07-31 | 2011-02-03 | Apple Inc. | System and method for displaying interactive cluster-based media playlists |
| US20110060738A1 (en) | 2009-09-08 | 2011-03-10 | Apple Inc. | Media item clustering based on similarity data |
| US8533161B2 (en)* | 2009-10-30 | 2013-09-10 | Hitachi Data Systems Corporation | Fixed content storage within a partitioned content platform, with disposition service |
| JP2012058912A (en)* | 2010-09-07 | 2012-03-22 | Nec Corp | Logical unit number management device, logical unit number management method and program therefor |
| US9246764B2 (en)* | 2010-12-14 | 2016-01-26 | Verizon Patent And Licensing Inc. | Network service admission control using dynamic network topology and capacity updates |
| US8880793B2 (en)* | 2011-04-08 | 2014-11-04 | Symantec Corporation | Storage management systems and methods |
| US8555388B1 (en) | 2011-05-24 | 2013-10-08 | Palo Alto Networks, Inc. | Heuristic botnet detection |
| US8966625B1 (en)* | 2011-05-24 | 2015-02-24 | Palo Alto Networks, Inc. | Identification of malware sites using unknown URL sites and newly registered DNS addresses |
| US8983905B2 (en) | 2011-10-03 | 2015-03-17 | Apple Inc. | Merging playlists from multiple sources |
| US20130219481A1 (en)* | 2012-02-16 | 2013-08-22 | Robert Matthew Voltz | Cyberspace Trusted Identity (CTI) Module |
| US9253176B2 (en) | 2012-04-27 | 2016-02-02 | Intralinks, Inc. | Computerized method and system for managing secure content sharing in a networked secure collaborative exchange environment |
| US9251360B2 (en)* | 2012-04-27 | 2016-02-02 | Intralinks, Inc. | Computerized method and system for managing secure mobile device content viewing in a networked secure collaborative exchange environment |
| US9553860B2 (en) | 2012-04-27 | 2017-01-24 | Intralinks, Inc. | Email effectivity facility in a networked secure collaborative exchange environment |
| CA2871600A1 (en) | 2012-04-27 | 2013-10-31 | Intralinks, Inc. | Computerized method and system for managing networked secure collaborative exchange |
| US9240985B1 (en)* | 2012-08-16 | 2016-01-19 | Netapp, Inc. | Method and system for managing access to storage space in storage systems |
| US9215239B1 (en) | 2012-09-28 | 2015-12-15 | Palo Alto Networks, Inc. | Malware detection based on traffic analysis |
| US9104870B1 (en) | 2012-09-28 | 2015-08-11 | Palo Alto Networks, Inc. | Detecting malware |
| US9613210B1 (en) | 2013-07-30 | 2017-04-04 | Palo Alto Networks, Inc. | Evaluating malware in a virtual machine using dynamic patching |
| US10019575B1 (en) | 2013-07-30 | 2018-07-10 | Palo Alto Networks, Inc. | Evaluating malware in a virtual machine using copy-on-write |
| US9811665B1 (en) | 2013-07-30 | 2017-11-07 | Palo Alto Networks, Inc. | Static and dynamic security analysis of apps for mobile devices |
| EP3069462A4 (en) | 2013-11-14 | 2017-05-03 | Intralinks, Inc. | Litigation support in cloud-hosted file sharing and collaboration |
| GB2530685A (en) | 2014-04-23 | 2016-03-30 | Intralinks Inc | Systems and methods of secure data exchange |
| US9489516B1 (en) | 2014-07-14 | 2016-11-08 | Palo Alto Networks, Inc. | Detection of malware using an instrumented virtual machine environment |
| US9805193B1 (en) | 2014-12-18 | 2017-10-31 | Palo Alto Networks, Inc. | Collecting algorithmically generated domains |
| US9542554B1 (en) | 2014-12-18 | 2017-01-10 | Palo Alto Networks, Inc. | Deduplicating malware |
| US10437770B2 (en) | 2015-01-28 | 2019-10-08 | Avago Technologies International Sales Pte. Limited | Method and apparatus for providing virtual machine information to a network interface |
| US9582310B2 (en)* | 2015-01-28 | 2017-02-28 | Brocade Communications Systems, Inc. | Method and apparatus for determining the identity of a virtual machine |
| US10503442B2 (en) | 2015-01-28 | 2019-12-10 | Avago Technologies International Sales Pte. Limited | Method and apparatus for registering and storing virtual machine unique information capabilities |
| US10033702B2 (en) | 2015-08-05 | 2018-07-24 | Intralinks, Inc. | Systems and methods of secure data exchange |
| US10944823B2 (en) | 2016-06-28 | 2021-03-09 | At&T Intellectual Property I, L.P. | Highly redundant and scalable storage area network architecture |
| CN106411962B (en)* | 2016-12-15 | 2019-08-27 | 中国科学技术大学 | A data storage method combining user-side access control and cloud access control |
| US10936653B2 (en) | 2017-06-02 | 2021-03-02 | Apple Inc. | Automatically predicting relevant contexts for media items |
| US20200004495A1 (en) | 2018-06-27 | 2020-01-02 | Apple Inc. | Generating a Customized Social-Driven Playlist |
| US11010474B2 (en) | 2018-06-29 | 2021-05-18 | Palo Alto Networks, Inc. | Dynamic analysis techniques for applications |
| US10956573B2 (en) | 2018-06-29 | 2021-03-23 | Palo Alto Networks, Inc. | Dynamic analysis techniques for applications |
| US11196765B2 (en) | 2019-09-13 | 2021-12-07 | Palo Alto Networks, Inc. | Simulating user interactions for malware analysis |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5897661A (en)* | 1997-02-25 | 1999-04-27 | International Business Machines Corporation | Logical volume manager and method having enhanced update capability with dynamic allocation of storage and minimal storage of metadata information |
| US6343324B1 (en)* | 1999-09-13 | 2002-01-29 | International Business Machines Corporation | Method and system for controlling access share storage devices in a network environment by configuring host-to-volume mapping data structures in the controller memory for granting and denying access to the devices |
| US6606695B2 (en)* | 2000-05-24 | 2003-08-12 | Hitachi, Ltd. | Method and apparatus for controlling access to storage device |
| US6671776B1 (en)* | 1999-10-28 | 2003-12-30 | Lsi Logic Corporation | Method and system for determining and displaying the topology of a storage array network having multiple hosts and computer readable medium for generating the topology |
| US6684209B1 (en)* | 2000-01-14 | 2004-01-27 | Hitachi, Ltd. | Security method and system for storage subsystem |
| US6779083B2 (en)* | 2001-07-13 | 2004-08-17 | Hitachi, Ltd. | Security for logical unit in storage subsystem |
| US6842784B1 (en)* | 2000-06-27 | 2005-01-11 | Emc Corporation | Use of global logical volume identifiers to access logical volumes stored among a plurality of storage elements in a computer storage system |
| US6922688B1 (en)* | 1998-01-23 | 2005-07-26 | Adaptec, Inc. | Computer system storage |
| US6944654B1 (en)* | 1999-11-01 | 2005-09-13 | Emc Corporation | Multiple storage array control |
Family Cites Families (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5701462A (en)* | 1993-12-29 | 1997-12-23 | Microsoft Corporation | Distributed file system providing a unified name space with efficient name resolution |
| US5889952A (en)* | 1996-08-14 | 1999-03-30 | Microsoft Corporation | Access check system utilizing cached access permissions |
| US6449652B1 (en)* | 1999-01-04 | 2002-09-10 | Emc Corporation | Method and apparatus for providing secure access to a computer system resource |
| US6389432B1 (en)* | 1999-04-05 | 2002-05-14 | Auspex Systems, Inc. | Intelligent virtual volume access |
| US6748448B1 (en)* | 1999-12-13 | 2004-06-08 | International Business Machines Corporation | High performance internet storage access scheme |
| US6718372B1 (en)* | 2000-01-07 | 2004-04-06 | Emc Corporation | Methods and apparatus for providing access by a first computing system to data stored in a shared storage device managed by a second computing system |
| US7222176B1 (en)* | 2000-08-28 | 2007-05-22 | Datacore Software Corporation | Apparatus and method for using storage domains for controlling data in storage area networks |
| US7177953B1 (en)* | 2000-12-22 | 2007-02-13 | Nortel Networks Limited | Device and method for data storage |
| JP4162184B2 (en)* | 2001-11-14 | 2008-10-08 | 株式会社日立製作所 | Storage device having means for acquiring execution information of database management system |
| US7024427B2 (en)* | 2001-12-19 | 2006-04-04 | Emc Corporation | Virtual file system |
- 2002
- 2002-06-06USUS10/164,950patent/US20030229689A1/ennot_activeAbandoned
- 2005
- 2005-09-27USUS11/236,233patent/US20060026263A1/ennot_activeAbandoned
- 2005-09-27USUS11/236,256patent/US7676564B2/ennot_activeExpired - Fee Related
- 2010
- 2010-01-05USUS12/652,207patent/US8224947B2/ennot_activeExpired - Fee Related
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US5897661A (en)* | 1997-02-25 | 1999-04-27 | International Business Machines Corporation | Logical volume manager and method having enhanced update capability with dynamic allocation of storage and minimal storage of metadata information |
| US6922688B1 (en)* | 1998-01-23 | 2005-07-26 | Adaptec, Inc. | Computer system storage |
| US6343324B1 (en)* | 1999-09-13 | 2002-01-29 | International Business Machines Corporation | Method and system for controlling access share storage devices in a network environment by configuring host-to-volume mapping data structures in the controller memory for granting and denying access to the devices |
| US6671776B1 (en)* | 1999-10-28 | 2003-12-30 | Lsi Logic Corporation | Method and system for determining and displaying the topology of a storage array network having multiple hosts and computer readable medium for generating the topology |
| US6944654B1 (en)* | 1999-11-01 | 2005-09-13 | Emc Corporation | Multiple storage array control |
| US6684209B1 (en)* | 2000-01-14 | 2004-01-27 | Hitachi, Ltd. | Security method and system for storage subsystem |
| US6606695B2 (en)* | 2000-05-24 | 2003-08-12 | Hitachi, Ltd. | Method and apparatus for controlling access to storage device |
| US6842784B1 (en)* | 2000-06-27 | 2005-01-11 | Emc Corporation | Use of global logical volume identifiers to access logical volumes stored among a plurality of storage elements in a computer storage system |
| US6779083B2 (en)* | 2001-07-13 | 2004-08-17 | Hitachi, Ltd. | Security for logical unit in storage subsystem |
Cited By (64)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040083284A1 (en)* | 2002-10-25 | 2004-04-29 | Yuval Ofek | System and method for providing data awareness across multiple domains |
| US20040117546A1 (en)* | 2002-12-11 | 2004-06-17 | Makio Mizuno | iSCSI storage management method and management system |
| US7103712B2 (en) | 2002-12-11 | 2006-09-05 | Hitachi, Ltd. | iSCSI storage management method and management system |
| US7197489B1 (en)* | 2002-12-31 | 2007-03-27 | Emc Corporation | Methods and apparatus for maintaining object data for components in a network |
| US20040210791A1 (en)* | 2003-04-21 | 2004-10-21 | Etsutaro Akagawa | Medium for recording network management program, management computer and managing method |
| US7234020B2 (en) | 2003-04-21 | 2007-06-19 | Hitachi, Ltd. | Fault notification based on volume access control information |
| US20070214253A1 (en)* | 2003-04-21 | 2007-09-13 | Hitachi, Ltd. | Fault notification based on volume access control information |
| US6839746B1 (en)* | 2003-06-03 | 2005-01-04 | Veritas Operating Corporation | Storage area network (SAN) device logical relationships manager |
| US7107328B1 (en) | 2003-06-03 | 2006-09-12 | Veritas Operating Corporation | Storage area network (SAN) device logical relationships manager |
| US7461140B2 (en) | 2003-12-19 | 2008-12-02 | Lsi Corporation | Method and apparatus for identifying IPsec security policy in iSCSI |
| US7568216B2 (en)* | 2003-12-19 | 2009-07-28 | Lsi Logic Corporation | Methods for defining and naming iSCSI targets using volume access and security policy |
| US7257730B2 (en) | 2003-12-19 | 2007-08-14 | Lsi Corporation | Method and apparatus for supporting legacy mode fail-over driver with iSCSI network entity including multiple redundant controllers |
| US20050149748A1 (en)* | 2003-12-19 | 2005-07-07 | Spry Andrew J. | Method and apparatus for identifying IPsec security policy in iSCSI |
| US20050138418A1 (en)* | 2003-12-19 | 2005-06-23 | Spry Andrew J. | Methods for defining and naming iSCSI targets using volume access and security policy |
| US20050138466A1 (en)* | 2003-12-19 | 2005-06-23 | Spry Andrew J. | Method and apparatus for supporting legacy mode fail-over driver with ISCSI network entity including multiple redundant controllers |
| US20050198224A1 (en)* | 2004-03-02 | 2005-09-08 | Emiko Kobayashi | Storage network system and control method thereof |
| US7548924B2 (en)* | 2004-04-20 | 2009-06-16 | Hitachi, Ltd. | Managing method for storage subsystem |
| US20050234941A1 (en)* | 2004-04-20 | 2005-10-20 | Naoki Watanabe | Managing method for storage subsystem |
| EP1589411A3 (en)* | 2004-04-20 | 2008-11-05 | Hitachi, Ltd. | Managing method for storing subsystem |
| US8190847B2 (en) | 2004-05-20 | 2012-05-29 | Hitachi, Ltd. | Management method and a management system for volume |
| US20120210063A1 (en)* | 2004-05-20 | 2012-08-16 | Yasuyuki Mimatsu | Management method and a management system for volume |
| EP1598737A2 (en) | 2004-05-20 | 2005-11-23 | Hitachi Ltd. | A management method and a management system for a storage volume |
| US8006063B2 (en) | 2004-05-20 | 2011-08-23 | Hitachi, Ltd. | Management method and a management system for volume |
| US8850157B2 (en)* | 2004-05-20 | 2014-09-30 | Hitachi, Ltd. | Management method and a management system for volume |
| US7610467B2 (en) | 2004-05-20 | 2009-10-27 | Hitachi, Ltd. | Management method and a management system for volume |
| US20100011184A1 (en)* | 2004-05-20 | 2010-01-14 | Yasuyuki Mimatsu | Management method and a management system for volume |
| EP1598737A3 (en)* | 2004-05-20 | 2008-06-04 | Hitachi Ltd. | A management method and a management system for a storage volume |
| US20080091816A1 (en)* | 2004-05-20 | 2008-04-17 | Hitachi, Ltd. | Management method and a management system for volume |
| US20060036786A1 (en)* | 2004-08-13 | 2006-02-16 | Barrett Kreiner | Logical remapping of storage devices |
| US20060059307A1 (en)* | 2004-09-13 | 2006-03-16 | Akira Fujibayashi | Storage system and information system using the storage system |
| US20100122028A1 (en)* | 2004-09-13 | 2010-05-13 | Akira Fujibayashi | Method and system for controlling information of logical division in a storage controller |
| US7861054B2 (en)* | 2004-09-13 | 2010-12-28 | Hitachi, Ltd. | Method and system for controlling information of logical division in a storage controller |
| US7865688B2 (en) | 2004-09-13 | 2011-01-04 | Hitachi, Ltd. | Method and system for controlling information of logical division in a storage controller |
| US20060075470A1 (en)* | 2004-10-06 | 2006-04-06 | Toru Tanaka | Storage network system and access control method |
| US7725601B2 (en)* | 2004-10-12 | 2010-05-25 | International Business Machines Corporation | Apparatus, system, and method for presenting a mapping between a namespace and a set of computing resources |
| US20060080465A1 (en)* | 2004-10-12 | 2006-04-13 | Conzola Vincent C | Apparatus, system, and method for presenting a mapping between a namespace and a set of computing resources |
| US20060109850A1 (en)* | 2004-11-24 | 2006-05-25 | Hitachi, Ltd. | IP-SAN network access control list generating method and access control list setup method |
| US20060190522A1 (en)* | 2005-02-18 | 2006-08-24 | Mitsuhiro Nagata | Method for controlling a computer |
| US9325678B2 (en)* | 2005-04-25 | 2016-04-26 | Samsung Electronics Co., Ltd. | Apparatus and method for providing security service for guest network device in a network |
| US20060239452A1 (en)* | 2005-04-25 | 2006-10-26 | Samsung Electronics Co., Ltd. | Apparatus and method for providing security service |
| US20060271579A1 (en)* | 2005-05-10 | 2006-11-30 | Arun Batish | Storage usage analysis |
| US20070147262A1 (en)* | 2005-12-22 | 2007-06-28 | Jeffrey Aaron | Methods, communication networks, and computer program products for storing and/or logging traffic associated with a network element based on whether the network element can be trusted |
| US20070150939A1 (en)* | 2005-12-22 | 2007-06-28 | Jeffrey Aaron | Methods, communication networks, and computer program products for selecting an endpoint and/or a midpoint path resource for traffic associated with a network element based on whether the network element can be trusted |
| US9570103B2 (en) | 2006-02-21 | 2017-02-14 | Spectra Logic | Optional data encryption by partition for a partitionable data storage library |
| US20070195447A1 (en)* | 2006-02-21 | 2007-08-23 | Spectra Logic Corporation | Optional data encryption by partition for a partitionable data storage library |
| US9158467B2 (en)* | 2006-02-21 | 2015-10-13 | Spectra Logic Corporation | Optional data encryption by partition for a partitionable data storage library |
| US10282137B2 (en) | 2007-04-23 | 2019-05-07 | Netapp, Inc. | Uniquely naming storage devices in a global storage environment |
| US9134921B1 (en)* | 2007-04-23 | 2015-09-15 | Netapp, Inc. | Uniquely naming storage devices in a global storage environment |
| US7562162B2 (en) | 2007-04-25 | 2009-07-14 | At&T Intellectual Property I, L.P. | Systems and methods for distributed computing utilizing a smart memory apparatus |
| US7822824B2 (en)* | 2007-06-06 | 2010-10-26 | Hitachi, Ltd. | Method for starting up file sharing system and file sharing device |
| US20080307065A1 (en)* | 2007-06-06 | 2008-12-11 | Hitachi, Ltd. | Method for starting up file sharing system and file sharing device |
| US20090049117A1 (en)* | 2007-08-17 | 2009-02-19 | At&T Bls Intellectual Property, Inc | Systems and Methods for Localizing a Network Storage Device |
| US7925794B2 (en) | 2007-08-17 | 2011-04-12 | At&T Intellectual Property I, L.P. | Systems and methods for localizing a network storage device |
| US20090083484A1 (en)* | 2007-09-24 | 2009-03-26 | Robert Beverley Basham | System and Method for Zoning of Devices in a Storage Area Network |
| US7996509B2 (en) | 2007-09-26 | 2011-08-09 | International Business Machines Corporation | Zoning of devices in a storage area network |
| US20090083423A1 (en)* | 2007-09-26 | 2009-03-26 | Robert Beverley Basham | System and Computer Program Product for Zoning of Devices in a Storage Area Network |
| EP2297921B1 (en)* | 2008-07-10 | 2021-02-24 | Juniper Networks, Inc. | Network storage |
| US8984088B2 (en)* | 2011-01-12 | 2015-03-17 | Fujitsu Limited | Communication control apparatus, communication system, information processing apparatus, and communication control method |
| US20120179776A1 (en)* | 2011-01-12 | 2012-07-12 | Fujitsu Limited | Communication control apparatus, communication system, information processing apparatus, and communication control method |
| US9003140B2 (en)* | 2011-08-22 | 2015-04-07 | Fujitsu Limited | Storage system, storage control apparatus, and storage control method |
| US20130054907A1 (en)* | 2011-08-22 | 2013-02-28 | Fujitsu Limited | Storage system, storage control apparatus, and storage control method |
| US20140337847A1 (en)* | 2011-10-25 | 2014-11-13 | Fujitsu Technology Solutions Intellectual Property Gmbh | Cluster system and method for executing a plurality of virtual machines |
| US10318194B2 (en)* | 2014-10-02 | 2019-06-11 | Hitachi Vantara Corporation | Method and an apparatus, and related computer-program products, for managing access request in multi-tenancy environments |
| US9891845B2 (en) | 2015-06-24 | 2018-02-13 | International Business Machines Corporation | Reusing a duplexed storage resource |
Also Published As
| Publication number | Publication date |
|---|---|
| US20060026230A1 (en) | 2006-02-02 |
| US20060026263A1 (en) | 2006-02-02 |
| US20100115586A1 (en) | 2010-05-06 |
| US7676564B2 (en) | 2010-03-09 |
| US8224947B2 (en) | 2012-07-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7676564B2 (en) | Managing stored data on a computer network | |
| US11418480B2 (en) | Translating a network configuration request for a network control apparatus | |
| US8312522B2 (en) | Monitoring network traffic by using a monitor device | |
| JP4311637B2 (en) | Storage controller | |
| US11245576B2 (en) | Blockchain-based configuration profile provisioning system | |
| US8346952B2 (en) | De-centralization of group administration authority within a network storage architecture | |
| US8024779B2 (en) | Verifying user authentication | |
| US10187275B2 (en) | Monitoring network traffic by using event log information | |
| US7185047B1 (en) | Caching and accessing rights in a distributed computing system | |
| US8627410B2 (en) | Dynamic radius | |
| JP4698180B2 (en) | Secure hierarchical namespace in peer-to-peer networks | |
| US20080022120A1 (en) | System, Method and Computer Program Product for Secure Access Control to a Storage Device | |
| JPH1074158A (en) | Dynamic certifying method and device for client of file system of network | |
| US20050192923A1 (en) | Computer system for allocating storage area to computer based on security level | |
| KR20090030256A (en) | Name Challenge Enforcement Areas | |
| US20110202667A1 (en) | Database Virtualization | |
| JP4329412B2 (en) | File server system | |
| CN114363165A (en) | Configuration method of electronic equipment, electronic equipment and server | |
| US20040181600A1 (en) | Method, apparatus and services for leasing volumes | |
| CN114884728A (en) | Security access method based on role access control token | |
| US9560039B2 (en) | Controlled discovery of SAN-attached SCSI devices and access control via login authentication | |
| US20060075470A1 (en) | Storage network system and access control method | |
| CN115150170B (en) | Security policy configuration method, device, electronic equipment and storage medium | |
| WO2025060984A1 (en) | Cloud desktop login method, cloud desktop login device, and readable medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| AS | Assignment | Owner name:MICROSOFT CORPORATION, WASHINGTON Free format text:ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:RAGHAVAN, KARTIK N.;PHILLIPS, THOMAS G.;RACIBORSKI, BOHDAN;REEL/FRAME:012999/0083;SIGNING DATES FROM 20020603 TO 20020605 | |
| STCB | Information on status: application discontinuation | Free format text:ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION | |
| AS | Assignment | Owner name:MICROSOFT TECHNOLOGY LICENSING, LLC, WASHINGTON Free format text:ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:MICROSOFT CORPORATION;REEL/FRAME:034766/0001 Effective date:20141014 |