JP2001265655A - Security system for storage sub system - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a security function in a storage sub system by the flexible and efficient presentation method of storage resources by performing execution by high-speed judgment logic without affecting a processing on the side of a host computer. SOLUTION: An information WWN for uniquely identifying the host computer, a management table where the correspondence of a logical unit number LUN inside the storage sub system for which access is permitted to the host computer and a virtual LUN for presenting the LUN to be the access object to the host computer by a user optional method is described and the management table where the correspondence of the WWN and a dynamically allocated management number S-ID is described are stored in a nonvolatile memory inside the storage sub system beforehand. By retrieving the WWN of the host computer from the S-ID of the host computer and retrieving the accessible virtual LUN from the WWN, access propriety to the LUN inside the storage sub system is judged.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a storage subsystem accessed by a host computer, and more particularly, to a storage subsystem in which a logical unit in the storage subsystem is accessed from the host computer.

[0002]

2. Description of the Related Art Heretofore, as a security measure for preventing unauthorized access from a host computer to a storage subsystem, an operating system (OS) on the host computer side has been used.
ngsystem) and examples using middleware or application software are well known.

On the other hand, in recent years, with the standardization of the Fiber Channel protocol, the interface between the storage subsystem and the host computer has been changed to SCSI or E-mode.
Various existing protocols such as SCON and TCP / IP can be used at the same time, and the storage resources in the storage subsystem can be more effectively used.

[0004] However, in such a background, since a plurality of hosts access one storage subsystem, the storage subsystem resources cannot be obtained only by the conventional host-side OS, middleware, and application software. There is a concern that the security function is not sufficient. In view of such a current situation, Japanese Patent Laid-Open No. 10-33 discloses means for realizing a security function for storage subsystem resources (logical units).
3839 discloses this.

In the method according to the above publication, before the host computer starts up, N_Port_Name uniquely identifies a host computer that may have access to the storage subsystem in advance, and a logic in the storage subsystem that permits access. A table managing the combination of units is held in the storage subsystem. When started, the host computer transmits a SCSI command to the storage subsystem in a certain information unit defined by a fiber channel protocol called a frame. The storage subsystem determines the SCSI command one by one and extracts an N_Port_Name that specifies the host computer that is the access source from the SCSI command.

The extracted N_Port_Name is searched on the combination table of the above-described N_Port_Name and the logical unit in the storage subsystem to which access has been permitted, and if the entry exists, the host computer determines whether or not the logical unit is in question. If no entry exists, the host computer is denied access to the logical unit.

[0007]

In the prior art for realizing security for storage resources (logical units) in a storage subsystem, a host computer that transmits a frame to the storage subsystem has access to the host computer. In this case, there is a problem that the overhead of the access permission determination for data transfer is large, and it is difficult to achieve high performance.

Further, the prior art is a new technique on the host computer side in that a host computer which transmits a frame to a storage subsystem has information for uniquely identifying a transmission source host computer in the frame. Function was needed.

Further, in the prior art, since the logical unit number in the storage subsystem is disclosed as it is to the accessing host computer, the logical unit according to the user's operation desire is placed under the port of the storage subsystem. Cannot rearrange. Furthermore, in many host computers, if the LU0 of the storage subsystem connected at the time of startup cannot be accessed, the same series of LUs after the LU0 (this series is 8 in the SCSI-2 standard).
Since it is composed of two LUs, LU0 to LU7 are in the same series. ) Often does not make an inquiry about the existence at all.

In this case, in the method of disclosing the logical unit number in the subsystem as it is, a situation arises in which the LUN cannot be referred to even though access is permitted.

A first object of the present invention is to provide a security function for restricting logical units that can be accessed for each host computer and preventing unauthorized access without changing existing processing of the host computer. It is to provide with use and high-speed access judgment logic.

A second object of the present invention is to provide a security function for restricting logical units that can be accessed by the same vendor and preventing unauthorized access without changing the existing processing of the host computer, and improving the efficiency of storage resources. It is to provide with use and high-speed access judgment logic.

[0013] A third object of the present invention is to provide storage resource formats and services for a vendor to a group of host computers of the vendor permitted to access based on the security function.

[0014]

In order to solve the above problems, the present invention provides the following storage subsystem.

Information for uniquely identifying a host computer (WWN), and a logical unit number (LU) in a storage subsystem to which access from the host computer is permitted
N), and a management table that describes the correspondence of virtual logical unit numbers (virtual LUNs) assigned and rearranged by the user to the logical unit numbers by an arbitrary renumbering method and stored. A non-volatile memory;
Describes the correspondence between a dynamically assigned management number (S_ID) (note: changed from "Host → dynamically assigned when logging in storage", the same applies hereinafter) and information (WWN) that uniquely identifies the host computer A management table, a nonvolatile memory for storing the management table, one or more storage devices, a storage control device for controlling reading / writing of data from / to these storage devices, and one or more for connecting to a host computer And a logical unit corresponding to the storage area of the storage device.

In this storage subsystem, instead of the host identification information WWN, a dynamically assigned S_
Since the ID is used as identification information, for each I / O process,
It is not necessary to inquire each LUN about whether access is possible, and it is possible to reduce overhead at the time of access.

Further, by using the virtual LUN, the user can rearrange the LUN by an arbitrary method.

[0018]

DESCRIPTION OF THE PREFERRED EMBODIMENTS In the present invention, a description will be given using Fiber Channel as an example of an interface protocol used between a storage subsystem and a host computer, and SCSI commands as an example of a command set operating thereon. However, the application of the present invention is based on Fiber Channel and SCS.
The present invention is not limited to the combination of I commands, but may be any protocol that can provide functions and mechanisms such as login and inquiry.

A first embodiment of the present invention will be described below.

Here, since Fiber Channel is a relatively new interface protocol, an outline of the protocol will be described first.

Fiber Channel is a protocol of a serial transfer system, and information is transmitted asynchronously, so that the bandwidth of a transmission medium can be effectively used. Also, Fiber Channel does not have its own command set.
Used as an infrastructure for command sets such as ON, HIPPI, IPI-3, IP, etc. As a result, the conventional protocol resources can be inherited, and various data can be transferred at higher speed and with higher reliability.

The fiber channel is an interface having both channel and network features. In Fiber Channel, once the source and destination are determined,
Although high-speed transfer with little delay can be realized, this is one of the greatest features of the channel. In addition, a device that desires communication can participate in a Fiber Channel communication system at an arbitrary opportunity, exchange agreement information regarding communication with a partner device as a communication target, and start communication, This is a feature of the network. The procedure for exchanging the agreement information regarding communication with the partner
Especially called login.

A device having a fiber channel interface is called a node, and a physical port corresponding to an actual interface is called a port. A node can have one or more ports. The number of ports that can simultaneously participate in the entire Fiber Channel system is a maximum of 24-bit addresses, that is, about 16.770,000. The hardware that mediates these connections is called a fabric. In practice, the source and destination ports need only operate by considering only information about each other's ports without being aware of the fabric.

Each node and port stores a unique identifier all over the world, which is assigned by the standardization organization (IEEE) according to certain rules. This is equivalent to a MAC address conventionally used in TCP / IP or the like, and is a fixed address in hardware. This address has N_Port_Name,
There are two types of Node_Name, each having a size of 8 bytes. N_Port_Name is a value (hardware address) unique to each port, and
_Name is a value (hardware address) unique to each node. Since these are unique values all over the world, WWN (World Wide) is used as an address that can uniquely identify a node or a port.
Name). In the embodiment of this patent, WWN
In this case, it indicates N_Port_Name.

In Fiber Channel, communication is Order.
This is performed using signal level information called ed Set and logical information having a fixed format called a frame. FIG. 2 shows the structure of the frame. The frame 201 includes an SOF (Sta) indicating the start of the frame.
rt of Frame) 202, a 24-byte frame header 203 for controlling link operation and characterizing a frame, a data field 204 as a data portion to be actually transferred,
4-byte cyclic redundancy code (CRC) 205, EOF (End of Frame) 2 indicating end of frame
It consists of a 4-byte identifier called 06. The data field 204 is variable between 0 and 2112 bytes.

Next, the contents of the frame header will be described. Reference numeral 207 indicates the structure of the frame header. Here, in the detailed structure 207 of the frame header 203, S_0 corresponding to the 0 to 23 bit area of the first word
Only the ID 208 will be described. S_ID (Sour
The “ce ID” 208 is a 3-byte address identifier for identifying a port for transmitting the frame, and has a valid value for all frames transmitted and received. This S_
The ID is a dynamically changing value. In the FC_PH which is one of the standard sets of the Fiber Channel, the S_ID is assigned by the fabric during the initialization procedure.
And The value to be assigned is N_Port_Name or Node_Name that each port has.
e.

Next, a log-in procedure for exchanging information between the transmission source device and the transmission destination device with respect to communication based on the Fiber Channel Protocol will be described. FIG.
The data field 20 in the PLOGI frame
4 shows a detailed structure. The structures of the frame and the frame header are the same as in FIG. In the data field 204 of the PLOGI frame, an 8-byte area from the 21st byte to the 29th byte from the top is N_Port.
This area stores t_Name 307, and is 3
The 8-byte area from the 0th byte to the 38th byte is No.
This area stores the de_Name 308.

FIG. 4 shows a transmission source (login request source) 401.
FIG. 4 shows the exchange of information exchanged between the transmission destination (login reception destination) 402 and the transmission destination (login reception destination) 402. Although there are several types of fiber channel login procedures, here, a class 3 login will be described.

The login request source is PLOGI frame 4
03 to the login receiver. In this frame,
N_Port_Name, Node_ of login request source
Name, S_ID, and other information are included. The receiving device extracts the information contained in this frame, and if the login is approved, the ACC 40
4 is transmitted to the login request source. On the other hand, when rejecting login, LS_RJT4
05 is transmitted to the login request source.

The login request source is the PLO sent by itself.
When the response of the ACC frame to the GI frame is detected, it is known that the login has succeeded, and the I / O process such as data transfer can be started. On the other hand, if the login request source receives LS_RJT, it means that the login has not been established, and the I
The / O process cannot be executed. Although the login of class 3 has been described here, in other login processes, the information that can be passed from the login request source to the login destination includes N_Port_Name and Node.
The same is true in that _Name and S_ID are included.

Next, Inqui, which is a standard command always supported in the SCSI command set, is used.
The ry command will be described. An Inquiry command is an I / O process prior to starting an I / O process.
This command inquires the logical unit to be processed about its mounting status and preparation status.

FIG. 5 shows Inq defined in the SCSI standard.
7 shows a detailed structure of a data field when a uiry command is transmitted in a frame of the Fiber Channel standard. The structure of the frame and the frame head is the same as in FIG. 2, but includes the S_ID 208.

The data field 204 contains 506 FC
As shown in the P_CMND format, FCP_LU
N 507, FCP_CNTL508, FCP_CDB
509, there is an area called FCP_DL510. Here, FCP_LUN507 and FCP_CDB5
09 will be described. In FCP_LUN 507,
A logical volume (a storage area that is virtually divided and numbered with respect to a visible storage device (physical volume) as a single unit) associated with the port of the frame transmission destination where the frame transmission source intends to inquire the status. ) Is stored. This identifier is LUN
(Logical Unit Number).
The FCP_CDB 509 stores command information called a SCSI command description block (CDB) when a SCSI command set is used. This FC
SCSI Inquiry command information is stored in the P_CDB 509, and the FCP_LUN 50 described above is stored.
7 and the information is transferred to the frame receiving destination.

Next, description will be given of information that the frame receiving destination that has received the Inquiry command returns to the frame transmitting source as a response to the inquiry. Inqu this information
This is called iry data. FIG. 6 shows an extract of the inquiry data. Here, the qualifier 602 and the device type code 603 in the inquiry data 601 will be described. Qualifier (Pe
The “riveral qualifier” 602 is 3-bit information for setting the current state of the specified logical unit. The logical unit state 604 indicates the state of the logical unit indicated by the qualifier bit pattern. A code 000 (binary number) 605 indicates that the device connected as the logical unit is an input / output device of the type indicated in the area of the device type code 603. Even if this code is set, it does not necessarily indicate that the logical unit is usable, that is, is in a ready state.

However, the logical unit can be used only when this code is set. Code 0
01 (binary number) 606 indicates that the device connected as the logical unit is an input / output device of the type indicated in the area of the device type code 603, but the logical unit has an actual input / output device. Indicates that the input / output device is not connected. This is, for example, CD-R
This shows a case where an OM drive is mounted but a CD-ROM medium is not inserted in the drive.

Code 011 (binary) 607 indicates that the specified logical unit is not supported.
Therefore, no device is assigned to the specified logical unit. When this code is set, the device
1F (hexadecimal) is always set in the type code area 603.

The device type code (Periph
eral Device Type) 603 is 5-bit information indicating the type of input / output device actually assigned to the specified logical unit. Code 608
Is a hexadecimal code corresponding to each device type 609. If 1F (hexadecimal) 610 indicating an undefined or unconnected device is set in the information shown in 608, the device inquired by the inquiry command transmission source is undefined or unconnected, and The unit cannot be used by the sender.

FIG. 7 shows a procedure for inquiring a logical unit using the Inquiry command. The host computer 701 accessing the logical unit transmits a frame 703 storing an inquiry command to the storage subsystem 702 having the logical unit accessing the logical unit.

This frame contains the S_ID of the host computer and the LUN which is the identifier of the logical unit to be queried. Here, for the LUN, in addition to the FCP_LUN area, the ICP in the FCP_CDB
It can also be set during the format of the nquery command information. The effect obtained by using either value is the same, but in this embodiment, the value of LUN is FCP_L
It is assumed that the value stored in UN 507 is used.

Upon receiving the frame including the Inquiry command, the storage subsystem 702 prepares Inquiry data necessary for the inquiry, and creates the created Inquiry data.
A frame 704 including iry data is transmitted to the host computer. At this time, the frame storing the inquiry data is called FCP_DATA. The storage subsystem qualifier 000 (binary), device type 00-09 for the queried logical unit
(Hexadecimal) 704, this I
The host computer receiving the nquiry data,
Thereafter, I / O can be issued to the logical unit.

On the other hand, as shown at 705, the storage subsystem is configured to qualify 001 (binary) or 011.
When (binary number) and device type 1F (hexadecimal number) are set, the host computer receiving the inquiry data 705 recognizes that it is impossible to issue I / O to the logical unit thereafter. I do.

As described above, if the qualifier and the device type code stored in the inquiry data are controlled on the storage subsystem side, the permission and the non-permission of access from the host computer to the logical unit of the storage subsystem are controlled. You can see what you can do.

Next, the processing flow of the present invention will be described in detail.

First, FIG. 1 shows an apparatus configuration of an embodiment of the present invention. This device is connected to the storage subsystem 10
Called 1. The storage subsystem 101 has ports 102 to 104 for a Fiber Channel interface,
It is physically connected to host computers 105 to 107 via a fiber channel interface.
The host computers 105 to 107 also have ports 108 to 112 for the fiber channel interface, and the host computers 105 to 107 and the storage subsystem 101 can communicate with each other by the fiber channel protocol. The host computer has 105
Some have a plurality of Fiber Channel ports, such as 106 and 106, while others have only a single Fiber Channel port, such as 107.

The connection mode (topology) of the Fiber Channel interface between the storage subsystem 101 and the host computers 105 to 107 includes Point-to-P
Oint, arbitration loop connection, fabric connection, and the like, but there are several types.

First, the storage subsystem 101 has a microprocessor 114 for performing various operations and processes, a plurality of storage device groups 115, a storage control device 116 for controlling reading and writing of data to and from these, and a storage device. Bus 1 for connecting the device group 115 and the storage control device 116
17. Also, the storage subsystem 101
Memory 1 used as a work area for various calculations and processes
18 and a non-volatile memory 119 for storing various management information, management tables, and the like. Further, as a device for speeding up the response to the host computer, a cache 120 is provided. Also, the storage subsystem 101
Has a communication control unit 121 and is connected to a maintenance terminal device 123 via a communication line 122.

The maintenance terminal device 123 has a microprocessor 124, an input unit 125 serving as an interface with the user, and a display unit 126 for outputting the processing result. The user can set some tables defined in the present embodiment via the input unit 125.

FIG. 8 shows an outline of the processing flow of this embodiment. First, in step 801, the user inputs, via the input unit 125 of the maintenance terminal device 123, a LUN (Logi) defining an LU existing in the storage subsystem.
cal Unit Number) and the WWN of the host computer that may access the LUN
(N_Port_Name) and a virtual LUN that determines how the LUN should be presented to the host computer accessing it.
Create an access management table ".

This table is held in the non-volatile memory 119 in the storage subsystem. Each host computer can see the virtual LUN of this table. The WWN of each host computer is known.

In step 802, when each host computer logs in to the storage subsystem based on the fiber channel protocol, the storage subsystem cuts out the WWN and S_ID of the host computer from the PLOGI frame. A “WWN-S_ID conversion table” describing those combinations is created, and this is stored in the nonvolatile memory 119. The storage subsystem performs this task for every PLOGI frame.

Next, in step 803, the storage subsystem sends the inquiry sent by each host computer to know the status of the logical unit in the storage subsystem.
Receive a frame containing a command. The storage subsystem that has received this frame cuts out the S_ID from the header of the frame and the LUN that is the target of the Inquiry command from the data field. Subsequently, the storage subsystem uses the above-mentioned “WWN” with the S_ID as a key.
-S_ID conversion table "to obtain a WWN corresponding to the S_ID.

Subsequently, the storage subsystem executes the procedure 804
In the above, using the obtained WWN as a key,
The access management table is searched, and a virtual LUN corresponding to the LUN targeted by the inquiry command is acquired from the LUN access management table. Here, the reason for acquiring the LUN subject to inquiry as a virtual LUN is that the host computer needs to acquire the virtual LU.
This is because N is disclosed.

Subsequently, in step 805, it is determined whether or not the virtual LUN corresponding to the WWN has been acquired as a result of step 804. If it can be obtained, that is, the relevant WWN
Is present on the “LUN access management table”, the host computer is permitted to access the virtual LUN. If the corresponding virtual LUN does not exist in the table, the host computer denies access to the virtual LUN.

If the result of step 805 is that access by the host computer to the virtual LUN is permitted, the storage subsystem, in step 806, responds to the Inquiry command issued by the host computer and After performing the setting (that is, the setting indicating that access is possible), Inquiry data is transmitted.

On the other hand, when access to the virtual LU is denied, the storage subsystem performs
In response to the Inquiry command issued by the host computer, the target LU makes a setting that is not implemented (that is, a setting indicating that access is not possible), and then transmits the Inquiry data.

The host computer having received the inquiry data analyzes the frame.

As a result of the analysis, when the host computer recognizes the permission of the storage subsystem to access the virtual LUN, the host computer thereafter issues a command (I / I) to the virtual LUN.
O request) can be issued continuously. in this case,
As described in the procedure 808, the storage subsystem can continue to receive the command without rechecking whether the LU can be accessed while the login from the host computer is valid.

On the other hand, the host computer that recognizes that the access to the LUN has been rejected does not access the LU again while the login to the storage subsystem is valid.

Hereinafter, the specific L in the above storage subsystem
A method of controlling whether or not the host computer can access the UN is called “LUN security” for convenience.

Next, details of each of the above procedures will be described.

First, the creation of the “LUN access management table” in the above procedure will be described. The LUN security in the present invention is managed for each port of the storage subsystem, and the host computer accesses the LU in the storage subsystem through the port of the storage subsystem. In this case, as the simplest method, a WWN that is information for uniquely identifying a host computer and a LUN (Logical Unit Nu) that permits access to the host computer are used.
9 is defined in the storage subsystem, as shown in FIG.

However, in a use environment in which devices such as a hub and switches compatible with Fiber Channel exist between the host computer and the storage subsystem, the table 901 alone is not sufficient. This will be described below.

The table 901 indicates that an LU in the storage subsystem is an identifier (LUN (Logical Un)).
It is assigned to the WWN of the host computer as it is based on it number. In FIG. 9, W
The host computer of the WWN 902 is permitted to access only the LUs 0 to 2, the host computer of the WWN 903 is permitted to access only the LUs 3, 4, and 7, and the host computer of the WWN 904 is permitted to access the LUs 5 to 6
Only access to is allowed.

Therefore, for example, LU0 to LU2 are WWN
Access from host computers other than the host computer 902 becomes inaccessible, and LUN security is realized. However, in many host computers today, the LU0 of the storage subsystem connected at the time of startup is
Cannot be accessed, L of the same series after LU0
U (In the SCSI-2 standard, this one series is composed of eight LUs.
Therefore, LU0 to LU7 are in the same series. ) Often does not make an inquiry about the existence at all.

Then, in the defining method as shown in the table 901, the host computers 903 and 904 specify the LU0 while the LUN to which access is permitted is defined.
Cannot access the LUN of the access permission specified in the table 901. Such a phenomenon is useless in a device capable of providing abundant storage resources, such as a disk array device, which significantly lowers its utilization rate.

To prevent this, if the host computers 903 and 904 are permitted to access the LU0, the security of the LU0 cannot be guaranteed. Even if this is permitted, if the host computers 903 and 904 are host computers having different OSs, the LU
It is difficult to share 0 due to differences in the format of each OS.

On the other hand, even if LU0 does not exist under the port to which the host computer is connected in FIG.
It is assumed that a host computer group having WNs 1002 to 1004 exists. Here, the host computer of the WWN 1002 is permitted to access only the LUs 0, 1, and 7, and the host computer of the WWN 1003 is
Access is allowed only to 3, 5, and 6, and WWN 1004
Is permitted to access only LU2 and LU4.

FIG. 11 shows this state visually. The host computers 1102 to 1104 are configured as shown in FIG.
It corresponds to a host computer having WWNs 1002 to 1004. The host computers 1102 to 1104 are
It is connected to the same port 1106 of the storage subsystem via a fiber channel compatible hub and a switch 1105. In such a use environment, when a LUN to be accessed is unplannedly defined for each of the host computers 1102 to 1104, or a LUN different from a previously allocated LUN is assigned as an access target, the host computer may have access to a storage subsystem. In a storage subsystem such as 1101 that discloses the LUN as it is, there is no flexibility in the method of disclosing the LUN. Therefore, the subordinate of the port appears as a discrete LU like the LU group 1107, and the use of the LUN is remarkably difficult. It becomes difficult to manage.

On the other hand, recently, even if nine or more LUs are defined under one port of the storage subsystem, there is a host computer that recognizes this. However, such a host computer and one The problem when LUN security is implemented between host computers that support only eight LUs LU0 to LU7 under the port of the storage subsystem will be described.

In FIG. 12, WWNs 1202 and 120
4 has a mechanism for inquiring about the existence of each LU even if the LU 0 does not exist under the port of the storage subsystem to be connected, and the host computer having 16 LUs under the port of the storage subsystem to be connected. The case of recognizing up to the number will be described below.

The host computer having the WWN 1203 can make an inquiry about the existence of each LU even if the LU0 does not exist under the port of the storage subsystem to be connected. However, eight LUs in the range of LU0 to LU7 can be supported. Up to. As can be seen from table 1201, WWN1
Access to the host computer having the LU 202 is permitted in the range of LU0-5, and host computer having the WWN 1203 is permitted in the range of LU6-10 and WWN1.
Access to the host computer having the LU 204 is permitted within the range of the LUs 11 to 15. FIG. 13 shows this state visually.

Host computers 1302-1304
Corresponds to a host computer having WWNs 1202 to 1204 in FIG. Host computer 1302-
Reference numeral 1304 denotes the same port 1 of the storage subsystem via a fiber channel compatible hub or a switch 1305.
306. In such a usage environment,
For each of the host computers 1302 to 1304, LUs in the storage subsystem such as an LU group 1308 are provided.
Is assigned, the host computer A1302
, Only the range of LU0 to LU5 in the LU group 1308 appears as an access-permitted object, and the host computer C1304
, Only the range of the LUs 11 to 15 in the LU group 1308 is seen as an access permission target, and each can fulfill the purpose of LUN security. However, since the host computer B 1303 can originally support up to eight LUs within the range of LU0 to LU7 under one port, the host computer B1303 can execute an inquiry only within the range of the LU group 1307. Therefore, in the table 1201, even if the access is permitted to the LUs 6 to 10, there is a problem that only the LUs 6 and 7 can actually be accessed. This is also an adverse effect because the LU in the storage subsystem is disclosed as it is.

In consideration of the above concerns, the present invention defines a “LUN access management table” 1401 as shown in FIG. The table 1401 is a LUN in the storage subsystem like the table 901 in FIG. 9, the table 1001 in FIG. 10, and the table 1201 in FIG.
Is different from a table in which the LUN is directly assigned to the WWN, a LUN in the storage subsystem, a virtual LUN in which the LUN is redefined by an arbitrary renumbering method of the user, and a host computer which may access the virtual LUN. Is a table defined for each port of the storage subsystem by combining WWNs.

In this table 1401, the user can associate a virtual LUN with an arbitrary number of arbitrary LUNs by an arbitrary renumbering method. As a result, in the storage subsystem in which the “LUN access management table” 1401 is defined, the LUN can be disclosed to each host computer in a form that meets the user's desired use. At this time, the LUN to which each host computer is permitted to access is the actual LUN 141.
7 and not the virtual LUN 1416, there is no need to make each host computer aware of the variation of the LUN in the storage subsystem, the presence or absence of the LU0, etc., and provide a flexible LUN state optimized by the user's will. be able to.

In FIG. 14, the host computer having the WWN 1402 is permitted to access the actual LUNs 0 to 3 through the virtual LUNs 0 to 3. Below WW
The same is true for the host computers having N1403 to N1414, and access to the corresponding real LUN1417 is permitted through the virtual LUN1416. Thereby, each host computer can also perform non-LU0
It is possible to execute processing similar to that performed for LU0.

This “LUN access management table” 14
01 is characterized by WWN 1402-140.
Although the host computer having the L.5 appears to be accessing the LU0 under the connection port, in reality, while exclusive security is realized between each, the LUNs are actually assigned to different LUNs. Access and efficient use of storage resources. Details regarding the renumbering of virtual LUNs to actual LUNs are shown. Virtual L that the user is most likely to do
The renumbering method based on the UN can be seen in the column of WWNs 1402 to 1404, in which each WWN is numbered such that the LUN increases by one from LU0 in consideration of the correspondence with the conventional SCSI standard. Such is the case.

However, considering the operation, the WWN 140
As shown in columns 7 and 1408, it is also possible to correspond only an even-numbered virtual LUN and an odd-numbered virtual LUN. In this example, the host computers having the WWNs 1407 and 1408 are actually permitted to access only the continuous LUs 30 to 34 and LUs 35 to 38. In addition, for a host computer that can detect an arbitrary LUN even when LU0 does not exist, as in the column of WWN1409, access only needs to be granted to a virtual LUN corresponding to the LUN desired to be accessed. Also, W
Correspondence like the column of WN1410 and 1411 is
This is convenient for arbitrarily grouping two or more different host computers. Furthermore, the columns of WWNs 1412 and 1413 allow the host computer having these two WWNs to access the same LUN in fact while making it appear that they have access to different LUNs, and to share the same information. This is a convenient operation when you want to disclose.

Furthermore, when the storage subsystem is a disk array device constituting a RAID, LUs belonging to different RAID groups are assigned one by one, and the number of storage devices (magnetic disk drives) that contributes the most to I / O Can be increased. In the example of FIG. 14, the column of WWN 1414 corresponds to this.

The effect of associating a virtual LUN with an actual LUN using the “LUN access management table” of the present invention has been described in a concrete example. This is visually shown in FIG. Corresponding management table 1502
Is shown in FIG.

In the table 1501, the actual LU group 1504 assigned to each host computer is actually
A completely random arrangement such as 1608 in FIG. However, by replacing this with the virtual LU group 1503 of the table 1501, the LU can be disclosed to each host computer in a state 1607 that is not affected by the actual LU arrangement state 1608 in the storage subsystem 1601. This enables flexible operation of the storage subsystem resources.

"LUN access management table" of the present invention
Reference numerals 1401 and 1501 correspond to the procedures 1701 to 1703 in FIG.
As shown in (1), after being defined for all ports of the storage subsystem, it is held in the nonvolatile memory in the storage subsystem. By being held in the non-volatile memory, this table is not lost even when the power of the storage subsystem is turned off.

Next, the processing when the storage subsystem logs in from the host computer will be described. In the present embodiment, through a series of log-in processes, a WWN for uniquely identifying a host computer and an S for uniquely identifying a host computer used after the log-in.
_ID is made to correspond. When the host computer starts up, in step 1801 of FIG. 18, the storage subsystem receives a PLOGI frame.

The storage subsystem that has received the PLOGI frame determines the S_ID of the host computer from the frame header in step 1802 and the WWN of the host computer from the data field in step 1803.
(N_Port_Name). Subsequently, the storage subsystem performs this WWN and S
WWN-S_ID shown in FIG.
Conversion table "1901 and create it in step 18
At 05, the data is held in the nonvolatile memory in the storage subsystem. “WWN-S_ID conversion table” 1901
Is created for each port of the storage subsystem.

When a command is subsequently transmitted from the host computer having the WWN registered in this table, the storage subsystem reads S_I from the frame header.
D is obtained and “WWN-S_ID conversion table” 190
1, the WWN of the host computer can be searched. The storage subsystem uses this “WWN-S
When the “_ID conversion table” is stored in the non-volatile memory,
In step 1806, the host transmits an ACC frame to the effect that login of the host computer has been approved. After receiving the ACC frame from the storage subsystem, the host computer thereafter sends Inq to the storage subsystem.
A uiry command can be issued.

Subsequently, the Inq from the host computer
The reception of a uiry command and the security response of the storage subsystem to this command will be described. FIG. 20, FIG.
1 shows the flow of this series of processing, and FIG.
Reference numeral 2 indicates a reference relationship between tables and parameters used in the flow of the series of processing. FIG.
0, in the procedure 2001, the storage subsystem sends the FC defined in the Fiber Channel from the host computer.
Receive the P_CMND frame. Then, in step 2002, the storage subsystem determines that FCP_CMND
Analyze the contents of the data frame.

Subsequently, the storage subsystem executes the procedure 2003
, The content of the FCP_CMND is Inquis
Check if it is a ry command. Inqui
If not, the storage subsystem proceeds to step 20
At 04, a process corresponding to the command is executed. On the other hand, if the command is an Inquiry command, the storage subsystem determines in step 2005 that the FCP_C
From the header of the MND frame, S_
ID is obtained, and in step 2006, the FCP_C
The target LUN is obtained from the FCP_LUN in the data field of the MND frame. Subsequently, in step 2007, the storage subsystem sets the “WWN-S_ID conversion table” in FIG. 19 by using the obtained S_ID as a key.
1901 is searched to obtain a WWN corresponding to the S_ID. The flow up to this point indicates the reference operation of 2201 and procedures 2202 and 2203 in FIG.

Subsequently, in step 2008, this WW
The virtual LUN information for which access to N is permitted is acquired. Then, in step 2109, it is determined whether or not the LUN obtained from the Inquiry command of the host computer having the WWN is registered as a virtual LUN to which access is permitted on the “LUN access management table”. The flow up to this point is the procedure 2 in FIG.
204 and 2205.

In the entry of the “LUN access management table”, the LUN obtained in the procedure 2006 is a virtual LUN.
If the host computer has been registered as the host computer, the host computer is permitted to access the virtual LUN. Therefore, the storage subsystem in step 2110 qualifies the inquiry data for the host computer as 2 qualifiers.
The device type code of the storage subsystem is set to the device type with the base number '000'.

On the other hand, if the LUN obtained in step 2006 is not registered as a virtual LUN in the entry of the “LUN access management table”, access from the host computer to the virtual LUN is rejected. In step 2111, the subsystem sets “001” or “011” in binary to the qualifier of the inquiry data for host computer response, and sets “1F” in hexadecimal to the device type.

Next, in step 2112, the storage subsystem adds the above-mentioned response In to the FCP_DATA frame.
The query data is set and transmitted to the host computer. Subsequently, in step 2113, the storage subsystem transmits an FCP_RSP frame indicating that the response to the inquiry command of the host computer has been completed.

Following the procedures 2110 and 2112 in FIG. 20, the host computer that has received the FCP_DATA including the inquiry data from the storage subsystem,
It is determined that access to the LUN is possible, and thereafter, the access can be continued without inquiring again whether or not the virtual LUN can be accessed. Here, the LUN accessed by the host computer is actually the L in the storage subsystem uniquely associated with the virtual LUN, which is pointed to by the reference operation of step 2206 in FIG.
UN. The reference operation in step 2206 is an internal reference operation of the storage subsystem, and is not conscious of the host computer. On the other hand, steps 2111 and 2111
Following 112, the FC containing the inquiry data
The host computer that has received P_DATA from the storage subsystem determines that access to the LUN is not possible, and thereafter does not query again whether or not access to the LUN is possible, and does not access the virtual LUN.

In this embodiment, as described above, the host computer inquires of the LUN whether access is allowed or not only when the inquiry command is issued. That is, there is no need to repeat this inquiry while the login is valid. Thereby, strong LUN security can be realized without lowering the data transfer efficiency between the host computer and the storage subsystem.

As described above, the LU existing in the storage subsystem, the virtual LUN whose LUN has been redefined by the user's arbitrary renumbering method, and the WWN of the host computer which may access the virtual LUN
And by managing each port of the storage subsystem, the storage resources in the storage subsystem can be effectively provided without changing the processing on the host computer side, and whether or not the host computer can access the LUN is determined. Strong LUN security performed by high-speed determination logic can be realized.

In this embodiment, the fiber channel has been described as an example. However, the embodiment is not necessarily limited to the fiber channel, and any type may be used as long as it is a protocol environment capable of providing equivalent functions. In this embodiment, the storage subsystem is mainly described assuming a disk array device. However, the storage device can be replaced with an exchangeable medium and applied to an optical disk library, a tape library, and the like. It is.

A second embodiment according to the present invention will be described below.

In the second embodiment, as in the first embodiment, the interface protocol between the host computer and the storage subsystem will be described using Fiber Channel as an example.
The present embodiment is a method for implementing LUN security for a specific group composed of a plurality of host computers.

For example, in a use environment as shown in FIGS. 1, 11, 13 and 16 in which devices such as a hub and switches compatible with Fiber Channel exist between the host computer and the storage subsystem, It is expected that host computers accessing the same port will be manufactured by various vendors. In such an environment where host computers from various vendors coexist, problems often occur regarding the sharing of storage resources in the storage subsystem. Different vendors often have different OSs installed on the host computer. This problem often occurs when the host computer is a WS, a mainframe, or the like. When the host computer is a PC, the OS is often Windows, even if the vendor is different.
This is not the case because it is a ws (registered trademark) system.

When the OS is different, it is difficult to share the same volume between the host computers manufactured by different vendors because the format of the storage resource, the access logic, the executable script, the application, and the like are different.

Therefore, it is desirable to implement a so-called LUN security function for each vendor, which enables grouping of storage resources of the storage subsystem in units of vendors and setting whether access is permitted. Furthermore, if such LUN security for each vendor can be realized, services for the vendor can be provided on the storage resources for the group to which access has been permitted, or unique processing can be executed.

Therefore, the second embodiment will be described by taking as an example the case where the minimum unit for permitting access to the LU in the storage subsystem is defined for each vendor of the host computer.
The difference between the second embodiment and the first embodiment is the method of defining the “LUN access management table”. In this embodiment, the vendor of the host computer is identified by paying attention to the nature of WWN. Reference numeral 2301 in FIG. 23 shows one of the WWN formats. As can be seen from this figure, WWN 2301 includes an identification field 2302 defined in a 60-63 bit area (4-bit area),
C defined in 36 to 59 bits (24 bit area)
company_ID 2303 and 0 to 35 bits (36
VSID (Vendor) defined in the bit area
(Specific Identifier) 2304.

The Company_ID 2303 basically uses a well-known MAC address, and is identification information uniquely assigned by the IEEE to computer vendors, communication device vendors, and the like around the world. VSID 2304 is from IEEE to Co
mpany_ID 2303 is unique identification information determined by a vendor permitted to use the company_ID 2303, and has a unique value within the vendor. Comp of each vendor
Any_ID 2303 is information that can be known by anyone through IEEE publications and the like.
By examining the mpany_ID 2303 in advance, it is possible to identify which vendor the host computer has logged into the storage subsystem.

Several types of format are defined in WWN. Company_ID 2303 and VSID (Vendor Specific Iden) are specified.
tiffer) 2304 in common.

FIG. 24 shows the “LUN access management table” 2401 in this embodiment. The “LUN access management table” 2401 stores LUs in the storage subsystem.
N2304, a virtual LUN 2403 whose LUN is redefined by a user's arbitrary renumbering method, and a Company_ID 2402 indicating a vendor of a host computer which may access the virtual LUN, and defined for each port of the storage subsystem. It is a table that did. In this table 2401, the user
A virtual LUN can be associated with an arbitrary number of arbitrary LUNs by an arbitrary renumbering method.

As a result, in the storage subsystem in which the “LUN access management table” 2401 is defined, the LUN can be disclosed to the host computer manufactured by each vendor in a form according to the user's desired use. .
At this time, since the LUNs to which the host computers of the respective vendors are permitted to access are not the actual LUNs 2404 but the virtual LUNs 2403, the LUNs in the storage subsystem of the host computers manufactured by the respective vendors may vary.
There is no need to be aware of the presence / absence of LU0 and the like, and an optimized LUN state can be provided according to the user's will.

On the other hand, “WWN-S_ID conversion table”
The first embodiment of the present invention can be realized by the same creation method as that shown in FIG. 18 and in the same format as 1901 in FIG.

Next, FIG. 25 shows the overall processing flow of the present embodiment, and FIG. 26 shows the reference relation between each table and parameters used in this series of processing flows. First, in step 2501, the user inputs the LUN existing in the storage subsystem and its LU through the input unit 125 of the maintenance terminal device 123 described above.
N which associates a Company_ID representing a vendor of a group of host computers that may access N with a virtual LUN that determines how the LUN is to be presented to each vendor-made host computer accessing the “host”. A "LUN access management table" is created.

This table is held in the non-volatile memory 119 in the storage subsystem. Each vendor host computer sees the virtual LUN, not the actual LUN in this table. Company_ID is known information representing each vendor. In the “LUN access management table” of the present embodiment, Company_ID, which is a component of WWN, is used instead of WWN in order to determine whether or not access to the LU is possible not for each host computer but for each vendor. is there.

At step 2502, each host computer sends a Fiber Channel
When logging in based on the protocol, the storage subsystem cuts out the N_Port_Name (hereinafter, referred to as WWN) and S_ID of the host computer from the PLOGI frame, and writes a “WWN-S_ID conversion table” describing a combination thereof. "
This is held on the nonvolatile memory 119. The storage subsystem performs this task for every PLOGI frame.

Next, in step 2503, the storage subsystem transmits the In which the host computer made by each vendor has transmitted to know the state of the logical unit in the storage subsystem.
A frame including a query command is received. Upon receiving this frame, the storage subsystem sends the S_ID from the header of the frame and the Inqu from the data field.
The LUN targeted by the iry command is cut out. Subsequently, the storage subsystem searches the above-mentioned “WWN-S_ID conversion table” using the S_ID as a key, and acquires a WWN corresponding to the S_ID.

Subsequently, the storage subsystem executes the procedure 2504.
, The 24-bit Company_ based on the obtained WWN based on the format of 2301 in FIG.
Cut out the ID. This operation of cutting out the Company_ID is unique to the present embodiment, which is not included in the flow of the first embodiment. Procedures 2503 and 2504 correspond to 2 in FIG.
601 to 2604.

Next, the storage subsystem executes the obtained Com
The above-mentioned “LUN access management table” is searched using the pany_ID as a key, and a virtual LUN corresponding to the LUN targeted by the inquiry command is acquired from the “LUN access management table”. Here, Inqu
The reason that the LUN to be irried is acquired as a virtual LUN is that the virtual LUN is disclosed to each vendor-made host computer as a LUN of a storage subsystem.

Subsequently, in step 2506, it is determined whether or not the virtual LUN corresponding to the WWN has been acquired as a result of step 2505. If it can be obtained, that is, the WW
N indicates that the virtual LUN corresponding to N exists on the “LUN access management table” when access to the virtual LUN is permitted to the host computer manufactured by the vendor. This is a case where access to the virtual LUN is denied to the host computer.

As a result of step 2506, if the access to the virtual LUN by the vendor host computer can be permitted, the storage subsystem, in step 2507, executes the Inq issued by the vendor host computer.
In response to the inquiry command, the target LU is set so as to be already mounted, that is, set to be accessible, and then the inquiry data is transmitted. These procedures 25
05, 2506 and 2507 are 2605 and 260 in FIG.
6, 2608.

On the other hand, if the result of step 2506 is that access to the virtual LUN is denied by the host computer, the storage subsystem executes step 2508 to issue the Inq issued by the vendor host computer.
For the uiry command, the target LU has not been set,
That is, after setting that access is not allowed,
Transmit the nquiry data. The host computer receiving the inquiry data analyzes the frame.

As a result of the analysis, when recognizing that the storage subsystem has permission to access the virtual LUN, the host computer from the vendor subsequently issues commands (I / O requests) to the virtual LUN. be able to. In this case, as shown in step 2509, the storage subsystem can continue to receive the command without rechecking whether the LUN can be accessed while the login from the vendor host computer is valid. Here, the LUN to which the access from the vendor host computer is permitted is actually the procedure 2 shown in FIG.
The LUN in the storage subsystem uniquely associated with the virtual LUN pointed by the reference operation 607.
The reference operation in step 2607 is an internal reference operation of the storage subsystem, and is not conscious of the host computer.

On the other hand, the Inq transmitted by the storage subsystem
Each of the vendor host computers that recognizes the denial of access to the LU from the uiry data frame does not access the LUN again while the login to the storage subsystem is valid.

In this embodiment, the WWN of the host computer that has accessed the storage subsystem is not directly managed by security, but the Company_ID, which is information constituting the WWN, is cut out and the group to which the host computer belongs, that is, It can be seen that the vendor is defined and the security management unit is set.

FIGS. 27 and 28 illustrate this in more detail. In the “LUN access management table” 2701, the host computer group 2705 manufactured by the vendor having the Company_ID0000E1 is
Real LUNs through virtual LUNs 0, 1, 2, 3, 4
Access to 0, 1, 6, 8, and 15 is permitted. Similarly, a virtual LUN is assigned to a vendor-made host computer group 2706 having Company_ID0000E2.
The access to the actual LUNs 2, 7, and 10 through 0, 1, and 2 is performed by the virtual LUNs 0, 1, 2, and 3 to the group of host computers 2707 made by the vendor having the Company_ID0000F0.
Access to 5, 14 is permitted.

FIG. 28 illustrates this. The various computers 2803 to 2811 are connected by a single port to the storage subsystem 2801 via the fiber channel fabric 2802. The host computers 2803 to 2811 each have a unique WWN in the world, but host computers manufactured by the same vendor have a common Company_ID. Host computers 2803, 2804, 2805, 28
08 is made by the same vendor A and its Company_
Assuming that the ID is 0000E1, these host computers can access only the LUAs 0 to 4 in the storage subsystem 2801 according to the security rules of the “LUN access management table” of 2701 even if the domain of the Fiber Channel to which they belong is different. Allowed.

Similarly, the host computers 2806, 28
07 and 2811 are made by the same vendor B,
Assuming that the pany_ID is 0000E2, even if the domain of the Fiber Channel to which the host computer belongs is different, these host computers can use the LUBs 0 to 2 in the storage subsystem 2801 based on the security rules of the table 2701.
Only access is allowed. Similarly, assuming that the host computers 2809 and 2810 are made by the same vendor C and that the Company_ID is 0000F0, these host computers can store data even if the domain of the Fiber Channel to which they belong is different from the security rules in the table 2701. LUC in subsystem 2801
Access is permitted only to 0-3. Between these different vendors, due to the exclusive logic of access based on the security rules of the table 2701, it is not possible to see LUs whose access is restricted for different vendors. As described above, the LUN security for each vendor can be realized, but by applying this, the storage subsystem resources can be more effectively provided to the host computer group for each vendor. For example, LUA0-4 of 2812,
Since it is obvious that the LUBs 0 to 2 and LUCs 0 to 3 are accessed by different vendors, the format for the host computer OS of the vendor to which the access is permitted can be performed for each. In addition, it is also possible to provide a unique execution script, application software, and service for the host computer OS of the vendor to which access is permitted. Further, each has a storage subsystem 280.
By providing one control information, the storage subsystem 2801 can be customized for each vendor.

As described above, the LU existing in the storage subsystem, the virtual LUN whose LUN has been redefined by an arbitrary renumbering method of the user, and the virtual LUN
Computer vendor Co that may access
By managing each of the storage subsystem ports in combination with the storage_ID, the storage resources in the storage subsystem can be effectively provided without changing the processing on the host computer side.
It is possible to realize a strong LUN security in which access to the UN is determined by a high-speed determination logic for each vendor.

In this embodiment, the description has been made by taking the fiber channel as an example. However, in the embodiment, the present invention is not necessarily limited to the fiber channel, and any type may be used as long as the protocol environment can provide the same function as the description. Absent. In this embodiment, the storage subsystem is mainly described for a disk array. However, the storage subsystem can be replaced with a replaceable medium and applied to an optical disk library, a tape library, or the like. Further, here, the grouping is performed for each host computer vendor, but arbitrary grouping can be performed based on information that can be shared among a plurality of host computers.

As a method for confirming whether or not the present invention is implemented in a certain storage subsystem based on the embodiment described above, for example, the following method is available.

An identifier for uniquely identifying a host and a logical unit number (LU) as shown in FIG.
N), it is necessary to create a management table in which virtual logical unit numbers (virtual LUNs) are associated with each other, or if processing for referring to this table is performed, there is a high possibility that the present invention has been implemented. .

A command used for communication between the host and the storage is monitored using the fiber monitor.
If there is a case where the logical unit number (virtual LUN) managed by the host does not match the logical unit number (LUN) managed by the storage provided to the logical unit actually accessed, the present invention can be implemented. High in nature.

If there is a case where the maximum absolute value of the logical unit number (virtual LUN) managed by the host does not match the maximum absolute value of the logical unit number (LUN) managed by the storage, the present invention is implemented. Likely to have been.
(This is because the same virtual LUN can be associated with a plurality of LUs.)

[0127]

As described above, by using the management table, the logical units in the storage subsystem are disclosed to the host computer in a manner according to the user's operation request, and each host computer is assigned an LU unit. The security function for restricting access permission and preventing unauthorized access can be realized. Further, the determination as to whether or not access to the LU in the storage subsystem is possible is made at the time of issuing the inquiry command, and it is not necessary to repeat this determination thereafter. Therefore, while maintaining and operating the storage subsystem with high performance, a strong security for the LU is required. Can be secured.

Further, according to the above embodiment of the present invention, identification information common to a certain group of host computers, such as Company_ID indicating the same vendor, is partially cut out from the WWN, and a group unit having common identification information is extracted. By restricting access to LUs in the storage subsystem, storage resource formats, applications, services,
Specific processing or the like can be provided.

[Brief description of the drawings]

FIG. 1 is a hardware configuration diagram according to an embodiment of the present invention.

FIG. 2 is a diagram showing details of a frame format and a frame header according to the embodiment of the present invention.

FIG. 3 is a diagram showing details of a frame format and its frame header and data field in the embodiment of the present invention.

FIG. 4 is a diagram illustrating a login process according to an embodiment of the present invention.

FIG. 5 is a diagram illustrating details of a frame format when transmitting an inquiry command in the embodiment of the present invention.

FIG. 6 is a diagram showing details of an inquiry data format transmitted in response to the inquiry command shown in FIG. 5;

FIG. 7 is a diagram illustrating a sequence of inquiring whether or not to access a logical unit by an inquiry command in the embodiment of the present invention.

FIG. 8 is a diagram showing an outline of a processing sequence of LUN security in the embodiment of the present invention.

FIG. 9 is a diagram showing a “LUN access management table” in the embodiment of the present invention.

FIG. 10 shows an incomplete “L” by not using the present invention.
It is a figure showing a format of a “UN access management table” and a first example thereof.

FIG. 11 is a diagram visually representing the state of FIG. 10;

FIG. 12: Incomplete "L" by not utilizing the present invention
FIG. 12 is a diagram showing a format of a “UN access management table” and a second example thereof.

FIG. 13 is a view visually showing the state shown in FIG. 12;

FIG. 14 is a diagram showing a format of a “LUN access management table” and a first usage example thereof in the embodiment of the present invention.

FIG. 15 is a diagram illustrating a format of a “LUN access management table” according to the embodiment of the present invention and a second usage example thereof.

FIG. 16 is a diagram visually illustrating the effect of LUN security in the embodiment of the present invention.

FIG. 17 is a diagram showing a creation sequence of a “LUN access management table” in the embodiment of the present invention.

FIG. 18 shows “WWN-S_I” in the embodiment of the present invention.
FIG. 11 is a diagram showing a creation sequence of a “D conversion table”.

FIG. 19 shows “WWN-S_I” in the embodiment of the present invention.
FIG. 11 is a diagram showing a creation sequence of a “D conversion table”.

FIG. 20 is a diagram showing a LUN access availability determination sequence for an Inquiry command transmitted from a host computer in LUN security in the embodiment of the present invention.

FIG. 21 is a diagram showing a LUN access availability determination sequence for an Inquiry command transmitted from a host computer in LUN security in the embodiment of the present invention. (Continued)

FIG. 22 is a diagram illustrating a reference relationship between tables of LUN security according to the embodiment of this invention.

FIG. 23 is a diagram showing an example of a WWN format according to the embodiment of the present invention.

FIG. 24 is a diagram showing a “LUN” for each vendor according to the embodiment of the present invention.
FIG. 11 is a diagram showing a format of an “access management table” and a first usage example thereof.

FIG. 25 is a diagram showing an outline of a processing sequence of vendor-specific LUN security in the embodiment of the present invention.

FIG. 26 is a diagram illustrating a reference relationship between tables of vendor-specific LUN security according to the embodiment of this invention.

FIG. 27 is a diagram showing a “LUN” for each vendor according to the embodiment of the present invention.
FIG. 14 is a diagram showing a format of an “access management table” and a second usage example thereof.

FIG. 28 is a diagram visually illustrating the effect of the vendor-specific LUN security in the embodiment of the present invention.

[Explanation of symbols]

201 Frame format 207 Details of frame header 208 S_ID 305 Details of data field 307 N_Port_Name 308 Node_Name 506 Details of data field 601 In transmitted to Inquiry command
query data format 604 Details of qualifier (3 bits) 605-607 Qualifier (3 bits) 608 Type of device type code (5 bits) 609 Device type 901 First of incomplete "LUN access management table" Examples 902 to 904 WWNs 1001 of the host computers 1 to 3 that are managed to access the storage subsystem 1001 The second example of the incomplete “LUN access management table” 1101 The storage subsystem 1201 of the incomplete “LUN access management table” Third example 1308 LU group LU0-15 defined under the port of the storage subsystem 1401 First example of “LUN access management table” 1501 Second example of “LUN access management table” 1901 “WWN-S_ID conversion” table A first example 2301 WWN of (World Wide Name)
2401 First example of vendor-specific "LUN access management table" 2701 Second example of vendor-specific "LUN access management table"

Claims (15)

[Claims] 1. A storage subsystem, comprising: at least one storage device having a storage area corresponding to at least one logical unit; a storage control device controlling reading and writing of data from and to the storage device; A management table for managing a logical unit; and a memory for holding the management table. The management table includes information for identifying a host computer and identification for identifying the logical unit accessible to the host computer. Describes the correspondence between the numbers and the virtual identification numbers corresponding to the identification numbers of the logical units, and refers to the management table using information for identifying the host computer as a key, thereby enabling or disabling access to the host computer Storage subsystem that can be determined. 2. The storage subsystem according to claim 1, wherein the correspondence between the identification number specifying the logical unit and the virtual identification number can be arbitrarily determined. 3. The storage subsystem according to claim 2, wherein, in the correspondence between the identification number specifying the logical unit and the virtual identification number, a common virtual unit ID is assigned to a plurality of the logical unit identification numbers. Storage subsystem that can correspond to various identification numbers. 4. A storage subsystem connected to a maintenance terminal device, wherein the storage area has at least one storage device corresponding to at least one logical unit, and controls reading and writing of data from and to the storage device. Storage control device, information WWN for identifying a host computer, an identification number LUN of the logical unit, and a virtual L corresponding to the LUN.
A first management table created by the maintenance terminal, describing the correspondence of the three UNs; the WWN; and a dynamically assigned identification number S_ID
A storage subsystem having a second management table created by the maintenance terminal device and describing the correspondence described above, and a memory for holding the first and second management tables. 5. The storage subsystem according to claim 4, wherein the correspondence of the first management table is the WWN,
The LUN accessible by the host computer having the WWN, and the virtual LUN corresponding to the LUN
The WWN is acquired from the second management table using the S_ID as a key, and the WWN is acquired.
By searching the first management table using the key as a key, the LU of the host computer having the specific S_ID is retrieved.
A storage subsystem that determines whether access to N is possible. 6. The storage subsystem according to claim 5, wherein the correspondence between the LUN and the virtual LUN can be arbitrarily determined. 7. The storage subsystem according to claim 6, wherein in correspondence between said LUN and said virtual LUN, a plurality of said LUNs can be associated with a common virtual LUN. 8. A storage subsystem connected to a maintenance terminal device, wherein one or more storage devices having a storage area corresponding to one or more logical units, and controlling data read / write from / to the storage device. Storage control device to perform, specific information common to a plurality of host computers among information WWN for identifying the host computer, an identification number LUN of the logical unit, and a virtual L corresponding to the LUN.
A first management table created by the maintenance terminal, describing the correspondence of the three UNs; the WWN; and a dynamically assigned identification number S_ID
And a storage subsystem having a memory for holding the first and second management tables. 9. The storage subsystem according to claim 8, wherein a correspondence between said LUN and said virtual LUN can be arbitrarily determined. 10. The storage subsystem according to claim 8, wherein the specific information common to the plurality of host computers is Company_for specifying a host vendor.
The storage subsystem that is the ID. 11. A storage subsystem, comprising: at least one storage device having a storage area corresponding to at least one logical unit; a storage control device controlling reading and writing of data from and to the storage device; A management table for managing logical units, and a memory for holding the management table, wherein the management table is information for identifying a host computer, an identification number of the logical unit managed by the host computer, A storage subsystem that describes the correspondence of the identification numbers of the logical units managed by the storage. 12. The storage subsystem according to claim 11, wherein the management table is used for determining whether or not the host computer can access the logical unit, and the determination is performed by using information for identifying the host computer as a key. And a storage subsystem performed by referring to the management table. 13. The storage subsystem according to claim 11, wherein the identification information of the first logical unit managed by the host computer and the first logical unit managed by the storage are assigned to the same logical unit. A storage subsystem whose identification numbers can have different values. 14. The storage subsystem according to claim 11, wherein an identification number of said logical unit managed by said host computer can be arbitrarily assigned. 15. The storage subsystem according to claim 11, wherein the identification numbers of the logical units managed by the host computer can assign the same value to different logical units.