JP2007250009A - Storage control device and storage system - Google Patents

Storage control device and storage system Download PDF

Info

Publication number
JP2007250009A
JP2007250009A JP2007160411A JP2007160411A JP2007250009A JP 2007250009 A JP2007250009 A JP 2007250009A JP 2007160411 A JP2007160411 A JP 2007160411A JP 2007160411 A JP2007160411 A JP 2007160411A JP 2007250009 A JP2007250009 A JP 2007250009A
Authority
JP
Japan
Prior art keywords
device
storage
information
host device
host
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
JP2007160411A
Other languages
Japanese (ja)
Inventor
Hidehiko Iwasaki
Masaaki Kobayashi
Kenji Muraoka
Toshio Nakano
Akiyoshi Sanada
Masahiko Sato
Kenichi Takamoto
俊夫 中野
雅彦 佐藤
正明 小林
秀彦 岩崎
健司 村岡
明美 眞田
賢一 高本
Original Assignee
Hitachi Ltd
株式会社日立製作所
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hitachi Ltd, 株式会社日立製作所 filed Critical Hitachi Ltd
Priority to JP2007160411A priority Critical patent/JP2007250009A/en
Publication of JP2007250009A publication Critical patent/JP2007250009A/en
Application status is Pending legal-status Critical

Links

Images

Abstract

A storage system capable of setting a security function for preventing unauthorized access from a host device in an environment capable of accepting access from the host device.
A microprocessor 42 of a storage control device 40 can receive input of N_Port_Name information that can uniquely identify host devices 10, 20, and 30 and information on which LU each host device can access. . This information input is performed by the panel 47 or the utility program of the host device. When the upper devices 10, 20, and 30 access the LU, the N_Port_Name information included in this access command and the input information are used to identify the upper device, and information indicating whether the upper device can access the LU. Compare.
[Selection] Figure 1

Description

  The present invention relates to a storage system including a storage control device connected to a host device and a storage device under the storage control device, and unauthorized access when a request for access from the host device to the storage device under the storage control device is made. It relates to prevention means.

  Various techniques have been known for preventing unauthorized access on a network.

  For example, in Japanese Patent Laid-Open No. 3-152652, as a network security system between computer systems that support TCP / IP, log in with a user ID other than the defined user ID by defining in the memory a user ID that can be logged in. Then, it is disclosed to have a function of disconnecting the network.

  Japanese Laid-Open Patent Publication No. 63-253450 discloses that the operating system of the central processing unit prevents unauthorized access to files on the disk device by checking the user ID, password, and line address. .

  Further, with the ESCON interface of IBM, the logical unit stored in the storage control unit in advance by the storage control unit is utilized by the host unit storing and transmitting the logical address of the host unit as a source address in the frame. A function is provided for checking whether the address and the logical address in the frame match.

  The above-described prior art does not leave the area of unauthorized access prevention means for an interface in which one type of layer is installed in the upper logical layer.

However, the fiber channel standardized by ANSI X3T11 is a network type architecture, and various layers such as TCP / IP, SCSI, ESCON, and IPI can be mounted on the upper logical layer. That is, the contents of the buffer are transferred from one device to another regardless of the data format and content, so that it is logically compatible with other interfaces and physically accessible. In particular, in a storage system including this fiber channel and a storage device having a plurality of storage areas such as a disk array device, the storage area is shared by many host devices. Therefore, the conventional measures for preventing unauthorized access are insufficient, and it is necessary to maintain confidentiality by security settings that the user is aware of.
Japanese Patent Laid-Open No. 3-152652

  According to the present invention, a fiber channel standardized by ANSIX3T11 is used as an interface between a host device and a storage control device. In a computer system comprising a host device, a storage control device, and a storage device under the storage control device, Security function that prevents unauthorized access from a host device to a storage control device that did not have means to reject unauthorized access from a host device in an environment that can accept access from any host device It is an object of the present invention to provide a storage control device and a storage system capable of setting the above.

  Furthermore, an object of the present invention is to provide a storage control device and a storage system having a method that can easily set an accessible host device in order to prevent unauthorized access from the host device.

  According to the present invention, the above object is to set N_Port_Name information for uniquely identifying an upper device of an accessible upper device in the storage control device, and to store the N_Port_Name information stored in a frame sent from the upper device. This is achieved by determining whether or not access is possible.

  A specific feature of the present invention to achieve the above object is that N_Port_Name information, which is issued from the host device and uniquely identifies the host device, is input using a panel or the like, and the input information is stored and controlled. Means for storing as a control table in the control memory of the apparatus. At this time, it is desirable that the storage control device has means for permanently holding the information until it is reset.

  If the control table is stored in the non-volatile control memory, the management information can be protected even in the event of an instantaneous power interruption.

  Further, according to a specific feature of the present invention, after the host device starts up, the host device issues a frame storing the N_Port_Name information to the storage controller, and when the storage controller receives the frame, the storage control The apparatus has a means for comparing the N_Port_Name information that uniquely identifies the host apparatus that has already been installed and held, and the N_Port_Name information stored in the received frame. The processing based on the instruction of the frame is continued, and in the case of a mismatch, the LS_RJT frame that rejects the received frame is returned to the host device. Thereby, the storage control device can suppress unauthorized access from the host device.

  Furthermore, according to a specific feature of the present invention, there is provided means for setting N_Port_Name information that is equal to or more than the physical number of the upper interfaces (ports) of the storage control device. That is, it has means for setting a plurality of N_Port_Name information in one port. Thereby, it is possible to cope with a fiber channel fabric (fabric) or a logical path multiplex configuration at the time of switch connection.

  Further, in a system having a large number of magnetic disk volumes such as a disk array device under the storage control device and having a plurality of channel path routes, a LUN (under the control of the storage control device) is provided for each channel path route. Means for managing the correspondence between storage areas such as logical disk areas (logical unit numbers), logical volume areas, logical disk areas based on RAID groups, and the like, and ports of the storage control apparatus and N_Port_Name information of the host apparatus in the storage control apparatus. Is to have. As a result, the user can prevent unauthorized access for each storage area, and fine-grained access management is possible.

  Further, in the present invention, the storage device under the storage control device may be an optical disk device, a magneto-optical disk device, a magnetic tape device, or any of these various library devices instead of the magnetic disk device or the disk array device. The storage control device associates the N_Port_Name information of the accessible host device, the port of the storage control device, and the storage device. In the case of a library device, the storage device also associates the drive and the medium, and manages and holds them in the control table Means for comparing the information in the frame with the information in the control table when receiving the frame, thereby preventing unauthorized access from the host device.

  Furthermore, the present invention includes means for protecting management information by inputting a password or the like when setting information managed by the storage control device using a panel or the like.

  Thereby, the user can prevent unauthorized registration and unauthorized resetting of the information. Further, the user can easily prevent unauthorized access simply by setting management information, and the burden on the user is small.

  In the present invention, as means for setting information managed by the storage control device, it is possible to set using the utility program of the host device in addition to using the panel or the like as described above.

  As described above, according to the present invention, the fiber channel standardized by ANSI X3T11 is used as an interface between a host device and a storage control device, and the computer system comprising the host device, the storage control device, and the storage device under the storage control device, Since access from an unauthorized host device can be suppressed, the security of data in the storage device can be protected.

  In addition, it is possible to finely manage access from the host device by associating the host device, the port of the storage control device, and the storage area, so it is possible to utilize the storage device according to needs such as changing the use for each storage area it can.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings.

  First, with reference to FIG. 1 to FIG. 5, a fiber channel and a storage system configured using the same will be described.

  FIG. 1 is a hardware configuration diagram of a storage system when a storage device under a storage control device is a disk array device. In FIG. 1, reference numerals 10, 20, and 30 denote host devices as central processing units that perform data processing.

  Reference numeral 40 denotes a storage control device of the disk array device embodying the present invention. As shown in FIG. 1, the storage control device 40 includes a fiber channel control unit 41, which is a protocol processor including a DMA (direct access memory) for controlling data transfer with the host devices 10, 20, and 30. From a microprocessor 42 that controls the entire control device, a microprogram that controls the operation of the control device and a control memory 43 that stores control data, a cache control unit 44 that controls reading and writing of data to and from the cache, write data and disk drives Disk cache 45 for temporarily buffering read data, device interface controller 46 which is a protocol processor including a DMA for controlling data transfer with the disk drive, and device configuration information is input to the storage controller From panel 47 It has been made.

  Reference numeral 50 denotes a disk array device under the storage control device 40. The disk array device 50 is a device for storing data of a host device, and is configured by arranging a plurality of individual disks so as to have redundancy.

  The disks constituting the disk array device 50 can be logically divided and the divided sections can be set to different RAID levels. This partition is called a RAID group. An area that is a SCSI access unit obtained by further logically dividing this RAID group is called an LU (Logical Unit), and each of these areas has a number called LUN (Logical Unit Number). In the present embodiment, the disk array device 50 has a case where it has two areas of LU0 (51), which is the LUN0 LU, and LU1 (52), which is the LUN1 LUN.

  The number of LUs is not limited to two as shown in FIG. 1, and may be larger. In the case of the single target function, up to eight LUs per target can be set.

  Further, in this embodiment, the LU storage area is used as the access unit, but the storage area used as the access unit may be a storage area in physical volume units or RAID group units.

  The host devices 10, 20, and 30 and the storage control device 40 are connected via a device called a fabric using the fiber channel 60 as an interface.

  The operation of the system of FIG. 1 will be described focusing on the flow of control and the flow of data, taking as an example the case where the host device 10 performs data transfer with the disk array device 50 via the storage controller 40.

  When the host device 10 issues an access request, the Fiber Channel control unit 41 that has recognized the request issues an interrupt request to the microprocessor 42. The microprocessor 42 stores in the control memory 43 command information from the host device and control information necessary for the present invention.

  If the command information is a write command, the microprocessor 42 instructs the fiber channel control unit 41 to transfer data, and stores the transferred data in the cache 45 via the cache control unit 44. For the higher-level device 10, the fiber channel control unit 41 issues a write completion report. After the write completion report, the microprocessor 42 controls the device interface controller 46 and writes data and redundant data to the disk array device 50. In this case, in general RAID5 operation, a new parity is created based on the old data, old parity, and new data. According to the control of the present invention, the microprocessor 42 controls the device interface control unit 46 and the cache control. This is performed using the unit 44, the control memory 43 and the cache 45.

  On the other hand, when read command information is received as command information from the host device 10, the microprocessor 42 instructs the device interface control unit 46 to access the disk array device 50 in which the data block of the access request is stored. The data is read out and stored in the cache 45 via the cache control unit 44. The microprocessor 42 issues an instruction to the fiber channel control unit 41, and the fiber channel control unit 41 transfers the data stored in the cache 45 to the upper level device 10 and reports the read completion to the higher level device after the transfer.

  Next, features of the fiber channel 60 will be described. The fiber channel is a high-speed interface capable of transferring 100 MB / s at a distance of a maximum of 10 km. The Fiber Channel architecture sends data from the source buffer to the destination buffer, but moves the buffer contents from one device to another regardless of the data format or content, so different network communication protocols are used. There is no overhead to process and high-speed data transfer is realized. Various layers such as TCP / IP, SCSI, ESCON, and IPI can be mounted on the upper logical layer. That is, it is logically compatible with other interfaces. The function of connection / exchange between complicated devices is performed by a device called Fabric, and a logical path multiplexing configuration can be built.

  The basic unit with which Fiber Channel exchanges data is called a frame. Next, this frame will be described with reference to FIG.

  As shown in FIG. 2, the frame 70 includes a start-of-frame SOF (Start Of Frame) 71, a frame header 72, a data field 73, a cyclic redundancy check CRC (Cyclic Redundancy Check) 74, and an end-of-frame EOF (End Of Frame) 75. Consists of.

  The SOF 71 is a 4-byte identifier placed at the beginning of the frame.

  The EOF 75 is a 4-byte identifier attached to the end of the frame, and indicates the frame boundary by the SOF 71 and the EOF 75. In the fiber channel, when there is no frame, an idle signal flows.

  The frame header 72 includes a frame type, an upper protocol type, N_Port_ID information of a transmission source and a transmission destination, N_Port_Name information, and the like. N_Port_ID represents an address, and N_Port_Name is information representing a port identifier.

  An upper layer header can be placed at the top of the data field 73.

  This is followed by a payload part that carries the data itself. The CRC 74 is a 4-byte check code for checking the data in the frame header and data field.

  A format 80 of the frame header 72 is shown in FIG. In the frame header format 80, a destination identifier D_ID (Destination ID) 81 is an address identifier on the frame reception side, and a source identifier S_ID (Source ID) 82 is an N_Port address identifier on the frame transmission side. Each includes N_Port_ID information and the like.

  Next, a payload 90 of a fiber channel protocol command FCP_CMND (Fibre Channel Protocol for SCSI Command), which is one of the payloads of the data field 73 constituting the frame, will be described with reference to FIG.

  In the FCP logical unit number FCP_LUN (FCP Logical Unit Number) field 91, a logical unit number LUN that issues a command is specified. A command control parameter is specified in the FCP control FCP_CNTL (FCPCControl) field 92. In the FCP command descriptor block FCP_CDB (FCP Command Descriptor Block) field 93, a SCSI command descriptor block (SCSI Command Descriptor Block) is stored, and a command type such as a read command Read, an address such as LUN, and the number of blocks are indicated. . In an FCP data length FCP_DL (FCP Data Length) field 94, the amount of data transferred by the command is specified by the number of bytes.

  Data is exchanged by the frame configured as described above.

  Frames are roughly divided into data frames and link control frames based on functions. The data frame is used for transferring information, and data and commands used in the upper protocol are mounted in the payload portion of the data field.

  On the other hand, the link control frame is generally used to indicate success or failure of frame distribution. There is a frame for indicating that one frame has been received, and for notifying parameters relating to transfer when logging in.

  Next, the “sequence” will be described with reference to FIG. A sequence in Fiber Channel refers to a collection of related data frames transferred in one direction from one N_Port to another N_Port, and corresponds to a SCSI phase. A collection of sequences is called an exchange. For example, an exchange is a collection of sequences (command issue, data transfer, and end report) exchanged for command execution by issuing a command until the end of the command. Thus, the exchange corresponds to SCSI I / O.

  FIGS. 5A, 5B, and 5C show a login sequence (100), a read command sequence (110), and a write command sequence (120), respectively.

  In the fiber channel interface, the host device sends a port login PLOGI (N_Port Login) frame including communication parameters to the device, and the device accepts this to enable communication. This is called login. FIG. 5A shows a login sequence (100).

  In the login sequence (100) of FIG. 5A, first, in sequence 101, the upper apparatus sends a PLOGI frame to the device to request login. The device sends an acknowledge ACK (Acknowledge) frame to the higher-level device, notifying that the PLOGI frame has been received.

  Next, in sequence 102, the device sends an accept ACC (Accept) frame when accepting the login request, and a link service reject LS-RJT (Link Service Reject) frame when rejecting the request, to the upper device.

  Next, the read command sequence (110) of FIG. 5B will be described.

  In sequence 111, the host apparatus sends an FCP_CMND frame to the device to make a read request. The device sends an ACK frame to the host device.

  In the sequence 102, the device sends an FCP transfer ready FCP_XFER_RDY (FCP Transfer Ready) frame to the host device to notify that the data transfer is ready. The host device sends an ACK frame to the device.

  Proceeding to sequence 113, the device sends an FCP data (FCP_DATA) frame to the host device and transfers the data. The host device sends an ACK frame to the device.

  In the next sequence 114, the device sends an FCP_RSP frame to the higher-level device, notifying that the data transfer has been completed normally. The host device sends an ACK frame to the device.

  Next, the write command sequence (120) of FIG. 5C will be described.

  In sequence 121, the higher-level apparatus sends an FCP_CMND frame to the device to make a write request. The device sends an ACK frame to the host device.

  Next, in sequence 122, the device sends an FCP_XFER_RDY frame to the host device to inform that data can be written. The host device sends an ACK frame to the device.

  Further, in sequence 123, the higher-level apparatus sends an FCP_DATA frame to the device and transfers data. The device sends an ACK frame to the host device.

  Finally, in sequence 123, the device sends an FCP response FCP_RSP (FCP Response) frame to the higher-level device to notify that data reception has been completed normally. The host device sends an ACK frame to the device.

  The general system configuration, format, and sequence have been described with reference to FIGS. 1 to 5, but the security check according to the present invention will be described below.

  First, a security check using N_Port_Name information at the time of PLOGI will be described.

  In the present invention, in FIG. 1, first, before the host devices 10, 20, 30 start up, the user sets a list of host devices that can access the microprocessor 42 of the storage control device 40. That is, information such as N_Port_Name and N_Port_ID that can identify the host device is input using the panel 47. At this time, in order to realize a security function for input to the panel, a password is required for input, and security can be enhanced.

  When a password is entered and a match with a password that has already been set is achieved, N_Port_Name information of a higher-level device that can be accessed for each port of the storage control device is entered, and the input information is stored in the control table.

  As an example, the host devices 10 and 20 can access the disk array device 50, the host device 30 cannot access the disk array device 50, N_Port_Name, the host device 10 is HOSTA, the host device 20 is HOSTB, When the device 30 is HOSTC and the port of the fiber channel control unit 41 of the storage control device 40 is CTL0P0, the login request control table 130 is as shown in FIG.

  By setting the login request control table 130 shown in FIG. 6 on the nonvolatile memory, the management information can be protected even in the event of an instantaneous power interruption.

  The information stored in the login request control table 130 is stored in the hard disk area 50 when the power is turned off. Alternatively, the information is reflected on the memory 43 and the disk 50 when the information is updated. Thereby, the storage control device 40 can hold the information permanently until the information is reset.

  In addition to N_Port_Name, there is N_Port_ID as its own node information used for identifying nodes and ports in Fiber Channel, but N_Port_ID is subject to change and is not a numerical value managed by the user, so N_Port_Name information Should be a security check target.

  Next, the frame processing procedure of the storage control device for the login request of the host device will be described using FIG. 1 and FIG.

  (Step S71) The host devices 10, 20, and 30 start up and issue PLOGI frames that are login request frames each storing N_Port_Name information. When the microprocessor 42 of the storage control device 40 receives the frame, it first returns an ACK frame indicating that this frame has been received to each host device.

  (Step S72) Then, the microprocessor 42 cuts out the N_Port_Name information stored in the frame, and compares whether the N_Port_Name information is already set and registered in the N_Port_Name list in the held control table. Do.

(Step S73) (Step S74) (Step S75)
Since the N_Port_Name information stored in the frame issued by the host device 10, 20 matches the N_Port_Name information registered in the control table, the microprocessor 42 of the storage controller 40 sends the information to the host device 10, 20. On the other hand, an ACC frame is returned as a sign that the login request has been accepted, and the login process is continued.

(Step S73) (Step S76)
On the other hand, since the N_Port_Name information stored in the frame issued by the host device 30 does not match the N_Port_Name information registered in the control table, the microprocessor 42 of the storage control device 40 Returns an LS_RJT frame with reject parameters rejecting the connection.

  As described above, the storage control device 40 uses the login request control table 130 to manage the correspondence between the host device and the port of the storage control device, so that the user suppresses unauthorized access from the host device for each port. Security can be maintained.

  Next, a method for performing a security check using N_Port_Name information for each LUN that is a storage area of the disk array device in the present invention will be described.

  In the present invention, before the host devices 10, 20, and 30 are started up, a list of host devices that can be accessed for each LUN is set in the microprocessor 42 of the storage controller 40. Information such as N_Port_Name and N_Port_ID that can identify the host device is input using the panel 47. At this time, in order to realize a security function for input to the panel 47, a password is required for input, and security can be enhanced.

  When a password is input and a match with an already set password is achieved, the port of the storage control device and N_Port_Name information of the accessible host device are input for each LUN, and the input information is stored in the control table.

  LU0 (51) can be accessed from the host device 10 via the port of the fiber channel controller 41 of the storage controller 40, and LU1 (52) can be accessed from the host device 20 via the port of the fiber channel controller 41 of the storage controller 40. 8, when the host device 10 is HOSTA, the host device 20 is HOSTB, and the port of the fiber channel control unit 41 of the storage controller 40 is CTL0P0, the I / O request control table 140 is shown in FIG. become that way.

  When this I / O request control table 140 shown in FIG. 8 is set on a nonvolatile memory, management information can be protected even in the event of an instantaneous power interruption.

  Also, the information stored in the I / O request control table 140 of FIG. 8 is stored in the hard disk area 50 when the power is turned off. Alternatively, the information is reflected on the memory 43 and the disk 50 when the information is updated. As a result, the storage control device 40 can permanently hold the information until it is reset.

  In this embodiment, there is one channel path route, but the same applies to a system having a plurality of channel path routes.

  The frame processing procedure of the storage controller in response to the I / O request of the host device will be described below with reference to FIGS. In the above example, a security check is performed at the time of PLOGI, but in this embodiment, a check is performed for each SCSI command.

(Step S91)
When the host device 10 wishes to issue an I / O request to LU0 (51), the host device 10 issues a frame storing the SCSI CDB to the storage controller 40. When the storage control device 40 receives this frame, it first returns an ACK frame indicating that this frame has been received to the upper level device 10.

(Step S92)
Then, the microprocessor 42 cuts out the N_Port_Name information stored in the frame and the LUN number in the CDB, and the N_Port_Name information and LUN number are stored in a list in the control table that is already set and held in the microprocessor 42. Compare whether or not it is registered.

(Step S93) (Step S94) (Step S95)
In the management table, “the host device 10 can access LU0 (51)” is registered, so the microprocessor 42 of the storage control device 40 receives the command and continues the I / O processing. .
(Step S91)
On the other hand, when the host device 20 issues an I / O request frame for LU0 (51) to the storage control device 40 and the storage control device 40 receives a frame storing this SCSI CDB, the microprocessor 42 first sends this frame. Is returned to the higher-level device 20.

(Step S92)
Then, the microprocessor 42 extracts the N_Port_Name information and the LUN number in the CDB stored in the frame, and searches whether the N_Port_Name information and the LUN number are in the management table.
(Step S93) (Step S96)
As a result of the search, since there is no combination of the corresponding LUN and N_Port_Name in the management table, the microprocessor 42 of the storage control device 40 sends an LS_RJT frame to the host device 20 and rejects the I / O request. To do.

  Thus, the storage control device can prevent unauthorized access.

  Here, the login and I / O request frames are taken up, but N_Port_Name information stored in other higher-level device frames may be compared.

  The present invention can also be applied to a case where the storage device under the fiber channel connection storage control device is not limited to the disk array device, but is an optical disk device, a magneto-optical disk device, a magnetic tape device, or a library device thereof.

  An outline when the present invention is applied when the storage device under the storage control device is an optical disk library device will be described with reference to FIG. Reference numeral 150 denotes an optical disc library apparatus under the storage controller 40, 151 denotes an optical disc drive, and 152 to 156 denote optical disc media.

  The user uses the panel to set the association between the medium, the drive, the port, and the N_Port_Name information before the host device 10, 20, or 30 starts up, and retains the access authority of the host device in the microprogram.

  The media 152, 153, and 154 are accessible from the host device 10, the media D155 and E156 are accessible from the host device 20, N_Port_Name is set to HOSTA for the host device 10, the host device 20 is HOSTB, and the port of the storage controller 40 is set to CTL0P0. When the optical disk drive A151 is DRIVE0 and the media A152, B153, C154, D155, and E156 are MEDA, MEDB, MEDC, MEDD, and MEDE, respectively, the request control table 160 is as shown in FIG.

  When each host device issues an I / O request frame, the volume information is stored in the CDB in the payload constituting the frame. Therefore, when the storage control device 40 receives the frame, the storage control device 40 receives the N_Port_Name information in the frame and The medium identifier in the payload may be compared with a control table that is already set and held in the storage control device 40. In this way, by applying the present invention, the storage control device can prevent unauthorized access from the host device.

It is a block diagram which shows embodiment of this invention. It is a format diagram of a frame. FIG. 3 is a format diagram of a frame header constituting the frame shown in FIG. 2. FIG. 3 is a format diagram (a) of a payload of an FCP_CMND that is one of the frames shown in FIG. 2 and a format diagram (b) of an FCP_CDB that constitutes the payload. When a host apparatus and a device exchange data frames, a sequence diagram at login (a), a sequence diagram at read command (b), and a sequence diagram at write command (c). It is the figure which showed the control table which a storage control apparatus manages a high-order apparatus. It is a flowchart of the frame process which a storage control apparatus performs at the time of a login request from a high-order apparatus. It is the figure which showed the control table which a storage control apparatus manages a storage area. 4 is a flowchart of frame processing executed by the storage control device when an I / O request is made from a host. FIG. 3 is a configuration diagram illustrating a case where a storage device under a storage control device is an optical disc library. It is the figure which showed the control table which the storage control apparatus shown in FIG. 10 manages.

Explanation of symbols

DESCRIPTION OF SYMBOLS 10, 20, 30 ... High-order apparatus, 40 ... Storage controller, 41 ... Fiber channel control part, 42 ... Microprocessor, 43 ... Control memory, 44 ... Cache control part, 45 ... Cache, 46 ... Device interface control part, 47 ... Panel, 50 ... Disk array device, 51 ... Logical unit 0, 52 ... Logical unit 1, 60 ... Fiber channel, 70 ... Frame, 71 ... Start of frame SOF (Start Of Frame), 72 ... Frame header, 73 ... Data Field 74: Cyclic redundancy check CRC (Cyclic Redundancy Check) 75: End of frame EOF (End Of Frame) 80: Frame header format 81: Destination identifier Ear D_ID (Destination ID), 82 ... Source identifier S_ID (Source ID), 90 ... Fiber Channel protocol command FCP_CMND payload (Fibre Channel Protocol for SCSI Command), 91 ... Fiber Channel protocol logical unit number FCP_LUNN (FCP Logic Num) ), 92 ... Fiber Channel Protocol Control FCP_CNTL (FCP Control), 93 ... Fiber Channel Protocol Command Descriptor Block FCP_CDB (FCP Command Descriptor Block), 94 ... Fiber Channel Protocol Data Length FCP_DL (FCP Data Le) gth), 100 ... login, 110 ... read command, 120 ... write command, 130 ... login request control table, 140 ... magnetic disk array I / O request control table, 150 ... optical disk library, 160 ... optical disk library I / O request control table

Claims (9)

  1.   Storage control comprising means for interposing between the host device and a storage device having an area for storing data, receiving the access permission information of the host device for each of the regions, and means for storing the permission information apparatus.
  2.   Means for interposing between the host device and a storage device having an area for storing data of the host device, for inputting access permission information of the host device for each region, and means for storing the input permission information And a storage control device.
  3.   Channel control means for controlling data transfer with a host device, device interface control means for controlling data transfer between a storage device having a plurality of areas for storing data, write data from the host device, and the storage device A buffer means for temporarily buffering read data from the device; a panel for inputting information for identifying the higher-level device and information for whether or not the higher-level device can access the areas; and storing the identification information and the availability information And a storage control device.
  4.   The storage control device according to claim 1, wherein the storage control device is connected to the host device via a fiber channel.
  5.   A storage system comprising: a storage device having a plurality of storage areas; and a storage control device to which information for identifying a connected host device is input.
  6.   A storage system comprising: a storage device having a plurality of storage areas; and a storage control device having a panel for inputting information identifying a higher-level device to be connected and the storage area accessible by the higher-level device.
  7. A storage device having a plurality of areas for storing data;
    A channel control device for controlling data transfer with the host device, a device interface control unit for controlling data transfer with the storage device, and a temporary buffer for write data from the host device and read data from the storage device A storage control device that has a cache to be ringed, and that receives input of information for identifying the higher-level device and access permission information for each area of the higher-level device.
  8. A storage device having a plurality of areas for storing data;
    A channel control device for controlling data transfer with the host device, a device interface control unit for controlling data transfer with the storage device, and a temporary buffer for write data from the host device and read data from the storage device A storage system comprising: a cache to be ringed; and a storage control device including a panel for inputting information for identifying the higher-level device and information on whether or not the higher-level device can access the area.
  9.   The storage system according to any one of claims 5 to 8, wherein the storage system is connected to the host device via a fiber channel.
JP2007160411A 2007-06-18 2007-06-18 Storage control device and storage system Pending JP2007250009A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
JP2007160411A JP2007250009A (en) 2007-06-18 2007-06-18 Storage control device and storage system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
JP2007160411A JP2007250009A (en) 2007-06-18 2007-06-18 Storage control device and storage system

Related Child Applications (1)

Application Number Title Priority Date Filing Date
JP2000118494 Division

Publications (1)

Publication Number Publication Date
JP2007250009A true JP2007250009A (en) 2007-09-27

Family

ID=38594138

Family Applications (1)

Application Number Title Priority Date Filing Date
JP2007160411A Pending JP2007250009A (en) 2007-06-18 2007-06-18 Storage control device and storage system

Country Status (1)

Country Link
JP (1) JP2007250009A (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPS63163951A (en) * 1986-12-26 1988-07-07 Nippon Telegr & Teleph Corp <Ntt> Access right control system
JPH05181609A (en) * 1992-01-06 1993-07-23 Nec Corp Personal computer system
JPH07210336A (en) * 1994-01-17 1995-08-11 Hitachi Ltd Data storing device
JPH096706A (en) * 1995-06-22 1997-01-10 Hitachi Ltd Loosely coupled computer system
JPH1074128A (en) * 1996-08-30 1998-03-17 Nec Corp Disk device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPS63163951A (en) * 1986-12-26 1988-07-07 Nippon Telegr & Teleph Corp <Ntt> Access right control system
JPH05181609A (en) * 1992-01-06 1993-07-23 Nec Corp Personal computer system
JPH07210336A (en) * 1994-01-17 1995-08-11 Hitachi Ltd Data storing device
JPH096706A (en) * 1995-06-22 1997-01-10 Hitachi Ltd Loosely coupled computer system
JPH1074128A (en) * 1996-08-30 1998-03-17 Nec Corp Disk device

Similar Documents

Publication Publication Date Title
US8543762B2 (en) Computer system for controlling allocation of physical links and method thereof
US5634111A (en) Computer system including a device with a plurality of identifiers
US7689799B2 (en) Method and apparatus for identifying logical volumes in multiple element computer storage domains
US7412543B2 (en) Method for controlling storage system, and storage control apparatus
US7461227B2 (en) Storage system and data backup method for the same
US8799600B2 (en) Storage system and data relocation control device
US7953942B2 (en) Storage system and operation method of storage system
JP4632574B2 (en) Storage device, file data backup method, and file data copy method
US7406039B2 (en) System and method for a failover protocol in storage area network controllers
JP3944449B2 (en) Computer system, magnetic disk device, and disk cache control method
US6598174B1 (en) Method and apparatus for storage unit replacement in non-redundant array
US8918651B2 (en) Cryptographic erasure of selected encrypted data
JP5331323B2 (en) Storage subsystem and control method thereof
US6708265B1 (en) Method and apparatus for moving accesses to logical entities from one storage element to another storage element in a computer storage system
US6907498B2 (en) Computer system and a method of assigning a storage device to a computer
US7302541B2 (en) System and method for switching access paths during data migration
JP3993773B2 (en) Storage subsystem, storage control device, and data copy method
US7681002B2 (en) Storage controller and storage control method
US20020029319A1 (en) Logical unit mapping in a storage area network (SAN) environment
US6978324B1 (en) Method and apparatus for controlling read and write accesses to a logical entity
EP1857918A2 (en) Computer system comprising an external storage system having an external volume
US8195913B2 (en) Data storage control on storage devices
EP1876519A2 (en) Storage system and write distribution method
US6571354B1 (en) Method and apparatus for storage unit replacement according to array priority
US7130978B2 (en) Method and apparatus for controlling access to storage device

Legal Events

Date Code Title Description
A621 Written request for application examination

Free format text: JAPANESE INTERMEDIATE CODE: A621

Effective date: 20070618

RD04 Notification of resignation of power of attorney

Free format text: JAPANESE INTERMEDIATE CODE: A7424

Effective date: 20090220

A977 Report on retrieval

Free format text: JAPANESE INTERMEDIATE CODE: A971007

Effective date: 20100423

A131 Notification of reasons for refusal

Free format text: JAPANESE INTERMEDIATE CODE: A131

Effective date: 20100428

A02 Decision of refusal

Free format text: JAPANESE INTERMEDIATE CODE: A02

Effective date: 20100921