+

US20030229689A1 - Method and system for managing stored data on a computer network - Google Patents

Method and system for managing stored data on a computer network Download PDF

Info

Publication number
US20030229689A1
US20030229689A1 US10/164,950 US16495002A US2003229689A1 US 20030229689 A1 US20030229689 A1 US 20030229689A1 US 16495002 A US16495002 A US 16495002A US 2003229689 A1 US2003229689 A1 US 2003229689A1
Authority
US
United States
Prior art keywords
logical volume
computer
storage device
name
network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US10/164,950
Inventor
Kartik Raghavan
Thomas Phillips
Bohdan Raciborski
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Microsoft Technology Licensing LLC
Original Assignee
Microsoft Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Microsoft Corp filed Critical Microsoft Corp
Priority to US10/164,950 priority Critical patent/US20030229689A1/en
Assigned to MICROSOFT CORPORATION reassignment MICROSOFT CORPORATION ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: RACIBORSKI, BOHDAN, RAGHAVAN, KARTIK N., PHILLIPS, THOMAS G.
Publication of US20030229689A1 publication Critical patent/US20030229689A1/en
Priority to US11/236,256 priority patent/US7676564B2/en
Priority to US11/236,233 priority patent/US20060026263A1/en
Priority to US12/652,207 priority patent/US8224947B2/en
Assigned to MICROSOFT TECHNOLOGY LICENSING, LLC reassignment MICROSOFT TECHNOLOGY LICENSING, LLC ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: MICROSOFT CORPORATION
Abandoned legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L61/00Network arrangements, protocols or services for addressing or naming
    • H04L61/45Network directories; Name-to-address mapping
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Definitions

  • the present invention relates generally to data storage on computer networks and, more particularly, to data storage schemes that involve the use of friendly names for storage elements, in which the friendly names are independent of the actual addresses or paths of the storage elements.
  • Name services have been in use on computer networks for many years.
  • the main function of a name service is to map a name, such as a file name, or network domain name, to some arbitrary data record, such as a file or a network address.
  • a name service can, for example, receive a “look-up request” that includes a name, such as a textual name of a web site, from a requesting client and return information associated with the name, such as the IP address of the web site, to the requesting party.
  • DNS Domain Naming Service
  • One function of a name service is to define a namespace for computers on a network that is independent of the physical addresses used by the network. For example, if the website www.foo.com changes its IP address from 100.0.0.1 to 100.0.0.2, the website simply registers the change with the nearest DNS server. The DNS server responds by de-associating www.foo.com from the IP address 100.0.0.1 and creates a new association between wwvw.foo.com and 100.0.0.2. Thus, the rest of the world remains unaware that there was ever any change, and continues to type www.foo.com in their web browsers and achieve the desired result of reaching the website.
  • a data storage device such as a magnetic disk drive
  • DNS name service
  • data storage technology has become increasingly sophisticated.
  • storage networks such as so-called Storage Area Networks (SAN)
  • SAN Storage Area Networks
  • FIG. 1 shows an example of a computer network in which the invention may be practiced
  • the terms “computer,” “device,” and “computing device” as used herein include personal computers (PCs), hand-held devices, multi-processor systems, microprocessor-based programmable consumer electronics, network PCs, PC servers, minicomputers, mainframe computers and the like.
  • PCs personal computers
  • the invention may also be employed in distributed computing environments, where tasks are performed by remote processing devices that are linked through a communications network.
  • modules may be located in both local and remote memory storage devices.
  • the computing device 100 typically includes at least one processing unit 112 and memory 114 .
  • the memory 114 may be volatile (such as RAM), nonvolatile (such as ROM or flash memory) or some combination of the two.
  • This most basic configuration is illustrated in FIG. 2 by dashed line 106 .
  • the computing device may also have additional features/functionality.
  • computing device 100 may also include additional storage (removable and/or non-removable) including, but not limited to, magnetic or optical disks or tape.
  • Computer storage media includes volatile and non-volatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules, or other data.
  • Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disk (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to stored the desired information and which can be accessed by the computing device 100 . Any such computer storage media may be part of computing device 100 .
  • Computing device 100 may also have input devices such as a keyboard, mouse, pen, voice input device, touch input device, etc.
  • Output devices such as a display 118 , speakers, a printer, etc. may also be included. All these devices are well known in the art and need not be discussed at length here.
  • the invention is generally directed to a method and system for managing stored data on a computer network, in which the data is divided up into logical volumes, and each volume is separately addressable via a name service.
  • Each logical volume may correspond to an individual computer-readable storage element, such as a disk, or may be stored across multiple storage elements.
  • the name service can maintain security of the data on the network by restricting the ability of devices on the network to resolve the friendly names of logical volumes into physical paths.
  • the network 150 includes one or more computing devices, represented by a computing device 152 and a domain controller 154 .
  • the domain controller 154 has access to a computer-readable medium 156 , which may be physically located within the domain controller 154 (within a magnetic hard drive, for example) or may be external to the domain controller 154 .
  • the network 150 also includes one or more storage devices, represented in FIG. 3 by storage devices 158 and 160 . Each storage device manages computer-readable media and organizes the computer-readable media into logical volumes. Each logical volume represents a collection of data, and is separately recognized by the network 150 .
  • each logical volume represents a separately removable computer-readable medium.
  • the storage device 158 is shown as being a Redundant Array of Independent Disks (RAID) unit having three removable disks 162 , 164 and 166 .
  • RAID Redundant Array of Independent Disks
  • Each disk of the storage device 158 may, itself, constitute a logical volume.
  • logical volumes may be striped across multiple disks.
  • the logical volume 174 is shown as example of such striping.
  • the storage device 160 is assumed to be a magnetic hard drive with a single disk 176 .
  • the disk 176 of the storage device 160 is shown as having multiple logical volumes 178 , 180 , and 182 .
  • a logical volume may, for example, span multiple data storage devices.
  • an array of multiple, identical disks can be organized into logical volumes. For example, suppose that a RAID 5 unit has five identical disks. As is known in the art, the capacity of this unit is four (five minus one) times the capacity of each individual disk. The unit can be partitioned into individual volumes. Thus, if each disk is 100 Gigabytes (GB), giving an overall capacity of 400 GB for the RAID 5 unit, then the unit could be partitioned into two logical volumes of 200 GB each.
  • GB Gigabytes
  • the registration message contains a unique identifier, such as a world-wide name, that uniquely identifies the storage device 158 .
  • the registration message also includes the identification number and the path of the logical volume on the storage device. If the storage device 158 is a SCSI device, the logical volume may be identified in the registration message by its logical unit number (LUN). The logical volume may also be identified by a world-wide name. As used herein, the term “world-wide name” refers to an effectively unique number of reasonably large size (256 bits, for example).
  • the registration message may also contain additional information, such as the characteristics of the storage device 158 or its location on the topology of the network 150 and the path needed to access it.
  • the request message can also provide information such as a Public/Private Key pair for authorization or for encryption of the channel over which communication with the storage device 158 is taking place.
  • the domain controller 154 When the domain controller 154 receives the registration message, it initiates the process of assigning a name to the logical volume 174 . In doing so, the domain controller 154 references a data structure 157 to determine whether the storage device 158 has ever registered with the domain controller 154 before. In determining whether the storage device 158 has previously registered, the domain controller 154 may require the storage device 158 to authenticate itself. For example, the domain controller 154 may ask the storage device 158 for a security key, a hash of a certain key value, or a hash of a network attribute in order to verify that the storage device 158 had, in fact, previously registered. If the domain controller 154 determines that it has, then the domain controller 154 may simply continue the naming system previously used with the storage device 158 . Otherwise, the domain controller 154 establishes a new naming system for volumes on the storage device 158 .
  • the domain controller 154 then enters the name, referred to hereinafter as the “friendly name,” into the data structure 157 and associates the friendly name with the identification number of the storage device 158 , and with the path and world-wide name of the logical volume 174 .
  • the domain controller 154 may send a message to the storage device 158 to acknowledge receipt of the registration message or to confirm registration of the logical volume 174 .
  • the domain controller 154 may also send other information to the storage device 158 , such as an Access Control List (ACL) that identifies which computer systems are permitted to access the storage device 158 .
  • ACL Access Control List
  • users or programs wishing to obtain access to particular logical volumes stored on a network are required to pass through one or more security checks. These security checks may be enforced by the domain controller 154 of FIG. 3, and/or by some centralized authority such as a MICROSOFT® ACTIVE DIRECTORY® server or MICROSOFT® Passport. Additionally, the domain controller 154 may, itself be a MICROSOFT® ACTIVE DIRECTORY® server. In some embodiments of the invention, the domain controller 154 controls access to storage devices (such as the storage device 158 ) through the use of the data structure 157 .
  • storage devices such as the storage device 158
  • the data structure 157 contains information that indicates which devices on the network 150 are authorized to gain access to the various logical volumes on the computer network. For example, if the computing device 152 needs to access the logical volume 174 on the storage device 158 , it first sends a request to the domain controller 154 .
  • the request includes the friendly name of the logical volume 174 and, in some implementations, authentication data such as a certificate or password.
  • the domain controller 154 refers to the data structure 157 to determine whether the computing device 152 and/or the user of the computing device 152 is authorized to access the logical volume 174 . In doing so, the domain controller 154 performs such actions as checking an access control list within the data structure 157 and verifying any authentication data received from the computing device 152 .
  • Other possible ways of determining whether the user and/or the computing device 152 are authorized to access the logical volume 174 include a challenge/response and a public/private key exchange.
  • the domain controller may, in addition to the procedures described, publish certain storage devices and/or logical volumes. In this way, the computer systems that do not have physical access to the storage devices and/or logical volumes can learn about them and automatically modify their network topologies or connections to gain access to them.
  • FIG. 4 an example of how an embodiment of the invention operates will now be described.
  • LAN local area network
  • SAN storage area network
  • a host computer 204 and a SAN domain controller 206 are each communicatively linked to both the LAN 200 and the SAN 202 .
  • Storage devices 240 and 260 are also communicatively linked to the SAN 202 .
  • the storage device 240 has access to computer-readable medium 242 .
  • a first logical volume of data 244 and a second logical volume of data 245 are stored on the computer readable medium 242 .
  • the host computer 204 administers a name service on the storage area network 202 that maps friendly names of logical volumes to their physical paths.
  • the host computer 204 has a file system module 208 for managing files, a SAN management filter driver module 210 for enabling commands and data to be sent to and received from the storage area network 202 , a client-side SAN API module 214 for allowing the host computer 204 to make function calls to its counterpart on the domain controller 206 , and a storage stack module 212 for enabling the host computer 204 to translate messages in accordance with a storage standard. Possible storage standards include Small Computer System Interface (SCSI), Internet SCSI (iSCSI), serial, Advanced Technology Attachment (ATA), and Fibre Channel.
  • the host computer 206 has access to a computer-readable medium 246 , which has stored thereon a data structure 248 .
  • the SAN domain controller 206 executes several program modules, including a security module 218 for authenticating hosts and controlling access to storage devices on the storage area network 202 , a discovery module 220 for enabling storage devices on the storage area network 202 to be automatically recognized by the SAN domain controller 206 , a LUN management module 222 for keeping track of the logical unit numbers of various logical volumes on the storage area network 202 and a name space management module 224 for keeping track of how friendly names are mapped to network paths for the various logical volumes on the network.
  • the SAN domain controller 206 also executes a SAN provider API module 230 , which allows the SAN domain controller 206 to communicate with various storage devices on the storage area network 202 .
  • the SAN provider API module 230 abstracts the specifics of each storage device so that the domain controller 206 can communicate with each storage device using a single, common language.
  • the SAN domain controller 206 executes a server-side SAN API module 216 for communicating with clients, such as host computers.
  • clients such as host computers.
  • the SAN domain controller 206 is depicted as a single unit in FIG. 4, it may be implemented as multiple machines.
  • the SAN domain controller 206 could be implemented as a cluster to give it fault tolerance for an internet-based storage system.
  • the SAN domain controller 206 executes a first storage provider module 232 and a second storage provider module 234 for communicating with the different storage providers made by different manufacturers.
  • storage providers include switches, disk arrays, so-called JBODs (“just a bunch of disks”), tape libraries and juke boxes.
  • the SAN domain controller 206 executes a disk array provider module 236 and a tape provider module 238 to allow the domain controller 206 to communicate with different disk arrays and tape devices manufactured by different vendors.
  • the storage device 240 is physically connected to the SAN 202 .
  • the SAN domain controller 206 recognizes the presence of the storage device 240 (through Universal Plug and Play, for example) and queries it for information about itself (Arrow A).
  • the storage device 240 then responds by sending a registration message to the SAN domain controller 206 that includes information such as its manufacturer, its world-wide name (according to the Fibre Channel standard, for example), the fact that it has two logical volumes (the first and second logical volumes 244 and 245 ), the world-wide name of each of the two logical volumes, and information regarding the path of each logical volume on the computer-readable medium 242 (Arrow B).
  • the path information may include a SCSI channel number, port number, SCSI ID and logical unit number (LUN) of each logical volume.
  • the discovery module 220 receives the registration message and generates an acknowledgement message, which the domain controller 206 sends to the storage device 240 (Arrow C).
  • the discovery module 220 then passes the information contained in the registration message to the name space management module 224 .
  • the name space management module 224 coordinates with the LUN management module 222 to determine whether there is already an entry for the storage device 240 in the data structure 248 . If there is not already an entry, the name space management module 224 generates a friendly name for each of the first and second logical volumes 244 and 245 , or asks the system administrator (via a user interface) to create the names.
  • the name space management module 224 and the LUN management module 222 then define a new object for the first and second logical volumes 244 and 245 within in the data structure 248 .
  • the new object associates the friendly name generated for the first and second logical volumes 244 and 245 with the world-wide name of the storage device 240 , and with the world-wide names and paths of the first and second logical volumes 244 and 245 .
  • the security module 218 can screen the storage device 240 to determine whether it should be permitted to participate in the name service.
  • the host computer 204 To write and read data to and from the first logical volume 244 , for example, the host computer 204 first registers with the SAN domain controller 206 , if it has not already done so in the past. It does this by sending a registration message to the SAN domain controller 206 (Arrow D). The registration message includes a request to attach to the SAN, as well as the host computer's authorization credentials (if needed). The security module 218 then executes a security procedure to determine whether the host computer 204 should be permitted to be registered. For example, the security module 218 may determine whether the host computer 204 has authorization to access the SAN 202 and which pieces of hardware the host computer 204 is permitted to access.
  • the SAN domain controller 206 If the SAN domain controller 206 accepts the registration request, it responds with an acknowledgment message to the host computer 204 (Arrow E). The SAN domain controller 206 then creates a virtualization (a directory tree, for example) of the resources that the host computer 204 is permitted to access, and provides the virtualization to the host computer 204 . Once the host computer 204 registers, it can then attempt to access the first logical volume 244 . To do so, the host computer 204 determines the friendly name of the first logical volume 244 . It may do this by searching a well-known directory located on the LAN 200 . The host computer 204 then sends a look-up request to the SAN domain controller 206 .
  • a virtualization a directory tree, for example
  • the look-up request includes the friendly name of the first logical volume 244 (Arrow F).
  • the security module 218 of the SAN domain controller 206 responds to the request by referencing the data structure 248 to determine whether the host computer 204 is authorized to have access to the first logical volume 244 . In making this determination, the security module 218 may analyze authentication data included in the look-up request. For example, the security module 218 may compare a certificate received with the look-up request to those of an access control list maintained in the data structure 248 . If the request is approved, the security module 218 extracts the appropriate path information regarding the first logical volume 244 from the data structure 248 . The SAN domain controller 206 then sends the path information to the host computer 204 (Arrow G). The host computer 204 then uses the path information to access the first logical volume 244 via the storage area network 202 (Arrow H).
  • the security module 218 determines that the host computer 204 is not permitted to have access to the first logical volume 244 , then the SAN domain controller 206 sends a denial message to the host computer 204 . There may be a variety of reasons for denying access to the host computer 204 . For example it may be desirable to prevent the host computer 204 from corrupting the data in the first logical volume 244 .
  • the SAN domain controller 206 keeps track of the paths of the various logical volumes stored on the SAN 202 . For example, if the first logical volume 244 is moved from the storage device 240 to the storage device 260 , the SAN domain controller 206 discovers the move, either automatically or via a manual update, and updates the corresponding path information in the data structure 248 . It could then correctly correlate the name of the first logical volume 244 to the storage device 260 and thereby have the ability to respond correctly to future look-up requests regarding the first logical volume 244 . Thus, the fact that the first logical volume 244 had physically moved would be hidden from the host computer 204 , as well as all of the other host computers of the LAN 200 .

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

A method and system for managing stored data on a computer network organizes data into logical volumes, and each logical volume has a friendly name associated with it. A domain controller keeps track of the friendly names of the logical volumes and associates those friendly names with the actual physical paths of the logical volumes. When a client computer on the network wishes to access a logical volume, it sends a look-up request having the friendly name to the domain controller. The domain controller may fulfill the request by sending the path of the logical volume to the client computer.

Description

    TECHNICAL FIELD
  • The present invention relates generally to data storage on computer networks and, more particularly, to data storage schemes that involve the use of friendly names for storage elements, in which the friendly names are independent of the actual addresses or paths of the storage elements. [0001]
    • BACKGROUND OF THE INVENTION
  • Name services have been in use on computer networks for many years. In general, the main function of a name service is to map a name, such as a file name, or network domain name, to some arbitrary data record, such as a file or a network address. A name service can, for example, receive a “look-up request” that includes a name, such as a textual name of a web site, from a requesting client and return information associated with the name, such as the IP address of the web site, to the requesting party. One of the most popular name services in use today is the Domain Naming Service (DNS). [0002]
  • One function of a name service is to define a namespace for computers on a network that is independent of the physical addresses used by the network. For example, if the website www.foo.com changes its IP address from 100.0.0.1 to 100.0.0.2, the website simply registers the change with the nearest DNS server. The DNS server responds by de-associating www.foo.com from the IP address 100.0.0.1 and creates a new association between wwvw.foo.com and 100.0.0.2. Thus, the rest of the world remains unaware that there was ever any change, and continues to type www.foo.com in their web browsers and achieve the desired result of reaching the website. [0003]
  • A data storage device, such as a magnetic disk drive, can be coupled to or integrated with an individual computer on a network and, therefore, can effectively have its own IP address and participate in a name service such as DNS. However, data storage technology has become increasingly sophisticated. With the proliferation of storage networks, such as so-called Storage Area Networks (SAN), multiple computer systems can now be connected to networks of multiple data storage devices. Although efforts have been made to create a DNS-like naming system for Internet storage systems [see, for example, the Internet Storage Name Service (iSNS), which is documented in various Internet Engineering Task Force (IETF) drafts], there is currently no effective way for a data storage device to divide its computer-readable media (its magnetic disks, for example) into logical volumes and to have each of those volumes be recognized as a separately addressable entity in a name service. Also, there is currently no effective way to build a SAN name space that makes the physical location of a storage device transparent to computer systems that need to access the storage device. [0004]
    • SUMMARY OF THE INVENTION
  • The invention is generally directed to a method and system for managing stored data on a computer network, in which the data is organized into logical volumes, and each logical volume has a friendly name associated with it. A logical volume may correspond to an individual computer-readable storage element or to a multiple storage elements. For example, a logical volume can represent a single spindle (a physical hard disk), an entire disk array, or a logical partition of a disk array. A domain controller keeps track of the friendly names of the logical volumes and associates those friendly names with the actual physical paths of the logical volumes. When a client computer on the network wishes to access a logical volume, it sends a look-up request, which includes the friendly name, to the domain controller. The domain controller may fulfill the request by sending the path of the logical volume to the client computer. [0005]
  • Additional features and advantages of the invention will be made apparent from the following detailed description of illustrative embodiments that proceeds with reference to the accompanying figures.[0006]
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • While the appended claims set forth the features of the present invention with particularity, the invention, together with its objects and advantages, may be best understood from the following detailed description taken in conjunction with the accompanying drawings of which: [0007]
  • FIG. 1 shows an example of a computer network in which the invention may be practiced; [0008]
  • FIG. 2 shows an example of a computer on which at least some parts of the invention may be implemented; and [0009]
  • FIGS. 3 and 4 show example embodiments of the invention. [0010]
    • DETAILED DESCRIPTION OF THE INVENTION
  • Prior to proceeding with a description of the various embodiments of the invention, a description of the computer and networking environment in which various embodiments of the invention may be practiced will be provided. Although it is not required, the present invention may be implemented by program modules that are executed by a computer. Generally, program modules include routines, objects, components, data structures and the like that perform particular tasks or implement particular abstract data types. The term “program” as used herein may connote a single program module or multiple program modules acting in concert. The invention may be implemented on a variety of types of computers. Accordingly, the terms “computer,” “device,” and “computing device” as used herein include personal computers (PCs), hand-held devices, multi-processor systems, microprocessor-based programmable consumer electronics, network PCs, PC servers, minicomputers, mainframe computers and the like. The invention may also be employed in distributed computing environments, where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, modules may be located in both local and remote memory storage devices. [0011]
  • An example of a networked environment in which the invention may be used will now be described with reference to FIG. 1. The example network includes [0012] several computers 100 communicating with one another over a network 102, represented by a cloud. Network 102 may include many well-known components, such as routers, gateways, hubs, etc. and may allow the computers 100 to communicate via wired and/or wireless media. The network 102 may have one or more data storage devices 107 linked to it. The computers 100 may also have data storage devices 103 attached directly to them, or may be communicatively linked to a storage area network 104, which includes one or more data storage devices 105.
  • Referring to FIG. 2, an example of a basic configuration for a computing device on which the system described herein may be implemented is shown. In its most basic configuration, the [0013] computing device 100 typically includes at least one processing unit 112 and memory 114. Depending on the exact configuration and type of the computing device 100, the memory 114 may be volatile (such as RAM), nonvolatile (such as ROM or flash memory) or some combination of the two. This most basic configuration is illustrated in FIG. 2 by dashed line 106. Additionally, the computing device may also have additional features/functionality. For example, computing device 100 may also include additional storage (removable and/or non-removable) including, but not limited to, magnetic or optical disks or tape. Computer storage media includes volatile and non-volatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules, or other data. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disk (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to stored the desired information and which can be accessed by the computing device 100. Any such computer storage media may be part of computing device 100.
  • [0014] Computing device 100 may also contain communications connections that allow the device to communicate with other devices. A communication connection is an example of a communication medium. Communication media typically embodies computer readable instructions, data structures, program modules or other data in a modulated data signal such as a carrier wave or other transport mechanism and includes any information delivery media. By way of example, and not limitation, communication media includes wired media such as a wired network or direct-wired connection, and wireless media such as acoustic, RF, infrared and other wireless media. The term computer readable media as used herein includes both storage media and communication media.
  • [0015] Computing device 100 may also have input devices such as a keyboard, mouse, pen, voice input device, touch input device, etc. Output devices such as a display 118, speakers, a printer, etc. may also be included. All these devices are well known in the art and need not be discussed at length here.
  • The invention is generally directed to a method and system for managing stored data on a computer network, in which the data is divided up into logical volumes, and each volume is separately addressable via a name service. Each logical volume may correspond to an individual computer-readable storage element, such as a disk, or may be stored across multiple storage elements. As the physical location of a volume changes, its physical location can be re-registered with the name service. Thus, devices on the computer network can continue to access the volume via the name service using the volume's “friendly” name. In various embodiments of the invention, the name service can maintain security of the data on the network by restricting the ability of devices on the network to resolve the friendly names of logical volumes into physical paths. [0016]
  • Various embodiments of the invention will now be described in the context of an example network, shown in FIG. 3. The network, generally labeled [0017] 150, includes one or more computing devices, represented by a computing device 152 and a domain controller 154. The domain controller 154 has access to a computer-readable medium 156, which may be physically located within the domain controller 154 (within a magnetic hard drive, for example) or may be external to the domain controller 154. The network 150 also includes one or more storage devices, represented in FIG. 3 by storage devices 158 and 160. Each storage device manages computer-readable media and organizes the computer-readable media into logical volumes. Each logical volume represents a collection of data, and is separately recognized by the network 150. An example of a type of logical volume is a disk volume. In some embodiments of the invention, each logical volume represents a separately removable computer-readable medium. For example, the storage device 158 is shown as being a Redundant Array of Independent Disks (RAID) unit having three removable disks 162, 164 and 166. Each disk of the storage device 158 may, itself, constitute a logical volume. Alternatively, logical volumes may be striped across multiple disks. The logical volume 174 is shown as example of such striping. In another example, the storage device 160 is assumed to be a magnetic hard drive with a single disk 176. The disk 176 of the storage device 160 is shown as having multiple logical volumes 178, 180, and 182.
  • The logical volume examples of FIG. 3 are not meant to be exhaustive. A logical volume may, for example, span multiple data storage devices. In another example, an array of multiple, identical disks can be organized into logical volumes. For example, suppose that a RAID 5 unit has five identical disks. As is known in the art, the capacity of this unit is four (five minus one) times the capacity of each individual disk. The unit can be partitioned into individual volumes. Thus, if each disk is 100 Gigabytes (GB), giving an overall capacity of 400 GB for the RAID 5 unit, then the unit could be partitioned into two logical volumes of 200 GB each. [0018]
  • Referring to FIG. 3, an example of how the [0019] logical volume 174 of the storage device 158 is registered with the domain controller will now be described. Upon being connected to the storage area network 150, a registration message is sent to the domain controller 154. The registration message may be generated in a variety of ways. For example, the storage device 158 itself might broadcast the message as soon as it is connected to the network 150. In some embodiments, the storage device 158 will be connected to a switch, such as a Fibre Channel switch, and, upon detecting the presence of the storage device 158, the switch obtains the relevant information from the storage device 158 and sends the registration message to the domain controller 154. In other embodiments, the domain controller 154 discovers the storage device 158 and obtains the relevant information from it. The registration message can be sent according to a variety of protocols. A protocol suitable for the discovery, enumeration and configuration of devices may be used, including Universal Plug and Play (UPnP) and Simple Service Discovery Protocol (SSDP).
  • The registration message contains a unique identifier, such as a world-wide name, that uniquely identifies the [0020] storage device 158. The registration message also includes the identification number and the path of the logical volume on the storage device. If the storage device 158 is a SCSI device, the logical volume may be identified in the registration message by its logical unit number (LUN). The logical volume may also be identified by a world-wide name. As used herein, the term “world-wide name” refers to an effectively unique number of reasonably large size (256 bits, for example). The registration message may also contain additional information, such as the characteristics of the storage device 158 or its location on the topology of the network 150 and the path needed to access it. The request message can also provide information such as a Public/Private Key pair for authorization or for encryption of the channel over which communication with the storage device 158 is taking place.
  • When the [0021] domain controller 154 receives the registration message, it initiates the process of assigning a name to the logical volume 174. In doing so, the domain controller 154 references a data structure 157 to determine whether the storage device 158 has ever registered with the domain controller 154 before. In determining whether the storage device 158 has previously registered, the domain controller 154 may require the storage device 158 to authenticate itself. For example, the domain controller 154 may ask the storage device 158 for a security key, a hash of a certain key value, or a hash of a network attribute in order to verify that the storage device 158 had, in fact, previously registered. If the domain controller 154 determines that it has, then the domain controller 154 may simply continue the naming system previously used with the storage device 158. Otherwise, the domain controller 154 establishes a new naming system for volumes on the storage device 158.
  • If required, a name is generated for the [0022] logical volume 174. The name may be generated in a variety of ways. For example, the domain controller 154 itself may generate the name automatically. Alternatively, a human administrator could choose the name. The name that is chosen for the logical volume 174 may be completely arbitrary, or may convey data concerning the logical volume. For example, the logical volume may be named Finance_vol1_DataCenter5_RAID_ unit3″ to indicate that the volume is one that is intended to store data generated by the finance department, is the first volume used in that department, and is physically located in Data Center 5 on RAID (Redundant Array of Independent Disks) unit 3. The domain controller 154 then enters the name, referred to hereinafter as the “friendly name,” into the data structure 157 and associates the friendly name with the identification number of the storage device 158, and with the path and world-wide name of the logical volume 174. At some point during, or after, the registration process, the domain controller 154 may send a message to the storage device 158 to acknowledge receipt of the registration message or to confirm registration of the logical volume 174. The domain controller 154 may also send other information to the storage device 158, such as an Access Control List (ACL) that identifies which computer systems are permitted to access the storage device 158.
  • According to various embodiments of the invention, users or programs wishing to obtain access to particular logical volumes stored on a network are required to pass through one or more security checks. These security checks may be enforced by the [0023] domain controller 154 of FIG. 3, and/or by some centralized authority such as a MICROSOFT® ACTIVE DIRECTORY® server or MICROSOFT® Passport. Additionally, the domain controller 154 may, itself be a MICROSOFT® ACTIVE DIRECTORY® server. In some embodiments of the invention, the domain controller 154 controls access to storage devices (such as the storage device 158) through the use of the data structure 157. In those embodiments, the data structure 157 contains information that indicates which devices on the network 150 are authorized to gain access to the various logical volumes on the computer network. For example, if the computing device 152 needs to access the logical volume 174 on the storage device 158, it first sends a request to the domain controller 154. The request includes the friendly name of the logical volume 174 and, in some implementations, authentication data such as a certificate or password. The domain controller 154 refers to the data structure 157 to determine whether the computing device 152 and/or the user of the computing device 152 is authorized to access the logical volume 174. In doing so, the domain controller 154 performs such actions as checking an access control list within the data structure 157 and verifying any authentication data received from the computing device 152. Other possible ways of determining whether the user and/or the computing device 152 are authorized to access the logical volume 174 include a challenge/response and a public/private key exchange.
  • In the previous example, the domain controller may, in addition to the procedures described, publish certain storage devices and/or logical volumes. In this way, the computer systems that do not have physical access to the storage devices and/or logical volumes can learn about them and automatically modify their network topologies or connections to gain access to them. [0024]
  • Referring to FIG. 4, an example of how an embodiment of the invention operates will now be described. In this example, it is assumed that there is a local area network (LAN) [0025] 200 and a storage area network (SAN) 202. A host computer 204 and a SAN domain controller 206 are each communicatively linked to both the LAN 200 and the SAN 202. Storage devices 240 and 260 are also communicatively linked to the SAN 202. The storage device 240 has access to computer-readable medium 242. A first logical volume of data 244 and a second logical volume of data 245 are stored on the computer readable medium 242. The host computer 204 administers a name service on the storage area network 202 that maps friendly names of logical volumes to their physical paths. The host computer 204 has a file system module 208 for managing files, a SAN management filter driver module 210 for enabling commands and data to be sent to and received from the storage area network 202, a client-side SAN API module 214 for allowing the host computer 204 to make function calls to its counterpart on the domain controller 206, and a storage stack module 212 for enabling the host computer 204 to translate messages in accordance with a storage standard. Possible storage standards include Small Computer System Interface (SCSI), Internet SCSI (iSCSI), serial, Advanced Technology Attachment (ATA), and Fibre Channel. The host computer 206 has access to a computer-readable medium 246, which has stored thereon a data structure 248.
  • The [0026] SAN domain controller 206 executes several program modules, including a security module 218 for authenticating hosts and controlling access to storage devices on the storage area network 202, a discovery module 220 for enabling storage devices on the storage area network 202 to be automatically recognized by the SAN domain controller 206, a LUN management module 222 for keeping track of the logical unit numbers of various logical volumes on the storage area network 202 and a name space management module 224 for keeping track of how friendly names are mapped to network paths for the various logical volumes on the network. The SAN domain controller 206 also executes a SAN provider API module 230, which allows the SAN domain controller 206 to communicate with various storage devices on the storage area network 202. The SAN provider API module 230 abstracts the specifics of each storage device so that the domain controller 206 can communicate with each storage device using a single, common language. The SAN domain controller 206 executes a server-side SAN API module 216 for communicating with clients, such as host computers. Although the SAN domain controller 206 is depicted as a single unit in FIG. 4, it may be implemented as multiple machines. For example, the SAN domain controller 206 could be implemented as a cluster to give it fault tolerance for an internet-based storage system.
  • The [0027] SAN domain controller 206 executes a first storage provider module 232 and a second storage provider module 234 for communicating with the different storage providers made by different manufacturers. Examples of storage providers include switches, disk arrays, so-called JBODs (“just a bunch of disks”), tape libraries and juke boxes. For example, in FIG. 4, the SAN domain controller 206 executes a disk array provider module 236 and a tape provider module 238 to allow the domain controller 206 to communicate with different disk arrays and tape devices manufactured by different vendors.
  • An example of how the [0028] SAN domain controller 206 manages the logical volume 244 (FIG. 4) according to an embodiment of the invention will now be described. The storage device 240 is physically connected to the SAN 202. The SAN domain controller 206 recognizes the presence of the storage device 240 (through Universal Plug and Play, for example) and queries it for information about itself (Arrow A). The storage device 240 then responds by sending a registration message to the SAN domain controller 206 that includes information such as its manufacturer, its world-wide name (according to the Fibre Channel standard, for example), the fact that it has two logical volumes (the first and second logical volumes 244 and 245), the world-wide name of each of the two logical volumes, and information regarding the path of each logical volume on the computer-readable medium 242 (Arrow B). The path information may include a SCSI channel number, port number, SCSI ID and logical unit number (LUN) of each logical volume. The discovery module 220 receives the registration message and generates an acknowledgement message, which the domain controller 206 sends to the storage device 240 (Arrow C). The discovery module 220 then passes the information contained in the registration message to the name space management module 224. The name space management module 224 coordinates with the LUN management module 222 to determine whether there is already an entry for the storage device 240 in the data structure 248. If there is not already an entry, the name space management module 224 generates a friendly name for each of the first and second logical volumes 244 and 245, or asks the system administrator (via a user interface) to create the names. The name space management module 224 and the LUN management module 222 then define a new object for the first and second logical volumes 244 and 245 within in the data structure 248. The new object associates the friendly name generated for the first and second logical volumes 244 and 245 with the world-wide name of the storage device 240, and with the world-wide names and paths of the first and second logical volumes 244 and 245. Optionally, the security module 218 can screen the storage device 240 to determine whether it should be permitted to participate in the name service.
  • To write and read data to and from the first [0029] logical volume 244, for example, the host computer 204 first registers with the SAN domain controller 206, if it has not already done so in the past. It does this by sending a registration message to the SAN domain controller 206 (Arrow D). The registration message includes a request to attach to the SAN, as well as the host computer's authorization credentials (if needed). The security module 218 then executes a security procedure to determine whether the host computer 204 should be permitted to be registered. For example, the security module 218 may determine whether the host computer 204 has authorization to access the SAN 202 and which pieces of hardware the host computer 204 is permitted to access. If the SAN domain controller 206 accepts the registration request, it responds with an acknowledgment message to the host computer 204 (Arrow E). The SAN domain controller 206 then creates a virtualization (a directory tree, for example) of the resources that the host computer 204 is permitted to access, and provides the virtualization to the host computer 204. Once the host computer 204 registers, it can then attempt to access the first logical volume 244. To do so, the host computer 204 determines the friendly name of the first logical volume 244. It may do this by searching a well-known directory located on the LAN 200. The host computer 204 then sends a look-up request to the SAN domain controller 206. The look-up request includes the friendly name of the first logical volume 244 (Arrow F). The security module 218 of the SAN domain controller 206 responds to the request by referencing the data structure 248 to determine whether the host computer 204 is authorized to have access to the first logical volume 244. In making this determination, the security module 218 may analyze authentication data included in the look-up request. For example, the security module 218 may compare a certificate received with the look-up request to those of an access control list maintained in the data structure 248. If the request is approved, the security module 218 extracts the appropriate path information regarding the first logical volume 244 from the data structure 248. The SAN domain controller 206 then sends the path information to the host computer 204 (Arrow G). The host computer 204 then uses the path information to access the first logical volume 244 via the storage area network 202 (Arrow H).
  • If the [0030] security module 218 determines that the host computer 204 is not permitted to have access to the first logical volume 244, then the SAN domain controller 206 sends a denial message to the host computer 204. There may be a variety of reasons for denying access to the host computer 204. For example it may be desirable to prevent the host computer 204 from corrupting the data in the first logical volume 244.
  • Referring again to FIG. 4, the [0031] SAN domain controller 206 keeps track of the paths of the various logical volumes stored on the SAN 202. For example, if the first logical volume 244 is moved from the storage device 240 to the storage device 260, the SAN domain controller 206 discovers the move, either automatically or via a manual update, and updates the corresponding path information in the data structure 248. It could then correctly correlate the name of the first logical volume 244 to the storage device 260 and thereby have the ability to respond correctly to future look-up requests regarding the first logical volume 244. Thus, the fact that the first logical volume 244 had physically moved would be hidden from the host computer 204, as well as all of the other host computers of the LAN 200.
  • It can thus be seen that a new a useful method and system for managing stored data on a computer network has been provided. In view of the many possible embodiments to which the principles of this invention may be applied, it should be recognized that the embodiments described herein with respect to the drawing figures is meant to be illustrative only and should not be taken as limiting the scope of invention. For example, those of skill in the art will recognize that the elements of the illustrated embodiments shown in software may be implemented in hardware and vice versa or that the illustrated embodiments can be modified in arrangement and detail without departing from the spirit of the invention. Therefore, the invention as described herein contemplates all such embodiments as may come within the scope of the following claims and equivalents thereof. [0032]

Claims (25)

What is claimed is:
1. A method for managing stored data on a computer network, the computer network comprising at least a first and a second node, the first node comprising a server, the second node comprising a storage device, the method comprising:
at the server, receiving, from the storage device and over the network, a registration message that identifies a logical volume of computer-readable media managed by the storage device, wherein the registration message comprises a path by which a user of the computer network can access the logical volume;
creating an association between the path of the logical volume and a name; and
storing the association in a data structure on a computer-readable medium accessible by the server.
2. A computer-readable medium having stored thereon computer executable instructions for performing the method of claim 1.
3. The method of claim 1, wherein the logical volume represents a single disk of the storage device.
4. The method of claim 1, wherein the logical volume represents a logical disk that is striped across multiple physical disks.
5. The method of claim 1, wherein the storage device is one of a plurality of storage devices, and the logical volume represents data that is striped across the plurality of storage devices.
6. The method of claim 1, wherein the registration message further comprises a world-wide name, the method further comprising creating an association between the world-wide name and the name.
7. The method of claim 1, wherein the registration message further comprises a logical unit number, and wherein the creating step comprises creating an association between the logical unit number and the name.
8. The method of claim 1, further comprising creating an access control list for the logical volume, the access control list specifying which computers are permitted to access the logical volume.
9. The method of claim 1, further comprising:
discovering the existence of the storage device; and
discovering the existence of the logical volume.
10. The method of claim 1, further comprising:
controlling access by host computers on the network to the storage device.
11. A method for managing stored data on a computer network, the computer network comprising at least a first, a second, and a third node, the first node comprising a server, the second node comprising a storage device, and the third node comprising a client computer, the method comprising:
the server computer receiving, from the client computer, a request for the path of a logical volume stored on the computer network, the request including a name of the logical volume;
the server computer referencing a data structure comprising an association between the name of the logical volume and a path of the logical volume; and
the server computer providing the path to the client computer, thereby permitting the client computer to access the logical volume via the computer network.
12. A computer-readable medium having stored thereon computer-executable instructions for performing the method of claim 11.
13. The method of claim 1 1, further comprising:
the server computer determining whether the client computer is permitted to have access to the logical volume; and
the server computer performing the providing step based on the determining step.
14. The method of claim 13, wherein the determining step comprises referencing an access control list.
15. The method of claim 13, wherein the determining step comprises verifying a certificate received from the client computer.
16. The method of claim 13, wherein the determining step comprises referencing permission information in the data structure.
17. The method of claim 11, wherein the referencing step comprises:
locating the name of the logical volume in the data structure;
determining the identity of a storage device on the network that is responsible for and maintaining the logical volume; and
determining which logical unit number of the storage device corresponds to the logical volume,
wherein the providing step comprises transmitting, to the client computer, the identity of the storage device and the logical unit number.
18. The method of claim 11, wherein the referencing step comprises:
locating the world-wide name of the logical volume in the data structure; and
determining the identity of a storage device on the network that is responsible for maintaining the logical volume,
wherein the providing step comprises transmitting, to the client computer, the identity of the storage device and the world-wide name of the logical volume.
19. A name service for a storage network, the name service comprising:
a storage device linked to the storage network for storing computer-readable data;
a domain controller linked to the network for maintaining an association between the path of a logical volume of data stored on the storage device and a friendly name; and
a client computer linked to the domain controller.
20. The name service of claim 19, wherein the domain controller executes software for performing the steps of:
receiving a request from the client computer for the path of the logical volume, the request including the friendly name;
using the association between the friendly name and the path to determine the path of the logical volume; and
transmitting data regarding the path to the client computer.
21. The name service of claim 19, wherein the domain controller executes software for performing steps comprising:
receiving a request from the client computer for the path of the logical volume;
determining whether or not the client computer is permitted to have access to the logical volume; and
granting or denying the request based on the determining step.
22. The name service of claim 19, wherein the domain controller executes software for performing steps comprising:
reviewing a request from the storage device to register the logical volume;
determining whether or not the storage device is permitted to participate in the storage network; and
granting or denying the request based on the determining step.
23. The name service of claim 19, wherein the logical volume corresponds to a single removable computer-readable medium.
24. The name service of claim 19, wherein the logical volume corresponds to a single disk of the storage device.
25. The name service of claim 19, wherein the logical volume corresponds to a block of data that is striped across multiple disks of the storage device.
US10/164,950 2002-06-06 2002-06-06 Method and system for managing stored data on a computer network Abandoned US20030229689A1 (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
US10/164,950 US20030229689A1 (en) 2002-06-06 2002-06-06 Method and system for managing stored data on a computer network
US11/236,256 US7676564B2 (en) 2002-06-06 2005-09-27 Managing stored data on a computer network
US11/236,233 US20060026263A1 (en) 2002-06-06 2005-09-27 Managing stored data on a computer network
US12/652,207 US8224947B2 (en) 2002-06-06 2010-01-05 Managing stored data on a computer network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US10/164,950 US20030229689A1 (en) 2002-06-06 2002-06-06 Method and system for managing stored data on a computer network

Related Child Applications (2)

Application Number Title Priority Date Filing Date
US11/236,256 Division US7676564B2 (en) 2002-06-06 2005-09-27 Managing stored data on a computer network
US11/236,233 Division US20060026263A1 (en) 2002-06-06 2005-09-27 Managing stored data on a computer network

Publications (1)

Publication Number Publication Date
US20030229689A1 true US20030229689A1 (en) 2003-12-11

Family

ID=29710318

Family Applications (4)

Application Number Title Priority Date Filing Date
US10/164,950 Abandoned US20030229689A1 (en) 2002-06-06 2002-06-06 Method and system for managing stored data on a computer network
US11/236,256 Expired - Fee Related US7676564B2 (en) 2002-06-06 2005-09-27 Managing stored data on a computer network
US11/236,233 Abandoned US20060026263A1 (en) 2002-06-06 2005-09-27 Managing stored data on a computer network
US12/652,207 Expired - Fee Related US8224947B2 (en) 2002-06-06 2010-01-05 Managing stored data on a computer network

Family Applications After (3)

Application Number Title Priority Date Filing Date
US11/236,256 Expired - Fee Related US7676564B2 (en) 2002-06-06 2005-09-27 Managing stored data on a computer network
US11/236,233 Abandoned US20060026263A1 (en) 2002-06-06 2005-09-27 Managing stored data on a computer network
US12/652,207 Expired - Fee Related US8224947B2 (en) 2002-06-06 2010-01-05 Managing stored data on a computer network

Country Status (1)

Country Link
US (4) US20030229689A1 (en)

Cited By (34)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040083284A1 (en) * 2002-10-25 2004-04-29 Yuval Ofek System and method for providing data awareness across multiple domains
US20040117546A1 (en) * 2002-12-11 2004-06-17 Makio Mizuno iSCSI storage management method and management system
US20040210791A1 (en) * 2003-04-21 2004-10-21 Etsutaro Akagawa Medium for recording network management program, management computer and managing method
US6839746B1 (en) * 2003-06-03 2005-01-04 Veritas Operating Corporation Storage area network (SAN) device logical relationships manager
US20050138466A1 (en) * 2003-12-19 2005-06-23 Spry Andrew J. Method and apparatus for supporting legacy mode fail-over driver with ISCSI network entity including multiple redundant controllers
US20050138418A1 (en) * 2003-12-19 2005-06-23 Spry Andrew J. Methods for defining and naming iSCSI targets using volume access and security policy
US20050149748A1 (en) * 2003-12-19 2005-07-07 Spry Andrew J. Method and apparatus for identifying IPsec security policy in iSCSI
US20050198224A1 (en) * 2004-03-02 2005-09-08 Emiko Kobayashi Storage network system and control method thereof
US20050234941A1 (en) * 2004-04-20 2005-10-20 Naoki Watanabe Managing method for storage subsystem
EP1598737A2 (en) 2004-05-20 2005-11-23 Hitachi Ltd. A management method and a management system for a storage volume
US20060036786A1 (en) * 2004-08-13 2006-02-16 Barrett Kreiner Logical remapping of storage devices
US20060059307A1 (en) * 2004-09-13 2006-03-16 Akira Fujibayashi Storage system and information system using the storage system
US20060075470A1 (en) * 2004-10-06 2006-04-06 Toru Tanaka Storage network system and access control method
US20060080465A1 (en) * 2004-10-12 2006-04-13 Conzola Vincent C Apparatus, system, and method for presenting a mapping between a namespace and a set of computing resources
US20060109850A1 (en) * 2004-11-24 2006-05-25 Hitachi, Ltd. IP-SAN network access control list generating method and access control list setup method
US20060190522A1 (en) * 2005-02-18 2006-08-24 Mitsuhiro Nagata Method for controlling a computer
US20060239452A1 (en) * 2005-04-25 2006-10-26 Samsung Electronics Co., Ltd. Apparatus and method for providing security service
US20060271579A1 (en) * 2005-05-10 2006-11-30 Arun Batish Storage usage analysis
US7197489B1 (en) * 2002-12-31 2007-03-27 Emc Corporation Methods and apparatus for maintaining object data for components in a network
US20070150939A1 (en) * 2005-12-22 2007-06-28 Jeffrey Aaron Methods, communication networks, and computer program products for selecting an endpoint and/or a midpoint path resource for traffic associated with a network element based on whether the network element can be trusted
US20070147262A1 (en) * 2005-12-22 2007-06-28 Jeffrey Aaron Methods, communication networks, and computer program products for storing and/or logging traffic associated with a network element based on whether the network element can be trusted
US20070195447A1 (en) * 2006-02-21 2007-08-23 Spectra Logic Corporation Optional data encryption by partition for a partitionable data storage library
US20080307065A1 (en) * 2007-06-06 2008-12-11 Hitachi, Ltd. Method for starting up file sharing system and file sharing device
US20090049117A1 (en) * 2007-08-17 2009-02-19 At&T Bls Intellectual Property, Inc Systems and Methods for Localizing a Network Storage Device
US20090083423A1 (en) * 2007-09-26 2009-03-26 Robert Beverley Basham System and Computer Program Product for Zoning of Devices in a Storage Area Network
US20090083484A1 (en) * 2007-09-24 2009-03-26 Robert Beverley Basham System and Method for Zoning of Devices in a Storage Area Network
US7562162B2 (en) 2007-04-25 2009-07-14 At&T Intellectual Property I, L.P. Systems and methods for distributed computing utilizing a smart memory apparatus
US20120179776A1 (en) * 2011-01-12 2012-07-12 Fujitsu Limited Communication control apparatus, communication system, information processing apparatus, and communication control method
US20130054907A1 (en) * 2011-08-22 2013-02-28 Fujitsu Limited Storage system, storage control apparatus, and storage control method
US20140337847A1 (en) * 2011-10-25 2014-11-13 Fujitsu Technology Solutions Intellectual Property Gmbh Cluster system and method for executing a plurality of virtual machines
US9134921B1 (en) * 2007-04-23 2015-09-15 Netapp, Inc. Uniquely naming storage devices in a global storage environment
US9891845B2 (en) 2015-06-24 2018-02-13 International Business Machines Corporation Reusing a duplexed storage resource
US10318194B2 (en) * 2014-10-02 2019-06-11 Hitachi Vantara Corporation Method and an apparatus, and related computer-program products, for managing access request in multi-tenancy environments
EP2297921B1 (en) * 2008-07-10 2021-02-24 Juniper Networks, Inc. Network storage

Families Citing this family (66)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8352400B2 (en) 1991-12-23 2013-01-08 Hoffberg Steven M Adaptive pattern recognition based controller apparatus and method and human-factored interface therefore
US7904187B2 (en) 1999-02-01 2011-03-08 Hoffberg Steven M Internet appliance system and method
US7817583B2 (en) * 2003-04-28 2010-10-19 Hewlett-Packard Development Company, L.P. Method for verifying a storage area network configuration
ATE378759T1 (en) 2003-05-06 2007-11-15 Cvon Innovations Ltd MESSAGE TRANSMISSION SYSTEM AND INFORMATION SERVICE
US8144618B2 (en) * 2005-01-31 2012-03-27 Hewlett-Packard Development Company, L.P. Method and apparatus for automatic verification of a zone configuration and network access control construct for a plurality of network switches
US7693887B2 (en) * 2005-02-01 2010-04-06 Strands, Inc. Dynamic identification of a new set of media items responsive to an input mediaset
EP1849099B1 (en) 2005-02-03 2014-05-07 Apple Inc. Recommender system for identifying a new set of media items responsive to an input set of media items and knowledge base metrics
US7797321B2 (en) 2005-02-04 2010-09-14 Strands, Inc. System for browsing through a music catalog using correlation metrics of a knowledge base of mediasets
EP1926027A1 (en) * 2005-04-22 2008-05-28 Strands Labs S.A. System and method for acquiring and aggregating data relating to the reproduction of multimedia files or elements
US7877387B2 (en) 2005-09-30 2011-01-25 Strands, Inc. Systems and methods for promotional media item selection and promotional program unit generation
US7650570B2 (en) * 2005-10-04 2010-01-19 Strands, Inc. Methods and apparatus for visualizing a music library
US20070088917A1 (en) * 2005-10-14 2007-04-19 Ranaweera Samantha L System and method for creating and maintaining a logical serial attached SCSI communication channel among a plurality of storage systems
EP2437158A1 (en) 2005-12-19 2012-04-04 Apple Inc. User-to-user recommender
US20070244880A1 (en) * 2006-02-03 2007-10-18 Francisco Martin Mediaset generation system
JP5161794B2 (en) 2006-02-10 2013-03-13 アップル インコーポレイテッド Dynamic interactive entertainment venue
EP2024811A4 (en) * 2006-02-10 2010-11-10 Strands Inc Systems and methods for prioritizing mobile media player files
WO2007103923A2 (en) * 2006-03-06 2007-09-13 La La Media, Inc Article trading process
CN101611401B (en) * 2006-10-20 2012-10-03 苹果公司 Personal music recommendation mapping
KR101490327B1 (en) 2006-12-06 2015-02-05 퓨전-아이오, 인크. Apparatus, system and method for command management of solid-state storage using bank interleaving
US8533155B2 (en) * 2009-10-30 2013-09-10 Hitachi Data Systems Corporation Fixed content storage within a partitioned content platform, with replication
US8782047B2 (en) 2009-10-30 2014-07-15 Hitachi Data Systems Corporation Fixed content storage within a partitioned content platform using namespaces
US8671000B2 (en) * 2007-04-24 2014-03-11 Apple Inc. Method and arrangement for providing content to multimedia devices
US7836226B2 (en) 2007-12-06 2010-11-16 Fusion-Io, Inc. Apparatus, system, and method for coordinating storage requests in a multi-processor/multi-thread environment
US20090276351A1 (en) * 2008-04-30 2009-11-05 Strands, Inc. Scaleable system and method for distributed prediction markets
JP2010049522A (en) * 2008-08-22 2010-03-04 Hitachi Ltd Computer system and method for managing logical volumes
US9496003B2 (en) 2008-09-08 2016-11-15 Apple Inc. System and method for playlist generation based on similarity data
EP2374066A4 (en) 2008-10-02 2013-12-04 Apple Inc Real-time visualization of user consumption of media items
US8261030B2 (en) * 2008-11-18 2012-09-04 Microsoft Corporation Using delete notifications to free related storage resources
US8255641B2 (en) * 2008-11-18 2012-08-28 Microsoft Corporation Modifying delete notifications in a storage stack
US8156300B2 (en) * 2008-11-18 2012-04-10 Microsoft Corporation Delete notifications for an entire storage volume
US9733962B2 (en) 2009-07-23 2017-08-15 Brocade Communications Systems, Inc. Method and apparatus for determining the identity of a virtual machine
US20110029928A1 (en) * 2009-07-31 2011-02-03 Apple Inc. System and method for displaying interactive cluster-based media playlists
US20110060738A1 (en) * 2009-09-08 2011-03-10 Apple Inc. Media item clustering based on similarity data
US8533161B2 (en) * 2009-10-30 2013-09-10 Hitachi Data Systems Corporation Fixed content storage within a partitioned content platform, with disposition service
JP2012058912A (en) * 2010-09-07 2012-03-22 Nec Corp Logical unit number management device, logical unit number management method and program therefor
US9246764B2 (en) * 2010-12-14 2016-01-26 Verizon Patent And Licensing Inc. Network service admission control using dynamic network topology and capacity updates
US8880793B2 (en) * 2011-04-08 2014-11-04 Symantec Corporation Storage management systems and methods
US8966625B1 (en) * 2011-05-24 2015-02-24 Palo Alto Networks, Inc. Identification of malware sites using unknown URL sites and newly registered DNS addresses
US8555388B1 (en) 2011-05-24 2013-10-08 Palo Alto Networks, Inc. Heuristic botnet detection
US8983905B2 (en) 2011-10-03 2015-03-17 Apple Inc. Merging playlists from multiple sources
US20130219481A1 (en) * 2012-02-16 2013-08-22 Robert Matthew Voltz Cyberspace Trusted Identity (CTI) Module
US9253176B2 (en) 2012-04-27 2016-02-02 Intralinks, Inc. Computerized method and system for managing secure content sharing in a networked secure collaborative exchange environment
US9251360B2 (en) * 2012-04-27 2016-02-02 Intralinks, Inc. Computerized method and system for managing secure mobile device content viewing in a networked secure collaborative exchange environment
AU2013251304B2 (en) 2012-04-27 2018-12-20 Intralinks, Inc. Computerized method and system for managing networked secure collaborative exchange
US9553860B2 (en) 2012-04-27 2017-01-24 Intralinks, Inc. Email effectivity facility in a networked secure collaborative exchange environment
US9240985B1 (en) * 2012-08-16 2016-01-19 Netapp, Inc. Method and system for managing access to storage space in storage systems
US9215239B1 (en) 2012-09-28 2015-12-15 Palo Alto Networks, Inc. Malware detection based on traffic analysis
US9104870B1 (en) 2012-09-28 2015-08-11 Palo Alto Networks, Inc. Detecting malware
US9811665B1 (en) 2013-07-30 2017-11-07 Palo Alto Networks, Inc. Static and dynamic security analysis of apps for mobile devices
US10019575B1 (en) 2013-07-30 2018-07-10 Palo Alto Networks, Inc. Evaluating malware in a virtual machine using copy-on-write
US9613210B1 (en) 2013-07-30 2017-04-04 Palo Alto Networks, Inc. Evaluating malware in a virtual machine using dynamic patching
WO2015073708A1 (en) 2013-11-14 2015-05-21 Intralinks, Inc. Litigation support in cloud-hosted file sharing and collaboration
WO2015164521A1 (en) 2014-04-23 2015-10-29 Intralinks, Inc. Systems and methods of secure data exchange
US9489516B1 (en) 2014-07-14 2016-11-08 Palo Alto Networks, Inc. Detection of malware using an instrumented virtual machine environment
US9542554B1 (en) 2014-12-18 2017-01-10 Palo Alto Networks, Inc. Deduplicating malware
US9805193B1 (en) 2014-12-18 2017-10-31 Palo Alto Networks, Inc. Collecting algorithmically generated domains
US10503442B2 (en) 2015-01-28 2019-12-10 Avago Technologies International Sales Pte. Limited Method and apparatus for registering and storing virtual machine unique information capabilities
US10437770B2 (en) 2015-01-28 2019-10-08 Avago Technologies International Sales Pte. Limited Method and apparatus for providing virtual machine information to a network interface
US9582310B2 (en) * 2015-01-28 2017-02-28 Brocade Communications Systems, Inc. Method and apparatus for determining the identity of a virtual machine
US10033702B2 (en) 2015-08-05 2018-07-24 Intralinks, Inc. Systems and methods of secure data exchange
US10944823B2 (en) 2016-06-28 2021-03-09 At&T Intellectual Property I, L.P. Highly redundant and scalable storage area network architecture
CN106411962B (en) * 2016-12-15 2019-08-27 中国科学技术大学 A data storage method combining user-side access control and cloud access control
US10936653B2 (en) 2017-06-02 2021-03-02 Apple Inc. Automatically predicting relevant contexts for media items
US11010474B2 (en) 2018-06-29 2021-05-18 Palo Alto Networks, Inc. Dynamic analysis techniques for applications
US10956573B2 (en) 2018-06-29 2021-03-23 Palo Alto Networks, Inc. Dynamic analysis techniques for applications
US11196765B2 (en) 2019-09-13 2021-12-07 Palo Alto Networks, Inc. Simulating user interactions for malware analysis

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5897661A (en) * 1997-02-25 1999-04-27 International Business Machines Corporation Logical volume manager and method having enhanced update capability with dynamic allocation of storage and minimal storage of metadata information
US6343324B1 (en) * 1999-09-13 2002-01-29 International Business Machines Corporation Method and system for controlling access share storage devices in a network environment by configuring host-to-volume mapping data structures in the controller memory for granting and denying access to the devices
US6606695B2 (en) * 2000-05-24 2003-08-12 Hitachi, Ltd. Method and apparatus for controlling access to storage device
US6671776B1 (en) * 1999-10-28 2003-12-30 Lsi Logic Corporation Method and system for determining and displaying the topology of a storage array network having multiple hosts and computer readable medium for generating the topology
US6684209B1 (en) * 2000-01-14 2004-01-27 Hitachi, Ltd. Security method and system for storage subsystem
US6779083B2 (en) * 2001-07-13 2004-08-17 Hitachi, Ltd. Security for logical unit in storage subsystem
US6842784B1 (en) * 2000-06-27 2005-01-11 Emc Corporation Use of global logical volume identifiers to access logical volumes stored among a plurality of storage elements in a computer storage system
US6922688B1 (en) * 1998-01-23 2005-07-26 Adaptec, Inc. Computer system storage
US6944654B1 (en) * 1999-11-01 2005-09-13 Emc Corporation Multiple storage array control

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5701462A (en) * 1993-12-29 1997-12-23 Microsoft Corporation Distributed file system providing a unified name space with efficient name resolution
US5889952A (en) * 1996-08-14 1999-03-30 Microsoft Corporation Access check system utilizing cached access permissions
US6449652B1 (en) * 1999-01-04 2002-09-10 Emc Corporation Method and apparatus for providing secure access to a computer system resource
US6389432B1 (en) * 1999-04-05 2002-05-14 Auspex Systems, Inc. Intelligent virtual volume access
US6748448B1 (en) * 1999-12-13 2004-06-08 International Business Machines Corporation High performance internet storage access scheme
US6718372B1 (en) * 2000-01-07 2004-04-06 Emc Corporation Methods and apparatus for providing access by a first computing system to data stored in a shared storage device managed by a second computing system
US7222176B1 (en) * 2000-08-28 2007-05-22 Datacore Software Corporation Apparatus and method for using storage domains for controlling data in storage area networks
US7177953B1 (en) * 2000-12-22 2007-02-13 Nortel Networks Limited Device and method for data storage
JP4162184B2 (en) * 2001-11-14 2008-10-08 株式会社日立製作所 Storage device having means for acquiring execution information of database management system
US7024427B2 (en) * 2001-12-19 2006-04-04 Emc Corporation Virtual file system

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5897661A (en) * 1997-02-25 1999-04-27 International Business Machines Corporation Logical volume manager and method having enhanced update capability with dynamic allocation of storage and minimal storage of metadata information
US6922688B1 (en) * 1998-01-23 2005-07-26 Adaptec, Inc. Computer system storage
US6343324B1 (en) * 1999-09-13 2002-01-29 International Business Machines Corporation Method and system for controlling access share storage devices in a network environment by configuring host-to-volume mapping data structures in the controller memory for granting and denying access to the devices
US6671776B1 (en) * 1999-10-28 2003-12-30 Lsi Logic Corporation Method and system for determining and displaying the topology of a storage array network having multiple hosts and computer readable medium for generating the topology
US6944654B1 (en) * 1999-11-01 2005-09-13 Emc Corporation Multiple storage array control
US6684209B1 (en) * 2000-01-14 2004-01-27 Hitachi, Ltd. Security method and system for storage subsystem
US6606695B2 (en) * 2000-05-24 2003-08-12 Hitachi, Ltd. Method and apparatus for controlling access to storage device
US6842784B1 (en) * 2000-06-27 2005-01-11 Emc Corporation Use of global logical volume identifiers to access logical volumes stored among a plurality of storage elements in a computer storage system
US6779083B2 (en) * 2001-07-13 2004-08-17 Hitachi, Ltd. Security for logical unit in storage subsystem

Cited By (65)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040083284A1 (en) * 2002-10-25 2004-04-29 Yuval Ofek System and method for providing data awareness across multiple domains
US20040117546A1 (en) * 2002-12-11 2004-06-17 Makio Mizuno iSCSI storage management method and management system
US7103712B2 (en) 2002-12-11 2006-09-05 Hitachi, Ltd. iSCSI storage management method and management system
US7197489B1 (en) * 2002-12-31 2007-03-27 Emc Corporation Methods and apparatus for maintaining object data for components in a network
US20040210791A1 (en) * 2003-04-21 2004-10-21 Etsutaro Akagawa Medium for recording network management program, management computer and managing method
US20070214253A1 (en) * 2003-04-21 2007-09-13 Hitachi, Ltd. Fault notification based on volume access control information
US7234020B2 (en) 2003-04-21 2007-06-19 Hitachi, Ltd. Fault notification based on volume access control information
US7107328B1 (en) 2003-06-03 2006-09-12 Veritas Operating Corporation Storage area network (SAN) device logical relationships manager
US6839746B1 (en) * 2003-06-03 2005-01-04 Veritas Operating Corporation Storage area network (SAN) device logical relationships manager
US20050149748A1 (en) * 2003-12-19 2005-07-07 Spry Andrew J. Method and apparatus for identifying IPsec security policy in iSCSI
US7461140B2 (en) 2003-12-19 2008-12-02 Lsi Corporation Method and apparatus for identifying IPsec security policy in iSCSI
US7257730B2 (en) 2003-12-19 2007-08-14 Lsi Corporation Method and apparatus for supporting legacy mode fail-over driver with iSCSI network entity including multiple redundant controllers
US20050138466A1 (en) * 2003-12-19 2005-06-23 Spry Andrew J. Method and apparatus for supporting legacy mode fail-over driver with ISCSI network entity including multiple redundant controllers
US20050138418A1 (en) * 2003-12-19 2005-06-23 Spry Andrew J. Methods for defining and naming iSCSI targets using volume access and security policy
US7568216B2 (en) * 2003-12-19 2009-07-28 Lsi Logic Corporation Methods for defining and naming iSCSI targets using volume access and security policy
US20050198224A1 (en) * 2004-03-02 2005-09-08 Emiko Kobayashi Storage network system and control method thereof
EP1589411A3 (en) * 2004-04-20 2008-11-05 Hitachi, Ltd. Managing method for storing subsystem
US20050234941A1 (en) * 2004-04-20 2005-10-20 Naoki Watanabe Managing method for storage subsystem
US7548924B2 (en) * 2004-04-20 2009-06-16 Hitachi, Ltd. Managing method for storage subsystem
EP1589411A2 (en) * 2004-04-20 2005-10-26 Hitachi, Ltd. Managing method for storing subsystem
US20100011184A1 (en) * 2004-05-20 2010-01-14 Yasuyuki Mimatsu Management method and a management system for volume
US7610467B2 (en) 2004-05-20 2009-10-27 Hitachi, Ltd. Management method and a management system for volume
US8190847B2 (en) 2004-05-20 2012-05-29 Hitachi, Ltd. Management method and a management system for volume
US8006063B2 (en) 2004-05-20 2011-08-23 Hitachi, Ltd. Management method and a management system for volume
US20120210063A1 (en) * 2004-05-20 2012-08-16 Yasuyuki Mimatsu Management method and a management system for volume
US8850157B2 (en) * 2004-05-20 2014-09-30 Hitachi, Ltd. Management method and a management system for volume
EP1598737A2 (en) 2004-05-20 2005-11-23 Hitachi Ltd. A management method and a management system for a storage volume
US20080091816A1 (en) * 2004-05-20 2008-04-17 Hitachi, Ltd. Management method and a management system for volume
EP1598737A3 (en) * 2004-05-20 2008-06-04 Hitachi Ltd. A management method and a management system for a storage volume
US20060036786A1 (en) * 2004-08-13 2006-02-16 Barrett Kreiner Logical remapping of storage devices
US7861054B2 (en) * 2004-09-13 2010-12-28 Hitachi, Ltd. Method and system for controlling information of logical division in a storage controller
US7865688B2 (en) 2004-09-13 2011-01-04 Hitachi, Ltd. Method and system for controlling information of logical division in a storage controller
US20100122028A1 (en) * 2004-09-13 2010-05-13 Akira Fujibayashi Method and system for controlling information of logical division in a storage controller
US20060059307A1 (en) * 2004-09-13 2006-03-16 Akira Fujibayashi Storage system and information system using the storage system
US20060075470A1 (en) * 2004-10-06 2006-04-06 Toru Tanaka Storage network system and access control method
US7725601B2 (en) * 2004-10-12 2010-05-25 International Business Machines Corporation Apparatus, system, and method for presenting a mapping between a namespace and a set of computing resources
US20060080465A1 (en) * 2004-10-12 2006-04-13 Conzola Vincent C Apparatus, system, and method for presenting a mapping between a namespace and a set of computing resources
US20060109850A1 (en) * 2004-11-24 2006-05-25 Hitachi, Ltd. IP-SAN network access control list generating method and access control list setup method
US20060190522A1 (en) * 2005-02-18 2006-08-24 Mitsuhiro Nagata Method for controlling a computer
US9325678B2 (en) * 2005-04-25 2016-04-26 Samsung Electronics Co., Ltd. Apparatus and method for providing security service for guest network device in a network
US20060239452A1 (en) * 2005-04-25 2006-10-26 Samsung Electronics Co., Ltd. Apparatus and method for providing security service
US20060271579A1 (en) * 2005-05-10 2006-11-30 Arun Batish Storage usage analysis
US20070150939A1 (en) * 2005-12-22 2007-06-28 Jeffrey Aaron Methods, communication networks, and computer program products for selecting an endpoint and/or a midpoint path resource for traffic associated with a network element based on whether the network element can be trusted
US20070147262A1 (en) * 2005-12-22 2007-06-28 Jeffrey Aaron Methods, communication networks, and computer program products for storing and/or logging traffic associated with a network element based on whether the network element can be trusted
US20070195447A1 (en) * 2006-02-21 2007-08-23 Spectra Logic Corporation Optional data encryption by partition for a partitionable data storage library
US9158467B2 (en) * 2006-02-21 2015-10-13 Spectra Logic Corporation Optional data encryption by partition for a partitionable data storage library
US9570103B2 (en) 2006-02-21 2017-02-14 Spectra Logic Optional data encryption by partition for a partitionable data storage library
US10282137B2 (en) 2007-04-23 2019-05-07 Netapp, Inc. Uniquely naming storage devices in a global storage environment
US9134921B1 (en) * 2007-04-23 2015-09-15 Netapp, Inc. Uniquely naming storage devices in a global storage environment
US7562162B2 (en) 2007-04-25 2009-07-14 At&T Intellectual Property I, L.P. Systems and methods for distributed computing utilizing a smart memory apparatus
US7822824B2 (en) * 2007-06-06 2010-10-26 Hitachi, Ltd. Method for starting up file sharing system and file sharing device
US20080307065A1 (en) * 2007-06-06 2008-12-11 Hitachi, Ltd. Method for starting up file sharing system and file sharing device
US7925794B2 (en) 2007-08-17 2011-04-12 At&T Intellectual Property I, L.P. Systems and methods for localizing a network storage device
US20090049117A1 (en) * 2007-08-17 2009-02-19 At&T Bls Intellectual Property, Inc Systems and Methods for Localizing a Network Storage Device
US20090083484A1 (en) * 2007-09-24 2009-03-26 Robert Beverley Basham System and Method for Zoning of Devices in a Storage Area Network
US20090083423A1 (en) * 2007-09-26 2009-03-26 Robert Beverley Basham System and Computer Program Product for Zoning of Devices in a Storage Area Network
US7996509B2 (en) 2007-09-26 2011-08-09 International Business Machines Corporation Zoning of devices in a storage area network
EP2297921B1 (en) * 2008-07-10 2021-02-24 Juniper Networks, Inc. Network storage
US20120179776A1 (en) * 2011-01-12 2012-07-12 Fujitsu Limited Communication control apparatus, communication system, information processing apparatus, and communication control method
US8984088B2 (en) * 2011-01-12 2015-03-17 Fujitsu Limited Communication control apparatus, communication system, information processing apparatus, and communication control method
US9003140B2 (en) * 2011-08-22 2015-04-07 Fujitsu Limited Storage system, storage control apparatus, and storage control method
US20130054907A1 (en) * 2011-08-22 2013-02-28 Fujitsu Limited Storage system, storage control apparatus, and storage control method
US20140337847A1 (en) * 2011-10-25 2014-11-13 Fujitsu Technology Solutions Intellectual Property Gmbh Cluster system and method for executing a plurality of virtual machines
US10318194B2 (en) * 2014-10-02 2019-06-11 Hitachi Vantara Corporation Method and an apparatus, and related computer-program products, for managing access request in multi-tenancy environments
US9891845B2 (en) 2015-06-24 2018-02-13 International Business Machines Corporation Reusing a duplexed storage resource

Also Published As

Publication number Publication date
US20100115586A1 (en) 2010-05-06
US7676564B2 (en) 2010-03-09
US20060026263A1 (en) 2006-02-02
US8224947B2 (en) 2012-07-17
US20060026230A1 (en) 2006-02-02

Similar Documents

Publication Publication Date Title
US7676564B2 (en) Managing stored data on a computer network
US11418480B2 (en) Translating a network configuration request for a network control apparatus
US8312522B2 (en) Monitoring network traffic by using a monitor device
JP4311637B2 (en) Storage controller
US8346952B2 (en) De-centralization of group administration authority within a network storage architecture
US8024779B2 (en) Verifying user authentication
US10187275B2 (en) Monitoring network traffic by using event log information
US7185047B1 (en) Caching and accessing rights in a distributed computing system
US20200084097A1 (en) Blockchain-based configuration profile provisioning system
US8627410B2 (en) Dynamic radius
JP4698180B2 (en) Secure hierarchical namespace in peer-to-peer networks
US20080022120A1 (en) System, Method and Computer Program Product for Secure Access Control to a Storage Device
US20050192923A1 (en) Computer system for allocating storage area to computer based on security level
US20110202667A1 (en) Database Virtualization
MX2008015235A (en) Name challenge enabled zones.
JP4329412B2 (en) File server system
CN114363165A (en) Configuration method of electronic equipment, electronic equipment and server
JP4699768B2 (en) Storage system that distributes access load
US20040181600A1 (en) Method, apparatus and services for leasing volumes
US9560039B2 (en) Controlled discovery of SAN-attached SCSI devices and access control via login authentication
JP2007533033A (en) System and method for providing a proxy for a shared file system
CN114884728A (en) Security access method based on role access control token
US20060075470A1 (en) Storage network system and access control method
CN115150170B (en) Security policy configuration method, device, electronic equipment and storage medium
WO2025060984A1 (en) Cloud desktop login method, cloud desktop login device, and readable medium

Legal Events

Date Code Title Description
AS Assignment

Owner name: MICROSOFT CORPORATION, WASHINGTON

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:RAGHAVAN, KARTIK N.;PHILLIPS, THOMAS G.;RACIBORSKI, BOHDAN;REEL/FRAME:012999/0083;SIGNING DATES FROM 20020603 TO 20020605

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION

AS Assignment

Owner name: MICROSOFT TECHNOLOGY LICENSING, LLC, WASHINGTON

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:MICROSOFT CORPORATION;REEL/FRAME:034766/0001

Effective date: 20141014

点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载