Data processing: database and file management or data structures – Database design – Data structure types
Reexamination Certificate
2000-06-27
2002-11-19
Amsbury, Wayne (Department: 2171)
Data processing: database and file management or data structures
Database design
Data structure types
Reexamination Certificate
active
06484173
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
This application relates to the field of computer data storage and more particularly to the field of configuring control system call access to data storage devices.
2. Description of Related Art
Host systems may store and retrieve data using a data storage device containing a plurality of host interface units (ports) that communicate with and store and retrieve data on internal storage facilities provided within the data storage device. Such data storage devices are provided, for example, by EMC Corporation of Hopkinton, Mass. and disclosed in U.S. Pat. No. 5,206,939 to Yanai et al., U.S. Pat. No. 5,778,394 to Galtzur et al., U.S. Pat. No. 5,845,147 to Vishlitzky et al., and U.S. Pat. No. 5,857,208 to Ofek.
The host systems may be assigned limited access to specific portions of the internal storage facilities, where that access may include reading and writing data and “system calls” that cause the data storage device to execute administrative-like operations (e.g., automatic mirroring, copying, back up). The system calls do not directly read and write data. However, even so, system calls may cause one of the user host systems to indirectly access data allocated to another one of the host systems. In addition, remote system calls may be issued to a storage element through a remote storage device (e.g., in a disaster recovery situation) or through a fabric port.
The use of system calls which may provide one host system with unintended indirect access to a memory resource allocated to another host system may not be a problem if all host systems and the entire storage device are controlled by a single entity (i.e., are all owned and operated by a single company) that is capable of coordinating access among different groups within the entity. However, in instances where not all of the host systems are controlled by a single entity (e.g., in instances where a plurality of different smaller companies share use of a single data storage device) and in instances where different groups of the same entity access the host systems in an uncoordinated manner, it may be undesirable to allow such indirect access of internal storage facilities using system calls, especially in instances where the data storage device contains sensitive data of one or more of the entities and/or groups within a single entity. Furthermore, in configurations where a storage device is coupled to additional storage devices to provide backup services therefor, it may be undesirable to allow unintended access to data via system calls.
SUMMARY OF THE INVENTION
According to the present invention, controlling a data storage device includes providing at least one requestor group that accesses the storage device, providing at least one pool of devices of the data storage device, providing a plurality of access types, and determining if a request by a requestor of the at least one requestor group is permitted for a device of the at least one pool of devices, where the device is an object of the request. The access types may include at least one of mirroring, copying, back up, splitting, and tracking system calls. The access types may further include reading data and writing data. The at least one group and the at least one pool may include at least one of logical units having unique ID numbers and physical units. The at least one pool may include at least one of: communication ports of the data storage device and portions of memory of the data storage device. The pool may include communication ports and the access rights that indicate whether system calls are allowed on the communication ports. The pool may include portions of the memory and the access rights indicate at least one of: read and write access to the sections.
According further to the present invention, controlling access to a data storage device includes providing a requestor identification number for each requestor having access to the data storage device, where the identification number uniquely identifies each requestor, partitioning memory of the data storage device into a plurality of memory segments and defining an identification number for each of the segments, providing a plurality of request types including at least one of: read, write, mirroring, copying, back up, splitting, and tracking system calls, and allowing a requestor a selected type of request access to a selected one of the plurality of memory segments only if a database of requestor identification numbers indicates that the selected type of request to the selected memory segment is allowable according to the requestor identification number. Controlling access may also include issuing an access request denied indication if the database indicates that the identification number is not allowed the specified type of access to the specified memory segment. An override memory location may store one of: a pass override condition, a reject override condition and no override condition. The override memory location may be checked before examining the database, and, if a pass override condition is stored therein, the request may be allowed. A value stored in the override memory location may revert to the no override condition after a specified time period. The specified time period may be thirty minutes. The override memory location may be checked before examining the database, and, if a reject override condition is stored therein, the request may be denied. The plurality of memory segments may be grouped into pools of devices and allowing a requestor a selected type of request access may include examining a particular one of the pools of devices corresponding to the selected memory segment.
According further to the present invention, controlling access to a data storage device includes providing at least one group of requestor devices from a plurality of requestor devices that access the data storage device by issuing requests for at least one of: reading data in a specified portion of the data storage device, writing data into a specified portion of the data storage device, backing up data from a specified portion of the data storage device, mirroring data, copying data from a specified portion of the data storage device, splitting volumes of the data storage device, and tracking changes to volumes of the data storage device, providing a plurality of pools of memory resources from a plurality of individual addressable memory resources of the data storage device, and, prior to accessing the memory, providing control logic for the data storage device to determine whether a request from one of the plurality of requestor devices for access to at least one of the plurality of pools of memory resources is permissible. An override memory location may store one of: a pass override condition, a reject override condition and no override condition. The override memory location may be checked before examining the database, and, if a pass override condition is stored therein, the request may be allowed. A value stored in the override memory location may revert to the no override condition after a specified time period. The specified time period may be thirty minutes. The override memory location may be checked before examining the database, and, if a reject override condition is stored therein, the request may be denied. An access level for a group corresponding to the requestor may be set to provide a lower access level than an access level set for any member of the group of requestors. The access level of the group may be examined before the access level of the requestor and, if access for the group is allowed, no check may be made on the access level of the requestor. A pool of memory resources may allow more access than an access level set for any member of the pool. The access level of the pool may be examined before the access level of the memory segment, and if access for the pool is not allowed, no check may be made on the access level of the memory segment.
According further to the present invention, controlling access to a data storage device includ
Garrett Brian
O'Hare Jeremy
Al-Hashemi Sana
Amsbury Wayne
Choate Hall & Stewart
EMC Corporation
LandOfFree
Controlling access to a storage device does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Controlling access to a storage device, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Controlling access to a storage device will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2915988