Electrical computers and digital processing systems: memory – Storage accessing and control – Control technique
Reexamination Certificate
1999-02-12
2001-09-18
Yoo, Do Hyun (Department: 2185)
Electrical computers and digital processing systems: memory
Storage accessing and control
Control technique
C711S112000, C711S114000
Reexamination Certificate
active
06292876
ABSTRACT:
FIELD OF THE INVENTION
The present invention relates to networked computer systems, and more particularly, to a method for providing access protection for SCSI storage devices.
BACKGROUND OF THE INVENTION
Storage systems based on disks, tapes, or disk arrays attached to a shared communication channel such as a SCSI (small computer system interface) bus, FibreChannel, or SSA are commonly used in computer systems. The SCSI protocol was originally implemented as a protocol for communication between a single host computer and a number of peripheral devices on a SCSI bus. Hence, there was no need for security protocols of the types used in networks on the on the SCSI bus.
Recently, devices that communicate by the SCSI protocol and service multiple host computers via a bus utilizing the SCSI protocol have become common. For example, RAID systems consisting of a number of disk drives connected to a RAID controller are used to provide error tolerant storage systems. The RAID controller is connected to a bus utilizing a SCSI communications protocol that can be accessed by multiple host computers in some systems. The RAID controller looks like a single disk drive that is connected to the other computers in the system by a SCSI bus. Each computer accessing the RAID controller utilizes the SCSI protocol and sees the RAID system as a single disk connected thereto. If the host systems do not coordinate their reading and writing activities, the data stored on the RAID system can become corrupted. In addition, security considerations often require that the level of access be varied according to the host utilizing the device.
This type of security problem is well-known in networked computer systems. Such systems include many protocols that provide various levels of access protection for data stored on a server. The server software implements the security protocols. For example, each file on the server can be provided with individualized security, which restricts reading to a first group of hosts and writing to a second group of hosts. Unfortunately, there is no method for implementing such procedures on a shared SCSI bus because of the limited communication protocols implemented in the SCSI protocol.
In principle, more complex protection schemes could be implemented within the framework of the storage devices themselves using an extension of the existing SCSI protocol. Unfortunately, these protocols cannot be extended to include other functions without complex negotiations inside the standards organization that define the SCSI protocols.
In principle, a non-standard protocol can be implemented to provide extended protection at the device level by utilizing a non-standard SCSI protocol and altering the relevant drivers in all of the hosts and devices that access the SCSI bus. Unfortunately, the owner of the SCSI bus may not have access to all of the possible hosts, and hence, the altered protocols will prevent the unaltered SCSI drivers from accessing data on the SCSI bus.
Broadly, it is the object of the present invention to provide an improved data protection protocol that can be implemented within the existing SCSI without requiring formal extension of the SCSI protocols by the relevant standards committees.
It is a further object of the present invention to provide an improved data protection protocol that can operate in the SCSI framework without requiring all hosts and devices to be modified.
These and other objects of the present invention will become apparent to those skilled in the art from the following detailed description of the invention and the accompanying drawings.
SUMMARY OF THE INVENTION
The present invention is an improved method for operating a storage system based on a SCSI communication protocol. In general, the storage system has a data storage medium for storing information and a controller for receiving and generating messages on a communication bus executing a SCSI communication protocol. The controller responds to first and second classes of messages, each message including data specifying a source device that sends the message and a destination device to receive information generated by the message. The first class of messages includes read/write requests directed to a mode page in the storage system, and the second class of messages includes read/write requests specifying an address in the storage system at which data is to be read or written. In a storage system according to the present invention, a virtual mode page is provided for each possible device on the communication bus. The virtual page includes a region of the storage medium reserved for that device. The region includes a first address range for communicating data from the controller to that device. The controller responds to one of said write message of the first class by placing information in the first address range of the virtual mode page corresponding to the source device identified in that message. In addition, the controller stores information enabling at least one of the devices to read information not available on a device that has not sent a message of the first class to the controller. The enabling information is stored in response to data in one of the write messages of the first class. In one embodiment of the invention, a default access mode is provided for responding to read or write messages of the second class from one of the devices on the communication bus that has not previously sent one of the write messages of the first class to the controller. The default access mode provides limited access to data stored in the storage system.
REFERENCES:
patent: 5122873 (1992-06-01), Golin
patent: 5416847 (1995-05-01), Boze
patent: 5469564 (1995-11-01), Junya
patent: 5613068 (1997-03-01), Gregg et al.
patent: 5617333 (1997-04-01), Oyamada et al.
patent: 6073218 (2000-06-01), DeKoning
patent: 6081895 (2000-06-01), Harrison
Hewlett-Packard Co
McLean Kimberly
Yoo Do Hyun
LandOfFree
Method for providing access protection for SCSI storage devices does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method for providing access protection for SCSI storage devices, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method for providing access protection for SCSI storage devices will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2473934