-
公开(公告)号:US08335850B2
公开(公告)日:2012-12-18
申请号:US12192466
申请日:2008-08-15
IPC分类号: G06F15/173
CPC分类号: G06F21/6218 , H04L67/1097
摘要: Methods and devices are provided for role-based access control of network devices. The network devices may constitute the fabric of a storage area network (“SAN”) that has been logically partitioned into virtual storage area networks (“VSANs”) that are allocated to various administrators. Roles assigned according to preferred aspects of the invention do not need to be hierarchical, but are customized according to administrators' needs.
摘要翻译: 为网络设备的角色访问控制提供了方法和设备。 网络设备可以构成已经被逻辑划分成分配给各种管理员的虚拟存储区域网络(VSAN)的存储区域网络(SAN)的结构。 根据本发明的优选方面分配的角色不需要是分级的,而是根据管理员的需要进行定制。
-
公开(公告)号:US08098595B2
公开(公告)日:2012-01-17
申请号:US12555768
申请日:2009-09-08
IPC分类号: H04L12/28
CPC分类号: H04L41/0879 , H04L41/00 , H04L41/0803 , H04L45/00
摘要: A storage area network and method for defining a static Fibre Channel Fabric that does not require a Principal Switch. The storage area network comprises one or more hosts, one or more storage devices, and a static Fabric connecting the one or more hosts and storage devices. Within the static Fabric, the Switches have their Domain_ID and Fabric_Name statically set. The method comprises accessing the Fabric, selecting a Switch in the Fabric, and statically configuring the Domain_ID and Fabric_Name for the selected Switch. The above sequence is repeated for each Switch in the static Fabric. In one embodiment, after being statically configured, the Switch is isolated from any dynamically set Switches in the Fabric. The Switch detects which of its Ports are connected to dynamically set Switches, and then isolates them, while maintaining operational the Ports connected to statically configured Switches.
摘要翻译: 用于定义不需要主交换机的静态光纤通道结构的存储区域网络和方法。 存储区域网络包括一个或多个主机,一个或多个存储设备和连接一个或多个主机和存储设备的静态Fabric。 在静态Fabric中,交换机的Domain_ID和Fabric_Name静态设置。 该方法包括访问Fabric,选择Fabric中的Switch,并静态配置所选Switch的Domain_ID和Fabric_Name。 对静态Fabric中的每个交换机重复上述顺序。 在一个实施例中,在静态配置之后,交换机与Fabric中任何动态设置的交换机隔离。 交换机检测到哪个端口连接到动态设置的交换机,然后隔离它们,同时保持端口连接到静态配置的交换机的操作。
-
23.发明授权Apparatus and method for preventing disruption of fibre channel fabrics caused by reconfigure fabric (RCF) messages 有权用于防止由重新配置结构(RCF)消息引起的光纤通道结构中断的设备和方法公开(公告)号:US07821969B2
公开(公告)日:2010-10-26
申请号:US12049932
申请日:2008-03-17
IPC分类号: H04L12/28
CPC分类号: H04Q11/0005 , H04Q2011/0039
摘要: An apparatus and method for preventing the disruption of Fibre Channel Fabrics caused by ReConfigure Fabric (RCF) messages is disclosed. The apparatus includes a storage area network and a plurality of Fibre Channel Switches arranged in a Fabric. Each of the plurality of Switches includes logic to selectively configure their Ports to either reject or accept RCF messages. When configured to reject RCF messages, the Switch Port that receives an RCF message will generate a reject message along with a reason code explanation “E_Port Isolated”, and then transition into an Isolated state. When the Switch that generated the RCF message receives the reject message, its Port also transition into the Isolated state. In accordance with the method of the present invention, either a Storage Service Provider or a client can access the Switches of the Fabric through either a command line interpreter or a management application. Once access to the Fabric is established, the logic of the Ports of the Switches can be selectively configured to reject or accept RCF messages as described above.
摘要翻译: 公开了一种用于防止由ReConfigure Fabric(RCF)消息引起的光纤通道结构中断的设备和方法。 该装置包括存储区域网络和布置在织物中的多个光纤通道交换机。 多个开关中的每一个包括用于选择性地配置其端口以拒绝或接受RCF消息的逻辑。 当配置为拒绝RCF消息时,接收RCF消息的交换机端口将生成拒绝消息以及原因代码说明“E_Port Isolated”,然后转换到隔离状态。 当生成RCF消息的交换机接收到拒绝消息时,其端口也转换到隔离状态。 根据本发明的方法,存储服务提供商或客户端可以通过命令行解释器或管理应用程序访问结构的交换机。 一旦建立了对Fabric的访问,交换机端口的逻辑可以有选择地配置为拒绝或接受RCF消息,如上所述。
-
24.发明授权Apparatus and method for preventing disruption of fibre channel fabrics caused by ReConfigure Fabric (RCF) messages 有权用于防止由ReConfigure Fabric(RCF)消息引起的光纤通道结构中断的设备和方法公开(公告)号:US07808924B2
公开(公告)日:2010-10-05
申请号:US10155698
申请日:2002-05-24
IPC分类号: H04L12/28
CPC分类号: H04Q11/0005 , H04Q2011/0039
摘要: An apparatus and method for preventing the disruption of Fiber Channel Fabrics caused by ReConfigure Fabric (RCF) messages is disclosed. The apparatus includes a storage area network and a plurality of Fiber Channel Switches arranged in a Fabric. Each of the plurality of Switches includes logic to selectively configure their Ports to either reject or accept RCF messages. When configured to reject RCF messages, the Switch Port that receives an RCF message will generate a reject message along with a reason code explanation “E_Port Isolated”, and then transition into an Isolated state. When the Switch that generated the RCF message receives the reject message, its Port also transition into the Isolated state. In accordance with the method of the present invention, either a Storage Service Provider or a client can access the Switches of the Fabric through either a command line interpreter or a management application. Once access to the Fabric is established, the logic of the Ports of the Switches can be selectively configured to reject or accept RCF messages as described above.
摘要翻译: 公开了一种用于防止由ReConfigure Fabric(RCF)消息引起的光纤通道结构中断的设备和方法。 该装置包括存储区域网络和布置在织物中的多个光纤通道交换机。 多个开关中的每一个包括用于选择性地配置其端口以拒绝或接受RCF消息的逻辑。 当配置为拒绝RCF消息时,接收RCF消息的交换机端口将生成拒绝消息以及原因代码说明“E_Port Isolated”,然后转换到隔离状态。 当生成RCF消息的交换机接收到拒绝消息时,其端口也转换到隔离状态。 根据本发明的方法,存储服务提供商或客户端可以通过命令行解释器或管理应用程序访问结构的交换机。 一旦建立了对Fabric的访问,交换机端口的逻辑可以有选择地配置为拒绝或接受RCF消息,如上所述。
-
公开(公告)号:US20080320143A1
公开(公告)日:2008-12-25
申请号:US12192466
申请日:2008-08-15
IPC分类号: G06F15/173 , G06F15/177
CPC分类号: G06F21/6218 , H04L67/1097
摘要: Methods and devices are provided for role-based access control of network devices. The network devices may constitute the fabric of a storage area network (“SAN”) that has been logically partitioned into virtual storage area networks (“VSANs”) that are allocated to various administrators. Roles assigned according to preferred aspects of the invention do not need to be hierarchical, but are customized according to administrators' needs.
摘要翻译: 为网络设备的角色访问控制提供了方法和设备。 网络设备可以构成已经被逻辑划分成分配给各种管理员的虚拟存储区域网络(“VSAN”)的存储区域网络(“SAN”)的结构。 根据本发明的优选方面分配的角色不需要是分级的,而是根据管理员的需要进行定制。
-
公开(公告)号:US08914858B2
公开(公告)日:2014-12-16
申请号:US13107521
申请日:2011-05-13
CPC分类号: H04L63/123 , H04L9/0838 , H04L9/3239 , H04L63/12
摘要: Methods and apparatus are provided for improving both node-based and message-based security in a fiber channel network. Entity to entity authentication and key exchange services can be included in existing initialization messages used for introducing fiber channel network entities into a fiber channel fabric, or with specific messages exchanged over an already initialized communication channel. Both per-message authentication and encryption mechanisms can be activated using the authentication and key exchange services. Messages passed between fiber channel network entities can be encrypted and authenticated using information provided during the authentication sequence. Security services such as per-message authentication, confidentiality, integrity protection, and anti-replay protection can be implemented.
摘要翻译: 提供了用于改进光纤通道网络中的基于节点和基于消息的安全性的方法和装置。 可以将实体认证和密钥交换服务的实体包括在用于将光纤信道网络实体引入光纤信道结构的现有初始化消息中,或者通过已经初始化的通信信道交换的特定消息。 可以使用认证和密钥交换服务来激活每消息认证和加密机制。 在光纤通道网络实体之间通过的消息可以使用在认证序列期间提供的信息进行加密和认证。 可以实现诸如每消息认证,机密性,完整性保护和反重放保护等安全服务。
-
公开(公告)号:US08243746B2
公开(公告)日:2012-08-14
申请号:US12658022
申请日:2010-02-01
申请人: Marco Di Benedetto
发明人: Marco Di Benedetto
CPC分类号: H04L49/357 , H04L45/026 , H04L49/351
摘要: In one embodiment, a method includes defining a virtual node port proxy and virtual fabric port proxies at a Fiber Channel over Ethernet (FCoE) bridge, the virtual node port proxy in communication with an FCoE forwarder, each of the virtual fabric port proxies in communication with an FCoE node in an FCoE network. The method further includes proxying FCoE Initialization Protocol (FIP) functions between the FCoE nodes and the FCoE forwarder at the FCoE bridge. An apparatus is also disclosed.
摘要翻译: 在一个实施例中,一种方法包括在以太网光纤通道(FCoE)网桥上定义虚拟节点端口代理和虚拟结构端口代理,虚拟节点端口代理与FCoE转发器通信,每个虚拟结构端口代理在通信中 FCoE网络中的FCoE节点。 该方法还包括代理FCoE节点与FCoE桥上的FCoE转发器之间的FCoE初始化协议(FIP)功能。 还公开了一种装置。
-
公开(公告)号:US20110219438A1
公开(公告)日:2011-09-08
申请号:US13107521
申请日:2011-05-13
IPC分类号: G06F21/20
CPC分类号: H04L63/123 , H04L9/0838 , H04L9/3239 , H04L63/12
摘要: Methods and apparatus are provided for improving both node-based and message-based security in a fibre channel network. Entity to entity authentication and key exchange services can be included in existing initialization messages used for introducing fibre channel network entities into a fibre channel fabric, or with specific messages exchanged over an already initialized communication channel. Both per-message authentication and encryption mechanisms can be activated using the authentication and key exchange services. Messages passed between fibre channel network entities can be encrypted and authenticated using information provided during the authentication sequence. Security services such as per-message authentication, confidentiality, integrity protection, and anti-replay protection can be implemented.
摘要翻译: 提供了用于改进光纤通道网络中的基于节点和基于消息的安全性的方法和装置。 可以将实体认证和密钥交换服务的实体包括在用于将光纤信道网络实体引入光纤信道结构的现有初始化消息中,或者通过已经初始化的通信信道交换的特定消息。 可以使用认证和密钥交换服务来激活每消息认证和加密机制。 在光纤通道网络实体之间通过的消息可以使用在认证序列期间提供的信息进行加密和认证。 可以实现诸如每消息认证,机密性,完整性保护和反重放保护等安全服务。
-
公开(公告)号:US20110188511A1
公开(公告)日:2011-08-04
申请号:US12658022
申请日:2010-02-01
申请人: Marco Di Benedetto
发明人: Marco Di Benedetto
IPC分类号: H04L12/56
CPC分类号: H04L49/357 , H04L45/026 , H04L49/351
摘要: In one embodiment, a method includes defining a virtual node port proxy and virtual fabric port proxies at a Fibre Channel over Ethernet (FCoE) bridge, the virtual node port proxy in communication with an FCoE forwarder, each of the virtual fabric port proxies in communication with an FCoE node in an FCoE network. The method further includes proxying FCoE Initialization Protocol (FIP) functions between the FCoE nodes and the FCoE forwarder at the FCoE bridge. An apparatus is also disclosed.
摘要翻译: 在一个实施例中,一种方法包括在以太网光纤通道(FCoE)网桥上定义虚拟节点端口代理和虚拟结构端口代理,虚拟节点端口代理与FCoE转发器通信,每个虚拟结构端口代理在通信中 FCoE网络中的FCoE节点。 该方法还包括代理FCoE节点与FCoE桥上的FCoE转发器之间的FCoE初始化协议(FIP)功能。 还公开了一种装置。
-
-
-
-
-
-
-
-
搜索结果
29 条记录 (耗时 0.022 秒)
