摘要:
According to the present invention, techniques for performing security functions in computer storage subsystems in order to prevent illegal access by the host computers according to logical unit (LU) identity are provided. In representative embodiments management tables can be used to disclose the Logical Unit in the storage subsystem to the host computers in accordance with the users operational needs. In a specific embodiment, accessibility to a storage subsystem resource can be decided when an Inquiry Command is received, providing systems and apparatus wherein there is no further need to repeatedly determine accessibility for subsequent accesses to the Logical Unit. Many such embodiments can maintain relatively high performance, while providing robust security for each LU.
摘要:
During recovery of a master system, a mismatch between data in the master system and that in a backup system is obviated quickly to shorten time consumed before resumption of operation of the master system. The backup system controls, as second difference information, update data generated over a substitute operation period between occurrence of a disabled state of the master system and recovery thereof and when the master system is enabled to operate, a range of addition of first difference information inside the master system and the second difference information or only a range of the second difference information is copied to the master system to eliminate the data mismatch.
摘要:
When an active data copy process relative to a logical storage device is performed without involving a computer, an access permission/rejection of the computer to the logical storage device is checked by referring to a correspondence between WWN of the computer and a logical storage device identifier LUN to thereby determine whether an access to a copy source logical storage device and a copy destination logical storage device is permitted or not. It is therefore possible to prevent an outflow of illegal data from a storage subsystem to be caused by an active copy instruction command.
摘要:
When a bus is used as a data communication channel, data within a disk unit cannot be reproduced or copied into a spare disk while a control unit is making read/write processing based on a request from a host computer, or vice versa. Thus, a loop is constructed by a fiber channel capable of time division multiplex function, and the processing between the disk unit and the spare is performed not through the control unit so that the data within the disk can be copied into the spare while the processing between the host computer and the disk unit is being performed, or both processing operations can be executed in parallel.
摘要:
Two data centers located in the vicinity are connected using a synchronous transfer copy function, and one of the data centers is coupled with a third data center disposed at a remote location by an asynchronous remote copying function. The order whereat a storage sub-system located in the vicinity has received data from a host is consistently guaranteed, and the third data center holds the data. Further, each storage sub-system includes a function whereby, during normal operation, data can be exchanged and the data update state can be obtained by the storage sub-systems located in the two data centers that do not directly engage in data transmission.
摘要:
Two data centers located in the vicinity are connected using a synchronous transfer copy function, and one of the data centers is coupled with a third data center disposed at a remote location by an asynchronous remote copying function. The order whereat a storage sub-system located in the vicinity has received data from a host is consistently guaranteed, and the third data center holds the data. Further, each storage sub-system includes a function whereby, during normal operation, data can be exchanged and the data update state can be obtained by the storage sub-systems located in the two data centers that do not directly engage in data transmission.
摘要:
According to the present invention, techniques for performing security functions in computer storage subsystems in order to prevent illegal access by the host computers according to logical unit (LU) identity are provided. In representative embodiments management tables can be used to disclose the Logical Unit in the storage subsystem to the host computers in accordance with the users operational needs. In a specific embodiment, accessibility to a storage subsystem resource can be decided when an Inquiry Command is received, providing systems and apparatus wherein there is no further need to repeatedly determine accessibility for subsequent accesses to the Logical Unit. Many such embodiments can maintain relatively high performance, while providing robust security for each LU.
摘要:
Tables (FIGS. 11 and 12) for stipulating information (WWN: WorldWide Name) for primarily identifying computers, information (GID: Group ID) for identifying a group of the computers and a logical unit number (LUN) permitting access from the host computer inside storage subsystem, in accordance with arbitrary operation method by a user, and for giving them to host computer. The invention uses management table inside the storage subsystem and gives logical unit inside storage subsystem to host computer group arbitrarily grouped by a user in accordance with the desired form of operation of the user, can decide access approval/rejection to the logical unit inside the storage subsystem in the group unit and at the same time, can provide the security function capable of setting interface of connection in the group unit under single port of storage subsystem without changing existing processing, limitation and other functions of computer.
摘要:
The present invention provides a method, a system and code for backing up information on a storage system, for example, a disk system, connected to a storage area network. The host or server system off loads the task of backing up its data to the storage system that stores the data. In an exemplary embodiment a server sends an E-copy command to a disk system. Next, the disk system finds an available back-up device, for example, a tape or DLT library, and then backs-up the information indicated in the E-copy command to the back-up device. A user interface is provided so that one or more path groups, comprising at least a target port and an initiator port, on a disk system may be designated.
摘要:
According to the present invention, techniques for performing security functions in computer storage subsystems in order to prevent illegal access by the host computers according to logical unit (LU) identity are provided. In representative embodiments management tables can be used to disclose the Logical Unit in the storage subsystem to the host computers in accordance with the users operational needs. In a specific embodiment, accessibility to a storage subsystem resource can be decided when an Inquiry Command is received, providing systems and apparatus wherein there is no further need to repeatedly determine accessibility for subsequent accesses to the Logical Unit. Many such embodiments can maintain relatively high performance, while providing robust security for each LU.