摘要:
A computer system to prevent intervention and falsification by setting encrypted transfer between a host computer and a first storage device that provides a virtual volume and between the first storage device and second and third storage devices that provide a real volume corresponding to the virtual volume. A management computer specifies the second and third storage device that provide the real volume corresponding to the virtual volume by providing a volume corresponding to the virtual volume used by a host computer in which encrypted transfer becomes necessary, and setting the encrypted transfer to communication between the first storage device and the second and third storage devices, makes a reconnection thereof, and also sets the encrypted transfer to an I/O port used for the communication with the host computer in the first storage device.
摘要:
The present invention provides secure IP protocol capable storage devices using Virtual Local Area Network (VLAN) techniques. Specific embodiments of the present invention provide techniques for securing VLAN aware storage devices, and the like. In specific embodiments, techniques according to the present invention can provide Internet data centers that are responsible for keeping their customer's computers and storages safe and secure with the capability to strictly separate LAN access for different customers using VLAN (virtual LAN) technology.
摘要:
The present invention provides techniques for creation, operation, management, and access control of network-based storage services. Specific embodiments provide improved efficiency of the service management tasks used for designing, operating and accounting the robust and profitable network services, for example. In representative embodiments, techniques for constructing integrated network and storage services are provided. In a specific embodiment, the service comprises of three major service components: virtual private networks (VPN), application servers and storage area networks (SAN). Each of these service components has its own customer identification information, such as VPN identifier for VPN services, process identifier for application servers and logical unit number (LUN) for storage devices.
摘要:
Disclosed is a method for setting virtual volume groups in a storage network system. The system includes a lower storage apparatus, host computers, an upper storage apparatus, and an administrative server. The method for setting virtual volume groups, executed by the administrative server, includes the steps of acquiring information on the real volumes, and port information on the physical devices in which the real volumes reside, creating virtual volumes being linked to the real volumes, based on the information on the real volumes, forming one or more virtual volume groups by combining the virtual volumes, based on the port information, in such a way that a relation between the virtual volumes and the virtual volume group are identical to a relation between the real volumes and the physical devices, and establishing the created virtual volume groups in the upper storage apparatus.
摘要:
In order to remove security vulnerability in an IP-SAN and eliminate unauthorized access by spoofing, firewalls are installed in valid user servers and storage devices, and a distributed firewall manager for managing the firewalls integrally is provided in the IP-SAN. The distributed firewall manager obtains discovery domain information from an iSNS server, determines nodes registered in the iSNS server as the nodes of valid users, and autocreates a security policy according to sets consisting of an iSCSI name and portal information. This security policy is distributed to all of the firewalls as a common policy, whereupon access control is executed to deny TCP connection requests from unauthorized access sources.
摘要:
Disclosed is to prevent deterioration in I/O performance of a computer resulted from a use of the same physical disk among different logical volumes. A volume management server 1010 groups together logical volumes which use the same physical disk of a storage device 1020 as a volume group and allocates a storage area on the physical disk to be used on a priority basis by this volume group to the volume group, and thereby a physical arrangement according to a present physical arrangement of the logical volume can be performed when an automatic expansion of the logical volume is performed thereafter so that the I/O performance deterioration of the computer caused by a mutual interference is avoided at the time of access from the computer 1030 to the storage device 1020.
摘要:
A check rule for assuring system security is generated. A communication information monitoring apparatus includes a pseudo-client, a monitoring unit, and a unification unit. The pseudo-client transmits a request message containing a trace value as a parameter to a web application and analyzes a response message returned from the web application. The monitoring unit monitors whether the trace value transmitted by the pseudo-client is used in various positions in the system. The unification unit generates a check rule according to the processing result of the pseudo-client and the monitoring unit and a check policy registered in advance. The check policy contains the parameter use purpose and the process for the check processing.
摘要:
The invention provides a management system solving the problems of the storage area network shared among plural devices, which was incapable of guaranteeing communication performances due to varied response time, and which required unstable time for accessing volumes. The storage area network management system comprises plural information processing devices 21, plural storage devices 41, a network with plural network equipments 31 to which is configured a network bandwidth used for communication between information processing devices 21 and storage devices 41, and a management device 1, wherein management device 1 comprises a data storage device 10 for storing a connection structure information and a performance information of paths of the network equipments 31 and a performance information and a capacity information of storage devices 41, and a storage selection means 13 for selecting a storage device 41 for allocating a volume to information processing device 21, and upon allocating a volume to information processing device 21, storage selection means 13 selects, based on the information stored in data storage device 10, storage device 41 fulfilling the performance and the volume capacity required by information processing device 21 and also having on its path network equipment 31 to which is configured the network bandwidth required for the communication with information processing device 21.
摘要:
The addition of IT resources is suppressed smaller when a service area of a content distribution system is expanded. Individual clients 8 have a storage 85, a registration means which registers a part or all of the storage 85 in a local server 6 as a resource pool, and a requesting means which sends a distribution request for contents to the local server 6. The local server 6 has a storing means which stores a resource pool management table and a content management table, a request accepting means which accepts a distribution request for contents from the individual clients 8, a specifying means which specifies the resource pool storing the contents, a distribution instructing means which sends a distribution instruction for the contents to the client 8 having the specified resource pool.
摘要:
In a data center architecture or the like, the present invention provides a method for setting up hosting environments concurrently by loading a boot image by means of network boot or the like, allowing for fast booting even with a large boot image, while preserving security. A boot image is divided into a plurality of parts. Computer resources have their public keys stored in their BIOS ROMs and e-signatures are attached to the boot image parts with a private key corresponding to one of the public keys. Also, priority levels in e-signature verification are assigned to the boot image parts. A boot instruction includes priority level setting. Only for boot image parts with that priority level or higher, e-signature verification is performed. By this manner, booting can be performed faster than booting involving verification of the e-signature to a whole boot image.