公开(公告)号：US07519768B2

公开(公告)日：2009-04-14

申请号：US11320964

申请日：2005-12-30

申请人： Atsushi Ueoka ,  Takeshi Ishizaki ,  Yasunori Kaneda ,  Masayuki Yamamoto

发明人： Atsushi Ueoka ,  Takeshi Ishizaki ,  Yasunori Kaneda ,  Masayuki Yamamoto

IPC分类号： G06F12/00

CPC分类号： H04L63/0428 ,  G06F3/0605 ,  G06F3/0623 ,  G06F3/0631 ,  G06F3/0665 ,  G06F3/067 ,  H04L63/20

摘要： A computer system to prevent intervention and falsification by setting encrypted transfer between a host computer and a first storage device that provides a virtual volume and between the first storage device and second and third storage devices that provide a real volume corresponding to the virtual volume. A management computer specifies the second and third storage device that provide the real volume corresponding to the virtual volume by providing a volume corresponding to the virtual volume used by a host computer in which encrypted transfer becomes necessary, and setting the encrypted transfer to communication between the first storage device and the second and third storage devices, makes a reconnection thereof, and also sets the encrypted transfer to an I/O port used for the communication with the host computer in the first storage device.

摘要翻译： 一种计算机系统，用于通过在主计算机与提供虚拟卷的第一存储设备之间以及提供与虚拟卷相对应的实际卷的第一存储设备与第二和第三存储设备之间设置加密传输来防止干预和伪造。 管理计算机通过提供与由主计算机使用的虚拟卷相对应的卷来提供与虚拟卷相对应的实际卷的第二和第三存储设备，其中需要加密传输，并且将加密传输设置为 第一存储装置和第二和第三存储装置进行重新连接，并且还将加密的传送设置为用于与第一存储装置中的主计算机进行通信的I / O端口。

公开(公告)号：US20080225755A1

公开(公告)日：2008-09-18

申请号：US12060164

申请日：2008-03-31

申请人： Takeshi Ishizaki

发明人： Takeshi Ishizaki

IPC分类号： H04L12/28

CPC分类号： H04L12/4675 ,  H04L12/4645 ,  H04L12/467 ,  H04L12/4679

摘要： The present invention provides secure IP protocol capable storage devices using Virtual Local Area Network (VLAN) techniques. Specific embodiments of the present invention provide techniques for securing VLAN aware storage devices, and the like. In specific embodiments, techniques according to the present invention can provide Internet data centers that are responsible for keeping their customer's computers and storages safe and secure with the capability to strictly separate LAN access for different customers using VLAN (virtual LAN) technology.

摘要翻译： 本发明提供使用虚拟局域网（VLAN）技术的安全IP协议存储设备。 本发明的具体实施例提供了用于保护VLAN感知存储设备的技术等。 在具体实施例中，根据本发明的技术可以提供负责保持客户的计算机和存储安全和安全的因特网数据中心，其能够使用VLAN（虚拟LAN）技术来严格地分离不同客户的LAN接入。

公开(公告)号：US07379987B2

公开(公告)日：2008-05-27

申请号：US09964129

申请日：2001-09-25

申请人： Takeshi Ishizaki ,  Shigeru Miyake

发明人： Takeshi Ishizaki ,  Shigeru Miyake

IPC分类号： G06F15/173

CPC分类号： H04L41/082 ,  H04L12/4641 ,  H04L12/4675 ,  H04L41/5035 ,  H04L41/5061

摘要： The present invention provides techniques for creation, operation, management, and access control of network-based storage services. Specific embodiments provide improved efficiency of the service management tasks used for designing, operating and accounting the robust and profitable network services, for example. In representative embodiments, techniques for constructing integrated network and storage services are provided. In a specific embodiment, the service comprises of three major service components: virtual private networks (VPN), application servers and storage area networks (SAN). Each of these service components has its own customer identification information, such as VPN identifier for VPN services, process identifier for application servers and logical unit number (LUN) for storage devices.

摘要翻译： 本发明提供了用于基于网络的存储服务的创建，操作，管理和访问控制的技术。 具体实施例例如提供了用于设计，操作和计算稳健且有利可图的网络服务的服务管理任务的改进效率。 在代表性的实施例中，提供了用于构建集成网络和存储服务的技术。 在具体实施例中，服务包括三个主要服务组件：虚拟专用网络（VPN），应用服务器和存储区域网络（SAN）。 这些服务组件中的每一个都有自己的客户识别信息，如VPN服务的VPN标识符，应用服务器的进程标识符和存储设备的逻辑单元号（LUN）。

公开(公告)号：US07350052B2

公开(公告)日：2008-03-25

申请号：US11180535

申请日：2005-07-14

申请人： Jun Mizuno ,  Takeshi Ishizaki ,  Masayuki Yamamoto

发明人： Jun Mizuno ,  Takeshi Ishizaki ,  Masayuki Yamamoto

IPC分类号： G06F12/10

CPC分类号： G06F3/0665 ,  G06F3/0604 ,  G06F3/0605 ,  G06F3/0631 ,  G06F3/0685 ,  H04L67/1097

摘要： Disclosed is a method for setting virtual volume groups in a storage network system. The system includes a lower storage apparatus, host computers, an upper storage apparatus, and an administrative server. The method for setting virtual volume groups, executed by the administrative server, includes the steps of acquiring information on the real volumes, and port information on the physical devices in which the real volumes reside, creating virtual volumes being linked to the real volumes, based on the information on the real volumes, forming one or more virtual volume groups by combining the virtual volumes, based on the port information, in such a way that a relation between the virtual volumes and the virtual volume group are identical to a relation between the real volumes and the physical devices, and establishing the created virtual volume groups in the upper storage apparatus.

摘要翻译： 公开了一种在存储网络系统中设置虚拟卷组的方法。 该系统包括下部存储装置，主机，上位存储装置和管理服务器。 由管理服务器执行的用于设置虚拟卷组的方法包括以下步骤：获取关于实际卷的信息，以及在实际卷所在的物理设备上的端口信息，创建链接到实际卷的虚拟卷 关于实际卷上的信息，通过基于端口信息组合虚拟卷来形成一个或多个虚拟卷组，使得虚拟卷和虚拟卷组之间的关系与虚拟卷之间的关系相同 实际卷和物理设备，并在上层存储设备中建立创建的虚拟卷组。

公开(公告)号：US07346924B2

公开(公告)日：2008-03-18

申请号：US10852400

申请日：2004-05-25

申请人： Toui Miyawaki ,  Takeshi Ishizaki ,  Emiko Kobayashi

发明人： Toui Miyawaki ,  Takeshi Ishizaki ,  Emiko Kobayashi

IPC分类号： H04L9/00

CPC分类号： H04L29/12113 ,  H04L29/12066 ,  H04L61/1511 ,  H04L61/1541 ,  H04L63/0209 ,  H04L63/0218 ,  H04L63/102 ,  H04L63/1441 ,  H04L67/1097

摘要： In order to remove security vulnerability in an IP-SAN and eliminate unauthorized access by spoofing, firewalls are installed in valid user servers and storage devices, and a distributed firewall manager for managing the firewalls integrally is provided in the IP-SAN. The distributed firewall manager obtains discovery domain information from an iSNS server, determines nodes registered in the iSNS server as the nodes of valid users, and autocreates a security policy according to sets consisting of an iSCSI name and portal information. This security policy is distributed to all of the firewalls as a common policy, whereupon access control is executed to deny TCP connection requests from unauthorized access sources.

摘要翻译： 为了消除IP-SAN中的安全漏洞，通过欺骗消除未经授权的访问，防火墙安装在有效的用户服务器和存储设备中，并在IP-SAN中提供了一体化管理防火墙的分布式防火墙管理器。 分布式防火墙管理员从iSNS服务器获取发现域信息，将在iSNS服务器中注册的节点确定为有效用户的节点，并根据iSCSI名称和门户信息组合自动创建安全策略。 该安全策略作为通用策略分发给所有防火墙，由此执行访问控制以拒绝来自未经授权的访问源的TCP连接请求。

公开(公告)号：US20070094395A1

公开(公告)日：2007-04-26

申请号：US11312415

申请日：2005-12-21

申请人： Jun Mizuno ,  Takeshi Ishizaki

发明人： Jun Mizuno ,  Takeshi Ishizaki

IPC分类号： G06F15/173

CPC分类号： G06F3/0631 ,  G06F3/061 ,  G06F3/0683

摘要： Disclosed is to prevent deterioration in I/O performance of a computer resulted from a use of the same physical disk among different logical volumes. A volume management server 1010 groups together logical volumes which use the same physical disk of a storage device 1020 as a volume group and allocates a storage area on the physical disk to be used on a priority basis by this volume group to the volume group, and thereby a physical arrangement according to a present physical arrangement of the logical volume can be performed when an automatic expansion of the logical volume is performed thereafter so that the I/O performance deterioration of the computer caused by a mutual interference is avoided at the time of access from the computer 1030 to the storage device 1020.

摘要翻译： 公开了防止在不同逻辑卷之间使用相同物理盘导致计算机的I / O性能的恶化。 卷管理服务器1010将使用与卷组相同的存储装置1020的物理盘的逻辑卷组合在一起，并将物理磁盘上的存储区域分配给该卷组优先基于卷组的存储区域，以及 从而当其后执行逻辑卷的自动扩展时，可以执行根据逻辑卷的当前物理布置的物理布置，从而避免在相互干扰下引起的计算机的I / O性能恶化 从计算机1030访问到存储设备1020。

公开(公告)号：US20070011742A1

公开(公告)日：2007-01-11

申请号：US11274411

申请日：2005-11-16

申请人： Kojiro Nakayama ,  Masayuki Sakata ,  Takeshi Ishizaki ,  Kenya Nishiki

发明人： Kojiro Nakayama ,  Masayuki Sakata ,  Takeshi Ishizaki ,  Kenya Nishiki

IPC分类号： G06F12/14

CPC分类号： G06F21/554

摘要： A check rule for assuring system security is generated. A communication information monitoring apparatus includes a pseudo-client, a monitoring unit, and a unification unit. The pseudo-client transmits a request message containing a trace value as a parameter to a web application and analyzes a response message returned from the web application. The monitoring unit monitors whether the trace value transmitted by the pseudo-client is used in various positions in the system. The unification unit generates a check rule according to the processing result of the pseudo-client and the monitoring unit and a check policy registered in advance. The check policy contains the parameter use purpose and the process for the check processing.

摘要翻译： 生成用于确保系统安全性的检查规则。 通信信息监视装置包括伪客户端，监视单元和统一单元。 伪客户端将包含跟踪值的请求消息作为参数发送到web应用，并分析从web应用返回的响应消息。 监视单元监视伪客户端发送的跟踪值是否用于系统中的各种位置。 统一单元根据伪客户端和监视单元的处理结果和预先登记的检查策略生成检查规则。 检查策略包含参数使用目的和检查处理过程。

公开(公告)号：US20060095656A1

公开(公告)日：2006-05-04

申请号：US10988492

申请日：2004-11-16

申请人： Atsushi Ueoka ,  Takeshi Ishizaki ,  Kiminori Sugauchi ,  Emiko Kobayashi ,  Jun Mizuno ,  Toui Miyawaki

发明人： Atsushi Ueoka ,  Takeshi Ishizaki ,  Kiminori Sugauchi ,  Emiko Kobayashi ,  Jun Mizuno ,  Toui Miyawaki

IPC分类号： G06F13/00

CPC分类号： H04L67/1097

摘要： The invention provides a management system solving the problems of the storage area network shared among plural devices, which was incapable of guaranteeing communication performances due to varied response time, and which required unstable time for accessing volumes. The storage area network management system comprises plural information processing devices 21, plural storage devices 41, a network with plural network equipments 31 to which is configured a network bandwidth used for communication between information processing devices 21 and storage devices 41, and a management device 1, wherein management device 1 comprises a data storage device 10 for storing a connection structure information and a performance information of paths of the network equipments 31 and a performance information and a capacity information of storage devices 41, and a storage selection means 13 for selecting a storage device 41 for allocating a volume to information processing device 21, and upon allocating a volume to information processing device 21, storage selection means 13 selects, based on the information stored in data storage device 10, storage device 41 fulfilling the performance and the volume capacity required by information processing device 21 and also having on its path network equipment 31 to which is configured the network bandwidth required for the communication with information processing device 21.

摘要翻译： 本发明提供了一种解决多个设备共享的存储区域网络的问题的管理系统，其由于响应时间的不同而不能保证通信性能，并且需要用于访问卷的不稳定时间。 存储区域网络管理系统包括多个信息处理设备21，多个存储设备41，具有被配置为用于信息处理设备21和存储设备41之间的通信的网络带宽的多个网络设备31的网络以及管理设备1 其中管理装置1包括用于存储网络设备31的连接结构信息和路径的性能信息的数据存储装置10以及存储装置41的性能信息和容量信息，以及存储选择装置13，用于选择 存储装置41，用于向信息处理装置21分配卷，并且在向信息处理装置21分配卷时，存储选择装置13基于存储在数据存储装置10中的信息，选择满足性能和卷的存储装置41 信息处理装置21和等所要求的容量 因此在其路径网络设备31上配置有与信息处理设备21进行通信所需的网络带宽。

公开(公告)号：US20060075082A1

公开(公告)日：2006-04-06

申请号：US10998754

申请日：2004-11-30

申请人： Futoshi Haga ,  Yutaka Kudo ,  Takeshi Ishizaki

发明人： Futoshi Haga ,  Yutaka Kudo ,  Takeshi Ishizaki

IPC分类号： G06F15/173

CPC分类号： H04L67/06 ,  H04L67/26 ,  H04L67/2814 ,  H04L67/2842 ,  H04L69/329

摘要： The addition of IT resources is suppressed smaller when a service area of a content distribution system is expanded. Individual clients 8 have a storage 85, a registration means which registers a part or all of the storage 85 in a local server 6 as a resource pool, and a requesting means which sends a distribution request for contents to the local server 6. The local server 6 has a storing means which stores a resource pool management table and a content management table, a request accepting means which accepts a distribution request for contents from the individual clients 8, a specifying means which specifies the resource pool storing the contents, a distribution instructing means which sends a distribution instruction for the contents to the client 8 having the specified resource pool.

摘要翻译： 当内容分发系统的服务区域扩展时，IT资源的增加被抑制得更小。 各个客户端8具有存储器85，将本地服务器6中的一部分或全部存储器85登记为资源池的登记单元，以及向本地服务器6发送内容分发请求的请求单元。本地 服务器6具有存储资源池管理表和内容管理表的存储单元，接收来自各个客户端8的内容分发请求的请求接受单元8，指定存储内容的资源池的指定单元， 向具有指定资源池的客户机8发送内容分发指令的指令装置。

公开(公告)号：US20060026429A1

公开(公告)日：2006-02-02

申请号：US11044956

申请日：2005-01-26

申请人： Yutaka Kudo ,  Futoshi Haga ,  Takeshi Ishizaki

发明人： Yutaka Kudo ,  Futoshi Haga ,  Takeshi Ishizaki

IPC分类号： H04L9/00

CPC分类号： G06F21/575

摘要： In a data center architecture or the like, the present invention provides a method for setting up hosting environments concurrently by loading a boot image by means of network boot or the like, allowing for fast booting even with a large boot image, while preserving security. A boot image is divided into a plurality of parts. Computer resources have their public keys stored in their BIOS ROMs and e-signatures are attached to the boot image parts with a private key corresponding to one of the public keys. Also, priority levels in e-signature verification are assigned to the boot image parts. A boot instruction includes priority level setting. Only for boot image parts with that priority level or higher, e-signature verification is performed. By this manner, booting can be performed faster than booting involving verification of the e-signature to a whole boot image.