公开(公告)号：US07120728B2

公开(公告)日：2006-10-10

申请号：US10209694

申请日：2002-07-31

申请人： Shahe H. Krakirian ,  Richard A. Walter ,  Subbaro Arumilli ,  Cirillo Lino Costantino ,  L. Vincent M. Isip ,  Subhojit Roy ,  Naveen S. Maveli ,  Daniel Ji Yong Park Chung ,  Stephen D. Elstad ,  Dennis H. Makishima ,  Daniel Y. Chung

发明人： Shahe H. Krakirian ,  Richard A. Walter ,  Subbaro Arumilli ,  Cirillo Lino Costantino ,  L. Vincent M. Isip ,  Subhojit Roy ,  Naveen S. Maveli ,  Daniel Ji Yong Park Chung ,  Stephen D. Elstad ,  Dennis H. Makishima ,  Daniel Y. Chung

IPC分类号： G06F12/00

CPC分类号： G06F3/0626 ,  G06F3/0635 ,  G06F3/0664 ,  G06F3/067 ,  H04L41/046

摘要： Placing virtualization agents in the switches which comprise the SAN fabric. Higher level virtualization management functions are provided in an external management server. Conventional HBAs can be utilized in the hosts and storage units. In a first embodiment, a series of HBAs are provided in the switch unit. The HBAs connect to bridge chips and memory controllers to place the frame information in dedicated memory. Routine translation of known destinations is done by the HBA, based on a virtualization table provided by a virtualization CPU. If a frame is not in the table, it is provided to the dedicated RAM. Analysis and manipulation of the frame headers is then done by the CPU, with a new entry being made in the HBA table and the modified frames then redirected by the HBA into the fabric. This can be done in either a standalone switch environment or in combination with other switching components located in a director level switch. In an alternative embodiment, specialized hardware scans incoming frames and detects the virtualized frames which need to be redirected. The redirection is then handled by translation of the frame header information by hardware table-based logic and the translated frames are then returned to the fabric. Handling of frames not in the table and setup of hardware tables is done by an onboard CPU.

摘要翻译： 将虚拟化代理放在构成SAN结构的交换机中。 外部管理服务器提供了更高层次的虚拟化管理功能。 传统的HBA可以在主机和存储单元中使用。 在第一实施例中，在开关单元中提供一系列HBA。 HBA连接到桥芯片和存储器控制器，以将帧信息放置在专用存储器中。 基于由虚拟化CPU提供的虚拟化表，HBA完成已知目的地的常规转换。 如果一个帧不在表中，它被提供给专用的RAM。 然后由CPU完成对帧头的分析和处理，在HBA表中创建一个新条目，然后修改的帧由HBA重定向到该结构中。 这可以在独立的开关环境中或与位于导向器电平开关中的其他开关元件组合完成。 在替代实施例中，专用硬件扫描传入帧并检测需要被重定向的虚拟化帧。 然后通过基于硬件表的逻辑的帧头信息的翻译来处理重定向，然后将翻译的帧返回到结构。 处理不在表中的帧和硬件表的设置由板载CPU完成。

公开(公告)号：US20090185678A1

公开(公告)日：2009-07-23

申请号：US12415597

申请日：2009-03-31

申请人： Richard A. Walter ,  L. Vincent M. Isip

发明人： Richard A. Walter ,  L. Vincent M. Isip

IPC分类号： H04L9/28 ,  H04L9/00 ,  H04L12/56

CPC分类号： H04L63/0428 ,  H04L63/0485

摘要： The capability to encrypt or compress the traffic over network links, thus improving the security of the link on the performance of the links, and the capability to encrypt/decrypt data stored on the storage devices without requiring specialized hosts or storage devices. In a first embodiment, traffic to be routed over a selected link needing encryption and/or compression is routed to hardware which performs the encryption and/or compression and returned for transmission over the link. A complementary unit at the second end of the link routes the received frames to complementary hardware to perform the decryption and/or decompression. The recovered frames are then routed to the target device in a normal fashion. In a variation of this first embodiment the hardware is developed using an FPGA. This allows simple selection of the desired feature or features present in the switch. The switch can be easily configured to perform encryption, compression or both, allowing great flexibility to a system administrator. In a second embodiment frames can be encrypted by a switch and then provided to the storage device in this encrypted manner. The frames from the storage device are decrypted before provision to the requesting host. By performing the encryption and decryption in the switch, conventional hosts and storage devices can be utilized.

摘要翻译： 通过网络链路加密或压缩流量的能力，从而提高链路对链路性能的安全性，以及加密/解密存储在存储设备上的数据的能力，而无需专门的主机或存储设备。 在第一实施例中，要在需要加密和/或压缩的所选择的链路上路由的业务被路由到执行加密和/或压缩并返回以在链路上传输的硬件。 链路第二端的互补单元将接收到的帧路由到互补硬件，以执行解密和/或解压缩。 然后将恢复的帧以正常方式路由到目标设备。 在该第一实施例的变型中，使用FPGA开发硬件。 这允许简单地选择开关中存在的所需特征或特征。 交换机可以轻松地配置为执行加密，压缩或两者兼容，为系统管理员提供极大的灵活性。 在第二实施例中，帧可以由交换机加密，然后以加密的方式提供给存储设备。 来自存储设备的帧在提供给请求主机之前被解密。 通过在交换机中执行加密和解密，可以利用传统的主机和存储设备。

公开(公告)号：US07533256B2

公开(公告)日：2009-05-12

申请号：US10285345

申请日：2002-10-31

申请人： Richard A. Walter ,  L. Vincent M. Isip

发明人： Richard A. Walter ,  L. Vincent M. Isip

IPC分类号： H04L12/28 ,  H04L9/00

CPC分类号： H04L63/0428 ,  H04L63/0485

摘要： The capability to encrypt or compress the traffic over network links, thus improving the security of the link on the performance of the links, and the capability to encrypt/decrypt data stored on the storage devices without requiring specialized hosts or storage devices. In a first embodiment, traffic to be routed over a selected link needing encryption and/or compression is routed to hardware which performs the encryption and/or compression and returned for transmission over the link. A complementary unit at the second end of the link routes the received frames to complementary hardware to perform the decryption and/or decompression. The recovered frames are then routed to the target device in a normal fashion. In a variation of this first embodiment the hardware is developed using an FPGA. This allows simple selection of the desired feature or features present in the switch. The switch can be easily configured to perform encryption, compression or both, allowing great flexibility to a system administrator. In a second embodiment frames can be encrypted by a switch and then provided to the storage device in this encrypted manner. The frames from the storage device are decrypted before provision to the requesting host. By performing the encryption and decryption in the switch, conventional hosts and storage devices can be utilized.

摘要翻译： 通过网络链路加密或压缩流量的能力，从而提高链路对链路性能的安全性，以及加密/解密存储在存储设备上的数据的能力，而无需专门的主机或存储设备。 在第一实施例中，要在需要加密和/或压缩的所选择的链路上路由的业务被路由到执行加密和/或压缩并返回以在链路上传输的硬件。 链路第二端的互补单元将接收到的帧路由到互补硬件，以执行解密和/或解压缩。 然后将恢复的帧以正常方式路由到目标设备。 在该第一实施例的变型中，使用FPGA开发硬件。 这允许简单地选择开关中存在的所需特征或特征。 交换机可以轻松地配置为执行加密，压缩或两者兼容，为系统管理员提供极大的灵活性。 在第二实施例中，帧可以由交换机加密，然后以加密的方式提供给存储设备。 来自存储设备的帧在提供给请求主机之前被解密。 通过在交换机中执行加密和解密，可以利用传统的主机和存储设备。

公开(公告)号：US07277431B2

公开(公告)日：2007-10-02

申请号：US10285686

申请日：2002-10-31

申请人： Richard A. Walter ,  L. Vincent M. Isip

发明人： Richard A. Walter ,  L. Vincent M. Isip

IPC分类号： H04L12/28

CPC分类号： H04L63/0485 ,  H04L63/0428 ,  H04L69/04

摘要： The capability to encrypt or compress the traffic over network links, thus improving the security of the link on the performance of the links, and the capability to encrypt/decrypt data stored on the storage devices without requiring specialized hosts or storage devices. In a first embodiment, traffic to be routed over a selected link needing encryption and/or compression is routed to hardware which performs the encryption and/or compression and returned for transmission over the link. A complementary unit at the second end of the link routes the received frames to complementary hardware to perform the decryption and/or decompression. The recovered frames are then routed to the target device in a normal fashion. In a variation of this first embodiment the hardware is developed using an FPGA. This allows simple selection of the desired feature or features present in the switch. The switch can be easily configured to perform encryption, compression or both, allowing great flexibility to a system administrator. In a second embodiment frames can be encrypted by a switch and then provided to the storage device in this encrypted manner. The frames from the storage device are decrypted before provision to the requesting host. By performing the encryption and decryption in the switch, conventional hosts and storage devices can be utilized.

摘要翻译： 通过网络链路加密或压缩流量的能力，从而提高链路对链路性能的安全性，以及加密/解密存储在存储设备上的数据的能力，而无需专门的主机或存储设备。 在第一实施例中，要在需要加密和/或压缩的所选择的链路上路由的业务被路由到执行加密和/或压缩并返回以在链路上传输的硬件。 链路第二端的互补单元将接收到的帧路由到互补硬件，以执行解密和/或解压缩。 然后将恢复的帧以正常方式路由到目标设备。 在该第一实施例的变型中，使用FPGA开发硬件。 这允许简单地选择开关中存在的所需特征或特征。 交换机可以轻松地配置为执行加密，压缩或两者兼容，为系统管理员提供极大的灵活性。 在第二实施例中，帧可以由交换机加密，然后以加密的方式提供给存储设备。 来自存储设备的帧在提供给请求主机之前被解密。 通过在交换机中执行加密和解密，可以利用传统的主机和存储设备。

公开(公告)号：US07269168B2

公开(公告)日：2007-09-11

申请号：US10209742

申请日：2002-07-31

申请人： Subhojit Roy ,  Richard A. Walter ,  Cirillo Lino Costantino ,  Naveen S. Maveli ,  Carlos Alonso ,  Michael Yiu-Wing Pong

发明人： Subhojit Roy ,  Richard A. Walter ,  Cirillo Lino Costantino ,  Naveen S. Maveli ,  Carlos Alonso ,  Michael Yiu-Wing Pong

IPC分类号： H04L12/50 ,  H04Q11/00

CPC分类号： H04L67/1097 ,  H04L12/433 ,  H04L29/06 ,  H04L49/3009 ,  H04L49/351 ,  H04L69/22

摘要： Placing virtualization agents in the switches which comprise the SAN fabric. Higher level virtualization management functions are provided in an external management server. Conventional HBAs can be utilized in the hosts and storage units. In a first embodiment, a series of HBAs are provided in the switch unit. The HBAs connect to bridge chips and memory controllers to place the frame information in dedicated memory. Routine translation of known destinations is done by the HBA, based on a virtualization table provided by a virtualization CPU. If a frame is not in the table, it is provided to the dedicated RAM. Analysis and manipulation of the frame headers is then done by the CPU, with a new entry being made in the HBA table and the modified frames then redirected by the HBA into the fabric. This can be done in either a standalone switch environment or in combination with other switching components located in a director level switch. In an alternative embodiment, specialized hardware scans incoming frames and detects the virtualized frames which need to be redirected. The redirection is then handled by translation of the frame header information by hardware table-based logic and the translated frames are then returned to the fabric. Handling of frames not in the table and setup of hardware tables is done by an onboard CPU.

摘要翻译： 将虚拟化代理放在构成SAN结构的交换机中。 外部管理服务器提供了更高层次的虚拟化管理功能。 传统的HBA可以在主机和存储单元中使用。 在第一实施例中，在开关单元中提供一系列HBA。 HBA连接到桥芯片和存储器控制器，以将帧信息放置在专用存储器中。 基于由虚拟化CPU提供的虚拟化表，HBA完成已知目的地的常规转换。 如果一个帧不在表中，它被提供给专用的RAM。 然后由CPU完成对帧头的分析和处理，在HBA表中创建一个新条目，然后修改的帧由HBA重定向到该结构中。 这可以在独立的开关环境中或与位于导向器电平开关中的其他开关元件组合完成。 在替代实施例中，专用硬件扫描传入帧并检测需要被重定向的虚拟化帧。 然后通过基于硬件表的逻辑的帧头信息的翻译来处理重定向，然后将翻译的帧返回到结构。 处理不在表中的帧和硬件表的设置由板载CPU完成。