US20090138613A1 - Network Converter and Information Processing System - Google Patents

Network Converter and Information Processing System Download PDF

Info

Publication number
US20090138613A1
US20090138613A1 US12/365,688 US36568809A US2009138613A1 US 20090138613 A1 US20090138613 A1 US 20090138613A1 US 36568809 A US36568809 A US 36568809A US 2009138613 A1 US2009138613 A1 US 2009138613A1
Authority
US
United States
Prior art keywords
information processing
processing device
storage device
protocol
identifier
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US12/365,688
Inventor
Atsushi Tanaka
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hitachi Ltd
Original Assignee
Hitachi Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hitachi Ltd filed Critical Hitachi Ltd
Priority to US12/365,688 priority Critical patent/US20090138613A1/en
Publication of US20090138613A1 publication Critical patent/US20090138613A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/66Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • H04L67/565Conversion or adaptation of application format or content
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/08Protocols for interworking; Protocol conversion
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L69/00Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
    • H04L69/30Definitions, standards or architectural aspects of layered protocol stacks
    • H04L69/32Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
    • H04L69/322Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
    • H04L69/329Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the application layer [OSI layer 7]

Definitions

  • the present invention relates to a network converter and an information processing system.
  • a network converter which converts iSCSI protocol data and Fibre Channel protocol data between each other.
  • SN5428 Storage Router As a representative example of the network converter, there is “SN5428 Storage Router” by Cisco Systems, Inc.
  • Cisco Systems Inc. “Cisco SN5428 Storage Router Software Configuration Guide” ([online], Hei 15 (2003) June 24; Cisco Systems Inc., [search on Hei 15 (2003) September 11], Internet ⁇ http://www.cisco.com/japanese/warp/public/3/jp/service/manual_j/rt/5000/28srscg/index.html>).
  • such a network converter includes a protocol conversion section 903 which converts an iSCSI protocol and a Fibre Channel protocol between each other, a WWN (World Wide Name) allocation section 904 and an extended instruction issuing section 905 .
  • the protocol conversion section 903 receives an IP packet from an information processing device 901 via a LAN, converts the IP packet into a Fibre Channel frame (hereinafter referred to as a “FC frame”) and transmits the FC frame to a storage device 908 .
  • FC frame Fibre Channel frame
  • the access is limited from the viewpoint of security.
  • LUN security which controls the access of the information processing device for each LUN (Logical Unit Number) that is a management number of a logical volume existing in a disk.
  • LUN security an identification number for identifying the information processing device is required and a WWN (World Wide Name) is often used in the case of the Fibre Channel. Details of the LUN security are described in Japanese Patent Application Laid-Open Publication No. 2000-276406.
  • the WWN allocation section 904 sequentially allocates “WWNs, which are set in a WWN management table 907 stored in a memory 906 , to the respective information processing devices 901 .
  • WWNs which are set in a WWN management table 907 stored in a memory 906 .
  • a different WWN may be allocated to the same information processing device 901 for each access. Consequently, it is impossible to realize the LUN security using the WWNs in the storage device 908 .
  • the network converter 902 includes the extended instruction issuing section 905 which inserts an iSCSI name of the information processing device into an FC frame.
  • the FC frame is not an instruction prepared in the Fibre Channel protocol.
  • an extended instruction analysis section 909 which analyzes the frame is provided in the storage device 908 .
  • the extended instruction analysis section 909 obtains the iSCSI name of the information processing device from the FC frame and controls the LUN security based on a security management table 911 .
  • the extended instruction analysis section 909 and the like are newly provided in the storage device 908 . Accordingly, it is required to communicate with the information processing device, which transmits/receives data by use of the iSCSI protocol, in consideration for the LUN security without adding new components and the like to the storage device which transmits/receives data by use of the conventionally used Fibre Channel protocol as described above.
  • a first protocol conversion section which converts data received from the information processing device according to a first protocol into data having a form determined by a Fibre Channel protocol and transmits the data to the storage device;
  • a second protocol conversion section which converts data received from the storage device according to the Fibre Channel protocol into data having a form determined by the first protocol and transmits the data to the information processing device;
  • a conversion table storage section which stores in a conversion table a combination of a first identification number which is a number for identifying the information processing device and the storage device according to the first protocol, and a second identification number which is a number for identifying the information processing device and the storage device according to the Fibre Channel protocol;
  • a second identification number conversion section which converts the second identification number into the first identification number in accordance with contents stored in the conversion table.
  • the first protocol may be, for example, an iSCSI protocol and the first identification number may be an iSCSI name.
  • the second identification number may be, for example, a WWN which is an identification number of the information processing device and the storage device in the Fibre Channel protocol.
  • FIG. 1 is a block diagram showing an example of an entire information processing system according to a first embodiment
  • FIG. 2 is a view showing an example of a conversion table according to the first embodiment
  • FIG. 3 is a view showing an example of a security management table according to the first embodiment
  • FIG. 4 is an example of a flowchart of a management terminal according to the first embodiment
  • FIG. 5 is a view showing a conversion example from an IP packet into an FC frame in performing login processing of iSCSI according to the first embodiment
  • FIG. 6 is an example of a flowchart from login of iSCSI up to execution of a SCSI command in consideration of LUN security according to the first embodiment
  • FIG. 7 is a view showing an example of a login information storage table according to the first embodiment
  • FIG. 8 is a block diagram showing an example of an entire information processing system according to a second embodiment.
  • FIG. 9 is a block diagram showing an entire information processing system including a conventional network converter.
  • FIG. 1 shows a block diagram of an entire configuration example of an information processing system including network converters 20 according to a first embodiment of the present invention.
  • the information processing system includes information processing devices 10 , the network converters 20 , storage devices 30 and a management terminal 40 .
  • the information processing device 10 is a computer including a CPU (Central Processing Unit) and a memory.
  • the CPU included in the information processing device 10 executes various programs. Thus, various types of processing are realized.
  • the information processing device 10 is utilized, for example, as a central computer in an ATM (Automated Teller Machine) system of a bank, a seat reservation system of an airline company and the like.
  • the information processing device 10 can be implemented also as a mainframe computer and a personal computer.
  • the information processing device 10 is connected to the network converter 20 via a LAN so as to be communicable and transmits a data I/O request for the storage device 30 to the network converter 20 .
  • a data I/O request there are, for example, a data read request, a data write request and the like.
  • the information processing device 10 communicates with the network converter 20 by use of an iSCSI protocol.
  • the information processing device 10 according to this embodiment may be a conventional information processing device 10 capable of communicating using the iSCSI protocol. Thus, it is not required to add new components and the like.
  • the network converter 20 is connected to the information processing device 10 via the LAN so as to be communicable and is connected to the storage device 30 via a SAN (Storage Area Network) so as to be communicable.
  • the SAN is a network in which communications are performed in accordance with a Fibre Channel protocol.
  • the network converter 20 is connected to the management terminal 40 so as to be communicable.
  • the network converter 20 includes a CPU 21 , a memory 22 and the like.
  • the network converter 20 further includes a first protocol conversion section 23 , a second protocol conversion section 24 , a conversion table storage section 25 , a first identification number conversion section 26 , a second identification number conversion section 27 and the like, all of which are controlled by the CPU 21 .
  • the first and second protocol conversion sections 23 and 24 maybe included in one protocol conversion section and the first and the second identification number conversion sections 26 and 27 may be also included in one identification number conversion section.
  • these conversion sections may be realized as software which is defined as a computer software program executed by the CPU 21 .
  • a Combination of an identification number of the information processing device 10 and the storage device 30 according to the iSCSI protocol and the Fibre Channel protocol is stored in a conversion table 28 in the memory 22 .
  • the identification number according to the iSCSI protocol is an iSCSI name and the identification numbers according to the Fibre Channel protocol are an Node_Name and an N_Port_Name which are WWNs (World Wide Name).
  • the first protocol conversion section 23 converts a data I/O request for the storage device 30 according to the iSCSI protocol received from the information processing device 10 into an FC frame of the Fibre Channel protocol and transmits the FC frame to the storage device 30 .
  • the first protocol conversion section 23 converts an IP packet into an FC frame
  • the first identification number conversion section 26 converts iSCSI names of the information processing device 10 and the storage device 30 into WWNs.
  • the second protocol conversion section 24 converts a response to a data I/O request according to the Fibre Channel protocol received from the storage device 30 into an IP packet of the iSCSI protocol and transmits the IP packet to the information processing device 10 .
  • the second protocol conversion section 24 converts an FC frame into an IP packet
  • the second identification number conversion section 27 converts WWNs of the information processing device 10 and the storage device 30 into iSCSI names.
  • the conversion table storage section 25 Upon receipt of combinations of the iSCSI names and WWNs of the information processing device 10 and the storage device 30 from the management terminal 40 , the conversion table storage section 25 stores the combinations in the conversion table 28 .
  • the storage device 30 is connected to the network converter 20 via the SAN so as to be communicable.
  • the storage device 30 includes a controller 39 and a plurality of disks 31 .
  • the logical volume 32 is a logical storage area including a physical storage area the disk 31 has. Note that a LUN (Logical Unit Number) is given to each of the logical volumes 32 .
  • the controller 39 includes a security management table 35 in a memory 34 .
  • the controller 39 includes a security management table storage section 33 . This storage section 33 may be realized by making a CPU included in the controller 39 execute computer software programs or may be realized by use of dedicated hardware.
  • the security management table 35 stores access enable/disable to the logical volumes for each of the information processing devices 10 accessing the storage devices or for each of the WWNs of the storage devices 30 .
  • FIG. 3 shows an example of the security management table. In columns of the WWNs, WWNs of the information devices 10 accessing the storage devices or those of the storage devices 30 are set. Moreover, in columns of LUN 0 to LUNn, access enable/disable for the respective LUNs of the logical volumes is set. Here, “1” indicates that the access is enabled and “0” indicates that the access is disabled.
  • the storage device 30 realizes LUN security that is an access control for each LUN by use of this security management table 35 .
  • the storage device 30 may be a conventional storage device 30 which performs communications according to the Fibre Channel protocol and performs the LUN security. Thus, it is not required to newly add components and the like.
  • the management terminal 40 includes a CPU, an input unit, a display unit, an identification number conversion notification section, an access enable/disable notification section and the like and is a computer connected to the network converter and the storage device so as to be communicable.
  • the management terminal 40 may be connected to a plurality of network converters 20 and a plurality of storage devices 30 .
  • the management terminal 40 can be built into the network converter 20 or the storage device 30 .
  • the identification number conversion notification section notifies the conversion table storage section 25 included in the network converter 20 of the combination of the iSCSI name and the WWN, which is stored in the conversion table.
  • the access enable/disable notification section notifies the security management table storage section 33 included in the storage device 30 of the LUN access enable/disable for each WWN, which is stored in the security management table.
  • the management terminal 40 will be described in detail with referring to a flowchart of FIG. 4 .
  • the management terminal 40 receives a combination of a target network converter 20 and a target storage device 30 from the input unit (S 401 ). Thereafter, the management terminal 40 receives a combination of an iSCSI name and a WWN of the selected storage device 30 from the input unit (S 402 ). Furthermore, the management terminal 40 receives a combination of an iSCSI name and a LUN of the information processing device 10 , for which access is enabled, from the input unit (S 403 ). Subsequently, the management terminal 40 selects whether or not a WWN of the information processing device is automatically generated (S 404 ).
  • the management terminal 40 automatically generates the WWN of the information processing device 10 , for which the access is enabled (S 405 ).
  • numbers within a fixed range may be allocated sequentially or randomly as long as a different WWN is allocated to each of the information processing devices 10 .
  • the management terminal 40 receives a WWN of the information processing device 10 , for which the access is enabled, from the input device (S 406 ).
  • the management terminal 40 associates the WWN allocated to the information processing device 10 , for which the access is enabled, with the LUN which can be accessed by the information processing device 10 that is previously inputted. Thereafter, the access enable/disable notification section of the management terminal 40 transmits a combination of the WWN and the LUN of the information processing device 10 , for which the access is enabled, to the security management table storage section 33 of the storage device 30 (S 407 ). In this event, the access enable/disable notification section transmits a WWN which controls access denial to the security management table storage section 33 so that access to the WWN for all LUNs is disabled.
  • the WWN which controls the access denial is, for example, “FFFFFFFF” or the like.
  • the security management table storage section 33 of the controller 39 Upon receipt of the combination described above, the security management table storage section 33 of the controller 39 stores the combination in the security management table 35 so as to permit access for the received combination of the WWN and the LUN. Specifically, for each of the received WWNs, “1” is set to the LUN for which access is enabled and “0” is set to the LUN not received for the WWN. Moreover, regarding the WWN which controls the access denial, the security management table storage section 33 sets “0” to all the LUNs for the WWN.
  • the identification number conversion notification section of the management terminal 40 transmits the combination of the iSCSI name and the WWN of the storage device 30 to the conversion table storage section 25 of the network converter 20 (S 408 ).
  • the conversion table storage section 25 stores the received combination of the iSCSI name and the WWN in the conversion table 28 .
  • the management terminal 40 associates the WWN allocated to the information processing device 10 with the previously received iSCSI name of the information processing device 10 . Accordingly, the identification number conversion notification section transmits the combination of the iSCSI name and the WWN of the information processing device 10 , for which the access is enabled, to the conversion table storage section 25 (S 409 ).
  • the identification number conversion notification section also transmits the above-described WWN which controls the access denial to the conversion table storage section 25 .
  • the conversion table storage section 25 stores the received combination of the iSCSI name and WWN in the conversion table 28 .
  • the conversion table storage section 25 stores the WWN which controls the access denial in the conversion table 28 . This is represented by a record in the conversion table 28 of FIG. 2 , in which the iSCSI name is “default” and the WWN is “FFFFFFFF”.
  • An IP packet 500 received from the information processing device 10 includes an IP header 510 and an iSCSI protocol data unit 520 .
  • the IP header 510 includes a source IP address 511 and a destination IP address 512 , which are used for data transfer through the LAN.
  • the source IP address is an IP address of the information processing device 10 and the destination IP address is an IP address of the network converter 20 .
  • the iSCSI protocol data unit 520 includes a login request header 521 and a login parameter 522 .
  • the login parameter 522 includes an initiator iSCSI name 523 indicating a source in the iSCSI protocol and a target iSCSI name 524 indicating a destination in the iSCSI protocol.
  • the initiator iSCSI name 523 is an iSCSI name of the information processing device 10 and the target iSCSI name 524 is, an iSCSI name of the storage device 30 .
  • the network converter 20 converts the IP packet 500 into an FC frame 530 .
  • the FC frame 530 includes an FC header 540 and a PLOGI parameter 550 .
  • the FC header 540 includes a destination native address 541 (D_ID) and a source native address 542 (S_ID), which are native addresses used for data transfer through the Fibre Channel.
  • the native addresses are allocated, for example, when the information processing device 10 , the storage device 30 or the like logs into a fabric of the Fibre Channel, and the like.
  • the PLOGI parameter 550 includes an N_Port_Name 551 and a Node_Name 552 of the information processing device 10 that is the source.
  • the network converter 20 converts the initiator iSCSI name 523 of the information processing device 10 into a WWN based on the conversion table 28 and sets the WWN to the N_Port_Name 551 and the Node_Name 552 of the FC frame 530 .
  • the storage device 30 can determine access enable/disable from the information processing device 10 based on the N_Port_Name 551 and the Node_Name 552 .
  • the information processing device 10 transmits the IP packet 500 that is a login request of the iSCSI to the network converter (S 601 ).
  • the first identification number conversion section 26 of the network converter 20 obtains, from the conversion table 28 ; a WWN of the information processing device 10 , which corresponds to the initiator iSCSI name 523 included in the IP packet 500 (S 602 ).
  • the first identification number conversion section 26 obtains a WWN “FFFFFFFF” which has an iSCSI name “default” and controls access denial.
  • the first protocol conversion section 23 of the network converter 20 allows the information processing device 10 to log into the fabric of the Fibre Channel (S 603 ).
  • the first protocol conversion section 23 obtains a native address of the information processing device 10 (S 604 ).
  • the first identification number conversion section 26 acquires, from the conversion table 28 , a WWN of the storage device 30 , which corresponds to the target iSCSI name 524 included in the IP packet 500 (S 605 ).
  • the first protocol conversion section 23 acquires a native address of the storage device 30 based on the WWN of the storage device 30 (S 606 ). Note that conversion of the WWN into the native address and conversion of the native address into the WWN can be acquired by use of a method such as contacting a name server of the Fibre Channel.
  • the first protocol conversion section 23 forms the FC frame 530 by use of the native addresses of the information processing device 10 and the storage device 30 , which are acquired as described above, and the WWN of the information processing device 10 and transmits the FC frame 530 to the storage device 30 (S 607 ).
  • the controller 39 of the storage device 30 Upon receipt of the FC frame 530 , the controller 39 of the storage device 30 stores a combination of the WWN and the native address of the information processing device 10 in a login information storage table 701 shown in FIG. 7 and transmits an ACC frame that is a notification of login completion to the network converter 20 (S 608 ).
  • the second protocol conversion section 24 of the network converter 20 Upon receipt of the ACC frame, the second protocol conversion section 24 of the network converter 20 acquires WWNs of the information processing device 10 and the storage device 30 based on the native addresses of the information processing device 10 and the storage device 30 , which are included in the ACC frame (S 609 ). Next, the second identification number conversion section 27 of the network converter 20 acquires iSCSI names corresponding to the WWNs of the information processing device 10 and the storage device 30 from the conversion table 28 (S 610 ). The second protocol conversion section 24 forms an IP packet that is a login response of the iSCSI, which includes the iSCSI names of the information processing device 10 and the storage device 30 , and transmits the IP packet to the information processing device 10 (S 611 ).
  • the information processing device 10 Upon receipt of the login response of the iSCSI, the information processing device 10 forms an IP packet including a SCSI command specifying a LUN of an access target and transmits the IP packet to the network converter 20 (S 612 ).
  • the first identification number conversion section 26 of the network converter 20 acquires, from the conversion table 28 , WWNs of the information processing device 10 and the storage device 30 , the WWNs corresponding to an initiator iSCSI name and a target iSCSI name which are included in the IP packet (S 613 ).
  • the first protocol conversion section 23 of the network converter 20 acquires native addresses of the information processing device 10 and the storage device 30 based on the WWNs of the information processing device 10 and the storage device 30 (S 614 ).
  • the first protocol conversion section 23 forms an FC frame including the native address of the information processing device 10 and the LUN of the access target and transmits the FC frame to the storage device 30 (S 615 ).
  • the controller 39 of the storage device 30 acquires a WWN of the information processing device 10 from the login information storage table 701 based on the native address of the information processing device 10 , which is included in the FC frame, and checks access enable/disable of the information processing device 10 based on the WWN and the LUN of the access target (S 616 ).
  • the storage device 30 forms an FC frame including a result of processing of the SCSI command and transmits the FC frame to the network converter 20 (S 617 ).
  • the second protocol conversion section 24 of the network converter 20 Upon receipt of the FC frame, the second protocol conversion section 24 of the network converter 20 acquires WWNs of the information processing device 10 and the storage device 30 based on the native addresses of the information processing device 10 and the storage device 30 , which are included in the FC frame (S 618 ). Next, the second identification number conversion section 27 of the network converter 20 acquires iSCSI names corresponding to the WWNs of the information processing device 10 and the storage device 30 from the conversion table 28 (S 619 ). The second protocol conversion section 24 forms an IP packet that is a result of processing of the SCSI command by use of the iSCSI names of the information processing device 10 and the storage device 30 and transmits the IP packet to the information processing device 10 (S 620 ).
  • the information processing device 10 When the information processing device 10 receives the IP packet that is the result of processing of the SCSI command (S 621 ), a series of processing from the login in the iSCSI to the SCSI command execution is completed. Note that, in the series processing, the processing performed by the information processing device 10 is a normal one in the iSCSI protocol. Thus, by using the network converter 20 , it is not required to add new components and the like to the information processing device 10 . Similarly, the processing performed by the controller 39 of the storage device 30 is a normal one in the Fibre Channel protocol. Thus, by using the network converter 20 , it is not required to add new components and the like to the storage device 30 .
  • the identification number conversion notification section of the management terminal 40 transmits, to the network converter 20 , the combination of the iSCSI name and the WWN only for the storage device 30 and the information processing device 10 for which the access to the storage device 30 is enabled.
  • the management terminal 40 is not required to generate a combination of an iSCSI name and a WWN for the information processing device 10 for which access is not enabled.
  • the conversion table 28 and the security management table 35 only the information processing device 10 having access permission may be stored. Thus, memory resources can be saved.
  • FIG. 8 shows a block diagram of an entire configuration example of an information processing system including a network converter 20 according to a second embodiment.
  • the information processing system includes a storage device 1 ( 801 ), a network converter 1 ( 802 ), a network converter 2 ( 803 ) and a storage device 2 ( 804 ).
  • the storage device 1 ( 801 ) and the network converter 1 ( 802 ) are connected to each other via a SAN so as to be communicable.
  • the storage device 2 ( 804 ) and the network converter 2 ( 803 ) are connected to each other via the SAN so as to be communicable.
  • the network converter 1 ( 802 ) and the network converter 2 ( 803 ) are connected to each other via a LAN so as to be communicable.
  • the respective storage devices ( 801 and 804 ) have the same configuration as that of the storage device 30 according to the first embodiment.
  • the respective network converters ( 802 and 803 ) have the same configuration as that of the network converter 20 according to the first embodiment.
  • data transmission/reception between the storage devices 1 ( 801 ) and 2 ( 804 ) in consideration of LUN security according to the Fibre Channel protocol can be performed through the LAN.
  • the storage device 1 ( 801 ) transmits a data write request to the storage device 2 ( 804 ).
  • the storage device 1 ( 801 ) transmits an FC frame of a write request to a LUN of the storage device 2 ( 804 ) to the network converter 1 ( 802 ) (S 801 ).
  • the network converter 1 ( 802 ) transmits an IP packet to the network converter 2 ( 803 ), the IP packet including iSCSI names acquired by converting WWNs of the respective storage devices ( 801 and 804 ).
  • the network converter 2 ( 803 ) transmits an FC frame to the storage device 2 ( 804 ), the FC frame including WWNs acquired by converting iSCSI names of the respective storage devices ( 801 and 804 ) (S 804 ).
  • the storage device 2 ( 804 ) can execute write processing after determining access enable/disable to the LUN from the storage device 1 ( 801 ).
  • processing performed by the respective storage devices ( 801 and 804 ) in the series of processing is a normal one in the Fibre Channel protocol.
  • the respective network converters ( 802 and 803 ) it is not required to newly add components and the like to the respective storage devices ( 801 and 804 ).
  • the LUN security is performed by using both of the Node_Name and the N_Port_Name.
  • the LUN security may be performed by using any one of the Node_Name and the N_Port_Name.
  • any one of the Node_Name and the N_Port_Name, which is used in the LUN security may be stored in the conversion table.
  • the first protocol is the iSCSI protocol.
  • the first protocol may be a protocol other than the iSCSI protocol.
  • combinations of numbers for identifying the information processing device 10 and the storage device 30 according to the protocol and WWNs may be stored in the conversion table 28 .

Abstract

A network converter connected to an information processing device and a storage device so as to be communicable including a conversion table storage section which stores combinations of iSCSI names of the information processing device and the storage device and WWNs (World wide Name) of the information processing device and the storage device in a conversion table, a first identification number conversion section which converts the iSCSI names into the WWNs according to contents stored in the conversion table, and a second identification number conversion section which converts the WWs into the iSCSI names according to contents stored in the conversion table.

Description

    CROSS-REFERENCE TO RELATED APPLICATIONS
  • This is a continuation of U.S. patent application Ser. No. 10/884,672, filed Jul. 2, 2004, which is a continuation of U.S. patent Ser. No. 10/817,032, filed Apr. 2, 2004, application claims priority upon Japanese Patent Application No. 2003-343479 filed Oct. 1, 2003, the entire disclosure of which is incorporated herein by reference.
    • BACKGROUND OF THE INVENTION
  • 1. Field of the Invention
  • The present invention relates to a network converter and an information processing system.
  • 2. Description of the Related Art
  • Along with an improved communication speed of a LAN (Local Area Network), there has been rapid advancement in construction of an information processing system which transmits/receives data by using an iSCSI (internet Small Computer Systems Interface) protocol between an information processing device and a storage device. Details of the iSCSI protocol are described in “iSCSI” by Julian Satran and four others ([online], Hei 15 (2003) January 19, USA IETF (The Internet Engineering Task Force), [search on Hei 15 (2003) September 11], Internet <URL:http://www.ietf.org/internet-drafts/draft-ietf-ips-iscsi-20.txt>).
  • Also in such an environment, there has arisen a need to effectively use the storage device connected to the information processing device by use of a conventionally used Fibre Channel. Accordingly, a network converter has been used, which converts iSCSI protocol data and Fibre Channel protocol data between each other. As a representative example of the network converter, there is “SN5428 Storage Router” by Cisco Systems, Inc. Details of a method for setting the network converter and the like are described in Cisco Systems Inc., “Cisco SN5428 Storage Router Software Configuration Guide” ([online], Hei 15 (2003) June 24; Cisco Systems Inc., [search on Hei 15 (2003) September 11], Internet <http://www.cisco.com/japanese/warp/public/3/jp/service/manual_j/rt/5000/28srscg/index.html>).
  • As shown in FIG. 9, such a network converter includes a protocol conversion section 903 which converts an iSCSI protocol and a Fibre Channel protocol between each other, a WWN (World Wide Name) allocation section 904 and an extended instruction issuing section 905. The protocol conversion section 903 receives an IP packet from an information processing device 901 via a LAN, converts the IP packet into a Fibre Channel frame (hereinafter referred to as a “FC frame”) and transmits the FC frame to a storage device 908. Generally, when the information processing device has access to the storage device, the access is limited from the viewpoint of security. For example, there is LUN security which controls the access of the information processing device for each LUN (Logical Unit Number) that is a management number of a logical volume existing in a disk. In the LUN security, an identification number for identifying the information processing device is required and a WWN (World Wide Name) is often used in the case of the Fibre Channel. Details of the LUN security are described in Japanese Patent Application Laid-Open Publication No. 2000-276406.
  • It is required to realize the LUN security described above also in the case of the access via the LAN as shown in FIG. 9. Accordingly, a method for identifying the information processing device 901 by the storage device 908 is required. In the above-described “SN5428 Storage Router” by Cisco Systems Inc., the WWN allocation section 904 sequentially allocates “WWNs, which are set in a WWN management table 907 stored in a memory 906, to the respective information processing devices 901. Thus, a different WWN may be allocated to the same information processing device 901 for each access. Consequently, it is impossible to realize the LUN security using the WWNs in the storage device 908. Accordingly, the network converter 902 includes the extended instruction issuing section 905 which inserts an iSCSI name of the information processing device into an FC frame. The FC frame is not an instruction prepared in the Fibre Channel protocol. Thus, in order to realize the LUN security using the FC frame, it is required that an extended instruction analysis section 909 which analyzes the frame is provided in the storage device 908. The extended instruction analysis section 909 obtains the iSCSI name of the information processing device from the FC frame and controls the LUN security based on a security management table 911.
  • In order to realize the LUN security by use of the above-described method, it is required that the extended instruction analysis section 909 and the like are newly provided in the storage device 908. Accordingly, it is required to communicate with the information processing device, which transmits/receives data by use of the iSCSI protocol, in consideration for the LUN security without adding new components and the like to the storage device which transmits/receives data by use of the conventionally used Fibre Channel protocol as described above.
    • SUMMARY OF THE INVENTION
  • It is an object of the present invention to provide a network converter and an information processing system which solve the foregoing problems.
  • A network converter according to one embodiment of the present invention is connected to an information processing device and a storage device so as to be communicable and comprises:
  • a first protocol conversion section which converts data received from the information processing device according to a first protocol into data having a form determined by a Fibre Channel protocol and transmits the data to the storage device;
  • a second protocol conversion section which converts data received from the storage device according to the Fibre Channel protocol into data having a form determined by the first protocol and transmits the data to the information processing device;
  • a conversion table storage section which stores in a conversion table a combination of a first identification number which is a number for identifying the information processing device and the storage device according to the first protocol, and a second identification number which is a number for identifying the information processing device and the storage device according to the Fibre Channel protocol;
  • a first identification number conversion section which converts the first identification number into the second identification number in accordance with contents stored in the conversion table; and
  • a second identification number conversion section which converts the second identification number into the first identification number in accordance with contents stored in the conversion table.
  • Here, the first protocol may be, for example, an iSCSI protocol and the first identification number may be an iSCSI name. Moreover, the second identification number may be, for example, a WWN which is an identification number of the information processing device and the storage device in the Fibre Channel protocol.
  • Features and objects of the present invention other them the above will become clear by reading the description of the present specification with reference to the accompanying drawings.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • For a more complete understanding of the present invention and the advantages thereof, reference is now made to the following description taken in conjunction with the accompanying drawings wherein:
  • FIG. 1 is a block diagram showing an example of an entire information processing system according to a first embodiment;
  • FIG. 2 is a view showing an example of a conversion table according to the first embodiment;
  • FIG. 3 is a view showing an example of a security management table according to the first embodiment;
  • FIG. 4 is an example of a flowchart of a management terminal according to the first embodiment;
  • FIG. 5 is a view showing a conversion example from an IP packet into an FC frame in performing login processing of iSCSI according to the first embodiment;
  • FIG. 6 is an example of a flowchart from login of iSCSI up to execution of a SCSI command in consideration of LUN security according to the first embodiment;
  • FIG. 7 is a view showing an example of a login information storage table according to the first embodiment;
  • FIG. 8 is a block diagram showing an example of an entire information processing system according to a second embodiment; and
  • FIG. 9 is a block diagram showing an entire information processing system including a conventional network converter.
    •  DETAILED DESCRIPTION OF THE INVENTION
  • At least the following matters will be made clear by the explanation in the present specification and the description of the accompanying drawings.
    • First Embodiment
  • First, FIG. 1 shows a block diagram of an entire configuration example of an information processing system including network converters 20 according to a first embodiment of the present invention.
  • The information processing system according to this embodiment includes information processing devices 10, the network converters 20, storage devices 30 and a management terminal 40.
    • ==Information Processing Device==
  • The information processing device 10 is a computer including a CPU (Central Processing Unit) and a memory. The CPU included in the information processing device 10 executes various programs. Thus, various types of processing are realized. The information processing device 10 is utilized, for example, as a central computer in an ATM (Automated Teller Machine) system of a bank, a seat reservation system of an airline company and the like. The information processing device 10 can be implemented also as a mainframe computer and a personal computer.
  • Moreover, the information processing device 10 is connected to the network converter 20 via a LAN so as to be communicable and transmits a data I/O request for the storage device 30 to the network converter 20. As the data I/O request, there are, for example, a data read request, a data write request and the like. Note that the information processing device 10 communicates with the network converter 20 by use of an iSCSI protocol. As described above, the information processing device 10 according to this embodiment may be a conventional information processing device 10 capable of communicating using the iSCSI protocol. Thus, it is not required to add new components and the like.
    • ==Network Converter==
  • The network converter 20 is connected to the information processing device 10 via the LAN so as to be communicable and is connected to the storage device 30 via a SAN (Storage Area Network) so as to be communicable. In this embodiment, the SAN is a network in which communications are performed in accordance with a Fibre Channel protocol. Moreover, the network converter 20 is connected to the management terminal 40 so as to be communicable.
  • The network converter 20 includes a CPU 21, a memory 22 and the like. The network converter 20 further includes a first protocol conversion section 23, a second protocol conversion section 24, a conversion table storage section 25, a first identification number conversion section 26, a second identification number conversion section 27 and the like, all of which are controlled by the CPU 21. Note that the first and second protocol conversion sections 23 and 24 maybe included in one protocol conversion section and the first and the second identification number conversion sections 26 and 27 may be also included in one identification number conversion section.
  • Furthermore, these conversion sections may be realized as software which is defined as a computer software program executed by the CPU 21.
  • A Combination of an identification number of the information processing device 10 and the storage device 30 according to the iSCSI protocol and the Fibre Channel protocol is stored in a conversion table 28 in the memory 22. Here, the identification number according to the iSCSI protocol is an iSCSI name and the identification numbers according to the Fibre Channel protocol are an Node_Name and an N_Port_Name which are WWNs (World Wide Name).
  • The first protocol conversion section 23 converts a data I/O request for the storage device 30 according to the iSCSI protocol received from the information processing device 10 into an FC frame of the Fibre Channel protocol and transmits the FC frame to the storage device 30. When the first protocol conversion section 23 converts an IP packet into an FC frame, the first identification number conversion section 26 converts iSCSI names of the information processing device 10 and the storage device 30 into WWNs.
  • Moreover, the second protocol conversion section 24 converts a response to a data I/O request according to the Fibre Channel protocol received from the storage device 30 into an IP packet of the iSCSI protocol and transmits the IP packet to the information processing device 10. When the second protocol conversion section 24 converts an FC frame into an IP packet, the second identification number conversion section 27 converts WWNs of the information processing device 10 and the storage device 30 into iSCSI names.
  • Upon receipt of combinations of the iSCSI names and WWNs of the information processing device 10 and the storage device 30 from the management terminal 40, the conversion table storage section 25 stores the combinations in the conversion table 28.
    • ==Storage Device==
  • The storage device 30 is connected to the network converter 20 via the SAN so as to be communicable. The storage device 30 includes a controller 39 and a plurality of disks 31. In the disks 31 are set logical volumes 32. The logical volume 32 is a logical storage area including a physical storage area the disk 31 has. Note that a LUN (Logical Unit Number) is given to each of the logical volumes 32. Moreover, the controller 39 includes a security management table 35 in a memory 34. Furthermore, the controller 39 includes a security management table storage section 33. This storage section 33 may be realized by making a CPU included in the controller 39 execute computer software programs or may be realized by use of dedicated hardware.
  • The security management table 35 stores access enable/disable to the logical volumes for each of the information processing devices 10 accessing the storage devices or for each of the WWNs of the storage devices 30. FIG. 3 shows an example of the security management table. In columns of the WWNs, WWNs of the information devices 10 accessing the storage devices or those of the storage devices 30 are set. Moreover, in columns of LUN0 to LUNn, access enable/disable for the respective LUNs of the logical volumes is set. Here, “1” indicates that the access is enabled and “0” indicates that the access is disabled. The storage device 30 realizes LUN security that is an access control for each LUN by use of this security management table 35.
  • The storage device 30 according to this embodiment may be a conventional storage device 30 which performs communications according to the Fibre Channel protocol and performs the LUN security. Thus, it is not required to newly add components and the like.
    • ==Management Terminal==
  • The management terminal 40 includes a CPU, an input unit, a display unit, an identification number conversion notification section, an access enable/disable notification section and the like and is a computer connected to the network converter and the storage device so as to be communicable. Note that the management terminal 40 may be connected to a plurality of network converters 20 and a plurality of storage devices 30. Moreover, the management terminal 40 can be built into the network converter 20 or the storage device 30. The identification number conversion notification section notifies the conversion table storage section 25 included in the network converter 20 of the combination of the iSCSI name and the WWN, which is stored in the conversion table. Moreover, the access enable/disable notification section notifies the security management table storage section 33 included in the storage device 30 of the LUN access enable/disable for each WWN, which is stored in the security management table.
  • The management terminal 40 will be described in detail with referring to a flowchart of FIG. 4.
  • First, the management terminal 40 receives a combination of a target network converter 20 and a target storage device 30 from the input unit (S401). Thereafter, the management terminal 40 receives a combination of an iSCSI name and a WWN of the selected storage device 30 from the input unit (S402). Furthermore, the management terminal 40 receives a combination of an iSCSI name and a LUN of the information processing device 10, for which access is enabled, from the input unit (S403). Subsequently, the management terminal 40 selects whether or not a WWN of the information processing device is automatically generated (S404). In the case of automatically generating the WWN, the management terminal 40 automatically generates the WWN of the information processing device 10, for which the access is enabled (S405). As to a method for automatically generating the WWN, numbers within a fixed range may be allocated sequentially or randomly as long as a different WWN is allocated to each of the information processing devices 10. In the case of not automatically generating the WWN, the management terminal 40 receives a WWN of the information processing device 10, for which the access is enabled, from the input device (S406).
  • Next, the management terminal 40 associates the WWN allocated to the information processing device 10, for which the access is enabled, with the LUN which can be accessed by the information processing device 10 that is previously inputted. Thereafter, the access enable/disable notification section of the management terminal 40 transmits a combination of the WWN and the LUN of the information processing device 10, for which the access is enabled, to the security management table storage section 33 of the storage device 30 (S407). In this event, the access enable/disable notification section transmits a WWN which controls access denial to the security management table storage section 33 so that access to the WWN for all LUNs is disabled. Here, the WWN which controls the access denial is, for example, “FFFFFFFF” or the like.
  • Upon receipt of the combination described above, the security management table storage section 33 of the controller 39 stores the combination in the security management table 35 so as to permit access for the received combination of the WWN and the LUN. Specifically, for each of the received WWNs, “1” is set to the LUN for which access is enabled and “0” is set to the LUN not received for the WWN. Moreover, regarding the WWN which controls the access denial, the security management table storage section 33 sets “0” to all the LUNs for the WWN.
  • Next, the identification number conversion notification section of the management terminal 40 transmits the combination of the iSCSI name and the WWN of the storage device 30 to the conversion table storage section 25 of the network converter 20 (S408). Upon receipt of the combination described above, the conversion table storage section 25 stores the received combination of the iSCSI name and the WWN in the conversion table 28. Moreover, the management terminal 40 associates the WWN allocated to the information processing device 10 with the previously received iSCSI name of the information processing device 10. Accordingly, the identification number conversion notification section transmits the combination of the iSCSI name and the WWN of the information processing device 10, for which the access is enabled, to the conversion table storage section 25 (S409). In this event, the identification number conversion notification section also transmits the above-described WWN which controls the access denial to the conversion table storage section 25. Upon receipt of the combination, the conversion table storage section 25 stores the received combination of the iSCSI name and WWN in the conversion table 28. Moreover; the conversion table storage section 25 stores the WWN which controls the access denial in the conversion table 28. This is represented by a record in the conversion table 28 of FIG. 2, in which the iSCSI name is “default” and the WWN is “FFFFFFFF”.
    • ===Flow of Conversion Processing==
  • Here, a description will be given of processing of converting an IP packet of the iSCSI protocol received from the information processing device 10 into an FC frame and transmitting the FC frame to the storage device 30 in a state where the conversion table 28 and the security management table 35 are stored as described above.
  • First, the processing will be schematically described with reference to FIG. 5. An IP packet 500 received from the information processing device 10 includes an IP header 510 and an iSCSI protocol data unit 520. The IP header 510 includes a source IP address 511 and a destination IP address 512, which are used for data transfer through the LAN. The source IP address is an IP address of the information processing device 10 and the destination IP address is an IP address of the network converter 20. The iSCSI protocol data unit 520 includes a login request header 521 and a login parameter 522. The login parameter 522 includes an initiator iSCSI name 523 indicating a source in the iSCSI protocol and a target iSCSI name 524 indicating a destination in the iSCSI protocol. The initiator iSCSI name 523 is an iSCSI name of the information processing device 10 and the target iSCSI name 524 is, an iSCSI name of the storage device 30.
  • The network converter 20 converts the IP packet 500 into an FC frame 530. The FC frame 530 includes an FC header 540 and a PLOGI parameter 550. The FC header 540 includes a destination native address 541 (D_ID) and a source native address 542 (S_ID), which are native addresses used for data transfer through the Fibre Channel. The native addresses are allocated, for example, when the information processing device 10, the storage device 30 or the like logs into a fabric of the Fibre Channel, and the like. The PLOGI parameter 550 includes an N_Port_Name 551 and a Node_Name 552 of the information processing device 10 that is the source. Specifically, the network converter 20 converts the initiator iSCSI name 523 of the information processing device 10 into a WWN based on the conversion table 28 and sets the WWN to the N_Port_Name 551 and the Node_Name 552 of the FC frame 530. Upon receipt of the FC frame 530, the storage device 30 can determine access enable/disable from the information processing device 10 based on the N_Port_Name 551 and the Node_Name 552.
  • Next, details of the conversion processing will be described with reference to FIG. 6. First, the information processing device 10 transmits the IP packet 500 that is a login request of the iSCSI to the network converter (S601).
  • The first identification number conversion section 26 of the network converter 20 obtains, from the conversion table 28; a WWN of the information processing device 10, which corresponds to the initiator iSCSI name 523 included in the IP packet 500 (S602). Here, when the initiator iSCSI name 523 is not stored in the conversion table 28, the first identification number conversion section 26 obtains a WWN “FFFFFFFF” which has an iSCSI name “default” and controls access denial. Next, the first protocol conversion section 23 of the network converter 20 allows the information processing device 10 to log into the fabric of the Fibre Channel (S603). Thus, the first protocol conversion section 23 obtains a native address of the information processing device 10 (S604).
  • Next, the first identification number conversion section 26 acquires, from the conversion table 28, a WWN of the storage device 30, which corresponds to the target iSCSI name 524 included in the IP packet 500 (S605). The first protocol conversion section 23 acquires a native address of the storage device 30 based on the WWN of the storage device 30 (S606). Note that conversion of the WWN into the native address and conversion of the native address into the WWN can be acquired by use of a method such as contacting a name server of the Fibre Channel. The first protocol conversion section 23 forms the FC frame 530 by use of the native addresses of the information processing device 10 and the storage device 30, which are acquired as described above, and the WWN of the information processing device 10 and transmits the FC frame 530 to the storage device 30 (S607).
  • Upon receipt of the FC frame 530, the controller 39 of the storage device 30 stores a combination of the WWN and the native address of the information processing device 10 in a login information storage table 701 shown in FIG. 7 and transmits an ACC frame that is a notification of login completion to the network converter 20 (S608).
  • Upon receipt of the ACC frame, the second protocol conversion section 24 of the network converter 20 acquires WWNs of the information processing device 10 and the storage device 30 based on the native addresses of the information processing device 10 and the storage device 30, which are included in the ACC frame (S609). Next, the second identification number conversion section 27 of the network converter 20 acquires iSCSI names corresponding to the WWNs of the information processing device 10 and the storage device 30 from the conversion table 28 (S610). The second protocol conversion section 24 forms an IP packet that is a login response of the iSCSI, which includes the iSCSI names of the information processing device 10 and the storage device 30, and transmits the IP packet to the information processing device 10 (S611).
  • Upon receipt of the login response of the iSCSI, the information processing device 10 forms an IP packet including a SCSI command specifying a LUN of an access target and transmits the IP packet to the network converter 20 (S612).
  • The first identification number conversion section 26 of the network converter 20 acquires, from the conversion table 28, WWNs of the information processing device 10 and the storage device 30, the WWNs corresponding to an initiator iSCSI name and a target iSCSI name which are included in the IP packet (S613). Next, the first protocol conversion section 23 of the network converter 20 acquires native addresses of the information processing device 10 and the storage device 30 based on the WWNs of the information processing device 10 and the storage device 30 (S614). The first protocol conversion section 23 forms an FC frame including the native address of the information processing device 10 and the LUN of the access target and transmits the FC frame to the storage device 30 (S615).
  • The controller 39 of the storage device 30 acquires a WWN of the information processing device 10 from the login information storage table 701 based on the native address of the information processing device 10, which is included in the FC frame, and checks access enable/disable of the information processing device 10 based on the WWN and the LUN of the access target (S616). The storage device 30 forms an FC frame including a result of processing of the SCSI command and transmits the FC frame to the network converter 20 (S617).
  • Upon receipt of the FC frame, the second protocol conversion section 24 of the network converter 20 acquires WWNs of the information processing device 10 and the storage device 30 based on the native addresses of the information processing device 10 and the storage device 30, which are included in the FC frame (S618). Next, the second identification number conversion section 27 of the network converter 20 acquires iSCSI names corresponding to the WWNs of the information processing device 10 and the storage device 30 from the conversion table 28 (S619). The second protocol conversion section 24 forms an IP packet that is a result of processing of the SCSI command by use of the iSCSI names of the information processing device 10 and the storage device 30 and transmits the IP packet to the information processing device 10 (S620).
  • When the information processing device 10 receives the IP packet that is the result of processing of the SCSI command (S621), a series of processing from the login in the iSCSI to the SCSI command execution is completed. Note that, in the series processing, the processing performed by the information processing device 10 is a normal one in the iSCSI protocol. Thus, by using the network converter 20, it is not required to add new components and the like to the information processing device 10. Similarly, the processing performed by the controller 39 of the storage device 30 is a normal one in the Fibre Channel protocol. Thus, by using the network converter 20, it is not required to add new components and the like to the storage device 30.
  • As described above, by using the above-described network converter 20, it is possible to communicate with the information processing device 10 which transmits/receives data according to the iSCSI protocol, in consideration of the LUN security without adding new components and the like to the storage device 30 which transmits/receives data according to the conventionally used Fibre Channel protocol. Thus, it is possible to construct an information processing system, which makes effective use of existing resources.
  • Moreover, the identification number conversion notification section of the management terminal 40 transmits, to the network converter 20, the combination of the iSCSI name and the WWN only for the storage device 30 and the information processing device 10 for which the access to the storage device 30 is enabled. Specifically, the management terminal 40 is not required to generate a combination of an iSCSI name and a WWN for the information processing device 10 for which access is not enabled. Thus, it is possible to prevent unauthorized access to the storage device 30 from the information processing device 10. Moreover, in the conversion table 28 and the security management table 35, only the information processing device 10 having access permission may be stored. Thus, memory resources can be saved.
    • Second Embodiment
  • Next, FIG. 8 shows a block diagram of an entire configuration example of an information processing system including a network converter 20 according to a second embodiment.
  • The information processing system according to this embodiment includes a storage device 1 (801), a network converter 1 (802), a network converter 2 (803) and a storage device 2 (804). The storage device 1 (801) and the network converter 1 (802) are connected to each other via a SAN so as to be communicable. Similarly, the storage device 2 (804) and the network converter 2 (803) are connected to each other via the SAN so as to be communicable. Moreover, the network converter 1 (802) and the network converter 2 (803) are connected to each other via a LAN so as to be communicable. Note that the respective storage devices (801 and 804) have the same configuration as that of the storage device 30 according to the first embodiment. In addition, the respective network converters (802 and 803) have the same configuration as that of the network converter 20 according to the first embodiment.
  • In such an information processing system, data transmission/reception between the storage devices 1 (801) and 2 (804) in consideration of LUN security according to the Fibre Channel protocol can be performed through the LAN. Here, as an example, a description will be given of a case where the storage device 1 (801) transmits a data write request to the storage device 2 (804). First, the storage device 1 (801) transmits an FC frame of a write request to a LUN of the storage device 2 (804) to the network converter 1 (802) (S801). The network converter 1 (802) transmits an IP packet to the network converter 2 (803), the IP packet including iSCSI names acquired by converting WWNs of the respective storage devices (801 and 804). The network converter 2 (803) transmits an FC frame to the storage device 2 (804), the FC frame including WWNs acquired by converting iSCSI names of the respective storage devices (801 and 804) (S804). Based on the received FC frame, the storage device 2 (804) can execute write processing after determining access enable/disable to the LUN from the storage device 1 (801).
  • Note that the processing performed by the respective storage devices (801 and 804) in the series of processing is a normal one in the Fibre Channel protocol. Thus, by using the respective network converters (802 and 803), it is not required to newly add components and the like to the respective storage devices (801 and 804).
  • As described above, by use of the above-described network converters, between the storage devices which transmit/receive data according to the Fibre Channel protocol, data transmission/reception in consideration of LUN security can be performed through the LAN. Specifically, in such cases as when data is backed up between the storage devices, which transmit/receive data according to the Fibre Channel, as a means of disaster recovery, it is possible to use the LAN capable of constructing a long-distance network at lower cost than the SAN.
  • Although the first and second embodiments have been described above, the foregoing embodiments are for facilitating understanding of the present invention and not for interpreting the present invention by placing limitations thereon. The present invention can be changed and modified without departing from spirit of the invention. In addition, the present invention also includes equivalents thereof.
  • For example, in the first and second embodiments, the LUN security is performed by using both of the Node_Name and the N_Port_Name. However, the LUN security may be performed by using any one of the Node_Name and the N_Port_Name. In this case, any one of the Node_Name and the N_Port_Name, which is used in the LUN security, may be stored in the conversion table.
  • Moreover, in the first and second embodiments, the first protocol is the iSCSI protocol. However, the first protocol may be a protocol other than the iSCSI protocol. In this case, combinations of numbers for identifying the information processing device 10 and the storage device 30 according to the protocol and WWNs may be stored in the conversion table 28.
  • Although the preferred embodiment of the present invention has been described in detail, it should be understood that various changes, substitutions and alterations can be made therein without departing from spirit and scope of the inventions as defined by the appended claims.

Claims (8)

1. A computer configured for connection via a network to a storage device and to a network converter connecting the storage device to an information processing device comprising:
a processor;
a memory;
an input section; and
an output section,
wherein the input section receives first information relating to a combination of a storage region of the storage device and the information processing device for which access is enabled,
wherein the memory stores the first information,
wherein the processor, based on the first information, determines a first identifier according to a first protocol in a network which connects the storage device and the network converter, with respect to the information processing device corresponding to a storage region of the storage device,
wherein the processor, based on the first information, determines a second identifier according to a second protocol in a second network connecting the information processing device and the network converter, with respect to the storage device corresponding to the information processing device corresponding to the first identifier.
2. A computer according to claim 1, wherein the processor obtains information of the second identifier allocated to the storage device via the input section and, based on the information of the second identifier, determines the second identifier corresponding to the first identifier.
3. A computer according to claim 1, wherein the processor obtains information relating to the first identifier allocated to the information processing device via the input section and, based on the information of the first identifier, determines the first identifier.
4. A computer according to claim 3, wherein the second protocol is an iSCSI protocol and the second identifier is an iSCSI name.
5. A computer according to claim 4, wherein the first protocol is a Fibre Channel protocol and the first identifier is a Node_Name.
6. A computer according to claim 4, wherein the first protocol is a Fibre Channel protocol, and the first identifier is an N_Port_Name.
7. A computer according to claim 4, wherein the first protocol is a Fibre Channel protocol, and the first identifier is a combination of a Node_Name and an N_Port_Name.
8. A computer configured for connection via network to a storage device, and to a network converter connected via a Fibre Channel network to the storage device and connected via an internet protocol network to an information processing device, respectively, comprising:
a processor;
a memory;
an input section; and
an output section,
wherein the input section receives first information relating to a combination of a logic unit number (LUN) allocated to a storage region of the storage device and an iSCSI name allocated to the information processing device for which access is enabled,
wherein the memory stores the first information,
wherein the processor, based on the first information, determines a worldwide name (WWN) which is an identifier of a Fibre Channel with respect to the information processing device corresponding to the LUN,
wherein the processor, based on the first information, determines an iSCSI name with respect to the storage device corresponding to the information processing device to which the WWN is allocated, and
wherein the processor, based on the first information, sends an iSCSI name and WWN of the information processing device for which access is enabled to the storage device and notifies an iSCSI name and WWN of the information processing device and accessibility of the information processing device to the network converter.
US12/365,688 2003-10-01 2009-02-04 Network Converter and Information Processing System Abandoned US20090138613A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US12/365,688 US20090138613A1 (en) 2003-10-01 2009-02-04 Network Converter and Information Processing System

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
JP2003343479A JP4137757B2 (en) 2003-10-01 2003-10-01 Network converter and information processing system
JP2003-343479 2003-10-01
US10/817,032 US7386622B2 (en) 2003-10-01 2004-04-02 Network converter and information processing system
US10/884,672 US20050076167A1 (en) 2003-10-01 2004-07-02 Network converter and information processing system
US12/365,688 US20090138613A1 (en) 2003-10-01 2009-02-04 Network Converter and Information Processing System

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
US10/884,672 Continuation US20050076167A1 (en) 2003-10-01 2004-07-02 Network converter and information processing system

Publications (1)

Publication Number Publication Date
US20090138613A1 true US20090138613A1 (en) 2009-05-28

Family

ID=34309113

Family Applications (3)

Application Number Title Priority Date Filing Date
US10/817,032 Expired - Fee Related US7386622B2 (en) 2003-10-01 2004-04-02 Network converter and information processing system
US10/884,672 Abandoned US20050076167A1 (en) 2003-10-01 2004-07-02 Network converter and information processing system
US12/365,688 Abandoned US20090138613A1 (en) 2003-10-01 2009-02-04 Network Converter and Information Processing System

Family Applications Before (2)

Application Number Title Priority Date Filing Date
US10/817,032 Expired - Fee Related US7386622B2 (en) 2003-10-01 2004-04-02 Network converter and information processing system
US10/884,672 Abandoned US20050076167A1 (en) 2003-10-01 2004-07-02 Network converter and information processing system

Country Status (4)

Country Link
US (3) US7386622B2 (en)
EP (1) EP1521417B1 (en)
JP (1) JP4137757B2 (en)
DE (1) DE602004017099D1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090172144A1 (en) * 2004-04-27 2009-07-02 Kenichi Shimooka Id collection and management apparatus, method and program of computer
US20100115131A1 (en) * 2008-11-03 2010-05-06 International Business Machines Corporation Maintaining Storage Area Network ('SAN') Access Rights During Migration Of Operating Systems
US9397937B2 (en) 2011-03-09 2016-07-19 Nec Corporation Computer system, server, open flow controller and communication method

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7760727B2 (en) * 2005-06-27 2010-07-20 Lsi Corporation System & method for fabric storage utilizing multicast with distributed intelligence
JP4676850B2 (en) * 2005-09-16 2011-04-27 株式会社リコー Data processing system, data management device, program, and recording medium
JP4929808B2 (en) * 2006-04-13 2012-05-09 富士通株式会社 Network device connection apparatus and network device connection method
WO2009039384A2 (en) * 2007-09-20 2009-03-26 C & S Operations, Inc. Computer system with multiple terminals
US20090094500A1 (en) * 2007-10-05 2009-04-09 Chris Swekel Dynamic generator of unique world wide numbers
TWI348850B (en) * 2007-12-18 2011-09-11 Ind Tech Res Inst Packet forwarding apparatus and method for virtualization switch
US8612809B2 (en) 2009-12-31 2013-12-17 Intel Corporation Systems, methods, and apparatuses for stacked memory
JP2012137850A (en) * 2010-12-24 2012-07-19 Fujitsu Ltd Distribution file operation program, distribution file operation device and distribution file operation method
US9589272B2 (en) 2011-08-19 2017-03-07 Flipp Corporation System, method, and device for organizing and presenting digital flyers
CN113329103B (en) * 2020-02-29 2022-08-26 杭州迪普科技股份有限公司 Method and apparatus for executing commands for network devices

Citations (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6400730B1 (en) * 1999-03-10 2002-06-04 Nishan Systems, Inc. Method and apparatus for transferring data between IP network devices and SCSI and fibre channel devices over an IP network
US20020099797A1 (en) * 2001-01-25 2002-07-25 Merrell Alan Ray Architecture for access to embedded files using a san intermediate device
US20030014600A1 (en) * 2001-07-13 2003-01-16 Ryuske Ito Security for logical unit in storage subsystem
US20030031187A1 (en) * 2001-08-10 2003-02-13 Peter Heffernan External storage for modular computer systems
US20030084219A1 (en) * 2001-10-26 2003-05-01 Maxxan Systems, Inc. System, apparatus and method for address forwarding for a computer network
US20030093541A1 (en) * 2001-09-28 2003-05-15 Lolayekar Santosh C. Protocol translation in a storage system
US20030140193A1 (en) * 2002-01-18 2003-07-24 International Business Machines Corporation Virtualization of iSCSI storage
US20030145045A1 (en) * 2002-01-31 2003-07-31 Greg Pellegrino Storage aggregator for enhancing virtualization in data storage networks
US20030145116A1 (en) * 2002-01-24 2003-07-31 Andrew Moroney System for communication with a storage area network
US20030149829A1 (en) * 2002-02-06 2003-08-07 Basham Robert Beverley Implicit addressing sequential media drive with intervening converter simulating explicit addressing to host applications
US20030236837A1 (en) * 2000-03-03 2003-12-25 Johnson Scott C. Content delivery system providing accelerate content delivery
US6683883B1 (en) * 2002-04-09 2004-01-27 Sancastle Technologies Ltd. ISCSI-FCP gateway
US20040019686A1 (en) * 2002-07-24 2004-01-29 Hitachi, Ltd. Switching node apparatus for storage network and method of accessing remote storage apparatus
US20040030822A1 (en) * 2002-08-09 2004-02-12 Vijayan Rajan Storage virtualization by layering virtual disk objects on a file system
US20040139240A1 (en) * 2003-01-15 2004-07-15 Hewlett-Packard Company Storage system with LUN virtualization
US6766412B2 (en) * 2001-03-31 2004-07-20 Quantum Corporation Data storage media library with scalable throughput rate for data routing and protocol conversion
US20040148376A1 (en) * 2002-06-28 2004-07-29 Brocade Communications Systems, Inc. Storage area network processing device
US20050066045A1 (en) * 2003-09-03 2005-03-24 Johnson Neil James Integrated network interface supporting multiple data transfer protocols
US6895461B1 (en) * 2002-04-22 2005-05-17 Cisco Technology, Inc. Method and apparatus for accessing remote storage using SCSI and an IP network
US7107328B1 (en) * 2003-06-03 2006-09-12 Veritas Operating Corporation Storage area network (SAN) device logical relationships manager
US7181439B1 (en) * 2003-04-25 2007-02-20 Network Appliance, Inc. System and method for transparently accessing a virtual disk using a file-based protocol
US7188194B1 (en) * 2002-04-22 2007-03-06 Cisco Technology, Inc. Session-based target/LUN mapping for a storage area network and associated method
US7200610B1 (en) * 2002-04-22 2007-04-03 Cisco Technology, Inc. System and method for configuring fibre-channel devices
US7260737B1 (en) * 2003-04-23 2007-08-21 Network Appliance, Inc. System and method for transport-level failover of FCP devices in a cluster
US7272848B1 (en) * 2001-02-13 2007-09-18 Network Appliance, Inc. Method for device security in a heterogeneous storage network environment
US7293152B1 (en) * 2003-04-23 2007-11-06 Network Appliance, Inc. Consistent logical naming of initiator groups

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP3744248B2 (en) 1999-03-29 2006-02-08 株式会社日立製作所 Fiber channel connected storage subsystem and access method thereof
JP2002014777A (en) 2000-06-29 2002-01-18 Hitachi Ltd Data moving method and protocol converting device, and switching device using the same
JP3972596B2 (en) 2001-04-20 2007-09-05 株式会社日立製作所 Disk array system
US7707304B1 (en) 2001-09-28 2010-04-27 Emc Corporation Storage switch for storage area network
JP3993773B2 (en) 2002-02-20 2007-10-17 株式会社日立製作所 Storage subsystem, storage control device, and data copy method

Patent Citations (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6400730B1 (en) * 1999-03-10 2002-06-04 Nishan Systems, Inc. Method and apparatus for transferring data between IP network devices and SCSI and fibre channel devices over an IP network
US20030236837A1 (en) * 2000-03-03 2003-12-25 Johnson Scott C. Content delivery system providing accelerate content delivery
US20020099797A1 (en) * 2001-01-25 2002-07-25 Merrell Alan Ray Architecture for access to embedded files using a san intermediate device
US7272848B1 (en) * 2001-02-13 2007-09-18 Network Appliance, Inc. Method for device security in a heterogeneous storage network environment
US6766412B2 (en) * 2001-03-31 2004-07-20 Quantum Corporation Data storage media library with scalable throughput rate for data routing and protocol conversion
US20030014600A1 (en) * 2001-07-13 2003-01-16 Ryuske Ito Security for logical unit in storage subsystem
US20030031187A1 (en) * 2001-08-10 2003-02-13 Peter Heffernan External storage for modular computer systems
US20030093541A1 (en) * 2001-09-28 2003-05-15 Lolayekar Santosh C. Protocol translation in a storage system
US20030084219A1 (en) * 2001-10-26 2003-05-01 Maxxan Systems, Inc. System, apparatus and method for address forwarding for a computer network
US20030140193A1 (en) * 2002-01-18 2003-07-24 International Business Machines Corporation Virtualization of iSCSI storage
US20030145116A1 (en) * 2002-01-24 2003-07-31 Andrew Moroney System for communication with a storage area network
US20030145045A1 (en) * 2002-01-31 2003-07-31 Greg Pellegrino Storage aggregator for enhancing virtualization in data storage networks
US20030149829A1 (en) * 2002-02-06 2003-08-07 Basham Robert Beverley Implicit addressing sequential media drive with intervening converter simulating explicit addressing to host applications
US6683883B1 (en) * 2002-04-09 2004-01-27 Sancastle Technologies Ltd. ISCSI-FCP gateway
US6895461B1 (en) * 2002-04-22 2005-05-17 Cisco Technology, Inc. Method and apparatus for accessing remote storage using SCSI and an IP network
US7188194B1 (en) * 2002-04-22 2007-03-06 Cisco Technology, Inc. Session-based target/LUN mapping for a storage area network and associated method
US7200610B1 (en) * 2002-04-22 2007-04-03 Cisco Technology, Inc. System and method for configuring fibre-channel devices
US20040148376A1 (en) * 2002-06-28 2004-07-29 Brocade Communications Systems, Inc. Storage area network processing device
US20040019686A1 (en) * 2002-07-24 2004-01-29 Hitachi, Ltd. Switching node apparatus for storage network and method of accessing remote storage apparatus
US20040030822A1 (en) * 2002-08-09 2004-02-12 Vijayan Rajan Storage virtualization by layering virtual disk objects on a file system
US20040139240A1 (en) * 2003-01-15 2004-07-15 Hewlett-Packard Company Storage system with LUN virtualization
US7260737B1 (en) * 2003-04-23 2007-08-21 Network Appliance, Inc. System and method for transport-level failover of FCP devices in a cluster
US7293152B1 (en) * 2003-04-23 2007-11-06 Network Appliance, Inc. Consistent logical naming of initiator groups
US7181439B1 (en) * 2003-04-25 2007-02-20 Network Appliance, Inc. System and method for transparently accessing a virtual disk using a file-based protocol
US7107328B1 (en) * 2003-06-03 2006-09-12 Veritas Operating Corporation Storage area network (SAN) device logical relationships manager
US20050066045A1 (en) * 2003-09-03 2005-03-24 Johnson Neil James Integrated network interface supporting multiple data transfer protocols

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090172144A1 (en) * 2004-04-27 2009-07-02 Kenichi Shimooka Id collection and management apparatus, method and program of computer
US20100115131A1 (en) * 2008-11-03 2010-05-06 International Business Machines Corporation Maintaining Storage Area Network ('SAN') Access Rights During Migration Of Operating Systems
US8055736B2 (en) * 2008-11-03 2011-11-08 International Business Machines Corporation Maintaining storage area network (‘SAN’) access rights during migration of operating systems
US9397937B2 (en) 2011-03-09 2016-07-19 Nec Corporation Computer system, server, open flow controller and communication method

Also Published As

Publication number Publication date
EP1521417A3 (en) 2005-12-07
DE602004017099D1 (en) 2008-11-27
US20050086444A1 (en) 2005-04-21
JP2005110118A (en) 2005-04-21
EP1521417B1 (en) 2008-10-15
EP1521417A2 (en) 2005-04-06
US7386622B2 (en) 2008-06-10
US20050076167A1 (en) 2005-04-07
JP4137757B2 (en) 2008-08-20

Similar Documents

Publication Publication Date Title
US20090138613A1 (en) Network Converter and Information Processing System
JP4311637B2 (en) Storage controller
US6665714B1 (en) Method and apparatus for determining an identity of a network device
US7502898B2 (en) Method and apparatus for managing access to storage devices in a storage system with access control
US6845395B1 (en) Method and apparatus for identifying network devices on a storage network
US8700587B2 (en) Security method and system for storage subsystem
US6839747B1 (en) User interface for managing storage in a storage system coupled to a network
US6295575B1 (en) Configuring vectors of logical storage units for data storage partitioning and sharing
US7260636B2 (en) Method and apparatus for preventing unauthorized access by a network device
EP1908261B1 (en) Client failure fencing mechanism for fencing network file system data in a host-cluster environment
JP4512179B2 (en) Storage apparatus and access management method thereof
US20050278465A1 (en) Methods and structure for supporting persistent reservations in a multiple-path storage environment
US20040068561A1 (en) Method for managing a network including a storage system
US7367050B2 (en) Storage device
CN101808123B (en) Method and device for accessing storage resources in storage system
JP2003030053A (en) Storage subsystem having security function for each logical unit
US7234020B2 (en) Fault notification based on volume access control information
US7581007B2 (en) Method, apparatus and services for leasing volumes
US20040093607A1 (en) System providing operating system independent access to data storage devices

Legal Events

Date Code Title Description
STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION