1. Field of the Invention
The invention relates generally to storage systems and more specifically relates to methods and structure for masking access to logical volumes. The logical volumes are provisioned within storage enclosures configured to define logical unit numbers (LUNs) for the logical volumes within the enclosure.
2. Discussion of Related Art
High capacity storage systems may include hundreds or thousands of storage devices (e.g., magnetic/optical disk drives and/or solid-state drives). Often, groups of the storage devices are physically configured within a storage enclosure. The enclosure provides common power and cooling for the storage devices within the enclosure. Enclosures that provide limited control logic within the enclosure are often referred to as Just a Box of Disks (“JBOD”). Some enclosures provide substantial control logic including, for example, Redundant Array of Independent Disks (RAID) storage management to provide enhanced reliability and performance. Such enclosures may incorporate one or more RAID storage controllers and are often referred to as a RAID Box of Disks (RBOD). Each enclosure (JBOD or RBOD) may have one or more logical devices (i.e., sometimes referred to as “logical drives” or “logical volumes”) configured—each provisioned by portions of one or more of the storage devices within the enclosure. Each such logical device is typically identified by a corresponding logical unit number (“LUN”). LUNs are simply numbers used to identify the corresponding logical device to external host systems. Control logic of the enclosure may include mapping information to map a LUN and a logical address received in an I/O request into corresponding physical locations of one or more affected physical storage devices.
It is generally desirable to provide some level of masking or permissions associated with LUNs within a storage enclosure so that particular LUNs may be exposed to certain host system while other LUNs may be hidden from particular host systems. Such permission masking enables security in the configuration of a storage system comprising multiple enclosures. Some storage enclosure vendors provide some form of permission masking or access control while other vendors may provide none. Where a storage system comprises a homogenous collection of enclosures all from the same vendor, the permission masking or access control will be managed in a uniform manner among all the enclosures.
However, it is a problem to provide uniform management of permission masking or access control for logical volumes (i.e., for LUNs identifying each of multiple logical devices) where the system comprises a heterogeneous collection of enclosures from multiple vendors. Each vendor may provide a different management interface for managing permissions and access control. Further, some vendors may offer no such permission or access control.
Thus it is an ongoing challenge to simplify management of permissions or access control associated with logical devices identified by LUNs within one or more storage enclosures of the storage system.