Storage systems based on disks, tapes, or disk arrays attached to a shared communication channel such as a SCSI (small computer system interface) bus, FibreChannel, or SSA are commonly used in computer systems. The SCSI protocol was originally implemented as a protocol for communication between a single host computer and a number of peripheral devices on a SCSI bus. Hence, there was no need for security protocols of the types used in networks on the on the SCSI bus.
Recently, devices that communicate by the SCSI protocol and service multiple host computers via a bus utilizing the SCSI protocol have become common. For example, RAID systems consisting of a number of disk drives connected to a RAID controller are used to provide error tolerant storage systems. The RAID controller is connected to a bus utilizing a SCSI communications protocol that can be accessed by multiple host computers in some systems. The RAID controller looks like a single disk drive that is connected to the other computers in the system by a SCSI bus. Each computer accessing the RAID controller utilizes the SCSI protocol and sees the RAID system as a single disk connected thereto. If the host systems do not coordinate their reading and writing activities, the data stored on the RAID system can become corrupted. In addition, security considerations often require that the level of access be varied according to the host utilizing the device.
This type of security problem is well-known in networked computer systems. Such systems include many protocols that provide various levels of access protection for data stored on a server. The server software implements the security protocols. For example, each file on the server can be provided with individualized security, which restricts reading to a first group of hosts and writing to a second group of hosts. Unfortunately, there is no method for implementing such procedures on a shared SCSI bus because of the limited communication protocols implemented in the SCSI protocol.
In principle, more complex protection schemes could be implemented within the framework of the storage devices themselves using an extension of the existing SCSI protocol. Unfortunately, these protocols cannot be extended to include other functions without complex negotiations inside the standards organization that define the SCSI protocols.
In principle, a non-standard protocol can be implemented to provide extended protection at the device level by utilizing a non-standard SCSI protocol and altering the relevant drivers in all of the hosts and devices that access the SCSI bus. Unfortunately, the owner of the SCSI bus may not have access to all of the possible hosts, and hence, the altered protocols will prevent the unaltered SCSI drivers from accessing data on the SCSI bus.
Broadly, it is the object of the present invention to provide an improved data protection protocol that can be implemented within the existing SCSI without requiring formal extension of the SCSI protocols by the relevant standards committees.
It is a further object of the present invention to provide an improved data protection protocol that can operate in the SCSI framework without requiring all hosts and devices to be modified.
These and other objects of the present invention will become apparent to those skilled in the art from the following detailed description of the invention and the accompanying drawings.