The present invention generally relates to controlling access to devices and, more particularly, to a system and method for programmatically managing access by a host system to one or more devices operatively connected to the host system.
In order to remain competitive and to manage technological changes, computer systems are becoming increasingly powerful and more complex. A primary motivation for this has been large database applications and more data-intensive applications. As systems have increased in complexity, so have demands for an improved data storage and communications capabilities. Computer architectures historically were founded on the principal that storage devices were xe2x80x9cownedxe2x80x9d by a host computer or node to which they were attached. More recently, computer architecture models are moving increased intelligence to data storage devices and channels to facilitate data transmission and storage.
Channels and networks are two basic types of data communications topologies typically employed between processors and between a processor and peripherals. A xe2x80x9cchannelxe2x80x9d provides a direct or switched point-to-point connection between communicating devices. The channel""s primary task is to transport data at the highest possible data rate with the least amount of delay. Channels typically perform simple error correction in hardware. A xe2x80x9cnetwork,xe2x80x9d by contrast, is an aggregation of distributed nodes (e.g., workstations, mass storage units, etc.) with its own protocol that supports interaction among these nodes. Typically, each node contends for the transmission medium, and each node must be capable of recognizing error conditions on the network and must provide the error management required to recover from the error conditions.
A hybrid type of communications interconnect is Fibre Channel, which attempts to combine the benefits of both channel and network technologies. Fibre Channel protocol is being developed and adopted under the American National Standard for Information Systems (ANSI). Briefly stated, Fibre Channel is a switched protocol that allows concurrent communication among workstations, super computers and various peripherals. The total network bandwidth provided by Fibre Channel may be on the order of a terabit per second. Fibre Channel is capable of transmitting frames at rates exceeding 1 gigabit per second in both directions simultaneously. It is also able to transport commands and data according to existing protocols, such as Internet protocol (IP), small computer system interface (SCSI), high performance parallel interface (HIPPI), and intelligent peripheral interface (IPI) over both optical fiber and copper cable.
The evolution and standardization of Fibre Channel has had a profound impact related to data storage. Fibre Channel permits both more rapid access and access at a greater distance (e.g., in excess of 10 km) than other conventional data storage topologies. Because Fibre Channel permits greater distance between devices, it also has advantages in disaster recovery situations, as storage devices can be placed remotely. One particular data storage arena in which Fibre Channel is prompting substantial interest is shared storage systems, such as storage area networks (SANs), through which a plurality of hosts may share access to a network of associated storage devices.
A typical SAN architecture is formed of multiple storage systems and a logically isolated network. The storage systems may include virtually any type of storage device, such as disk, tape, etc. The network portion includes adapters, wiring, bridges, hubs, switches and directors. Briefly stated, the adapters attach servers and peripherals to the wiring (e.g., optical fibers or other wiring) in the network. The bridges convert from one protocol to another, such as from SCSI to Fibre Channel. The hubs, switches and directors provide a central connection point and routing capabilities in a typical SAN data bus. A SAN environment enables a plurality of storage devices to be considered a shared storage pool capable of being accessed by multiple host machines. As more than one device may require access to a given storage device at the same time, difficulties may arise in managing access to the storage devices of the SAN.
A hardware-based switching architecture has been proposed to selectively control access to storage devices connected to a SAN. For example, Fibre Channel switches are employed to create zones that restrict the ability of individual Fibre Channel nodes on the SAN to communicate with each other and associated storage devices. In a storage architecture in which multiple storage devices are organized as an array of logical units (e.g., within a cabinet), another approach is to implement hardware-based LUN masking. In LUN masking, switches are employed, usually in the SAN, to control access between a host machine and selected logical units corresponding to the associated storage devices. For example, a Fibre Channel switch determines for which Fibre Channel node and which logical unit number a particular command is targeted and performs masking at the logical unit number level.
Because insufficient standards have been developed for the interface used to control the hardware switches, however, it may be difficult to effectively implement LUN masking in most systems. In particular, the management interface for each storage device and host machine usually varies between manufacturers. Consequently, different interfaces usually are required when a system comprises storage devices and/or host machines from different manufacturers. Moreover, the hardware itself (e.g., the switches and cabinet) often may be prohibitively expensive for smaller organizations that may desire to employ them for shared storage. Also, where different host machines connected a SAN system employ different operating systems, difficulties may arise when the different machines attempt to access the same storage device (or logical unit) simultaneously. Additionally, if multiple hosts are connected to the same storage devices, there is an increased likelihood of file systems being corrupted, such as through periodic monitoring of the devices by each host.
The present invention relates to a system and method for programmatically managing access between a node and one or more associated devices, such as storage units. One or more data structures may be programmed at the node to identify whether an associated device is to be within the scope of the node. The node""s scope is determined based on the data structure of the node, which may be dynamically changed by programmatically modifying the data structure.
In accordance with an aspect of the present invention, an interface is employed to identify devices attached to the node. The node, for example, has a first data structure which indicates devices attached to the node. The node also has a second data structure indicating whether an associated device is to be hidden or exposed relative to the node. For example, the second data structure may be in the form of an inclusion list, indicating which device(s) are within the node""s scope, and/or an exclusion list, indicating which identified device(s) are not within the node""s scope. A programmatic interface may be employed to modify the second data structure in a selected manner. As a result, selected attached devices may be dynamically brought into and/or out of the node""s scope. In a shared storage system, the interface simplifies management of the shared storage devices and mitigates device conflicts. Boot time may also be reduced for a node configured in accordance with the present invention, as the operating system need access and mount associated devices based on the second data structure of the node.
In accordance with another aspect of the present invention, one or more controllers on a node may be operatively coupled to a shared storage system having multiple target storage units. Each controller employs a programmable data structure, which defines associated devices operatively attached to the node that are to be functionally exposed or hidden relative to the controller. The data structure may include persistent and/or temporary components. The temporary and/or persistent components may be modified by an interface employed in a predetermined manner. A device object is created at the controller for each associated device, as defined by the data structure of the controller. Each device object is linked to a higher-level object, such as a class driver, for controlling operation of the associated device in response to commands from the controller.
In accordance with another aspect of the present invention, a device object for an associated device is removed (or added) dynamically based on changes to the data structure of the node. When a device object is removed, for example, no higher-level device object (e.g., a class driver) is loaded for the respective device object and the corresponding device is no longer within the node""s scope. As a result, traditional communication mechanisms (e.g. read and/or write commands) are inhibited from communicating with the device. A device object for a second node, however, may be created for the associated device (e.g., by programmatically modifying the data structure of the second node) to establish a communications channel between the second node and the associated device. In this way, an aspect of the present invention may be employed to facilitate programmatically swapping devices between a set of interconnected nodes.
According to yet another aspect of the present invention, a link between the device object and its higher-level device object of an associated device may be dynamically broken or added according to whether the associated device is identified by the data structure of the node. When the link between the device object and its higher-level device object is broken, the associated device is no longer within the node""s scope, such that access to it by the node is blocked. A new higher level device object may be created and, in turn, linked to the device object to expose the associated device relative to the node, such as in response to programmatically changing in the data structure of the node.