The disclosure relates generally to a system that provides secure access to collected data, and more specifically, to an environment that enables a secure reservation mode on logical unit numbers (LUNs) to support secure persistent reserves.
In general, data management systems utilize protocols to physically connect and transfer data to registered systems. Particularly, data management systems may regulate connections via protocols that reserve LUNs. However, the connections to the LUNs are not constant or persistent because the protocol includes inherent flaws that permit any non-registered system to communicate with the data management system and interrupt the connections.
For example, data management systems may regulate connections to first distributed systems via a small computer system interface (SCSI) protocol that reserve LUNs. Further, when the data management systems utilizes the SCSI protocol, the connections to the LUNs are not constant or persistent because the SCSI protocol includes inherent flaws that permit second distributed systems to communicate with the data management system and interrupt the connections to the first distributed systems. For instance, the first distributed system may generate and utilize reservation keys to register with and reserve LUNs of data management systems in accordance with the SCSI protocol. The second distributed systems may subsequently communicate with the data management systems to retrieve or discover the reservation keys of the first distributed system and utilize the retrieved/discovered reservation keys to impersonate the first distributed systems, including accessing the LUNs and disconnecting the first distributed systems. Since the second distributed systems can access the LUNs (e.g., the reserve is not exclusive to the first distributed systems under the SCSI protocol), the data is exposed. In turn, the data management systems will generally utilize encryption/decryption techniques and/or substitute mechanisms to protect the data of the LUNs.
Encryption/decryption techniques mask the data of the LUNs from the second distributed systems, but are expensive with respect to processing power and add latency for access. Further, encryption/decryption techniques do not solve the second distributed systems' ability to reset the LUN and disconnect the first distributed systems. LUN masking, which is one substitute mechanism, is a technique that disallows access to a particular LUN by the second distributed systems. However, LUN masking manually within the data management systems is not acceptable due to time and cost involved in maintaining LUN masking.