1. Technical Field
This application relates to the field of computer storage devices, and more particularly to the field of selectively providing access to computer storage devices.
2. Description of Related Art
Host processor systems may store and retrieve data using a storage device containing a plurality of host interface units (host adapters), disk drives, and disk interface units (disk adapters). Such storage devices are provided, for example, by EMC Corporation of Hopkinton, Mass. and disclosed in U.S. Pat. No. 5,206,939 to Yanai et al., U.S. Pat. No. 5,778,394 to Galtzur et al., U.S. Pat. No. 5,845,147 to Vishlitzky et al., and U.S. Pat. No. 5,857,208 to Ofek. The host systems access the storage device through a plurality of channels provided therewith. Host systems provide data and access control information through the channels of the storage device and the storage device provides data to the host systems also through the channels. The host systems do not address the disk drives of the storage device directly, but rather, access what appears to the host systems as a plurality of logical volumes. The logical volumes may or may not correspond to the actual disk drives.
In some cases, it may be necessary to provide access to a computer storage device for maintenance and/or reconfiguration of the computer storage device. However, since the type of access needed to be able to perform maintenance and/or reconfiguration is the same type of access that would allow a malicious user to damage the computer storage device and/or eliminate or corrupt data stored thereon, it is useful to be able to restrict the particular users that have the type of access needed to perform maintenance and/or reconfiguration of the computer storage device. One way to do this is to password protect the computer storage device and provide the password only to those users that are allowed to perform maintenance and/or reconfiguration on the computer storage device. However, at some point, it may become desirable to revoke access for at least some of the users that were previously given access. For example, a user that works for a company that maintains the storage device may leave that company. In addition, authorized users may inadvertently (or otherwise) divulge a password to a malicious user who may then use the password to gain access and damage the storage device and/or destroy or corrupt the data.
One way to address this difficulty is to connect (e.g., via a communications cable, the Internet, etc.) each of the storage devices to a central security device that manages security/access for all of the storage devices and that reconfigures and revokes users' passwords that allow access to the storage devices. In instances where it is desirable to revoke a user's access or in instances where an authorized user has divulged a password, the central security device, coupled to the storage device, may change/revoke the effected password and then notify authorized users of the change. However, such a central security device may be impractical for a number of reasons, not the least of which is the fact that it may be difficult to connect all storage devices to the central security device.
It is desirable to address the security issues that arise when passwords for accessing security devices need to be changed/revoked without having to provide remote connections to the storage devices.