1. Field of the Invention
This invention relates generally to partitioning within switched fabrics, and more particularly to the association of one end node on a switched fabric with another end node on the same switched fabric.
2. Description of the Related Art
Today""s computers are becoming more interactive with other computers in a networking environment. This includes the ability for computers to communicate with other computers on a given network, such as a local area network (LAN). As computers communicate, they are able to access files located on different computers. For example, using a well known networking transport such as Ethernet, one computer is able to access data stored on drives of other computers. Such drives have interfaces such as small computer system interface (SCSI) hard drives, IDE hard drives, SCSI or IDE optical disc drives (e.g., CDs, CD-Rs, CD-R/W, and DVDs), etc.
Computers typically communicate over a network through host adapters (e.g., network interface cards xe2x80x9cNICsxe2x80x9d) that allow the computer to interface with the local area networks. The NICs can implement different types of network technologies such as Ethernet, ATM (Asynchronous Transfer Mode), Fibre Channel, and the like. Furthermore, ATM is able to integrate various communication technologies such as LAN and WAN (wide area network) and other voice and transmission networks, thereby creating a unified digital network, or fabric, where all the previously mentioned networks are accessible by one host. Through the local area networks and ATM, hosts are able to communicate with other hosts and any shared peripheral devices associated with other hosts, such as a host computer""s RAID device. Thus, all users on a network may access data stored on other hosts and the peripheral devices associated with another host. As such, this creates obvious potential security risks in that one user may access another user""s drive and alter any data the user may have saved to that particular drive. By way of example, reference is now made to FIG. 1.
FIG. 1 shows a prior art subnet 100 with hosts 102a and 102b connected to the subnet 100. Also connected to the subnet 100 are computers (e.g., having SCSI host adapters or the like) 104a and 104b and associated storage nodes (i.e., RAID device) 106a and 106b. The subnet 100 is a shared fabric environment which allows communication between all users connected to the subnet 100. The hosts 102a and 102b each contain NIC""s or similar communication circuitry which facilitate communication between the hosts 102a and 102b and the subnet 100. As such, the hosts 102a and 102b are able to communicate with each other and with the other devices on the subnet 100, such as the storage nodes 106a and 106b. In the networking environment of the subnet 100, the host 102a is not partitioned from the other devices on the subnet 100. Hence, other hosts, such as host 102b, are able to access the host""s 102a internal storage (e.g., hard drive). In addition, the storage nodes 106a and 106b attached to the computers 104a and 104b are not partitioned from other devices on the subnet 100. Thus, data stored on the storage nodes 106a and 106b is accessible by all users on the subnet 100. A configuration such as this poses obvious security problems since users on the host 102b may access the data stored by a user on the host 102a and view, copy or alter the data written by a user on the host 102a. Furthermore, in the shared fabric environment of FIG. 1, it is unclear which host 102a and 102b is meant to be associated with which computer 104a and 104b.
In addition, often times LAN administrators opt to consolidate completely independent systems onto one network similar to the subnet 100 in FIG. 1. Administrators typically employ this approach due to space considerations, ease of physical administration, such as updating operating systems and performing periodic data file back-ups; and other administrative considerations. The systems using the same network may be either heterogeneous or homogeneous. Also, the operation of one system or the failure of one system should not affect the performance of another system. Nonetheless, in a networking environment where independent systems share the same network, one independent system may access another independent system through the network, thus creating the same problems described with reference to FIG. 1.
In view of the foregoing, there is a need for a method which partitions devices on a shared networking environment such that the partitioned devices are isolated from other shared devices on the networking environment, in addition, there is a need for a method which controls access to devices connected to a shared networking environment.
Broadly speaking, the present invention fills the aforementioned needs by providing methods and apparatus for partitioning devices on a shared networking environment. It should be appreciated that the present invention can be implemented in numerous ways, including as a process, an apparatus, a system, a device, a method, or a computer readable media. Several embodiments of the present invention are described below.
In one embodiment, a method for partitioning end nodes on a fabric is disclosed. The method comprises configuring a storageless host on the fabric by loading a programming media having host programming code. The host programming code is configured to provide the storageless host access to the fabric. The fabric is then searched for available end nodes. After available end nodes are found on the fabric, a desired available end node which has a storage device connected thereto is selected using the host programming code. Once a desired available end node is selected, the desired available end node is associated with the host on the fabric. An operating system from the programming media is then loaded to the storage device over the fabric.
In another embodiment, a method for associating end nodes on a fabric is disclosed. The method comprises accessing a programming media that has an installation tool which assists in connecting an initiator end node to the fabric. The installation tool also includes a management function. After the programming media is accessed, a search is done on the fabric for available target end nodes which are connected to the fabric, where at least one of the available target end nodes is connected to a storage device. The method then associates the initiator end node with a remotely located selected available target end node that is connected to a storage device. When the initiator end node is associated with the selected available target end node, an operating system is copied using the programming media onto the storage device of the selected available target end node. Once the operating system is copied onto the storage device of the selected available target end node, the initiator end node is operated using the operating system that is copied to the storage device of the selected available target end node.
The advantages of the present invention are numerous. Most notably, the present invention allows the association of a remotely located storage device with a host in a way that an unauthorized user is prevented from accessing the same storage device (or particular partitions of the same storage device). Furthermore, the present invention allows a user to operate a storageless host using the storage of an end node connected to a fabric. The end node preferably has a storage device that can be accessed by the storageless host as if the storage were local to the host. A system for installing partitioning keys (PKeys) ensures that only authorized hosts/end nodes can gain access to selected storage media. Those hosts/end nodes without proper Pkeys are prevented from accessing selected hosts/end nodes and any devices connected thereto. As such, the systems and methods of the present invention provide users desiring to interconnect and network hosts and end nodes can do so without fear of security breaches common when users connected to a same subnet access data that is confidential to another user.
Other aspects and advantages of the invention will become apparent from the following detailed description, taken in conjunction with the accompanying drawings, illustrating by way of example the principles of the invention.