|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] LUN Mapping & ProxiesiSCSI Team, (a fairly long note follows) In one of Jim Hafner's Notes he talked about the LUN Masking & Mapping along with Access Controls, and Proxies. He also said that the Access Controls proposal t10/99-245r9, has now been standardized by T10, and is approprate to all Transports. I would recommend that document to the whole iSCSI Team. Because I do not believe that you will all read it, I have extracted key points, so that we do not have to keep trying to invent this stuff. (If you do not what to read even these extracts, you may jump to the bottom of this note, after the extracts, for my conclutions.) We know that currently a Target SCSI device has the ability to put forth various different LUN views to various different Initiators. The Access Controls Standard extends that process by the following: [Extracts from t10/99-245r9] ... A client application (what we call the Partition Access Manager or PAM) has knowledge of all the initiators and target devices on the SAN. PAM may instruct a given target device to restrict access to some or all of its logical units by all initiators except those from some small set. Such a set might be a single host. Within the set, data integrity, locking, etc., is coordinated by existing protocols (like reservations) via a separate application client operating within the scope of this group. One might say that such a set is a "shared access group". Hosts outside this group are denied (most) access to the device. In particular, these hosts may not preempt a reservation, issue read/write commands and the like. .... ....There are two new commands with different service actions... There is a Data-In command typically used to query various status information of the target with respect to access control functions and a Data-Out command typically used [by PAM] to configure different kinds of access controls. ... However, use of configuration commands are limited with respect to application clients or initiators. Initiators with access to a device have the right to issue proxy rights to other third party initiators without PAM's direct intervention.... ....Hosts (or OS-images) may be identified by a new AccessID ...[which] is transport independent... The intent of the AccessID is to assign a permanent identifier to a given host machine (actually OS-image) without regard to the number of ports/HBAs on that host or any actions that change the hardware configuration of the machine. ... [This] implies requirements on the part of target to maintain associations between the AccessID and a given host's initiator port or ports.... ... LUN Mapping. This has two features. First, it "hides" logical units that are not accessible to a given initiator. So, to such an initiator INQUIRY to some logical units will report "no device present" and REPORT LUNS will only show a set of LUN values representing a subset of the complete set of logical units on the target device. The second feature of LUN Mapping is that the LUN values reported in REPORT LUNs are initiator-specific. That is, for each initiator a given LUN will only be a pointer to an specific logical unit and that pointer is a function of the initiator. Thus, the same (shared) logical unit may be addressed by one initiator at LUN1 and by another initiator at LUN2. A consequence is that LUN values are no longer global addresses for specific logical units within a target. ... ... PAM tells the target device to grant access to a particular logical unit to a given initiator under a specific LUN value (in other words, PAM instructs the target to create a LUN Map entry of a particular type for the specified initiator). ... ... An initiator may be identified to the target by either a TransportID (available at connection time, say, FC-login) or by AccessID (available only after an enrollment action by the initiator).... ... The Proxy ...[is created by] the result of a single action by the initiator (ASSIGN PROXY LUN service action); ... An initiator, ... requests a proxy token from the target for a specific logical unit, passes the token to the third party, and that third party uses the token to request a LUN value for that logical unit. ... ... proxy tokens may be forwarded from one third party to another; ... changes to the EXTENDED COPY target descriptors to include Proxy Tokens as handles or references to logical units [has been proposed]. ... ... the third party initiator specifies a preferred LUN value when requesting the access to the logical unit (that is, the initiator asks "may I have LUN=x for Proxy Token=t?"). ... [End of Extracts] (The document is still worth reading.) As of this date, I am unaware of any implementations of PAM, and but I would expect some to happen soon. In any event, since the Proxy Granting can be done independent of PAM, you may see the implementation of Proxying even if no PAM is available. Especially if the Storage Controller vendor wants to support third party commands. With this information, you can see how an installation can have a central location where administration can be done for various Storage Controllers. (And with iSCSI, almost independent of where they are located.) You can also see how the Proxy functions work for 3rd party commands. We can now bypass all sorts of hallucinations on how this might be done. . . . John L. Hufferd Senior Technical Staff Member (STSM) IBM/SSG San Jose Ca (408) 256-0403, Tie: 276-0403 Internet address: hufferd@us.ibm.com
Home Last updated: Tue Sep 04 01:06:46 2001 6315 messages in chronological order |