SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    LUN Mapping & Proxies


    • To: "IPS (E-mail)" <ips@ece.cmu.edu>
    • Subject: LUN Mapping & Proxies
    • From: "John Hufferd/San Jose/IBM" <hufferd@us.ibm.com>
    • Date: Sat, 7 Oct 2000 18:10:27 -0700
    • Content-Transfer-Encoding: 8bit
    • Content-type: text/plain; charset=iso-8859-1
    • Importance: Normal
    • Sender: owner-ips@ece.cmu.edu

    iSCSI Team, (a fairly long note follows)
    
    In one of Jim Hafner's Notes he talked about the LUN Masking & Mapping
    along with Access Controls, and Proxies. He also said that the Access
    Controls proposal t10/99-245r9, has now been standardized by T10, and is
    approprate to all Transports.  I would recommend that document to the whole
    iSCSI Team.
    
    Because I do not believe that you will all read it, I have extracted key
    points, so that we do not have to keep trying to invent this stuff.  (If
    you do not what to read even these extracts, you may jump to the bottom of
    this note, after the extracts,  for my conclutions.)
    
    We know that currently a Target SCSI device has the ability to put forth
    various different LUN views to various different Initiators.
    The Access Controls Standard extends that process by the following:
    
    [Extracts from t10/99-245r9]
    
    ... A client application (what we call the Partition Access Manager or PAM)
    has knowledge of all the initiators and target devices on the SAN. PAM may
    instruct a given target device to restrict access to some or all of its
    logical units by all initiators except those from some small set.  Such a
    set might be a single host. Within the set, data integrity, locking, etc.,
    is coordinated by existing protocols
    (like reservations) via a separate application client operating within the
    scope of this group. One might say that such a set is a "shared access
    group". Hosts outside this group are denied (most) access to the device. In
    particular, these hosts may not preempt a reservation, issue read/write
    commands and the like. ....
    
    ....There are two new commands with different service actions... There is a
    Data-In command typically used to query various status information of the
    target with respect to access control functions and a Data-Out command
    typically used [by PAM] to configure different kinds of access controls.
    ... However, use of configuration commands are limited with respect to
    application clients or initiators. Initiators with access to a device have
    the right to issue proxy rights to other third party initiators without
    PAM's direct intervention....
    
    ....Hosts (or OS-images) may be identified by a new AccessID ...[which] is
    transport independent... The intent of the AccessID is to assign a
    permanent identifier to a given host machine (actually OS-image) without
    regard to the number of ports/HBAs on that host or any actions that change
    the hardware configuration of the machine.  ... [This] implies requirements
    on the part of target to maintain associations between the AccessID and a
    given host's initiator port or ports....
    
    ... LUN Mapping. This has two features. First, it "hides" logical units
    that are not accessible to a given initiator. So, to such an initiator
    INQUIRY to some logical units will report "no device present" and REPORT
    LUNS will only show a set of LUN values representing a subset of the
    complete set of logical units on the target device. The second feature of
    LUN Mapping is that the LUN values reported in REPORT LUNs are
    initiator-specific. That is, for each initiator a given LUN will only be a
    pointer to an specific logical unit and that pointer is a function of the
    initiator. Thus, the same (shared) logical unit may be addressed by one
    initiator at LUN1 and by another initiator at LUN2. A consequence is that
    LUN values are no longer global addresses for specific logical units within
    a target. ...
    
    ... PAM tells the target device to grant access to a particular logical
    unit to a given initiator under a specific LUN value (in other words, PAM
    instructs the target to create a LUN Map entry of a particular type for the
    specified initiator). ...
    
    ... An initiator may be identified to the target by either a TransportID
    (available at connection time, say, FC-login) or by AccessID (available
    only after an enrollment action by the initiator)....
    
    ... The Proxy ...[is created by] the result of a single action by the
    initiator (ASSIGN PROXY LUN service action); ... An initiator, ... requests
    a proxy token from the target for a specific logical unit, passes the token
    to the third party, and that third party uses the token to request a LUN
    value for that logical unit. ...
    
    ... proxy tokens may be forwarded from one third party to another; ...
    changes to the EXTENDED COPY target descriptors to include Proxy Tokens as
    handles or references to logical units [has been proposed]. ...
    
    ... the third party initiator specifies a preferred LUN value when
    requesting the access to the logical unit (that is, the initiator asks "may
    I have LUN=x for Proxy Token=t?"). ...
    
    [End of Extracts]  (The document is still worth reading.)
    
    As of this date, I am unaware of any implementations of PAM, and but I
    would expect some to happen soon.  In any event, since the Proxy Granting
    can be done independent of PAM, you may see the implementation of Proxying
    even if no PAM is available.  Especially if the Storage Controller vendor
    wants to support third party commands.
    
    With this information, you can see how an installation can have a central
    location where administration can be done for various Storage Controllers.
    (And with iSCSI, almost independent of where they are located.) You can
    also see how the Proxy functions work for 3rd party commands.   We can now
    bypass all sorts of hallucinations on how this might be done.
    
    .
    .
    .
    John L. Hufferd
    Senior Technical Staff Member (STSM)
    IBM/SSG San Jose Ca
    (408) 256-0403, Tie: 276-0403
    Internet address: hufferd@us.ibm.com
    
    


Home

Last updated: Tue Sep 04 01:06:46 2001
6315 messages in chronological order