SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    RE: iSNS: Event registry and notification



    
    Josh,
    
    >  DD's define security/access control policy.  If a new node
    >  only had access permission to one other iSCSI node, then those
    >  two nodes would be the only members of the DD.  A node can be
    >  a member of multiple DD's.  If 255 devices are in the DD, that
    >  implies that all 255 devices have permission to access each
    
    In my reading of the spec, my understanding was that DD only provided
    a higher level access control and security but the final access control
    is
    actually decided by:
        a) Per Target's  login access control
        b) Target's  Logical Unit access control (i.e target would only list
    the LUs
            allowed for access in response to REPORT LU command)
    
    Your clarification above seems to be saying that, if a target x, and
    target y
    exist inside of a DD of which initiator z is also a member, then both
    targets
    x and y must provide login and Logical Unit access to initiator 'z'.
    
    Is this correct ? If it is indeed true, then this results in creation of
    a huge number
    of DDs even in small networks (which I hate to see) - I tend to think
    that
    more DDs you create, more you would need to administer and more you
    would
    need to manage (contrary to one's expectation)
    
    -JP
    
    
    


Home

Last updated: Tue Sep 04 01:04:46 2001
6315 messages in chronological order