|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: iSNS: Event registry and notificationJosh, > DD's define security/access control policy. If a new node > only had access permission to one other iSCSI node, then those > two nodes would be the only members of the DD. A node can be > a member of multiple DD's. If 255 devices are in the DD, that > implies that all 255 devices have permission to access each In my reading of the spec, my understanding was that DD only provided a higher level access control and security but the final access control is actually decided by: a) Per Target's login access control b) Target's Logical Unit access control (i.e target would only list the LUs allowed for access in response to REPORT LU command) Your clarification above seems to be saying that, if a target x, and target y exist inside of a DD of which initiator z is also a member, then both targets x and y must provide login and Logical Unit access to initiator 'z'. Is this correct ? If it is indeed true, then this results in creation of a huge number of DDs even in small networks (which I hate to see) - I tend to think that more DDs you create, more you would need to administer and more you would need to manage (contrary to one's expectation) -JP
Home Last updated: Tue Sep 04 01:04:46 2001 6315 messages in chronological order |