SORT BY:

LIST ORDER
THREAD
AUTHOR
SUBJECT


SEARCH

IPS HOME


    [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

    RE: iSNS: Event registry and notification



    
    Josh,
    I could be wrong here, but I think you may not have answered the question
    that Rao thought he was asking.  Perhaps you should have said that LUs and
    therefore LUNs are NOT managed by the iSNS and have no direct bearing on
    the size of the DD.  The reason I say that is that Host z, being added to a
    DD with x, and y, should not add additional DDs  so in this case, even with
    3 hosts, you still have one DD.
    
    Now you can both tell me I am wrong and I will slink away :-^
    
    .
    .
    .
    John L. Hufferd
    Senior Technical Staff Member (STSM)
    IBM/SSG San Jose Ca
    (408) 256-0403, Tie: 276-0403,  eFax: (408) 904-4688
    Internet address: hufferd@us.ibm.com
    
    
    Joshua Tseng <jtseng@NishanSystems.com>@ece.cmu.edu on 05/08/2001 09:53:05
    AM
    
    Sent by:  owner-ips@ece.cmu.edu
    
    
    To:   "'Raghavendra Rao'" <jp.raghavendra@sun.com>, ips@ece.cmu.edu
    cc:
    Subject:  RE: iSNS: Event registry and notification
    
    
    
    JP,
    >
    > Josh,
    >
    > >  DD's define security/access control policy.  If a new node
    > >  only had access permission to one other iSCSI node, then those
    > >  two nodes would be the only members of the DD.  A node can be
    > >  a member of multiple DD's.  If 255 devices are in the DD, that
    > >  implies that all 255 devices have permission to access each
    >
    > In my reading of the spec, my understanding was that DD only provided
    > a higher level access control and security but the final
    > access control
    > is
    > actually decided by:
    >     a) Per Target's  login access control
    >     b) Target's  Logical Unit access control (i.e target
    > would only list
    > the LUs
    >         allowed for access in response to REPORT LU command)
    
    Your a) is correct.  But by using iSNS, the target "slaves" its
    login access control policy to the iSNS.  If the target is placed
    into a DD with initiators A, B, and C by the management GUI, then
    the administrator is configuring that target for access by initiators
    A, B, and C.  The target's login access control policy would then
    be configured by the iSNS to allow that access.
    
    b) is a function of SCSI.  iSNS and iSCSI does not get involved
    at that level.
    
    >
    > Your clarification above seems to be saying that, if a target x, and
    > target y
    > exist inside of a DD of which initiator z is also a member, then both
    > targets
    > x and y must provide login and Logical Unit access to initiator 'z'.
    
    Yes, this is correct if initiator 'z' were placed in the same DD
    as target x and target y.
    
    >
    > Is this correct ? If it is indeed true, then this results in
    > creation of
    > a huge number
    > of DDs even in small networks (which I hate to see) - I tend to think
    > that
    > more DDs you create, more you would need to administer and more you
    > would
    > need to manage (contrary to one's expectation)
    
    Yes, in a large storage network, there will be a large number of DDs.
    That is why we added Discovery Domain Sets (DDS) to iSNS.
    
    Josh
    >
    > -JP
    >
    >
    
    
    
    


Home

Last updated: Tue Sep 04 01:04:45 2001
6315 messages in chronological order