Patent application number | Description | Published |
20080320143 | METHOD AND APPARATUS FOR ROLE-BASED ACCESS CONTROL - Methods and devices are provided for role-based access control of network devices. The network devices may constitute the fabric of a storage area network (“SAN”) that has been logically partitioned into virtual storage area networks (“VSANs”) that are allocated to various administrators. Roles assigned according to preferred aspects of the invention do not need to be hierarchical, but are customized according to administrators' needs. | 12-25-2008 |
20110219438 | METHODS AND APPARATUS FOR SECURITY OVER FIBRE CHANNEL - Methods and apparatus are provided for improving both node-based and message-based security in a fibre channel network. Entity to entity authentication and key exchange services can be included in existing initialization messages used for introducing fibre channel network entities into a fibre channel fabric, or with specific messages exchanged over an already initialized communication channel. Both per-message authentication and encryption mechanisms can be activated using the authentication and key exchange services. Messages passed between fibre channel network entities can be encrypted and authenticated using information provided during the authentication sequence. Security services such as per-message authentication, confidentiality, integrity protection, and anti-replay protection can be implemented. | 09-08-2011 |
20130329743 | END-TO-END FIBRE CHANNEL OVER ETHERNET - In one embodiment, a Fibre Channel over Ethernet (FCoE) proxy point (FPP) that is connected to one or more end-point devices is coupled to one or more other FPPs, and to a FCoE control and management plane (F-CMP) server. The FPP provides data plane functionality. The F-CMP server provides control plane functionality. At least some control and management traffic received at the FPP is proxied between the F-CMP server and the one or more end point devices connected to the FPP. FCoE traffic received at the FPP from the one or more end point devices connected to the FPP is transmitted to the one or more other FPPs without the FCoE traffic traversing the F-CMP server. The transmitting is performed by data plane functionality of the FPP operating under directions from the control plane functionality of the F-CMP server. | 12-12-2013 |
Patent application number | Description | Published |
20090327518 | APPARATUS AND METHOD FOR DEFINING A STATIC FIBRE CHANNEL FABRIC - A storage area network and method for defining a static Fibre Channel Fabric that does not require a Principal Switch. The storage area network comprises one or more hosts, one or more storage devices, and a static Fabric connecting the one or more hosts and storage devices. Within the static Fabric, the Switches have their Domain_ID and Fabric_Name statically set. The method comprises accessing the Fabric, selecting a Switch in the Fabric, and statically configuring the Domain_ID and Fabric_Name for the selected Switch. The above sequence is repeated for each Switch in the static Fabric. In one embodiment, after being statically configured, the Switch is isolated from any dynamically set Switches in the Fabric. The Switch detects which of its Ports are connected to dynamically set Switches, and then isolates them, while maintaining operational the Ports connected to statically configured Switches. | 12-31-2009 |
20110188511 | Ethernet node port virtualizer - In one embodiment, a method includes defining a virtual node port proxy and virtual fabric port proxies at a Fibre Channel over Ethernet (FCoE) bridge, the virtual node port proxy in communication with an FCoE forwarder, each of the virtual fabric port proxies in communication with an FCoE node in an FCoE network. The method further includes proxying FCoE Initialization Protocol (FIP) functions between the FCoE nodes and the FCoE forwarder at the FCoE bridge. An apparatus is also disclosed. | 08-04-2011 |
20130080638 | DISTRIBUTED VIRTUAL APPLIANCE - A distributed virtual appliance is disclosed, including: allocating network traffic to a plurality of compute units implementing a network service associated with the distributed virtual appliance; and dynamically adding or removing one or more compute units implementing the network service without disruption to the network traffic. | 03-28-2013 |
20140122743 | SHARED INTERFACE AMONG MULTIPLE COMPUTE UNITS - Providing a shared interface among a plurality of compute units is disclosed. A plurality of compute units is determined and a shared interface for the plurality of compute units is provided, wherein incoming traffic is received by any of the plurality of compute units. Also, the packet is received at the shared interface for a plurality of compute units. The packet is encapsulated using a first header, wherein the first header specifies one of the plurality of compute units, and wherein the one of the plurality of compute units is selected independent of an interface address associated with the shared interface. | 05-01-2014 |
20140258541 | DISTRIBUTED VIRTUAL APPLIANCE - A distributed virtual appliance is disclosed, including: determining a classification type associated with the first flow; and determining an allocation of the first flow to the first data plane compute unit of the distributed virtual appliance based at least in part on the determined classification type and at least a subset of information of a first flow identifier, wherein the distributed virtual appliance includes a plurality of compute units, including the first data plane compute. | 09-11-2014 |