RE: iSNS: Event registry and notification

To: ips@ece.cmu.edu
Subject: RE: iSNS: Event registry and notification
From: Raghavendra Rao <jp.raghavendra@sun.com>
Date: Tue, 08 May 2001 04:11:48 -0700
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=us-ascii
Sender: owner-ips@ece.cmu.edu


Josh,

>  DD's define security/access control policy.  If a new node
>  only had access permission to one other iSCSI node, then those
>  two nodes would be the only members of the DD.  A node can be
>  a member of multiple DD's.  If 255 devices are in the DD, that
>  implies that all 255 devices have permission to access each

In my reading of the spec, my understanding was that DD only provided
a higher level access control and security but the final access control
is
actually decided by:
    a) Per Target's  login access control
    b) Target's  Logical Unit access control (i.e target would only list
the LUs
        allowed for access in response to REPORT LU command)

Your clarification above seems to be saying that, if a target x, and
target y
exist inside of a DD of which initiator z is also a member, then both
targets
x and y must provide login and Logical Unit access to initiator 'z'.

Is this correct ? If it is indeed true, then this results in creation of
a huge number
of DDs even in small networks (which I hate to see) - I tend to think
that
more DDs you create, more you would need to administer and more you
would
need to manage (contrary to one's expectation)

-JP

Prev by Date: new CRC draft
Next by Date: Recovery mechanism
Prev by thread: FW: iSNS: Event registry and notification
Next by thread: RE: iSNS: Event registry and notification
Index(es):
- Date
- Thread

Home

Last updated: Tue Sep 04 01:04:46 2001
6315 messages in chronological order