Access Controls

hafner at almaden.ibm.com hafner at almaden.ibm.com
Fri Apr 21 08:18:21 PDT 2000


* From the T10 Reflector (t10 at t10.org), posted by:
* hafner at almaden.ibm.com
*


John,

Here are my first pass responses:

>Can initiators handle the fact that they can log into a port but
>there are no LUNs available to them?  What would they do?
>This would be the case where there is no access allowed to
>this initiator via the TransportID or an AccessID.
I would think that what you'd get is the transport layer interface
would show the presence of some device, but that the SCSI
layer which creates OS devices for logical units would create
nothing (but see my next answer). I don't think this is a problem.

>I would assume that the proper way to handle this is to allow
>the initiator to log into the port but to reply to all inquiry commands
>as ?no device present?.  Then the question is what do
>we report in the REPORT LUNs command?  If we do
>support this command (which we would) then the
>SPC2R16 states that we must at least report a LUN 0.
The current wording says that INQUIRY would return "no device
present".  However, I had not noticed the LUN0 requirement
in REPORT LUNS.  This changes things a little, perhaps.
There are a couple of choices:

1) Change this condition on REPORT LUNS. (not my first choice)

2) The device can chose not to support REPORT LUNS if the
initiator has no access rights. (So sidestep the question completely.)
Since REPORT LUNS is optional on a single LUN device, it certainly
must be optional on a "zero" LUN device (SPC probably should
include a NOTE to that effect, somewhere).

3) We require REPORT LUNS to rejected if there are no LUNs
to report on. This turns option (2) into a requirment.

4) Leave unchanged the condition on REPORT LUNS try one of these
   suboptions:
  a) Since the wording of REPORT LUNS does not preclude including
LUNs with PQ of 011b,  it would be OK to include LUN0 in the list.
This is a bit of a stretch of the intent however. If you're willing to
accept
this, then no explicit wording changes are required in either REPORT
LUNS or Access Controls (though it might be a good idea to add a
NOTE to the above effect, probably in REPORT LUNS).

  b) In the presense of Access Controls and no rights for a given
initiator,  LUN0 should report in INQUIRY a PQ=000b, and perhaps
a different PDT, e.g., 03h (Processor) or 09h (Communications).

  c) In the same condition as (3c), we take the one reserved PQ=010b
and use that in INQUIRY for LUN0.

Ranking these choices, in my mind, are (2), (4a), (2), (3), (4b), (4c).

Curiously enough, this question actually arises in the context of
some implementation of RAID controllers which don't use the SCC-x
standard for configuration.   How does such a RAID controller
handle the condition where there are no internal RAID volumes
configured?  I've heard of some "hacks" which present minimal
RAM disks and other pseudo-fake devices just so there is a LUN
to which the configuration commands can be sent.   There is no
"standard" for this, and perhaps the answer to John's question
would help in this situation or vice-versa.

Jim Hafner


*
* For T10 Reflector information, send a message with
* 'info t10' (no quotes) in the message body to majordomo at t10.org




More information about the T10 mailing list